List of usage examples for org.bouncycastle.asn1.x509 Extension authorityKeyIdentifier
ASN1ObjectIdentifier authorityKeyIdentifier
To view the source code for org.bouncycastle.asn1.x509 Extension authorityKeyIdentifier.
Click Source Link
From source file:org.xipki.certprofile.demo.x509.DemoEE1X509Certprofile.java
License:Open Source License
public DemoEE1X509Certprofile() { validity = new CertValidity(10, Unit.YEAR); Set<KeyUsageControl> _keyUsage = new HashSet<>(); _keyUsage.add(new KeyUsageControl(KeyUsage.digitalSignature, true)); _keyUsage.add(new KeyUsageControl(KeyUsage.dataEncipherment, true)); keyUsage = Collections.unmodifiableSet(_keyUsage); extensionControls = new HashMap<>(); extensionControls.put(Extension.authorityKeyIdentifier, new ExtensionControl(false, true, false)); extensionControls.put(Extension.freshestCRL, new ExtensionControl(false, false, false)); extensionControls.put(Extension.issuerAlternativeName, new ExtensionControl(false, false, false)); extensionControls.put(Extension.subjectKeyIdentifier, new ExtensionControl(false, true, false)); extensionControls.put(Extension.cRLDistributionPoints, new ExtensionControl(false, false, false)); extensionControls.put(Extension.authorityKeyIdentifier, new ExtensionControl(false, true, false)); extensionControls.put(Extension.authorityInfoAccess, new ExtensionControl(false, false, false)); extensionControls.put(Extension.basicConstraints, new ExtensionControl(true, true, false)); extensionControls.put(Extension.keyUsage, new ExtensionControl(true, true, true)); }
From source file:org.xipki.certprofile.demo.x509.DemoEE2X509Certprofile.java
License:Open Source License
public DemoEE2X509Certprofile() { validity = new CertValidity(10, Unit.YEAR); Set<KeyUsageControl> _keyUsage = new HashSet<>(); _keyUsage.add(new KeyUsageControl(KeyUsage.digitalSignature, true)); _keyUsage.add(new KeyUsageControl(KeyUsage.dataEncipherment, true)); keyUsage = Collections.unmodifiableSet(_keyUsage); extensionControls = new HashMap<>(); extensionControls.put(Extension.authorityKeyIdentifier, new ExtensionControl(false, true, false)); extensionControls.put(Extension.freshestCRL, new ExtensionControl(false, false, false)); extensionControls.put(Extension.issuerAlternativeName, new ExtensionControl(false, false, false)); extensionControls.put(Extension.subjectKeyIdentifier, new ExtensionControl(false, true, false)); extensionControls.put(Extension.cRLDistributionPoints, new ExtensionControl(false, false, false)); extensionControls.put(Extension.authorityKeyIdentifier, new ExtensionControl(false, true, false)); extensionControls.put(Extension.authorityInfoAccess, new ExtensionControl(false, false, false)); extensionControls.put(Extension.basicConstraints, new ExtensionControl(true, true, false)); extensionControls.put(Extension.keyUsage, new ExtensionControl(true, true, true)); }
From source file:org.xipki.common.util.X509Util.java
License:Open Source License
public static byte[] extractAKI(final X509Certificate cert) throws CertificateEncodingException { byte[] extValue = getCoreExtValue(cert, Extension.authorityKeyIdentifier); if (extValue == null) { return null; }/*from w ww . ja v a 2 s.c o m*/ try { AuthorityKeyIdentifier aki = AuthorityKeyIdentifier.getInstance(extValue); return aki.getKeyIdentifier(); } catch (IllegalArgumentException e) { throw new CertificateEncodingException("invalid extension AuthorityKeyIdentifier: " + e.getMessage()); } }
From source file:org.xipki.commons.console.karaf.completer.ExtensionNameCompleter.java
License:Open Source License
public ExtensionNameCompleter() { List<ASN1ObjectIdentifier> oids = new LinkedList<>(); oids.add(ObjectIdentifiers.id_extension_pkix_ocsp_nocheck); oids.add(ObjectIdentifiers.id_extension_admission); oids.add(Extension.auditIdentity); oids.add(Extension.authorityInfoAccess); oids.add(Extension.authorityKeyIdentifier); oids.add(Extension.basicConstraints); oids.add(Extension.biometricInfo); oids.add(Extension.certificateIssuer); oids.add(Extension.certificatePolicies); oids.add(Extension.cRLDistributionPoints); oids.add(Extension.cRLNumber); oids.add(Extension.deltaCRLIndicator); oids.add(Extension.extendedKeyUsage); oids.add(Extension.freshestCRL); oids.add(Extension.inhibitAnyPolicy); oids.add(Extension.instructionCode); oids.add(Extension.invalidityDate); oids.add(Extension.issuerAlternativeName); oids.add(Extension.issuingDistributionPoint); oids.add(Extension.keyUsage); oids.add(Extension.logoType); oids.add(Extension.nameConstraints); oids.add(Extension.noRevAvail); oids.add(Extension.policyConstraints); oids.add(Extension.policyMappings); oids.add(Extension.privateKeyUsagePeriod); oids.add(Extension.qCStatements); oids.add(Extension.reasonCode); oids.add(Extension.subjectAlternativeName); oids.add(Extension.subjectDirectoryAttributes); oids.add(Extension.subjectInfoAccess); oids.add(Extension.subjectKeyIdentifier); oids.add(Extension.targetInformation); oids.add(ObjectIdentifiers.id_pe_tlsfeature); StringBuilder enums = new StringBuilder(); for (ASN1ObjectIdentifier oid : oids) { String name = ObjectIdentifiers.getName(oid); if (StringUtil.isBlank(name)) { name = oid.getId();//from w ww . ja v a 2 s . c o m } enums.append(name).append(","); } enums.deleteCharAt(enums.length() - 1); setTokens(enums.toString()); }
From source file:org.xipki.commons.security.util.X509Util.java
License:Open Source License
public static byte[] extractAki(final X509Certificate cert) throws CertificateEncodingException { byte[] extValue = getCoreExtValue(cert, Extension.authorityKeyIdentifier); if (extValue == null) { return null; }//ww w . java2s. co m try { AuthorityKeyIdentifier aki = AuthorityKeyIdentifier.getInstance(extValue); return aki.getKeyIdentifier(); } catch (IllegalArgumentException ex) { throw new CertificateEncodingException("invalid extension AuthorityKeyIdentifier: " + ex.getMessage()); } }
From source file:org.xipki.console.karaf.impl.completer.ExtensionNameCompleterImpl.java
License:Open Source License
public ExtensionNameCompleterImpl() { List<ASN1ObjectIdentifier> oids = new LinkedList<>(); oids.add(ObjectIdentifiers.id_extension_pkix_ocsp_nocheck); oids.add(ObjectIdentifiers.id_extension_admission); oids.add(Extension.auditIdentity); oids.add(Extension.authorityInfoAccess); oids.add(Extension.authorityKeyIdentifier); oids.add(Extension.basicConstraints); oids.add(Extension.biometricInfo); oids.add(Extension.certificateIssuer); oids.add(Extension.certificatePolicies); oids.add(Extension.cRLDistributionPoints); oids.add(Extension.cRLNumber); oids.add(Extension.deltaCRLIndicator); oids.add(Extension.extendedKeyUsage); oids.add(Extension.freshestCRL); oids.add(Extension.inhibitAnyPolicy); oids.add(Extension.instructionCode); oids.add(Extension.invalidityDate); oids.add(Extension.issuerAlternativeName); oids.add(Extension.issuingDistributionPoint); oids.add(Extension.keyUsage); oids.add(Extension.logoType); oids.add(Extension.nameConstraints); oids.add(Extension.noRevAvail); oids.add(Extension.policyConstraints); oids.add(Extension.policyMappings); oids.add(Extension.privateKeyUsagePeriod); oids.add(Extension.qCStatements); oids.add(Extension.reasonCode); oids.add(Extension.subjectAlternativeName); oids.add(Extension.subjectDirectoryAttributes); oids.add(Extension.subjectInfoAccess); oids.add(Extension.subjectKeyIdentifier); oids.add(Extension.targetInformation); StringBuilder enums = new StringBuilder(); for (ASN1ObjectIdentifier oid : oids) { String name = ObjectIdentifiers.getName(oid); if (StringUtil.isBlank(name)) { name = oid.getId();/* www . j a va 2s. c om*/ } enums.append(name).append(","); } enums.deleteCharAt(enums.length() - 1); setTokens(enums.toString()); }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileCross() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile Cross", X509CertLevel.SubCA, "10y", false); // Subject//from ww w .j ava 2 s. c om Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1)); // Extensions ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(false); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); return profile; }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileSubCa() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile SubCA", X509CertLevel.SubCA, "8y", false); // Subject// ww w. jav a2 s .c om Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1)); // Extensions ExtensionsType extensions = profile.getExtensions(); // Extensions - controls List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = createBasicConstraints(1); list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(false); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, new KeyUsageEnum[] { KeyUsageEnum.CRL_SIGN }); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); return profile; }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileSubCaComplex() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile SubCA with most extensions", X509CertLevel.SubCA, "8y", false); // Subject//from w w w .j a v a2 s. c o m Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, null, "PREFIX ", " SUFFIX")); // Extensions ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = createBasicConstraints(1); list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(false); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, new KeyUsageEnum[] { KeyUsageEnum.CRL_SIGN }); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Certificate Policies extensionValue = createCertificatePolicies(new ASN1ObjectIdentifier("1.2.3.4.5"), new ASN1ObjectIdentifier("2.4.3.2.1")); list.add(createExtension(Extension.certificatePolicies, true, false, extensionValue)); // Policy Mappings PolicyMappings policyMappings = new PolicyMappings(); policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.1"), new ASN1ObjectIdentifier("2.1.1.1.1"))); policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.2"), new ASN1ObjectIdentifier("2.1.1.1.2"))); extensionValue = createExtensionValueType(policyMappings); list.add(createExtension(Extension.policyMappings, true, true, extensionValue)); // Policy Constraints PolicyConstraints policyConstraints = createPolicyConstraints(2, 2); extensionValue = createExtensionValueType(policyConstraints); list.add(createExtension(Extension.policyConstraints, true, true, extensionValue)); // Name Constrains NameConstraints nameConstraints = createNameConstraints(); extensionValue = createExtensionValueType(nameConstraints); list.add(createExtension(Extension.nameConstraints, true, true, extensionValue)); // Inhibit anyPolicy InhibitAnyPolicy inhibitAnyPolicy = createInhibitAnyPolicy(1); extensionValue = createExtensionValueType(inhibitAnyPolicy); list.add(createExtension(Extension.inhibitAnyPolicy, true, true, extensionValue)); // SubjectAltName SubjectAltName subjectAltNameMode = new SubjectAltName(); OtherName otherName = new OtherName(); otherName.getType().add(createOidType(ObjectIdentifiers.DN_O)); subjectAltNameMode.setOtherName(otherName); subjectAltNameMode.setRfc822Name(""); subjectAltNameMode.setDnsName(""); subjectAltNameMode.setDirectoryName(""); subjectAltNameMode.setEdiPartyName(""); subjectAltNameMode.setUniformResourceIdentifier(""); subjectAltNameMode.setIpAddress(""); subjectAltNameMode.setRegisteredID(""); extensionValue = createExtensionValueType(subjectAltNameMode); list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue)); // SubjectInfoAccess SubjectInfoAccess subjectInfoAccessMode = new SubjectInfoAccess(); SubjectInfoAccess.Access access = new SubjectInfoAccess.Access(); subjectInfoAccessMode.getAccess().add(access); access.setAccessMethod(createOidType(ObjectIdentifiers.id_ad_caRepository)); GeneralNameType accessLocation = new GeneralNameType(); access.setAccessLocation(accessLocation); accessLocation.setDirectoryName(""); accessLocation.setUniformResourceIdentifier(""); extensionValue = createExtensionValueType(subjectInfoAccessMode); list.add(createExtension(Extension.subjectInfoAccess, true, false, extensionValue)); // Custom Extension ASN1ObjectIdentifier customExtensionOid = new ASN1ObjectIdentifier("1.2.3.4"); extensionValue = createConstantExtValue(DERNull.INSTANCE.getEncoded(), "DER Null"); list.add(createExtension(customExtensionOid, true, false, extensionValue, "custom extension 1")); return profile; }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileOcsp() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile OCSP", X509CertLevel.EndEntity, "5y", false); // Subject//from w w w . j a v a2 s .c o m Subject subject = profile.getSubject(); subject.setIncSerialNumber(true); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_organizationIdentifier, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1)); // Extensions ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); list.add(createExtension(ObjectIdentifiers.id_extension_pkix_ocsp_nocheck, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.CONTENT_COMMITMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Extensions - extenedKeyUsage extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_OCSPSigning }, null); list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue)); return profile; }