List of usage examples for org.bouncycastle.asn1.x509 Extension basicConstraints
ASN1ObjectIdentifier basicConstraints
To view the source code for org.bouncycastle.asn1.x509 Extension basicConstraints.
Click Source Link
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileScep() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile SCEP", X509CertLevel.EndEntity, "5y", false); profile.setKeyAlgorithms(createRSAKeyAlgorithms()); // Subject/*ww w .j a v a 2s. c o m*/ Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1)); // Extensions ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages( new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.KEY_ENCIPHERMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); return profile; }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileTls() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile TLS", X509CertLevel.EndEntity, "5y", true); profile.setDuplicateKey(true);/* w ww .java 2 s .com*/ // Subject Subject subject = profile.getSubject(); subject.setDuplicateSubjectPermitted(true); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { REGEX_FQDN }, null, null)); // Extensions // Extensions - general ExtensionsType extensions = profile.getExtensions(); // SubjectToSubjectAltName extensions.setSubjectToSubjectAltNames(new SubjectToSubjectAltNamesType()); SubjectToSubjectAltNameType s2sType = new SubjectToSubjectAltNameType(); extensions.getSubjectToSubjectAltNames().getSubjectToSubjectAltName().add(s2sType); s2sType.setSource(createOidType(ObjectIdentifiers.DN_CN)); s2sType.setTarget(new Target()); s2sType.getTarget().setDnsName(""); // Extensions - controls List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - SubjectAltNames SubjectAltName subjectAltNameMode = new SubjectAltName(); subjectAltNameMode.setDnsName(""); subjectAltNameMode.setIpAddress(""); ExtensionValueType extensionValue = createExtensionValueType(subjectAltNameMode); list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue)); // Extensions - basicConstraints extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Extensions - extenedKeyUsage extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth }); list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue)); // Extensions - tlsFeature extensionValue = createTlsFeature(new TlsExtensionType[] { TlsExtensionType.STATUS_REQUEST, TlsExtensionType.CLIENT_CERTIFICATE_URL }); list.add(createExtension(ObjectIdentifiers.id_pe_tlsfeature, true, true, extensionValue)); // Extensions - SMIMECapabilities extensionValue = createSmimeCapabilities(); list.add(createExtension(ObjectIdentifiers.id_smimeCapabilities, true, false, extensionValue)); return profile; }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileTlsC() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile TLS_C", X509CertLevel.EndEntity, "5y", false); // Subject//ww w. j a va 2s. c o m Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1)); // Extensions ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Extensions - extenedKeyUsage extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth }, null); list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue)); return profile; }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileTlsWithIncSerial() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile TLSwithIncSN", X509CertLevel.EndEntity, "5y", false); profile.setDuplicateKey(true);//from ww w .ja v a 2 s . c o m // Subject Subject subject = profile.getSubject(); subject.setDuplicateSubjectPermitted(true); subject.setIncSerialNumber(true); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { REGEX_FQDN }, null, null)); // Extensions // Extensions - general ExtensionsType extensions = profile.getExtensions(); // Extensions - controls List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Extensions - extenedKeyUsage extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth }); list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue)); return profile; }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileGsmcK() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile gSMC_K", X509CertLevel.EndEntity, "5y", false); // SpecialBehavior profile.setSpecialBehavior(SpecialX509CertprofileBehavior.gematik_gSMC_K.name()); // Maximal life time Parameters profileParams = new Parameters(); profile.setParameters(profileParams); NameValueType nv = new NameValueType(); nv.setName(SpecialX509CertprofileBehavior.PARAMETER_MAXLIFTIME); nv.setValue(Integer.toString(20 * 365)); profileParams.getParameter().add(nv); // Subject//from w w w. j a v a2s .c o m Subject subject = profile.getSubject(); subject.setDuplicateSubjectPermitted(true); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_ST, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_L, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_POSTAL_CODE, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_STREET, 0, 1)); // regex: ICCSN-yyyyMMdd String regex = "80276[\\d]{15,15}-20\\d\\d(0[1-9]|1[012])(0[1-9]|[12][0-9]|3[01])"; rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { regex }, null, null)); // Extensions ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages( new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.KEY_ENCIPHERMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Extensions - extenedKeyUsage extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth }); list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue)); // Extensions - Policy CertificatePolicies policies = new CertificatePolicies(); ASN1ObjectIdentifier[] policyIds = new ASN1ObjectIdentifier[] { ID_GEMATIK.branch("79"), ID_GEMATIK.branch("163") }; for (ASN1ObjectIdentifier id : policyIds) { CertificatePolicyInformationType policyInfo = new CertificatePolicyInformationType(); policies.getCertificatePolicyInformation().add(policyInfo); policyInfo.setPolicyIdentifier(createOidType(id)); } extensionValue = createExtensionValueType(policies); list.add(createExtension(Extension.certificatePolicies, true, false, extensionValue)); // Extension - Admission AdmissionSyntax admissionSyntax = new AdmissionSyntax(); AdmissionsType admissions = new AdmissionsType(); admissionSyntax.getContentsOfAdmissions().add(admissions); ProfessionInfoType pi = new ProfessionInfoType(); admissions.getProfessionInfo().add(pi); pi.getProfessionOid().add(createOidType(ID_GEMATIK.branch("103"))); pi.getProfessionItem().add("Anwendungskonnektor"); extensionValue = createExtensionValueType(admissionSyntax); // check the syntax XmlX509CertprofileUtil.buildAdmissionSyntax(false, admissionSyntax); list.add(createExtension(ObjectIdentifiers.id_extension_admission, true, false, extensionValue)); // SubjectAltNames extensionValue = null; list.add(createExtension(Extension.subjectAlternativeName, false, false, extensionValue)); return profile; }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileMultipleOus() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile Multiple OUs DEMO", X509CertLevel.EndEntity, "5y", false);//from w w w . j a va2 s . co m // Subject Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); final String regexOu1 = "[A-Z]{1,1}[\\d]{5,5}"; final String regexOu2 = "[\\d]{5,5}"; rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 2, 2, new String[] { regexOu1, regexOu2 }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1)); // Extensions // Extensions - general ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.CONTENT_COMMITMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); return profile; }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileMultipleValuedRdn() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile Multiple Valued RDN", X509CertLevel.EndEntity, "5y", false);//w ww. j a va 2 s. c o m // Subject Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1, null, null, null, "group1")); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 1, 1, null, null, null, "group1")); rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1)); // Extensions // Extensions - general ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.CONTENT_COMMITMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); return profile; }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileQc() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile QC", X509CertLevel.EndEntity, "5y", false); // Subject//w ww. j a va2 s . c o m Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_organizationIdentifier, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1)); // Extensions // Extensions - general ExtensionsType extensions = profile.getExtensions(); // Extensions - controls List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, false, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.CONTENT_COMMITMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Extensions - extenedKeyUsage extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_timeStamping }, null); list.add(createExtension(Extension.extendedKeyUsage, true, true, extensionValue)); // privateKeyUsagePeriod extensionValue = createPrivateKeyUsagePeriod("3y"); list.add(createExtension(Extension.privateKeyUsagePeriod, true, false, extensionValue)); // QcStatements extensionValue = createQcStatements(false); list.add(createExtension(Extension.qCStatements, true, false, extensionValue)); return profile; }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileEeComplex() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile EE complex", X509CertLevel.EndEntity, "5y", true); // Subject//from w w w .ja v a 2 s . c om Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); subject.setKeepRdnOrder(true); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_DATE_OF_BIRTH, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_POSTAL_ADDRESS, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_UNIQUE_IDENTIFIER, 1, 1)); // Extensions // Extensions - general ExtensionsType extensions = profile.getExtensions(); // Extensions - controls List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, false, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Extensions - extenedKeyUsage extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth }); list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue)); // Extension - subjectDirectoryAttributes SubjectDirectoryAttributs subjectDirAttrType = new SubjectDirectoryAttributs(); List<OidWithDescType> attrTypes = subjectDirAttrType.getType(); attrTypes.add(createOidType(ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP)); attrTypes.add(createOidType(ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE)); attrTypes.add(createOidType(ObjectIdentifiers.DN_GENDER)); attrTypes.add(createOidType(ObjectIdentifiers.DN_DATE_OF_BIRTH)); attrTypes.add(createOidType(ObjectIdentifiers.DN_PLACE_OF_BIRTH)); extensionValue = createExtensionValueType(subjectDirAttrType); list.add(createExtension(Extension.subjectDirectoryAttributes, true, false, extensionValue)); // Extension - Admission AdmissionSyntax admissionSyntax = new AdmissionSyntax(); admissionSyntax.setAdmissionAuthority( new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 1")).getEncoded()); AdmissionsType admissions = new AdmissionsType(); admissions.setAdmissionAuthority( new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 2")).getEncoded()); NamingAuthorityType namingAuthorityL2 = new NamingAuthorityType(); namingAuthorityL2.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5"))); namingAuthorityL2.setUrl("http://naming-authority-level2.example.org"); namingAuthorityL2.setText("namingAuthrityText level 2"); admissions.setNamingAuthority(namingAuthorityL2); admissionSyntax.getContentsOfAdmissions().add(admissions); ProfessionInfoType pi = new ProfessionInfoType(); admissions.getProfessionInfo().add(pi); pi.getProfessionOid().add(createOidType(new ASN1ObjectIdentifier("1.2.3.4"), "demo oid")); pi.getProfessionItem().add("demo item"); NamingAuthorityType namingAuthorityL3 = new NamingAuthorityType(); namingAuthorityL3.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5"))); namingAuthorityL3.setUrl("http://naming-authority-level3.example.org"); namingAuthorityL3.setText("namingAuthrityText level 3"); pi.setNamingAuthority(namingAuthorityL3); pi.setAddProfessionInfo(new byte[] { 1, 2, 3, 4 }); RegistrationNumber regNum = new RegistrationNumber(); pi.setRegistrationNumber(regNum); regNum.setRegex("a*b"); // check the syntax XmlX509CertprofileUtil.buildAdmissionSyntax(false, admissionSyntax); extensionValue = createExtensionValueType(admissionSyntax); list.add(createExtension(ObjectIdentifiers.id_extension_admission, true, false, extensionValue)); // restriction extensionValue = createRestriction(DirectoryStringType.UTF_8_STRING, "demo restriction"); list.add(createExtension(ObjectIdentifiers.id_extension_restriction, true, false, extensionValue)); // additionalInformation extensionValue = createAdditionalInformation(DirectoryStringType.UTF_8_STRING, "demo additional information"); list.add( createExtension(ObjectIdentifiers.id_extension_additionalInformation, true, false, extensionValue)); // validationModel extensionValue = createConstantExtValue(new ASN1ObjectIdentifier("1.3.6.1.4.1.8301.3.5.1").getEncoded(), "chain"); list.add(createExtension(ObjectIdentifiers.id_extension_validityModel, true, false, extensionValue)); // privateKeyUsagePeriod extensionValue = createPrivateKeyUsagePeriod("3y"); list.add(createExtension(Extension.privateKeyUsagePeriod, true, false, extensionValue)); // QcStatements extensionValue = createQcStatements(true); list.add(createExtension(Extension.qCStatements, true, false, extensionValue)); // biometricInfo extensionValue = createBiometricInfo(); list.add(createExtension(Extension.biometricInfo, true, false, extensionValue)); // authorizationTemplate extensionValue = createAuthorizationTemplate(); list.add( createExtension(ObjectIdentifiers.id_xipki_ext_authorizationTemplate, true, false, extensionValue)); // SubjectAltName SubjectAltName subjectAltNameMode = new SubjectAltName(); OtherName otherName = new OtherName(); otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.1"), "dummy oid 1")); otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.2"), "dummy oid 2")); subjectAltNameMode.setOtherName(otherName); subjectAltNameMode.setRfc822Name(""); subjectAltNameMode.setDnsName(""); subjectAltNameMode.setDirectoryName(""); subjectAltNameMode.setEdiPartyName(""); subjectAltNameMode.setUniformResourceIdentifier(""); subjectAltNameMode.setIpAddress(""); subjectAltNameMode.setRegisteredID(""); extensionValue = createExtensionValueType(subjectAltNameMode); list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue)); // SubjectInfoAccess List<ASN1ObjectIdentifier> accessMethods = new LinkedList<>(); accessMethods.add(ObjectIdentifiers.id_ad_caRepository); for (int i = 0; i < 10; i++) { accessMethods.add(new ASN1ObjectIdentifier("2.3.4." + (i + 1))); } SubjectInfoAccess subjectInfoAccessMode = new SubjectInfoAccess(); for (ASN1ObjectIdentifier accessMethod : accessMethods) { SubjectInfoAccess.Access access = new SubjectInfoAccess.Access(); subjectInfoAccessMode.getAccess().add(access); access.setAccessMethod(createOidType(accessMethod)); GeneralNameType accessLocation = new GeneralNameType(); access.setAccessLocation(accessLocation); otherName = new OtherName(); otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.1"), "dummy oid 1")); otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.2"), "dummy oid 2")); accessLocation.setOtherName(otherName); accessLocation.setRfc822Name(""); accessLocation.setDnsName(""); accessLocation.setDirectoryName(""); accessLocation.setEdiPartyName(""); accessLocation.setUniformResourceIdentifier(""); accessLocation.setIpAddress(""); accessLocation.setRegisteredID(""); } extensionValue = createExtensionValueType(subjectInfoAccessMode); list.add(createExtension(Extension.subjectInfoAccess, true, false, extensionValue)); return profile; }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileMaxTime() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile MaxTime", X509CertLevel.EndEntity, "9999y", false); // Subject/*from www.j av a2 s . c o m*/ Subject subject = profile.getSubject(); subject.setDuplicateSubjectPermitted(false); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { REGEX_FQDN }, null, null)); // Extensions ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); return profile; }