List of usage examples for org.bouncycastle.asn1.x509 Extension subjectAlternativeName
ASN1ObjectIdentifier subjectAlternativeName
To view the source code for org.bouncycastle.asn1.x509 Extension subjectAlternativeName.
Click Source Link
From source file:org.xipki.commons.security.shell.CertRequestGenCommandSupport.java
License:Open Source License
@Override protected Object doExecute() throws Exception { hashAlgo = hashAlgo.trim().toUpperCase(); if (hashAlgo.indexOf('-') != -1) { hashAlgo = hashAlgo.replaceAll("-", ""); }//from w w w.java2 s . co m if (needExtensionTypes == null) { needExtensionTypes = new LinkedList<>(); } if (wantExtensionTypes == null) { wantExtensionTypes = new LinkedList<>(); } // SubjectAltNames List<Extension> extensions = new LinkedList<>(); ASN1OctetString extnValue = createExtnValueSubjectAltName(); if (extnValue != null) { ASN1ObjectIdentifier oid = Extension.subjectAlternativeName; extensions.add(new Extension(oid, false, extnValue)); needExtensionTypes.add(oid.getId()); } // SubjectInfoAccess extnValue = createExtnValueSubjectInfoAccess(); if (extnValue != null) { ASN1ObjectIdentifier oid = Extension.subjectInfoAccess; extensions.add(new Extension(oid, false, extnValue)); needExtensionTypes.add(oid.getId()); } // Keyusage if (isNotEmpty(keyusages)) { Set<KeyUsage> usages = new HashSet<>(); for (String usage : keyusages) { usages.add(KeyUsage.getKeyUsage(usage)); } org.bouncycastle.asn1.x509.KeyUsage extValue = X509Util.createKeyUsage(usages); ASN1ObjectIdentifier extType = Extension.keyUsage; extensions.add(new Extension(extType, false, extValue.getEncoded())); needExtensionTypes.add(extType.getId()); } // ExtendedKeyusage if (isNotEmpty(extkeyusages)) { ExtendedKeyUsage extValue = X509Util.createExtendedUsage(textToAsn1ObjectIdentifers(extkeyusages)); ASN1ObjectIdentifier extType = Extension.extendedKeyUsage; extensions.add(new Extension(extType, false, extValue.getEncoded())); needExtensionTypes.add(extType.getId()); } // QcEuLimitValue if (isNotEmpty(qcEuLimits)) { ASN1EncodableVector vec = new ASN1EncodableVector(); for (String m : qcEuLimits) { StringTokenizer st = new StringTokenizer(m, ":"); try { String currencyS = st.nextToken(); String amountS = st.nextToken(); String exponentS = st.nextToken(); Iso4217CurrencyCode currency; try { int intValue = Integer.parseInt(currencyS); currency = new Iso4217CurrencyCode(intValue); } catch (NumberFormatException ex) { currency = new Iso4217CurrencyCode(currencyS); } int amount = Integer.parseInt(amountS); int exponent = Integer.parseInt(exponentS); MonetaryValue monterayValue = new MonetaryValue(currency, amount, exponent); QCStatement statment = new QCStatement(ObjectIdentifiers.id_etsi_qcs_QcLimitValue, monterayValue); vec.add(statment); } catch (Exception ex) { throw new Exception("invalid qc-eu-limit '" + m + "'"); } } ASN1ObjectIdentifier extType = Extension.qCStatements; ASN1Sequence extValue = new DERSequence(vec); extensions.add(new Extension(extType, false, extValue.getEncoded())); needExtensionTypes.add(extType.getId()); } // biometricInfo if (biometricType != null && biometricHashAlgo != null && biometricFile != null) { TypeOfBiometricData tmpBiometricType = StringUtil.isNumber(biometricType) ? new TypeOfBiometricData(Integer.parseInt(biometricType)) : new TypeOfBiometricData(new ASN1ObjectIdentifier(biometricType)); ASN1ObjectIdentifier tmpBiometricHashAlgo = AlgorithmUtil.getHashAlg(biometricHashAlgo); byte[] biometricBytes = IoUtil.read(biometricFile); MessageDigest md = MessageDigest.getInstance(tmpBiometricHashAlgo.getId()); md.reset(); byte[] tmpBiometricDataHash = md.digest(biometricBytes); DERIA5String tmpSourceDataUri = null; if (biometricUri != null) { tmpSourceDataUri = new DERIA5String(biometricUri); } BiometricData biometricData = new BiometricData(tmpBiometricType, new AlgorithmIdentifier(tmpBiometricHashAlgo), new DEROctetString(tmpBiometricDataHash), tmpSourceDataUri); ASN1EncodableVector vec = new ASN1EncodableVector(); vec.add(biometricData); ASN1ObjectIdentifier extType = Extension.biometricInfo; ASN1Sequence extValue = new DERSequence(vec); extensions.add(new Extension(extType, false, extValue.getEncoded())); needExtensionTypes.add(extType.getId()); } else if (biometricType == null && biometricHashAlgo == null && biometricFile == null) { // Do nothing } else { throw new Exception("either all of biometric triples (type, hash algo, file)" + " must be set or none of them should be set"); } for (Extension addExt : getAdditionalExtensions()) { extensions.add(addExt); } needExtensionTypes.addAll(getAdditionalNeedExtensionTypes()); wantExtensionTypes.addAll(getAdditionalWantExtensionTypes()); if (isNotEmpty(needExtensionTypes) || isNotEmpty(wantExtensionTypes)) { ExtensionExistence ee = new ExtensionExistence(textToAsn1ObjectIdentifers(needExtensionTypes), textToAsn1ObjectIdentifers(wantExtensionTypes)); extensions.add(new Extension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions, false, ee.toASN1Primitive().getEncoded())); } ConcurrentContentSigner signer = getSigner(new SignatureAlgoControl(rsaMgf1, dsaPlain)); Map<ASN1ObjectIdentifier, ASN1Encodable> attributes = new HashMap<>(); if (CollectionUtil.isNonEmpty(extensions)) { attributes.put(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(extensions.toArray(new Extension[0]))); } if (StringUtil.isNotBlank(challengePassword)) { attributes.put(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(challengePassword)); } SubjectPublicKeyInfo subjectPublicKeyInfo; if (signer.getCertificate() != null) { Certificate cert = Certificate.getInstance(signer.getCertificate().getEncoded()); subjectPublicKeyInfo = cert.getSubjectPublicKeyInfo(); } else { subjectPublicKeyInfo = KeyUtil.createSubjectPublicKeyInfo(signer.getPublicKey()); } X500Name subjectDn = getSubject(subject); PKCS10CertificationRequest csr = generateRequest(signer, subjectPublicKeyInfo, subjectDn, attributes); File file = new File(outputFilename); saveVerbose("saved CSR to file", file, csr.getEncoded()); return null; }
From source file:org.xipki.commons.security.util.X509Util.java
License:Open Source License
public static Extension createExtensionSubjectAltName(final List<String> taggedValues, final boolean critical) throws BadInputException { GeneralNames names = createGeneralNames(taggedValues); if (names == null) { return null; }//from www .ja va 2 s.co m try { return new Extension(Extension.subjectAlternativeName, critical, names.getEncoded()); } catch (IOException ex) { throw new RuntimeException(ex.getMessage(), ex); } }
From source file:org.xipki.console.karaf.impl.completer.ExtensionNameCompleterImpl.java
License:Open Source License
public ExtensionNameCompleterImpl() { List<ASN1ObjectIdentifier> oids = new LinkedList<>(); oids.add(ObjectIdentifiers.id_extension_pkix_ocsp_nocheck); oids.add(ObjectIdentifiers.id_extension_admission); oids.add(Extension.auditIdentity); oids.add(Extension.authorityInfoAccess); oids.add(Extension.authorityKeyIdentifier); oids.add(Extension.basicConstraints); oids.add(Extension.biometricInfo); oids.add(Extension.certificateIssuer); oids.add(Extension.certificatePolicies); oids.add(Extension.cRLDistributionPoints); oids.add(Extension.cRLNumber); oids.add(Extension.deltaCRLIndicator); oids.add(Extension.extendedKeyUsage); oids.add(Extension.freshestCRL); oids.add(Extension.inhibitAnyPolicy); oids.add(Extension.instructionCode); oids.add(Extension.invalidityDate); oids.add(Extension.issuerAlternativeName); oids.add(Extension.issuingDistributionPoint); oids.add(Extension.keyUsage); oids.add(Extension.logoType); oids.add(Extension.nameConstraints); oids.add(Extension.noRevAvail); oids.add(Extension.policyConstraints); oids.add(Extension.policyMappings); oids.add(Extension.privateKeyUsagePeriod); oids.add(Extension.qCStatements); oids.add(Extension.reasonCode); oids.add(Extension.subjectAlternativeName); oids.add(Extension.subjectDirectoryAttributes); oids.add(Extension.subjectInfoAccess); oids.add(Extension.subjectKeyIdentifier); oids.add(Extension.targetInformation); StringBuilder enums = new StringBuilder(); for (ASN1ObjectIdentifier oid : oids) { String name = ObjectIdentifiers.getName(oid); if (StringUtil.isBlank(name)) { name = oid.getId();//w w w.ja v a2 s . c om } enums.append(name).append(","); } enums.deleteCharAt(enums.length() - 1); setTokens(enums.toString()); }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileSubCaComplex() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile SubCA with most extensions", X509CertLevel.SubCA, "8y", false); // Subject//from w w w . j a v a2 s . c o m Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, null, "PREFIX ", " SUFFIX")); // Extensions ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = createBasicConstraints(1); list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(false); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, new KeyUsageEnum[] { KeyUsageEnum.CRL_SIGN }); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Certificate Policies extensionValue = createCertificatePolicies(new ASN1ObjectIdentifier("1.2.3.4.5"), new ASN1ObjectIdentifier("2.4.3.2.1")); list.add(createExtension(Extension.certificatePolicies, true, false, extensionValue)); // Policy Mappings PolicyMappings policyMappings = new PolicyMappings(); policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.1"), new ASN1ObjectIdentifier("2.1.1.1.1"))); policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.2"), new ASN1ObjectIdentifier("2.1.1.1.2"))); extensionValue = createExtensionValueType(policyMappings); list.add(createExtension(Extension.policyMappings, true, true, extensionValue)); // Policy Constraints PolicyConstraints policyConstraints = createPolicyConstraints(2, 2); extensionValue = createExtensionValueType(policyConstraints); list.add(createExtension(Extension.policyConstraints, true, true, extensionValue)); // Name Constrains NameConstraints nameConstraints = createNameConstraints(); extensionValue = createExtensionValueType(nameConstraints); list.add(createExtension(Extension.nameConstraints, true, true, extensionValue)); // Inhibit anyPolicy InhibitAnyPolicy inhibitAnyPolicy = createInhibitAnyPolicy(1); extensionValue = createExtensionValueType(inhibitAnyPolicy); list.add(createExtension(Extension.inhibitAnyPolicy, true, true, extensionValue)); // SubjectAltName SubjectAltName subjectAltNameMode = new SubjectAltName(); OtherName otherName = new OtherName(); otherName.getType().add(createOidType(ObjectIdentifiers.DN_O)); subjectAltNameMode.setOtherName(otherName); subjectAltNameMode.setRfc822Name(""); subjectAltNameMode.setDnsName(""); subjectAltNameMode.setDirectoryName(""); subjectAltNameMode.setEdiPartyName(""); subjectAltNameMode.setUniformResourceIdentifier(""); subjectAltNameMode.setIpAddress(""); subjectAltNameMode.setRegisteredID(""); extensionValue = createExtensionValueType(subjectAltNameMode); list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue)); // SubjectInfoAccess SubjectInfoAccess subjectInfoAccessMode = new SubjectInfoAccess(); SubjectInfoAccess.Access access = new SubjectInfoAccess.Access(); subjectInfoAccessMode.getAccess().add(access); access.setAccessMethod(createOidType(ObjectIdentifiers.id_ad_caRepository)); GeneralNameType accessLocation = new GeneralNameType(); access.setAccessLocation(accessLocation); accessLocation.setDirectoryName(""); accessLocation.setUniformResourceIdentifier(""); extensionValue = createExtensionValueType(subjectInfoAccessMode); list.add(createExtension(Extension.subjectInfoAccess, true, false, extensionValue)); // Custom Extension ASN1ObjectIdentifier customExtensionOid = new ASN1ObjectIdentifier("1.2.3.4"); extensionValue = createConstantExtValue(DERNull.INSTANCE.getEncoded(), "DER Null"); list.add(createExtension(customExtensionOid, true, false, extensionValue, "custom extension 1")); return profile; }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileTls() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile TLS", X509CertLevel.EndEntity, "5y", true); profile.setDuplicateKey(true);//from w ww. ja v a2s . c om // Subject Subject subject = profile.getSubject(); subject.setDuplicateSubjectPermitted(true); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { REGEX_FQDN }, null, null)); // Extensions // Extensions - general ExtensionsType extensions = profile.getExtensions(); // SubjectToSubjectAltName extensions.setSubjectToSubjectAltNames(new SubjectToSubjectAltNamesType()); SubjectToSubjectAltNameType s2sType = new SubjectToSubjectAltNameType(); extensions.getSubjectToSubjectAltNames().getSubjectToSubjectAltName().add(s2sType); s2sType.setSource(createOidType(ObjectIdentifiers.DN_CN)); s2sType.setTarget(new Target()); s2sType.getTarget().setDnsName(""); // Extensions - controls List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - SubjectAltNames SubjectAltName subjectAltNameMode = new SubjectAltName(); subjectAltNameMode.setDnsName(""); subjectAltNameMode.setIpAddress(""); ExtensionValueType extensionValue = createExtensionValueType(subjectAltNameMode); list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue)); // Extensions - basicConstraints extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Extensions - extenedKeyUsage extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth }); list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue)); // Extensions - tlsFeature extensionValue = createTlsFeature(new TlsExtensionType[] { TlsExtensionType.STATUS_REQUEST, TlsExtensionType.CLIENT_CERTIFICATE_URL }); list.add(createExtension(ObjectIdentifiers.id_pe_tlsfeature, true, true, extensionValue)); // Extensions - SMIMECapabilities extensionValue = createSmimeCapabilities(); list.add(createExtension(ObjectIdentifiers.id_smimeCapabilities, true, false, extensionValue)); return profile; }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileGsmcK() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile gSMC_K", X509CertLevel.EndEntity, "5y", false); // SpecialBehavior profile.setSpecialBehavior(SpecialX509CertprofileBehavior.gematik_gSMC_K.name()); // Maximal life time Parameters profileParams = new Parameters(); profile.setParameters(profileParams); NameValueType nv = new NameValueType(); nv.setName(SpecialX509CertprofileBehavior.PARAMETER_MAXLIFTIME); nv.setValue(Integer.toString(20 * 365)); profileParams.getParameter().add(nv); // Subject//from w ww. j av a 2 s . c o m Subject subject = profile.getSubject(); subject.setDuplicateSubjectPermitted(true); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_ST, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_L, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_POSTAL_CODE, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_STREET, 0, 1)); // regex: ICCSN-yyyyMMdd String regex = "80276[\\d]{15,15}-20\\d\\d(0[1-9]|1[012])(0[1-9]|[12][0-9]|3[01])"; rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { regex }, null, null)); // Extensions ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages( new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.KEY_ENCIPHERMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Extensions - extenedKeyUsage extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth }); list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue)); // Extensions - Policy CertificatePolicies policies = new CertificatePolicies(); ASN1ObjectIdentifier[] policyIds = new ASN1ObjectIdentifier[] { ID_GEMATIK.branch("79"), ID_GEMATIK.branch("163") }; for (ASN1ObjectIdentifier id : policyIds) { CertificatePolicyInformationType policyInfo = new CertificatePolicyInformationType(); policies.getCertificatePolicyInformation().add(policyInfo); policyInfo.setPolicyIdentifier(createOidType(id)); } extensionValue = createExtensionValueType(policies); list.add(createExtension(Extension.certificatePolicies, true, false, extensionValue)); // Extension - Admission AdmissionSyntax admissionSyntax = new AdmissionSyntax(); AdmissionsType admissions = new AdmissionsType(); admissionSyntax.getContentsOfAdmissions().add(admissions); ProfessionInfoType pi = new ProfessionInfoType(); admissions.getProfessionInfo().add(pi); pi.getProfessionOid().add(createOidType(ID_GEMATIK.branch("103"))); pi.getProfessionItem().add("Anwendungskonnektor"); extensionValue = createExtensionValueType(admissionSyntax); // check the syntax XmlX509CertprofileUtil.buildAdmissionSyntax(false, admissionSyntax); list.add(createExtension(ObjectIdentifiers.id_extension_admission, true, false, extensionValue)); // SubjectAltNames extensionValue = null; list.add(createExtension(Extension.subjectAlternativeName, false, false, extensionValue)); return profile; }
From source file:org.xipki.pki.ca.certprofile.test.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType certprofileEeComplex() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile EE complex", X509CertLevel.EndEntity, "5y", true); // Subject//from ww w . j a va2s . c o m Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); subject.setKeepRdnOrder(true); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRdn(ObjectIdentifiers.DN_DATE_OF_BIRTH, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_POSTAL_ADDRESS, 0, 1)); rdnControls.add(createRdn(ObjectIdentifiers.DN_UNIQUE_IDENTIFIER, 1, 1)); // Extensions // Extensions - general ExtensionsType extensions = profile.getExtensions(); // Extensions - controls List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, false, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Extensions - extenedKeyUsage extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth }); list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue)); // Extension - subjectDirectoryAttributes SubjectDirectoryAttributs subjectDirAttrType = new SubjectDirectoryAttributs(); List<OidWithDescType> attrTypes = subjectDirAttrType.getType(); attrTypes.add(createOidType(ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP)); attrTypes.add(createOidType(ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE)); attrTypes.add(createOidType(ObjectIdentifiers.DN_GENDER)); attrTypes.add(createOidType(ObjectIdentifiers.DN_DATE_OF_BIRTH)); attrTypes.add(createOidType(ObjectIdentifiers.DN_PLACE_OF_BIRTH)); extensionValue = createExtensionValueType(subjectDirAttrType); list.add(createExtension(Extension.subjectDirectoryAttributes, true, false, extensionValue)); // Extension - Admission AdmissionSyntax admissionSyntax = new AdmissionSyntax(); admissionSyntax.setAdmissionAuthority( new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 1")).getEncoded()); AdmissionsType admissions = new AdmissionsType(); admissions.setAdmissionAuthority( new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 2")).getEncoded()); NamingAuthorityType namingAuthorityL2 = new NamingAuthorityType(); namingAuthorityL2.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5"))); namingAuthorityL2.setUrl("http://naming-authority-level2.example.org"); namingAuthorityL2.setText("namingAuthrityText level 2"); admissions.setNamingAuthority(namingAuthorityL2); admissionSyntax.getContentsOfAdmissions().add(admissions); ProfessionInfoType pi = new ProfessionInfoType(); admissions.getProfessionInfo().add(pi); pi.getProfessionOid().add(createOidType(new ASN1ObjectIdentifier("1.2.3.4"), "demo oid")); pi.getProfessionItem().add("demo item"); NamingAuthorityType namingAuthorityL3 = new NamingAuthorityType(); namingAuthorityL3.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5"))); namingAuthorityL3.setUrl("http://naming-authority-level3.example.org"); namingAuthorityL3.setText("namingAuthrityText level 3"); pi.setNamingAuthority(namingAuthorityL3); pi.setAddProfessionInfo(new byte[] { 1, 2, 3, 4 }); RegistrationNumber regNum = new RegistrationNumber(); pi.setRegistrationNumber(regNum); regNum.setRegex("a*b"); // check the syntax XmlX509CertprofileUtil.buildAdmissionSyntax(false, admissionSyntax); extensionValue = createExtensionValueType(admissionSyntax); list.add(createExtension(ObjectIdentifiers.id_extension_admission, true, false, extensionValue)); // restriction extensionValue = createRestriction(DirectoryStringType.UTF_8_STRING, "demo restriction"); list.add(createExtension(ObjectIdentifiers.id_extension_restriction, true, false, extensionValue)); // additionalInformation extensionValue = createAdditionalInformation(DirectoryStringType.UTF_8_STRING, "demo additional information"); list.add( createExtension(ObjectIdentifiers.id_extension_additionalInformation, true, false, extensionValue)); // validationModel extensionValue = createConstantExtValue(new ASN1ObjectIdentifier("1.3.6.1.4.1.8301.3.5.1").getEncoded(), "chain"); list.add(createExtension(ObjectIdentifiers.id_extension_validityModel, true, false, extensionValue)); // privateKeyUsagePeriod extensionValue = createPrivateKeyUsagePeriod("3y"); list.add(createExtension(Extension.privateKeyUsagePeriod, true, false, extensionValue)); // QcStatements extensionValue = createQcStatements(true); list.add(createExtension(Extension.qCStatements, true, false, extensionValue)); // biometricInfo extensionValue = createBiometricInfo(); list.add(createExtension(Extension.biometricInfo, true, false, extensionValue)); // authorizationTemplate extensionValue = createAuthorizationTemplate(); list.add( createExtension(ObjectIdentifiers.id_xipki_ext_authorizationTemplate, true, false, extensionValue)); // SubjectAltName SubjectAltName subjectAltNameMode = new SubjectAltName(); OtherName otherName = new OtherName(); otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.1"), "dummy oid 1")); otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.2"), "dummy oid 2")); subjectAltNameMode.setOtherName(otherName); subjectAltNameMode.setRfc822Name(""); subjectAltNameMode.setDnsName(""); subjectAltNameMode.setDirectoryName(""); subjectAltNameMode.setEdiPartyName(""); subjectAltNameMode.setUniformResourceIdentifier(""); subjectAltNameMode.setIpAddress(""); subjectAltNameMode.setRegisteredID(""); extensionValue = createExtensionValueType(subjectAltNameMode); list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue)); // SubjectInfoAccess List<ASN1ObjectIdentifier> accessMethods = new LinkedList<>(); accessMethods.add(ObjectIdentifiers.id_ad_caRepository); for (int i = 0; i < 10; i++) { accessMethods.add(new ASN1ObjectIdentifier("2.3.4." + (i + 1))); } SubjectInfoAccess subjectInfoAccessMode = new SubjectInfoAccess(); for (ASN1ObjectIdentifier accessMethod : accessMethods) { SubjectInfoAccess.Access access = new SubjectInfoAccess.Access(); subjectInfoAccessMode.getAccess().add(access); access.setAccessMethod(createOidType(accessMethod)); GeneralNameType accessLocation = new GeneralNameType(); access.setAccessLocation(accessLocation); otherName = new OtherName(); otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.1"), "dummy oid 1")); otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.2"), "dummy oid 2")); accessLocation.setOtherName(otherName); accessLocation.setRfc822Name(""); accessLocation.setDnsName(""); accessLocation.setDirectoryName(""); accessLocation.setEdiPartyName(""); accessLocation.setUniformResourceIdentifier(""); accessLocation.setIpAddress(""); accessLocation.setRegisteredID(""); } extensionValue = createExtensionValueType(subjectInfoAccessMode); list.add(createExtension(Extension.subjectInfoAccess, true, false, extensionValue)); return profile; }
From source file:org.xipki.pki.ca.certprofile.XmlX509Certprofile.java
License:Open Source License
private void doInitialize(X509ProfileType conf) throws CertprofileException { if (conf.getVersion() != null) { String versionText = conf.getVersion(); this.version = X509CertVersion.forName(versionText); if (this.version == null) { throw new CertprofileException(String.format("invalid version '%s'", versionText)); }/*w ww. j a va 2s .c om*/ } else { this.version = X509CertVersion.v3; } if (conf.getSignatureAlgorithms() != null) { List<String> algoNames = conf.getSignatureAlgorithms().getAlgorithm(); List<String> list = new ArrayList<>(algoNames.size()); for (String algoName : algoNames) { try { list.add(AlgorithmUtil.canonicalizeSignatureAlgo(algoName)); } catch (NoSuchAlgorithmException ex) { throw new CertprofileException(ex.getMessage(), ex); } } this.signatureAlgorithms = Collections.unmodifiableList(list); } this.raOnly = conf.isRaOnly(); this.maxSize = conf.getMaxSize(); this.validity = CertValidity.getInstance(conf.getValidity()); String str = conf.getCertLevel(); if ("RootCA".equalsIgnoreCase(str)) { this.certLevel = X509CertLevel.RootCA; } else if ("SubCA".equalsIgnoreCase(str)) { this.certLevel = X509CertLevel.SubCA; } else if ("EndEntity".equalsIgnoreCase(str)) { this.certLevel = X509CertLevel.EndEntity; } else { throw new CertprofileException("invalid CertLevel '" + str + "'"); } str = conf.getNotBeforeTime(); if ("midnight".equalsIgnoreCase(str)) { this.notBeforeMidnight = true; } else if ("current".equalsIgnoreCase(str)) { this.notBeforeMidnight = false; } else { throw new CertprofileException("invalid notBefore '" + str + "'"); } String specBehavior = conf.getSpecialBehavior(); if (specBehavior != null) { this.specialBehavior = SpecialX509CertprofileBehavior.forName(specBehavior); } this.duplicateKeyPermitted = conf.isDuplicateKey(); this.serialNumberInReqPermitted = conf.isSerialNumberInReq(); // KeyAlgorithms KeyAlgorithms keyAlgos = conf.getKeyAlgorithms(); if (keyAlgos != null) { this.keyAlgorithms = XmlX509CertprofileUtil.buildKeyAlgorithms(keyAlgos); } // parameters Parameters confParams = conf.getParameters(); if (confParams == null) { parameters = null; } else { Map<String, String> tmpMap = new HashMap<>(); for (NameValueType nv : confParams.getParameter()) { tmpMap.put(nv.getName(), nv.getValue()); } parameters = Collections.unmodifiableMap(tmpMap); } // Subject Subject subject = conf.getSubject(); duplicateSubjectPermitted = subject.isDuplicateSubjectPermitted(); List<RdnControl> subjectDnControls = new LinkedList<>(); for (RdnType rdn : subject.getRdn()) { ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(rdn.getType().getValue()); List<Pattern> patterns = null; if (CollectionUtil.isNonEmpty(rdn.getRegex())) { patterns = new LinkedList<>(); for (String regex : rdn.getRegex()) { Pattern pattern = Pattern.compile(regex); patterns.add(pattern); } } if (patterns == null) { Pattern pattern = SubjectDnSpec.getPattern(type); if (pattern != null) { patterns = Arrays.asList(pattern); } } Range range = (rdn.getMinLen() != null || rdn.getMaxLen() != null) ? new Range(rdn.getMinLen(), rdn.getMaxLen()) : null; RdnControl rdnControl = new RdnControl(type, rdn.getMinOccurs(), rdn.getMaxOccurs()); subjectDnControls.add(rdnControl); StringType stringType = XmlX509CertprofileUtil.convertStringType(rdn.getStringType()); rdnControl.setStringType(stringType); rdnControl.setStringLengthRange(range); rdnControl.setPatterns(patterns); rdnControl.setPrefix(rdn.getPrefix()); rdnControl.setSuffix(rdn.getSuffix()); rdnControl.setGroup(rdn.getGroup()); SubjectDnSpec.fixRdnControl(rdnControl); } this.subjectControl = new SubjectControl(subjectDnControls, subject.isKeepRdnOrder()); this.incSerialNoIfSubjectExists = subject.isIncSerialNumber(); // Extensions ExtensionsType extensionsType = conf.getExtensions(); // SubjectToSubjectAltName initSubjectToSubjectAltNames(extensionsType); // Extension controls this.extensionControls = XmlX509CertprofileUtil.buildExtensionControls(extensionsType); // AdditionalInformation initAdditionalInformation(extensionsType); // Admission initAdmission(extensionsType); // AuthorityInfoAccess initAuthorityInfoAccess(extensionsType); // AuthorityKeyIdentifier initAuthorityKeyIdentifier(extensionsType); // AuthorizationTemplate initAuthorizationTemplate(extensionsType); // BasicConstrains initBasicConstraints(extensionsType); // BiometricInfo initBiometricInfo(extensionsType); // Certificate Policies initCertificatePolicies(extensionsType); // ExtendedKeyUsage initExtendedKeyUsage(extensionsType); // Inhibit anyPolicy initInhibitAnyPolicy(extensionsType); // KeyUsage initKeyUsage(extensionsType); // Name Constrains initNameConstraints(extensionsType); // Policy Constraints initPolicyConstraints(extensionsType); // Policy Mappings initPolicyMappings(extensionsType); // PrivateKeyUsagePeriod initPrivateKeyUsagePeriod(extensionsType); // QCStatements initQcStatements(extensionsType); // Restriction initRestriction(extensionsType); // SMIMECapatibilities initSmimeCapabilities(extensionsType); // SubjectAltNameMode initSubjectAlternativeName(extensionsType); // SubjectInfoAccess initSubjectInfoAccess(extensionsType); // TlsFeature initTlsFeature(extensionsType); // validityModel initValidityModel(extensionsType); // SubjectDirectoryAttributes initSubjectDirAttrs(extensionsType); // constant extensions this.constantExtensions = XmlX509CertprofileUtil.buildConstantExtesions(extensionsType); // validate the configuration if (subjectToSubjectAltNameModes != null) { if (!extensionControls.containsKey(Extension.subjectAlternativeName)) { throw new CertprofileException( "subjectToSubjectAltNames cannot be configured if extension subjectAltNames" + " is not permitted"); } if (subjectAltNameModes != null) { for (ASN1ObjectIdentifier attrType : subjectToSubjectAltNameModes.keySet()) { GeneralNameTag nameTag = subjectToSubjectAltNameModes.get(attrType); boolean allowed = false; for (GeneralNameMode m : subjectAltNameModes) { if (m.getTag() == nameTag) { allowed = true; break; } } if (!allowed) { throw new CertprofileException("target SubjectAltName type " + nameTag + " is not allowed"); } } } } }
From source file:org.xipki.pki.ca.certprofile.XmlX509Certprofile.java
License:Open Source License
private void initSubjectAlternativeName(ExtensionsType extensionsType) throws CertprofileException { ASN1ObjectIdentifier type = Extension.subjectAlternativeName; if (!extensionControls.containsKey(type)) { return;//from ww w. jav a 2 s.co m } SubjectAltName extConf = (SubjectAltName) getExtensionValue(type, extensionsType, SubjectAltName.class); if (extConf == null) { return; } this.subjectAltNameModes = XmlX509CertprofileUtil.buildGeneralNameMode(extConf); }
From source file:org.xipki.pki.ca.certprofile.XmlX509Certprofile.java
License:Open Source License
@Override public ExtensionValues getExtensions(final Map<ASN1ObjectIdentifier, ExtensionControl> extensionOccurences, final X500Name requestedSubject, final X500Name grantedSubject, final Extensions requestedExtensions, final Date notBefore, final Date notAfter) throws CertprofileException, BadCertTemplateException { ExtensionValues values = new ExtensionValues(); if (CollectionUtil.isEmpty(extensionOccurences)) { return values; }/* w w w.j ava2 s .c o m*/ ParamUtil.requireNonNull("requestedSubject", requestedSubject); ParamUtil.requireNonNull("notBefore", notBefore); ParamUtil.requireNonNull("notAfter", notAfter); Set<ASN1ObjectIdentifier> occurences = new HashSet<>(extensionOccurences.keySet()); // AuthorityKeyIdentifier // processed by the CA // SubjectKeyIdentifier // processed by the CA // KeyUsage // processed by the CA // CertificatePolicies ASN1ObjectIdentifier type = Extension.certificatePolicies; if (certificatePolicies != null) { if (occurences.remove(type)) { values.addExtension(type, certificatePolicies); } } // Policy Mappings type = Extension.policyMappings; if (policyMappings != null) { if (occurences.remove(type)) { values.addExtension(type, policyMappings); } } // SubjectAltName type = Extension.subjectAlternativeName; if (occurences.contains(type)) { GeneralNames genNames = createRequestedSubjectAltNames(requestedSubject, grantedSubject, requestedExtensions); if (genNames != null) { ExtensionValue value = new ExtensionValue(extensionControls.get(type).isCritical(), genNames); values.addExtension(type, value); occurences.remove(type); } } // IssuerAltName // processed by the CA // Subject Directory Attributes type = Extension.subjectDirectoryAttributes; if (occurences.contains(type) && subjectDirAttrsControl != null) { Extension extension = (requestedExtensions == null) ? null : requestedExtensions.getExtension(type); if (extension == null) { throw new BadCertTemplateException( "no SubjectDirecotryAttributes extension is contained in the request"); } ASN1GeneralizedTime dateOfBirth = null; String placeOfBirth = null; String gender = null; List<String> countryOfCitizenshipList = new LinkedList<>(); List<String> countryOfResidenceList = new LinkedList<>(); Map<ASN1ObjectIdentifier, List<ASN1Encodable>> otherAttrs = new HashMap<>(); Vector<?> reqSubDirAttrs = SubjectDirectoryAttributes.getInstance(extension.getParsedValue()) .getAttributes(); final int n = reqSubDirAttrs.size(); for (int i = 0; i < n; i++) { Attribute attr = (Attribute) reqSubDirAttrs.get(i); ASN1ObjectIdentifier attrType = attr.getAttrType(); ASN1Encodable attrVal = attr.getAttributeValues()[0]; if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(attrType)) { dateOfBirth = ASN1GeneralizedTime.getInstance(attrVal); } else if (ObjectIdentifiers.DN_PLACE_OF_BIRTH.equals(attrType)) { placeOfBirth = DirectoryString.getInstance(attrVal).getString(); } else if (ObjectIdentifiers.DN_GENDER.equals(attrType)) { gender = DERPrintableString.getInstance(attrVal).getString(); } else if (ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP.equals(attrType)) { String country = DERPrintableString.getInstance(attrVal).getString(); countryOfCitizenshipList.add(country); } else if (ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE.equals(attrType)) { String country = DERPrintableString.getInstance(attrVal).getString(); countryOfResidenceList.add(country); } else { List<ASN1Encodable> otherAttrVals = otherAttrs.get(attrType); if (otherAttrVals == null) { otherAttrVals = new LinkedList<>(); otherAttrs.put(attrType, otherAttrVals); } otherAttrVals.add(attrVal); } } Vector<Attribute> attrs = new Vector<>(); for (ASN1ObjectIdentifier attrType : subjectDirAttrsControl.getTypes()) { if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(attrType)) { if (dateOfBirth != null) { String timeStirng = dateOfBirth.getTimeString(); if (!SubjectDnSpec.PATTERN_DATE_OF_BIRTH.matcher(timeStirng).matches()) { throw new BadCertTemplateException("invalid dateOfBirth " + timeStirng); } attrs.add(new Attribute(attrType, new DERSet(dateOfBirth))); continue; } } else if (ObjectIdentifiers.DN_PLACE_OF_BIRTH.equals(attrType)) { if (placeOfBirth != null) { ASN1Encodable attrVal = new DERUTF8String(placeOfBirth); attrs.add(new Attribute(attrType, new DERSet(attrVal))); continue; } } else if (ObjectIdentifiers.DN_GENDER.equals(attrType)) { if (gender != null && !gender.isEmpty()) { char ch = gender.charAt(0); if (!(gender.length() == 1 && (ch == 'f' || ch == 'F' || ch == 'm' || ch == 'M'))) { throw new BadCertTemplateException("invalid gender " + gender); } ASN1Encodable attrVal = new DERPrintableString(gender); attrs.add(new Attribute(attrType, new DERSet(attrVal))); continue; } } else if (ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP.equals(attrType)) { if (!countryOfCitizenshipList.isEmpty()) { for (String country : countryOfCitizenshipList) { if (!SubjectDnSpec.isValidCountryAreaCode(country)) { throw new BadCertTemplateException("invalid countryOfCitizenship code " + country); } ASN1Encodable attrVal = new DERPrintableString(country); attrs.add(new Attribute(attrType, new DERSet(attrVal))); } continue; } } else if (ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE.equals(attrType)) { if (!countryOfResidenceList.isEmpty()) { for (String country : countryOfResidenceList) { if (!SubjectDnSpec.isValidCountryAreaCode(country)) { throw new BadCertTemplateException("invalid countryOfResidence code " + country); } ASN1Encodable attrVal = new DERPrintableString(country); attrs.add(new Attribute(attrType, new DERSet(attrVal))); } continue; } } else if (otherAttrs.containsKey(attrType)) { for (ASN1Encodable attrVal : otherAttrs.get(attrType)) { attrs.add(new Attribute(attrType, new DERSet(attrVal))); } continue; } throw new BadCertTemplateException( "could not process type " + attrType.getId() + " in extension SubjectDirectoryAttributes"); } SubjectDirectoryAttributes subjDirAttrs = new SubjectDirectoryAttributes(attrs); ExtensionValue extValue = new ExtensionValue(extensionControls.get(type).isCritical(), subjDirAttrs); values.addExtension(type, extValue); occurences.remove(type); } // Basic Constraints // processed by the CA // Name Constraints type = Extension.nameConstraints; if (nameConstraints != null) { if (occurences.remove(type)) { values.addExtension(type, nameConstraints); } } // PolicyConstrains type = Extension.policyConstraints; if (policyConstraints != null) { if (occurences.remove(type)) { values.addExtension(type, policyConstraints); } } // ExtendedKeyUsage // processed by CA // CRL Distribution Points // processed by the CA // Inhibit anyPolicy type = Extension.inhibitAnyPolicy; if (inhibitAnyPolicy != null) { if (occurences.remove(type)) { values.addExtension(type, inhibitAnyPolicy); } } // Freshest CRL // processed by the CA // Authority Information Access // processed by the CA // Subject Information Access // processed by the CA // Admission type = ObjectIdentifiers.id_extension_admission; if (occurences.contains(type) && admission != null) { if (admission.isInputFromRequestRequired()) { Extension extension = (requestedExtensions == null) ? null : requestedExtensions.getExtension(type); if (extension == null) { throw new BadCertTemplateException("No Admission extension is contained in the request"); } Admissions[] reqAdmissions = org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax .getInstance(extension.getParsedValue()).getContentsOfAdmissions(); final int n = reqAdmissions.length; List<List<String>> reqRegNumsList = new ArrayList<>(n); for (int i = 0; i < n; i++) { Admissions reqAdmission = reqAdmissions[i]; ProfessionInfo[] reqPis = reqAdmission.getProfessionInfos(); List<String> reqNums = new ArrayList<>(reqPis.length); reqRegNumsList.add(reqNums); for (ProfessionInfo reqPi : reqPis) { String reqNum = reqPi.getRegistrationNumber(); reqNums.add(reqNum); } } values.addExtension(type, admission.getExtensionValue(reqRegNumsList)); occurences.remove(type); } else { values.addExtension(type, admission.getExtensionValue(null)); occurences.remove(type); } } // OCSP Nocheck // processed by the CA // restriction type = ObjectIdentifiers.id_extension_restriction; if (restriction != null) { if (occurences.remove(type)) { values.addExtension(type, restriction); } } // AdditionalInformation type = ObjectIdentifiers.id_extension_additionalInformation; if (additionalInformation != null) { if (occurences.remove(type)) { values.addExtension(type, additionalInformation); } } // ValidityModel type = ObjectIdentifiers.id_extension_validityModel; if (validityModel != null) { if (occurences.remove(type)) { values.addExtension(type, validityModel); } } // PrivateKeyUsagePeriod type = Extension.privateKeyUsagePeriod; if (occurences.contains(type)) { Date tmpNotAfter; if (privateKeyUsagePeriod == null) { tmpNotAfter = notAfter; } else { tmpNotAfter = privateKeyUsagePeriod.add(notBefore); if (tmpNotAfter.after(notAfter)) { tmpNotAfter = notAfter; } } ASN1EncodableVector vec = new ASN1EncodableVector(); vec.add(new DERTaggedObject(false, 0, new DERGeneralizedTime(notBefore))); vec.add(new DERTaggedObject(false, 1, new DERGeneralizedTime(tmpNotAfter))); ExtensionValue extValue = new ExtensionValue(extensionControls.get(type).isCritical(), new DERSequence(vec)); values.addExtension(type, extValue); occurences.remove(type); } // QCStatements type = Extension.qCStatements; if (occurences.contains(type) && (qcStatments != null || qcStatementsOption != null)) { if (qcStatments != null) { values.addExtension(type, qcStatments); occurences.remove(type); } else if (requestedExtensions != null && qcStatementsOption != null) { // extract the euLimit data from request Extension extension = requestedExtensions.getExtension(type); if (extension == null) { throw new BadCertTemplateException("No QCStatement extension is contained in the request"); } ASN1Sequence seq = ASN1Sequence.getInstance(extension.getParsedValue()); Map<String, int[]> qcEuLimits = new HashMap<>(); final int n = seq.size(); for (int i = 0; i < n; i++) { QCStatement stmt = QCStatement.getInstance(seq.getObjectAt(i)); if (!ObjectIdentifiers.id_etsi_qcs_QcLimitValue.equals(stmt.getStatementId())) { continue; } MonetaryValue monetaryValue = MonetaryValue.getInstance(stmt.getStatementInfo()); int amount = monetaryValue.getAmount().intValue(); int exponent = monetaryValue.getExponent().intValue(); Iso4217CurrencyCode currency = monetaryValue.getCurrency(); String currencyS = currency.isAlphabetic() ? currency.getAlphabetic().toUpperCase() : Integer.toString(currency.getNumeric()); qcEuLimits.put(currencyS, new int[] { amount, exponent }); } ASN1EncodableVector vec = new ASN1EncodableVector(); for (QcStatementOption m : qcStatementsOption) { if (m.getStatement() != null) { vec.add(m.getStatement()); continue; } MonetaryValueOption monetaryOption = m.getMonetaryValueOption(); String currencyS = monetaryOption.getCurrencyString(); int[] limit = qcEuLimits.get(currencyS); if (limit == null) { throw new BadCertTemplateException( "no EuLimitValue is specified for currency '" + currencyS + "'"); } int amount = limit[0]; Range2Type range = monetaryOption.getAmountRange(); if (amount < range.getMin() || amount > range.getMax()) { throw new BadCertTemplateException("amount for currency '" + currencyS + "' is not within [" + range.getMin() + ", " + range.getMax() + "]"); } int exponent = limit[1]; range = monetaryOption.getExponentRange(); if (exponent < range.getMin() || exponent > range.getMax()) { throw new BadCertTemplateException("exponent for currency '" + currencyS + "' is not within [" + range.getMin() + ", " + range.getMax() + "]"); } MonetaryValue monetaryVale = new MonetaryValue(monetaryOption.getCurrency(), amount, exponent); QCStatement qcStatment = new QCStatement(m.getStatementId(), monetaryVale); vec.add(qcStatment); } ExtensionValue extValue = new ExtensionValue(extensionControls.get(type).isCritical(), new DERSequence(vec)); values.addExtension(type, extValue); occurences.remove(type); } else { throw new RuntimeException("should not reach here"); } } // BiometricData type = Extension.biometricInfo; if (occurences.contains(type) && biometricInfo != null) { Extension extension = (requestedExtensions == null) ? null : requestedExtensions.getExtension(type); if (extension == null) { throw new BadCertTemplateException("no biometricInfo extension is contained in the request"); } ASN1Sequence seq = ASN1Sequence.getInstance(extension.getParsedValue()); final int n = seq.size(); if (n < 1) { throw new BadCertTemplateException("biometricInfo extension in request contains empty sequence"); } ASN1EncodableVector vec = new ASN1EncodableVector(); for (int i = 0; i < n; i++) { BiometricData bd = BiometricData.getInstance(seq.getObjectAt(i)); TypeOfBiometricData bdType = bd.getTypeOfBiometricData(); if (!biometricInfo.isTypePermitted(bdType)) { throw new BadCertTemplateException( "biometricInfo[" + i + "].typeOfBiometricData is not permitted"); } ASN1ObjectIdentifier hashAlgo = bd.getHashAlgorithm().getAlgorithm(); if (!biometricInfo.isHashAlgorithmPermitted(hashAlgo)) { throw new BadCertTemplateException("biometricInfo[" + i + "].hashAlgorithm is not permitted"); } int expHashValueSize; try { expHashValueSize = AlgorithmUtil.getHashOutputSizeInOctets(hashAlgo); } catch (NoSuchAlgorithmException ex) { throw new CertprofileException("should not happen, unknown hash algorithm " + hashAlgo); } byte[] hashValue = bd.getBiometricDataHash().getOctets(); if (hashValue.length != expHashValueSize) { throw new BadCertTemplateException( "biometricInfo[" + i + "].biometricDataHash has incorrect length"); } DERIA5String sourceDataUri = bd.getSourceDataUri(); switch (biometricInfo.getSourceDataUriOccurrence()) { case FORBIDDEN: sourceDataUri = null; break; case REQUIRED: if (sourceDataUri == null) { throw new BadCertTemplateException("biometricInfo[" + i + "].sourceDataUri is not specified in request but is required"); } break; case OPTIONAL: break; default: throw new BadCertTemplateException("could not reach here, unknown tripleState"); } AlgorithmIdentifier newHashAlg = new AlgorithmIdentifier(hashAlgo, DERNull.INSTANCE); BiometricData newBiometricData = new BiometricData(bdType, newHashAlg, new DEROctetString(hashValue), sourceDataUri); vec.add(newBiometricData); } ExtensionValue extValue = new ExtensionValue(extensionControls.get(type).isCritical(), new DERSequence(vec)); values.addExtension(type, extValue); occurences.remove(type); } // TlsFeature type = ObjectIdentifiers.id_pe_tlsfeature; if (tlsFeature != null) { if (occurences.remove(type)) { values.addExtension(type, tlsFeature); } } // AuthorizationTemplate type = ObjectIdentifiers.id_xipki_ext_authorizationTemplate; if (authorizationTemplate != null) { if (occurences.remove(type)) { values.addExtension(type, authorizationTemplate); } } // SMIME type = ObjectIdentifiers.id_smimeCapabilities; if (smimeCapabilities != null) { if (occurences.remove(type)) { values.addExtension(type, smimeCapabilities); } } // constant extensions if (constantExtensions != null) { for (ASN1ObjectIdentifier m : constantExtensions.keySet()) { if (!occurences.remove(m)) { continue; } ExtensionValue extensionValue = constantExtensions.get(m); if (extensionValue != null) { values.addExtension(m, extensionValue); } } } return values; }