Example usage for org.bouncycastle.asn1.x509.qualified SemanticsInformation SemanticsInformation

List of usage examples for org.bouncycastle.asn1.x509.qualified SemanticsInformation SemanticsInformation

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.x509.qualified.*
  5. SemanticsInformation
  6. SemanticsInformation

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x509.qualified SemanticsInformation SemanticsInformation.

Prototype

public SemanticsInformation(ASN1ObjectIdentifier semanticsIdentifier, GeneralName[] generalNames)

Source Link

Usage

From source file:org.cesecore.certificates.certificate.certextensions.standard.QcStatement.java

License:Open Source License

@Override
public ASN1Encodable getValue(final EndEntityInformation subject, final CA ca,
        final CertificateProfile certProfile, final PublicKey userPublicKey, final PublicKey caPublicKey,
        CertificateValidity val) throws CertificateExtensionException {
    DERSequence ret = null;//from   w w w .j  av  a  2  s  .  c om
    final String names = certProfile.getQCStatementRAName();
    final GeneralNames san = CertTools.getGeneralNamesFromAltName(names);
    SemanticsInformation si = null;
    if (san != null) {
        if (StringUtils.isNotEmpty(certProfile.getQCSemanticsId())) {
            si = new SemanticsInformation(new ASN1ObjectIdentifier(certProfile.getQCSemanticsId()),
                    san.getNames());
        } else {
            si = new SemanticsInformation(san.getNames());
        }
    } else if (StringUtils.isNotEmpty(certProfile.getQCSemanticsId())) {
        si = new SemanticsInformation(new ASN1ObjectIdentifier(certProfile.getQCSemanticsId()));
    }
    final ArrayList<QCStatement> qcs = new ArrayList<QCStatement>();
    QCStatement qc = null;
    // First the standard rfc3739 QCStatement with an optional SematicsInformation
    // We never add RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1. This is so old so we think it has never been used in the wild basically.
    // That means no need to have code we have to maintain for that.
    if (certProfile.getUsePkixQCSyntaxV2()) {
        ASN1ObjectIdentifier pkixQcSyntax = RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2;
        if ((si != null)) {
            qc = new QCStatement(pkixQcSyntax, si);
            qcs.add(qc);
        } else {
            qc = new QCStatement(pkixQcSyntax);
            qcs.add(qc);
        }
    }
    // ETSI Statement that the certificate is a Qualified Certificate
    if (certProfile.getUseQCEtsiQCCompliance()) {
        qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance);
        qcs.add(qc);
    }
    // ETSI Statement regarding limit on the value of transactions
    // Both value and currency must be available for this extension
    if (certProfile.getUseQCEtsiValueLimit() && (certProfile.getQCEtsiValueLimit() >= 0)
            && (certProfile.getQCEtsiValueLimitCurrency() != null)) {
        final int limit = certProfile.getQCEtsiValueLimit();
        // The exponent should be default 0
        final int exponent = certProfile.getQCEtsiValueLimitExp();
        final MonetaryValue value = new MonetaryValue(
                new Iso4217CurrencyCode(certProfile.getQCEtsiValueLimitCurrency()), limit, exponent);
        qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue, value);
        qcs.add(qc);
    }

    if (certProfile.getUseQCEtsiRetentionPeriod()) {
        final ASN1Integer years = new ASN1Integer(((Integer) certProfile.getQCEtsiRetentionPeriod()));
        qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_RetentionPeriod, years);
        qcs.add(qc);
    }

    // ETSI Statement claiming that the private key resides in a Signature Creation Device
    if (certProfile.getUseQCEtsiSignatureDevice()) {
        qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD);
        qcs.add(qc);
    }
    // Custom UTF8String QC-statement:
    // qcStatement-YourCustom QC-STATEMENT ::= { SYNTAX YourCustomUTF8String
    //   IDENTIFIED BY youroid }
    //   -- This statement gives you the possibility to define your own QC-statement
    //   -- using an OID and a simple UTF8String, with describing text. A sample text could for example be:
    //   -- This certificate, according to Act. No. xxxx Electronic Signature Law is a qualified electronic certificate
    //
    // YourCustomUTF8String ::= UTF8String
    if (certProfile.getUseQCCustomString() && !StringUtils.isEmpty(certProfile.getQCCustomStringOid())
            && !StringUtils.isEmpty(certProfile.getQCCustomStringText())) {
        final DERUTF8String str = new DERUTF8String(certProfile.getQCCustomStringText());
        final ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(certProfile.getQCCustomStringOid());
        qc = new QCStatement(oid, str);
        qcs.add(qc);
    }
    if (!qcs.isEmpty()) {
        final ASN1EncodableVector vec = new ASN1EncodableVector();
        final Iterator<QCStatement> iter = qcs.iterator();
        while (iter.hasNext()) {
            final QCStatement q = (QCStatement) iter.next();
            vec.add(q);
        }
        ret = new DERSequence(vec);
    }
    if (ret == null) {
        log.error(
                "Qualified certificate statements extension has been enabled, but no statements were included!");
        throw new CertificateExtensionException(
                "If qualified certificate statements extension has been enabled, at least one statement must be included!");
    }
    return ret;
}

From source file:org.ejbca.core.model.ca.certextensions.standard.QcStatement.java

License:Open Source License

@Override
public DEREncodable getValue(final UserDataVO subject, final CA ca, final CertificateProfile certProfile,
        final PublicKey userPublicKey, final PublicKey caPublicKey)
        throws CertificateExtentionConfigurationException, CertificateExtensionException {
    DERSequence ret = null;//from  ww  w  .jav a 2s . c o  m
    final String names = certProfile.getQCStatementRAName();
    final GeneralNames san = CertTools.getGeneralNamesFromAltName(names);
    SemanticsInformation si = null;
    if (san != null) {
        if (StringUtils.isNotEmpty(certProfile.getQCSemanticsId())) {
            si = new SemanticsInformation(new DERObjectIdentifier(certProfile.getQCSemanticsId()),
                    san.getNames());
        } else {
            si = new SemanticsInformation(san.getNames());
        }
    } else if (StringUtils.isNotEmpty(certProfile.getQCSemanticsId())) {
        si = new SemanticsInformation(new DERObjectIdentifier(certProfile.getQCSemanticsId()));
    }
    final ArrayList<QCStatement> qcs = new ArrayList<QCStatement>();
    QCStatement qc = null;
    // First the standard rfc3739 QCStatement with an optional SematicsInformation
    DERObjectIdentifier pkixQcSyntax = RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1;
    if (certProfile.getUsePkixQCSyntaxV2()) {
        pkixQcSyntax = RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2;
    }
    if ((si != null)) {
        qc = new QCStatement(pkixQcSyntax, si);
        qcs.add(qc);
    } else {
        qc = new QCStatement(pkixQcSyntax);
        qcs.add(qc);
    }
    // ETSI Statement that the certificate is a Qualified Certificate
    if (certProfile.getUseQCEtsiQCCompliance()) {
        qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance);
        qcs.add(qc);
    }
    // ETSI Statement regarding limit on the value of transactions
    // Both value and currency must be available for this extension
    if (certProfile.getUseQCEtsiValueLimit() && (certProfile.getQCEtsiValueLimit() >= 0)
            && (certProfile.getQCEtsiValueLimitCurrency() != null)) {
        final int limit = certProfile.getQCEtsiValueLimit();
        // The exponent should be default 0
        final int exponent = certProfile.getQCEtsiValueLimitExp();
        final MonetaryValue value = new MonetaryValue(
                new Iso4217CurrencyCode(certProfile.getQCEtsiValueLimitCurrency()), limit, exponent);
        qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue, value);
        qcs.add(qc);
    }

    if (certProfile.getUseQCEtsiRetentionPeriod()) {
        final DERInteger years = new DERInteger(((Integer) certProfile.getQCEtsiRetentionPeriod()));
        qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_RetentionPeriod, years);
        qcs.add(qc);
    }

    // ETSI Statement claiming that the private key resides in a Signature Creation Device
    if (certProfile.getUseQCEtsiSignatureDevice()) {
        qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD);
        qcs.add(qc);
    }
    // Custom UTF8String QC-statement:
    // qcStatement-YourCustom QC-STATEMENT ::= { SYNTAX YourCustomUTF8String
    //   IDENTIFIED BY youroid }
    //   -- This statement gives you the possibility to define your own QC-statement
    //   -- using an OID and a simple UTF8String, with describing text. A sample text could for example be:
    //   -- This certificate, according to Act. No. xxxx Electronic Signature Law is a qualified electronic certificate
    //
    // YourCustomUTF8String ::= UTF8String
    if (certProfile.getUseQCCustomString() && !StringUtils.isEmpty(certProfile.getQCCustomStringOid())
            && !StringUtils.isEmpty(certProfile.getQCCustomStringText())) {
        final DERUTF8String str = new DERUTF8String(certProfile.getQCCustomStringText());
        final DERObjectIdentifier oid = new DERObjectIdentifier(certProfile.getQCCustomStringOid());
        qc = new QCStatement(oid, str);
        qcs.add(qc);
    }
    if (!qcs.isEmpty()) {
        final ASN1EncodableVector vec = new ASN1EncodableVector();
        final Iterator<QCStatement> iter = qcs.iterator();
        while (iter.hasNext()) {
            final QCStatement q = (QCStatement) iter.next();
            vec.add(q);
        }
        ret = new DERSequence(vec);
    }
    if (ret == null) {
        log.error("QcStatements is used, but no statement defined!");
    }
    return ret;
}