/*
*
* Copyright (c) 2013 - 2020 Lijun Liao
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.xipki.ca.certprofile.test;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.xipki.ca.api.profile.Certprofile.CertDomain;
import org.xipki.ca.api.profile.Certprofile.CertLevel;
import org.xipki.ca.api.profile.Certprofile.GeneralNameTag;
import org.xipki.ca.api.profile.Certprofile.X509CertVersion;
import org.xipki.ca.api.profile.Range;
import org.xipki.ca.certprofile.xijson.DirectoryStringType;
import org.xipki.ca.certprofile.xijson.XijsonCertprofile;
import org.xipki.ca.certprofile.xijson.conf.AlgorithmType;
import org.xipki.ca.certprofile.xijson.conf.CertificatePolicyInformationType;
import org.xipki.ca.certprofile.xijson.conf.CertificatePolicyInformationType.PolicyQualfierType;
import org.xipki.ca.certprofile.xijson.conf.CertificatePolicyInformationType.PolicyQualifier;
import org.xipki.ca.certprofile.xijson.conf.Describable.DescribableBinary;
import org.xipki.ca.certprofile.xijson.conf.Describable.DescribableInt;
import org.xipki.ca.certprofile.xijson.conf.Describable.DescribableOid;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.AdditionalInformation;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.AdmissionSyntax;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.AdmissionsType;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.AuthorityInfoAccess;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.AuthorityKeyIdentifier;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.AuthorizationTemplate;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.BasicConstraints;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.BiometricInfo;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.BiometricTypeType;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.CertificatePolicies;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.CrlDistributionPoints;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.ExtendedKeyUsage;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.ExtnSyntax;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.ExtnSyntax.SubFieldSyntax;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.InhibitAnyPolicy;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.NameConstraints;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.NamingAuthorityType;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.PolicyConstraints;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.PolicyIdMappingType;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.PolicyMappings;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.PrivateKeyUsagePeriod;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.ProfessionInfoType;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.QcStatements;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.RegistrationNumber;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.Restriction;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.SmimeCapabilities;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.SmimeCapability;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.SmimeCapabilityParameter;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.SubjectDirectoryAttributs;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.SubjectInfoAccess;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.TlsFeature;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType.ValidityModel;
import org.xipki.ca.certprofile.xijson.conf.GeneralNameType;
import org.xipki.ca.certprofile.xijson.conf.GeneralSubtreeType;
import org.xipki.ca.certprofile.xijson.conf.KeyParametersType;
import org.xipki.ca.certprofile.xijson.conf.KeyParametersType.DsaParametersType;
import org.xipki.ca.certprofile.xijson.conf.KeyParametersType.EcParametersType;
import org.xipki.ca.certprofile.xijson.conf.KeyParametersType.RsaParametersType;
import org.xipki.ca.certprofile.xijson.conf.KeypairGenerationType;
import org.xipki.ca.certprofile.xijson.conf.KeypairGenerationType.KeyType;
import org.xipki.ca.certprofile.xijson.conf.QcStatementType;
import org.xipki.ca.certprofile.xijson.conf.QcStatementType.PdsLocationType;
import org.xipki.ca.certprofile.xijson.conf.QcStatementType.QcEuLimitValueType;
import org.xipki.ca.certprofile.xijson.conf.QcStatementType.QcStatementValueType;
import org.xipki.ca.certprofile.xijson.conf.QcStatementType.Range2Type;
import org.xipki.ca.certprofile.xijson.conf.Subject;
import org.xipki.ca.certprofile.xijson.conf.Subject.RdnType;
import org.xipki.ca.certprofile.xijson.conf.Subject.ValueType;
import org.xipki.ca.certprofile.xijson.conf.SubjectToSubjectAltNameType;
import org.xipki.ca.certprofile.xijson.conf.X509ProfileType;
import org.xipki.security.EdECConstants;
import org.xipki.security.HashAlgo;
import org.xipki.security.KeyUsage;
import org.xipki.security.ObjectIdentifiers;
import org.xipki.security.ObjectIdentifiers.BaseRequirements;
import org.xipki.security.ObjectIdentifiers.DN;
import org.xipki.security.ObjectIdentifiers.Extn;
import org.xipki.security.TlsExtensionType;
import org.xipki.security.X509ExtensionType.ConstantExtnValue;
import org.xipki.security.X509ExtensionType.FieldType;
import org.xipki.security.X509ExtensionType.Tag;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.IoUtil;
import org.xipki.util.StringUtil;
import org.xipki.util.TripleState;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.serializer.SerializerFeature;
/**
* Demo the creation of xijson configuration.
*
* @author Lijun Liao
* @since 2.0.0
*/
public class ProfileConfCreatorDemo {
public static class ExtnDemoWithConf {
private List<String> texts;
public List<String> getTexts() {
return texts;
}
public void setTexts(List<String> texts) {
this.texts = texts;
}
}
private static final String REGEX_SN = ":NUMBER";
private static final String REGEX_FQDN = ":FQDN";
private static final Set<ASN1ObjectIdentifier> REQUEST_EXTENSIONS;
private static final Set<ASN1ObjectIdentifier> NOT_IN_SUBJECT_RDNS;
static {
REQUEST_EXTENSIONS = new HashSet<>();
REQUEST_EXTENSIONS.add(Extension.keyUsage);
REQUEST_EXTENSIONS.add(Extension.extendedKeyUsage);
REQUEST_EXTENSIONS.add(Extension.subjectAlternativeName);
REQUEST_EXTENSIONS.add(Extension.subjectDirectoryAttributes);
REQUEST_EXTENSIONS.add(Extension.subjectInfoAccess);
REQUEST_EXTENSIONS.add(Extension.qCStatements);
REQUEST_EXTENSIONS.add(Extension.biometricInfo);
REQUEST_EXTENSIONS.add(Extn.id_extension_admission);
REQUEST_EXTENSIONS.add(Extn.id_extension_additionalInformation);
REQUEST_EXTENSIONS.add(Extn.id_GMT_0015_ICRegistrationNumber);
REQUEST_EXTENSIONS.add(Extn.id_GMT_0015_IdentityCode);
REQUEST_EXTENSIONS.add(Extn.id_GMT_0015_InsuranceNumber);
REQUEST_EXTENSIONS.add(Extn.id_GMT_0015_OrganizationCode);
REQUEST_EXTENSIONS.add(Extn.id_GMT_0015_TaxationNumber);
NOT_IN_SUBJECT_RDNS = new HashSet<>();
NOT_IN_SUBJECT_RDNS.add(Extn.id_GMT_0015_ICRegistrationNumber);
NOT_IN_SUBJECT_RDNS.add(Extn.id_GMT_0015_IdentityCode);
NOT_IN_SUBJECT_RDNS.add(Extn.id_GMT_0015_InsuranceNumber);
NOT_IN_SUBJECT_RDNS.add(Extn.id_GMT_0015_OrganizationCode);
NOT_IN_SUBJECT_RDNS.add(Extn.id_GMT_0015_TaxationNumber);
NOT_IN_SUBJECT_RDNS.add(Extn.id_extension_admission);
} // method static
private ProfileConfCreatorDemo() {
}
public static void main(String[] args) {
try {
// CA/Browser Forum
certprofileCabRootCa("certprofile-cab-rootca.json");
certprofileCabSubCa("certprofile-cab-subca.json");
certprofileCabDomainValidatedTls("certprofile-cab-domain-validated.json");
certprofileCabOrganizationValidatedTls("certprofile-cab-org-validated.json");
certprofileCabIndividualValidatedTls("certprofile-cab-individual-validated.json");
certprofileRootCa("certprofile-rootca.json");
certprofileCross("certprofile-cross.json");
certprofileSubCa("certprofile-subca.json");
certprofileSubCaComplex("certprofile-subca-complex.json");
certprofileOcsp("certprofile-ocsp.json");
certprofileScep("certprofile-scep.json");
certprofileEeComplex("certprofile-ee-complex.json");
certprofileQc("certprofile-qc.json");
certprofileSmime("certprofile-smime.json", false);
certprofileSmime("certprofile-smime-legacy.json", true);
certprofileTls("certprofile-tls.json");
certprofileTlsC("certprofile-tls-c.json");
certprofileMultipleOus("certprofile-multiple-ous.json");
certprofileMultipleValuedRdn("certprofile-multi-valued-rdn.json");
certprofileMaxTime("certprofile-max-time.json");
certprofileFixedPartialSubject("certprofile-fixed-partial-subject.json");
certprofileConstantExt("certprofile-constant-ext.json");
certprofileConstantExtImplicitTag("certprofile-constant-ext-implicit-tag.json");
certprofileConstantExtExplicitTag("certprofile-constant-ext-explicit-tag.json");
certprofileSyntaxExt("certprofile-syntax-ext.json");
certprofileSyntaxExtImplicitTag("certprofile-syntax-ext-implicit-tag.json");
certprofileSyntaxExtExplicitTag("certprofile-syntax-ext-explicit-tag.json");
certprofileExtended("certprofile-extended.json");
certprofileAppleWwdr("certprofile-apple-wwdr.json");
certprofileGmt0015("certprofile-gmt0015.json");
certprofileTlsEdwardsOrMontgomery("certprofile-ed25519.json", true, true);
certprofileTlsEdwardsOrMontgomery("certprofile-ed448.json", true, false);
certprofileTlsEdwardsOrMontgomery("certprofile-x25519.json", false, true);
certprofileTlsEdwardsOrMontgomery("certprofile-x448.json", false, false);
} catch (Exception ex) {
ex.printStackTrace();
}
} // method main
private static void marshall(X509ProfileType profile, String filename, boolean validate) {
try {
Path path = Paths.get("tmp", filename);
IoUtil.mkdirsParent(path);
try (OutputStream out = Files.newOutputStream(path)) {
JSON.writeJSONString(out, profile,
SerializerFeature.PrettyFormat, SerializerFeature.SortField,
SerializerFeature.DisableCircularReferenceDetect);
}
if (validate) {
X509ProfileType profileConf;
// Test by deserializing
try (InputStream is = Files.newInputStream(path)) {
profileConf = X509ProfileType.parse(is);
}
XijsonCertprofile profileObj = new XijsonCertprofile();
profileObj.initialize(profileConf);
profileObj.close();
System.out.println("Generated certprofile in " + filename);
}
} catch (Exception ex) {
System.err.println("Error while generating certprofile in " + filename);
ex.printStackTrace();
}
} // method marshal
private static void certprofileCabRootCa(String destFilename) throws Exception {
X509ProfileType profile = getBaseCabProfile("certprofile RootCA (CA/Browser Forum BR)",
CertLevel.RootCA, "10y");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1));
rdnControls.add(createRdn(DN.CN, 1, 1));
// Extensions
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(new KeyUsage[]{KeyUsage.keyCertSign, KeyUsage.cRLSign},
null));
marshall(profile, destFilename, true);
} // method certprofileCabRootCa
private static void certprofileCabSubCa(String destFilename) throws Exception {
X509ProfileType profile = getBaseCabProfile("certprofile SubCA (CA/Browser Forum BR)",
CertLevel.SubCA, "8y");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1));
rdnControls.add(createRdn(DN.CN, 1, 1));
// Extensions
List<ExtensionType> list = profile.getExtensions();
// Extensions - controls
list.add(createExtension(Extension.subjectKeyIdentifier, true, false));
list.add(createExtension(Extension.cRLDistributionPoints, false, false));
last(list).setCrlDistributionPoints(createCrlDistibutoionPoints());
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
last(list).setBasicConstrains(createBasicConstraints(1));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(new KeyUsage[]{KeyUsage.keyCertSign, KeyUsage.cRLSign},
null));
// Extensions - CertificatePolicies
list.add(createExtension(Extension.certificatePolicies, true, false));
Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
policiesIdAndCpsMap.put(new ASN1ObjectIdentifier("1.2.3.4"), "http://abc.def.de/cfp");
last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
marshall(profile, destFilename, true);
} // method certprofileCabSubCa
private static void certprofileCabDomainValidatedTls(String destFilename) throws Exception {
X509ProfileType profile = getBaseCabSubscriberProfile(
"certprofile TLS (CA/Browser Forum BR, Domain Validated)");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1));
rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
List<ExtensionType> list = profile.getExtensions();
// Extensions - CertificatePolicies
list.add(createExtension(Extension.certificatePolicies, true, false));
Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
policiesIdAndCpsMap.put(BaseRequirements.id_domain_validated, null);
last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
marshall(profile, destFilename, true);
} // method certprofileCabDomainValidatedTls
private static void certprofileCabOrganizationValidatedTls(String destFilename) throws Exception {
X509ProfileType profile = getBaseCabSubscriberProfile(
"certprofile TLS (CA/Browser Forum BR, Organization Validiated)");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.ST, 0, 1));
rdnControls.add(createRdn(DN.localityName, 0, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1));
rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
List<ExtensionType> list = profile.getExtensions();
// Extensions - CertificatePolicies
list.add(createExtension(Extension.certificatePolicies, true, false));
Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
policiesIdAndCpsMap.put(BaseRequirements.id_organization_validated, null);
last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
marshall(profile, destFilename, true);
} // method certprofileCabOrganizationValidatedTls
private static void certprofileCabIndividualValidatedTls(String destFilename) throws Exception {
X509ProfileType profile = getBaseCabSubscriberProfile(
"certprofile TLS (CA/Browser Forum BR, Individual Validiated)");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.ST, 0, 1));
rdnControls.add(createRdn(DN.localityName, 0, 1));
rdnControls.add(createRdn(DN.givenName, 1, 1));
rdnControls.add(createRdn(DN.surname, 1, 1));
rdnControls.add(createRdn(DN.SN, 0, 1));
rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
List<ExtensionType> list = profile.getExtensions();
// Extensions - CertificatePolicies
list.add(createExtension(Extension.certificatePolicies, true, false));
Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
policiesIdAndCpsMap.put(BaseRequirements.id_individual_validated, null);
last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
marshall(profile, destFilename, true);
} // method certprofileCabOrganizationValidatedTls
private static X509ProfileType getBaseCabSubscriberProfile(String desc) throws Exception {
X509ProfileType profile = getBaseCabProfile(desc, CertLevel.EndEntity, "2y");
// SubjectToSubjectAltName
SubjectToSubjectAltNameType s2sType = new SubjectToSubjectAltNameType();
profile.getSubjectToSubjectAltNames().add(s2sType);
s2sType.setSource(createOidType(DN.CN));
s2sType.setTarget(GeneralNameTag.DNSName);
// Extensions
// Extensions - controls
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
last(list).setCrlDistributionPoints(createCrlDistibutoionPoints());
// Extensions - SubjectAltNames
list.add(createExtension(Extension.subjectAlternativeName, true, false));
GeneralNameType san = new GeneralNameType();
last(list).setSubjectAltName(san);
san.addTags(GeneralNameTag.DNSName, GeneralNameTag.IPAddress);
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(
new KeyUsage[]{KeyUsage.digitalSignature, KeyUsage.dataEncipherment,
KeyUsage.keyEncipherment},
null));
// Extensions - extenedKeyUsage
list.add(createExtension(Extension.extendedKeyUsage, true, false));
last(list).setExtendedKeyUsage(createExtendedKeyUsage(
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_serverAuth},
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_clientAuth}));
// Extensions - CTLog
list.add(createExtension(Extn.id_SCTs, true, false));
return profile;
} // method getBaseCabSubscriberProfile
private static void certprofileRootCa(String destFilename) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile rootca", CertLevel.RootCA, "10y");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.CN, 1, 1));
// Extensions
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false));
list.add(createExtension(Extension.cRLDistributionPoints, false, false));
list.add(createExtension(Extension.freshestCRL, false, false));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(new KeyUsage[]{KeyUsage.keyCertSign, KeyUsage.cRLSign},
null));
marshall(profile, destFilename, true);
} // method certprofileRootCa
private static void certprofileCross(String destFilename) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile cross", CertLevel.SubCA, "10y");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.CN, 1, 1));
// Extensions
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false));
list.add(createExtension(Extension.cRLDistributionPoints, false, false));
list.add(createExtension(Extension.freshestCRL, false, false));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(new KeyUsage[]{KeyUsage.keyCertSign}, null));
marshall(profile, destFilename, true);
} // method certprofileCross
private static void certprofileSubCa(String destFilename) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile subca", CertLevel.SubCA, "8y");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.CN, 1, 1));
// Extensions
List<ExtensionType> list = profile.getExtensions();
// Extensions - controls
list.add(createExtension(Extension.subjectKeyIdentifier, true, false));
list.add(createExtension(Extension.cRLDistributionPoints, false, false));
list.add(createExtension(Extension.freshestCRL, false, false));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
last(list).setBasicConstrains(createBasicConstraints(1));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(new KeyUsage[]{KeyUsage.keyCertSign, KeyUsage.cRLSign},
null));
marshall(profile, destFilename, true);
} // method certprofileSubCa
private static void certprofileSubCaComplex(String destFilename) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile subca-complex (with most extensions)",
CertLevel.SubCA, "8y");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.CN, 1, 1, null, "PREFIX ", " SUFFIX"));
// Extensions
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
last(list).setBasicConstrains(createBasicConstraints(1));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(new KeyUsage[]{KeyUsage.keyCertSign, KeyUsage.cRLSign},
null));
// Certificate Policies
list.add(createExtension(Extension.certificatePolicies, true, false));
Map<ASN1ObjectIdentifier, String> policies = new HashMap<>();
policies.put(new ASN1ObjectIdentifier("1.2.3.4.5"), "http://example.org/ca1-cps");
policies.put(new ASN1ObjectIdentifier("2.4.3.2.1"), null);
last(list).setCertificatePolicies(createCertificatePolicies(policies));
// Policy Mappings
list.add(createExtension(Extension.policyMappings, true, true));
last(list).setPolicyMappings(new PolicyMappings());
last(list).getPolicyMappings().getMappings().add(
createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.1"),
new ASN1ObjectIdentifier("2.1.1.1.1")));
last(list).getPolicyMappings().getMappings().add(
createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.2"),
new ASN1ObjectIdentifier("2.1.1.1.2")));
// Policy Constraints
list.add(createExtension(Extension.policyConstraints, true, true));
last(list).setPolicyConstraints(createPolicyConstraints(2, 2));
// Name Constrains
list.add(createExtension(Extension.nameConstraints, true, true));
last(list).setNameConstraints(createNameConstraints());
// Inhibit anyPolicy
list.add(createExtension(Extension.inhibitAnyPolicy, true, true));
last(list).setInhibitAnyPolicy(createInhibitAnyPolicy(1));
// SubjectAltName
list.add(createExtension(Extension.subjectAlternativeName, true, true));
GeneralNameType gn = new GeneralNameType();
last(list).setSubjectAltName(gn);
gn.addTags(GeneralNameTag.rfc822Name, GeneralNameTag.DNSName, GeneralNameTag.directoryName,
GeneralNameTag.ediPartyName, GeneralNameTag.uniformResourceIdentifier,
GeneralNameTag.IPAddress, GeneralNameTag.registeredID);
gn.addOtherNames(createOidType(DN.O));
// SubjectInfoAccess
list.add(createExtension(Extension.subjectInfoAccess, true, false));
SubjectInfoAccess subjectInfoAccess = new SubjectInfoAccess();
last(list).setSubjectInfoAccess(subjectInfoAccess);
SubjectInfoAccess.Access access = new SubjectInfoAccess.Access();
subjectInfoAccess.getAccesses().add(access);
access.setAccessMethod(createOidType(Extn.id_ad_caRepository));
GeneralNameType accessLocation = new GeneralNameType();
access.setAccessLocation(accessLocation);
accessLocation.addTags(GeneralNameTag.directoryName,
GeneralNameTag.uniformResourceIdentifier);
marshall(profile, destFilename, true);
} // method certprofileSubCaComplex
private static List<ConstantExtnValue> createConstantSequenceOrSet() {
/*
* 1. SEQUENCE or SET {
* 2. UTF8String abc.def.myBlog EXPLICIT
* 3. SEQUENCE
* 4. UTF8String app
* 5. [0] UTF8String abc.def.myBlog.voip EXPLICIT
* 6. [1] SEQUENCE EXPLICIT
* 7. UTF8String voip
* 8. [2] UTF8String abc.def.myBlog.complication IMPLICIT
* 9. [3] SEQUENCE IMPLICIT
* 10. UTF8String complication
* 11. }
*/
List<ConstantExtnValue> subFields = new LinkedList<>();
// Line 2
ConstantExtnValue subField = new ConstantExtnValue(FieldType.UTF8String);
subFields.add(subField);
subField.setValue("abc.def.myBlog");
// Line 3-4
subField = new ConstantExtnValue(FieldType.SEQUENCE);
subFields.add(subField);
ConstantExtnValue subsubField = new ConstantExtnValue(FieldType.UTF8String);
subsubField.setValue("app");
subField.setListValue(Arrays.asList(subsubField));
// Line 5
subField = new ConstantExtnValue(FieldType.UTF8String);
subFields.add(subField);
subField.setTag(new Tag(0, true));
subField.setValue("abc.def.myBlog.voip");
// Line 6-7
subField = new ConstantExtnValue(FieldType.SEQUENCE);
subFields.add(subField);
subField.setTag(new Tag(1, true));
subsubField = new ConstantExtnValue(FieldType.UTF8String);
subsubField.setValue("void");
subField.setListValue(Arrays.asList(subsubField));
// Line 8
subField = new ConstantExtnValue(FieldType.UTF8String);
subFields.add(subField);
subField.setTag(new Tag(2, false));
subField.setValue("abc.def.myBlog.complication");
// Line 9-10
subField = new ConstantExtnValue(FieldType.SEQUENCE);
subFields.add(subField);
subField.setTag(new Tag(9, false));
subsubField = new ConstantExtnValue(FieldType.UTF8String);
subsubField.setValue("complication");
subField.setListValue(Arrays.asList(subsubField));
return subFields;
} // method createConstantSequenceOrSet
private static List<SubFieldSyntax> createSyntaxSequenceOrSet() {
/*
* 1. SEQUENCE or SET {
* 2. UTF8String # abc.def.myBlog EXPLICIT
* 3. SEQUENCE
* 4. UTF8String # app
* 5. [0] UTF8String # abc.def.myBlog.voip EXPLICIT
* 6. [1] SEQUENCE EXPLICIT
* 7. UTF8String # voip
* 8. [2] UTF8String # abc.def.myBlog.complication IMPLICIT
* 9. [3] SEQUENCE IMPLICIT
* 10. UTF8String # complication
* 11. }
*/
List<SubFieldSyntax> subFields = new LinkedList<>();
// Line 2
SubFieldSyntax subField = new SubFieldSyntax(FieldType.UTF8String);
subFields.add(subField);
// Line 3-4
subField = new SubFieldSyntax(FieldType.SEQUENCE);
subFields.add(subField);
SubFieldSyntax subsubField = new SubFieldSyntax(FieldType.UTF8String);
subField.setSubFields(Arrays.asList(subsubField));
// Line 5
subField = new SubFieldSyntax(FieldType.UTF8String);
subFields.add(subField);
subField.setTag(new Tag(0, true));
// Line 6-7
subField = new SubFieldSyntax(FieldType.SEQUENCE);
subFields.add(subField);
subField.setTag(new Tag(1, true));
subsubField = new SubFieldSyntax(FieldType.UTF8String);
subField.setSubFields(Arrays.asList(subsubField));
// Line 8
subField = new SubFieldSyntax(FieldType.UTF8String);
subFields.add(subField);
subField.setTag(new Tag(2, false));
// Line 9-10
subField = new SubFieldSyntax(FieldType.SEQUENCE);
subFields.add(subField);
subField.setTag(new Tag(9, false));
subsubField = new SubFieldSyntax(FieldType.UTF8String);
subField.setSubFields(Arrays.asList(subsubField));
return subFields;
} // method createSyntaxSequenceOrSet
private static List<ConstantExtnValue> createConstantSequenceOfOrSetOf() {
/*
* 1. SEQUENCE or SET {
* 3. SEQUENCE
* 3. UTF8String abc.def.myBlog
* 4. UTF8String app
* 5. SEQUENCE
* 6. UTF8String abc.def.myBlog.voip
* 7. UTF8String voip
* 8. SEQUENCE
* 9. UTF8String abc.def.myBlog.complication
* 10. UTF8String complication
* 11. }
*/
List<ConstantExtnValue> subFields = new LinkedList<>();
// Line 2-4
{
ConstantExtnValue subField = new ConstantExtnValue(FieldType.SEQUENCE);
subFields.add(subField);
List<ConstantExtnValue> subsubFields = new LinkedList<>();
subField.setListValue(subsubFields);
ConstantExtnValue subsubField = new ConstantExtnValue(FieldType.UTF8String);
subsubField.setValue("abc.def.myBlog");
subsubFields.add(subsubField);
subsubField = new ConstantExtnValue(FieldType.UTF8String);
subsubField.setValue("app");
subsubFields.add(subsubField);
}
// Line 5-7
{
ConstantExtnValue subField = new ConstantExtnValue(FieldType.SEQUENCE);
subFields.add(subField);
List<ConstantExtnValue> subsubFields = new LinkedList<>();
subField.setListValue(subsubFields);
ConstantExtnValue subsubField = new ConstantExtnValue(FieldType.UTF8String);
subsubField.setValue("abc.def.myBlog.voip");
subsubFields.add(subsubField);
subsubField = new ConstantExtnValue(FieldType.UTF8String);
subsubField.setValue("voip");
subsubFields.add(subsubField);
}
// Line 5-7
{
ConstantExtnValue subField = new ConstantExtnValue(FieldType.SEQUENCE);
subFields.add(subField);
List<ConstantExtnValue> subsubFields = new LinkedList<>();
subField.setListValue(subsubFields);
ConstantExtnValue subsubField = new ConstantExtnValue(FieldType.UTF8String);
subsubField.setValue("abc.def.myBlog.complication");
subsubFields.add(subsubField);
subsubField = new ConstantExtnValue(FieldType.UTF8String);
subsubField.setValue("complication");
subsubFields.add(subsubField);
}
return subFields;
} // method createConstantSequenceOfOrSetOf
private static List<SubFieldSyntax> createSyntaxSequenceOfOrSetOf() {
/*
* 1. SEQUENCE OF or SET OF{
* 3. SEQUENCE
* 3. UTF8String
* 4. UTF8String
* 5. }
*/
List<SubFieldSyntax> subFields = new LinkedList<SubFieldSyntax>();
// Line 2-4
SubFieldSyntax subField = new SubFieldSyntax(FieldType.SEQUENCE);
subFields.add(subField);
List<SubFieldSyntax> subsubFields = new LinkedList<>();
subField.setSubFields(subsubFields);
SubFieldSyntax subsubField = new SubFieldSyntax(FieldType.UTF8String);
subsubFields.add(subsubField);
subsubField = new SubFieldSyntax(FieldType.UTF8String);
subsubFields.add(subsubField);
return subFields;
} // method createSyntaxSequenceOfOrSetOf
private static void certprofileOcsp(String destFilename) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile ocsp", CertLevel.EndEntity, "5y",
false);
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.organizationIdentifier, 0, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.CN, 1, 1));
// Extensions
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
list.add(createExtension(
Extn.id_extension_pkix_ocsp_nocheck, false, false, null));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(new KeyUsage[]{KeyUsage.contentCommitment},
null));
// Extensions - extenedKeyUsage
list.add(createExtension(Extension.extendedKeyUsage, true, false));
last(list).setExtendedKeyUsage(createExtendedKeyUsage(
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_ocspSigning}, null));
marshall(profile, destFilename, true);
} // method certprofileOcsp
private static void certprofileScep(String destFilename) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile scep", CertLevel.EndEntity, "5y");
profile.setKeyAlgorithms(createRSAKeyAlgorithms());
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.CN, 1, 1));
// Extensions
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(
new KeyUsage[]{KeyUsage.digitalSignature, KeyUsage.keyEncipherment}, null));
marshall(profile, destFilename, true);
} // method certprofileScep
private static void certprofileSmime(String destFilename, boolean legacy) throws Exception {
String desc = legacy ? "certprofile s/mime legacy" : "certprofile s/mime";
X509ProfileType profile = getBaseProfile(desc, CertLevel.EndEntity, "5y", true);
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
if (legacy) {
rdnControls.add(createRdn(DN.emailAddress, 1, 1));
}
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.CN, 1, 1));
// SubjectToSubjectAltName
SubjectToSubjectAltNameType s2sType = new SubjectToSubjectAltNameType();
profile.getSubjectToSubjectAltNames().add(s2sType);
s2sType.setSource(createOidType(DN.emailAddress));
s2sType.setTarget(GeneralNameTag.rfc822Name);
// Extensions
// Extensions - controls
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - SubjectAltNames
list.add(createExtension(Extension.subjectAlternativeName, true, false));
GeneralNameType san = new GeneralNameType();
last(list).setSubjectAltName(san);
san.addTags(GeneralNameTag.rfc822Name);
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(
new KeyUsage[]{KeyUsage.digitalSignature, KeyUsage.dataEncipherment,
KeyUsage.keyEncipherment},
null));
// Extensions - extenedKeyUsage
list.add(createExtension(Extension.extendedKeyUsage, true, false));
last(list).setExtendedKeyUsage(createExtendedKeyUsage(
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_emailProtection},
null));
// Extensions - SMIMECapabilities
list.add(createExtension(Extn.id_smimeCapabilities, true, false));
last(list).setSmimeCapabilities(createSmimeCapabilities());
marshall(profile, destFilename, true);
} // method certprofileSmime
private static void certprofileTlsEdwardsOrMontgomery(String destFilename, boolean edwards,
boolean curve25519) throws Exception {
String desc = "certprofile tls with "
+ (edwards ? "edwards " : "montmomery ")
+ (curve25519 ? "25519" : "448")
+ " curves";
X509ProfileType profile = getEeBaseProfileForEdwardsOrMontgomeryCurves(
desc, "2y", edwards, curve25519);
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 0, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
// SubjectToSubjectAltName
SubjectToSubjectAltNameType s2sType = new SubjectToSubjectAltNameType();
profile.getSubjectToSubjectAltNames().add(s2sType);
s2sType.setSource(createOidType(DN.CN));
s2sType.setTarget(GeneralNameTag.DNSName);
// Extensions
// Extensions - controls
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - SubjectAltNames
list.add(createExtension(Extension.subjectAlternativeName, true, false));
GeneralNameType san = new GeneralNameType();
last(list).setSubjectAltName(san);
san.addTags(GeneralNameTag.DNSName, GeneralNameTag.IPAddress);
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - extenedKeyUsage
list.add(createExtension(Extension.extendedKeyUsage, true, false));
last(list).setExtendedKeyUsage(createExtendedKeyUsage(
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_serverAuth,
ObjectIdentifiers.XKU.id_kp_clientAuth},
null));
marshall(profile, destFilename, true);
} // method certprofileTlsEdwardsOrMontgomery
private static void certprofileTls(String destFilename) throws Exception {
String desc = "certprofile tls";
X509ProfileType profile = getBaseProfile(desc, CertLevel.EndEntity, "5y", true);
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
// SubjectToSubjectAltName
SubjectToSubjectAltNameType s2sType = new SubjectToSubjectAltNameType();
profile.getSubjectToSubjectAltNames().add(s2sType);
s2sType.setSource(createOidType(DN.CN));
s2sType.setTarget(GeneralNameTag.DNSName);
// Extensions
// Extensions - controls
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - SubjectAltNames
list.add(createExtension(Extension.subjectAlternativeName, true, false));
GeneralNameType san = new GeneralNameType();
last(list).setSubjectAltName(san);
san.addTags(GeneralNameTag.DNSName, GeneralNameTag.IPAddress);
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(
new KeyUsage[]{KeyUsage.digitalSignature, KeyUsage.dataEncipherment,
KeyUsage.keyEncipherment},
null));
// Extensions - extenedKeyUsage
list.add(createExtension(Extension.extendedKeyUsage, true, false));
last(list).setExtendedKeyUsage(createExtendedKeyUsage(
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_serverAuth},
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_clientAuth}));
marshall(profile, destFilename, true);
} // method certprofileTls
private static void certprofileTlsC(String destFilename) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile tls-c", CertLevel.EndEntity, "5y");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.CN, 1, 1));
// Extensions
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(
new KeyUsage[]{KeyUsage.digitalSignature, KeyUsage.dataEncipherment,
KeyUsage.keyEncipherment},
null));
// Extensions - extenedKeyUsage
list.add(createExtension(Extension.extendedKeyUsage, true, false));
last(list).setExtendedKeyUsage(createExtendedKeyUsage(
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_clientAuth},
null));
marshall(profile, destFilename, true);
} // method certprofileTlsC
private static void certprofileMultipleOus(String destFilename) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile multiple-ous", CertLevel.EndEntity, "5y");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 2, 2));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.CN, 1, 1));
// Extensions
// Extensions - general
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(
new KeyUsage[]{KeyUsage.contentCommitment},
null));
marshall(profile, destFilename, true);
} // method certprofileMultipleOus
/*
* O and OU in one RDN
*/
private static void certprofileMultipleValuedRdn(String destFilename) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile multiple-valued-rdn",
CertLevel.EndEntity, "5y");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1, null, null, null, "group1"));
rdnControls.add(createRdn(DN.OU, 1, 1, null, null, null, "group1"));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.CN, 1, 1));
// Extensions
// Extensions - general
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(
new KeyUsage[]{KeyUsage.contentCommitment},
null));
marshall(profile, destFilename, true);
} // method certprofileMultipleValuedRdn
private static void certprofileQc(String destFilename) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile qc", CertLevel.EndEntity, "1000d");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.organizationIdentifier, 0, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.CN, 1, 1));
// Extensions
// Extensions - general
List<ExtensionType> list = profile.getExtensions();
// Extensions - controls
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, false));
last(list).setBasicConstrains(createBasicConstraints(1));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(
new KeyUsage[]{KeyUsage.contentCommitment},
null));
// Extensions - extenedKeyUsage
list.add(createExtension(Extension.extendedKeyUsage, true, true));
last(list).setExtendedKeyUsage(createExtendedKeyUsage(
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_timeStamping}, null));
// privateKeyUsagePeriod
list.add(createExtension(Extension.privateKeyUsagePeriod, true, false));
last(list).setPrivateKeyUsagePeriod(createPrivateKeyUsagePeriod("3y"));
// QcStatements
list.add(createExtension(Extension.qCStatements, true, false));
last(list).setQcStatements(createQcStatements(false));
marshall(profile, destFilename, true);
} // method certprofileQc
private static void certprofileEeComplex(String destFilename) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile ee-complex", CertLevel.EndEntity,
"5y", true);
// Subject
Subject subject = profile.getSubject();
subject.setKeepRdnOrder(false);
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.CN, 1, 1));
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.dateOfBirth, 0, 1));
rdnControls.add(createRdn(DN.postalAddress, 0, 1));
rdnControls.add(createRdn(DN.userid, 1, 1));
rdnControls.add(createRdn(DN.jurisdictionOfIncorporationCountryName, 1, 1));
rdnControls.add(createRdn(DN.jurisdictionOfIncorporationLocalityName, 1, 1));
rdnControls.add(createRdn(DN.jurisdictionOfIncorporationStateOrProvinceName, 1, 1));
rdnControls.add(createRdn(Extn.id_extension_admission, 0, 99));
// Extensions
// Extensions - general
List<ExtensionType> list = profile.getExtensions();
// Extensions - controls
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, false));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
last(list).setAuthorityKeyIdentifier(createAKIwithSerialAndSerial());
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(
new KeyUsage[]{KeyUsage.digitalSignature, KeyUsage.dataEncipherment,
KeyUsage.keyEncipherment},
null));
// Extensions - extenedKeyUsage
list.add(createExtension(Extension.extendedKeyUsage, true, false));
last(list).setExtendedKeyUsage(createExtendedKeyUsage(
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_serverAuth},
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_clientAuth}));
// Extension - subjectDirectoryAttributes
list.add(createExtension(Extension.subjectDirectoryAttributes, true, false));
SubjectDirectoryAttributs subjectDirAttrType = new SubjectDirectoryAttributs();
last(list).setSubjectDirectoryAttributs(subjectDirAttrType);
List<DescribableOid> attrTypes = subjectDirAttrType.getTypes();
attrTypes.add(createOidType(DN.countryOfCitizenship));
attrTypes.add(createOidType(DN.countryOfResidence));
attrTypes.add(createOidType(DN.gender));
attrTypes.add(createOidType(DN.dateOfBirth));
attrTypes.add(createOidType(DN.placeOfBirth));
// Extensions - tlsFeature
list.add(createExtension(Extn.id_pe_tlsfeature, true, true));
last(list).setTlsFeature(createTlsFeature(
TlsExtensionType.STATUS_REQUEST, TlsExtensionType.CLIENT_CERTIFICATE_URL));
// Extension - Admission
list.add(createExtension(Extn.id_extension_admission, true, false));
AdmissionSyntax admissionSyntax = new AdmissionSyntax();
last(list).setAdmissionSyntax(admissionSyntax);
admissionSyntax.setAdmissionAuthority(
new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 1")).getEncoded());
AdmissionsType admissions = new AdmissionsType();
admissions.setAdmissionAuthority(
new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 2")).getEncoded());
NamingAuthorityType namingAuthorityL2 = new NamingAuthorityType();
namingAuthorityL2.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5")));
namingAuthorityL2.setUrl("http://naming-authority-level2.example.org");
namingAuthorityL2.setText("namingAuthrityText level 2");
admissions.setNamingAuthority(namingAuthorityL2);
admissionSyntax.getContentsOfAdmissions().add(admissions);
ProfessionInfoType pi = new ProfessionInfoType();
admissions.getProfessionInfos().add(pi);
pi.getProfessionOids().add(createOidType(new ASN1ObjectIdentifier("1.2.3.4"), "demo oid"));
pi.getProfessionItems().add("demo item");
NamingAuthorityType namingAuthorityL3 = new NamingAuthorityType();
namingAuthorityL3.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5")));
namingAuthorityL3.setUrl("http://naming-authority-level3.example.org");
namingAuthorityL3.setText("namingAuthrityText level 3");
pi.setNamingAuthority(namingAuthorityL3);
pi.setAddProfessionInfo(new byte[]{1, 2, 3, 4});
RegistrationNumber regNum = new RegistrationNumber();
pi.setRegistrationNumber(regNum);
regNum.setRegex("a*b");
// restriction
list.add(createExtension(Extn.id_extension_restriction, true, false));
last(list).setRestriction(
createRestriction(DirectoryStringType.utf8String, "demo restriction"));
// additionalInformation
list.add(createExtension(
Extn.id_extension_additionalInformation, true, false));
last(list).setAdditionalInformation(createAdditionalInformation(DirectoryStringType.utf8String,
"demo additional information"));
// validationModel
list.add(createExtension(Extn.id_extension_validityModel, true, false));
last(list).setValidityModel(
createValidityModel(
createOidType(new ASN1ObjectIdentifier("1.3.6.1.4.1.8301.3.5.1"), "chain")));
// privateKeyUsagePeriod
list.add(createExtension(Extension.privateKeyUsagePeriod, true, false));
last(list).setPrivateKeyUsagePeriod(createPrivateKeyUsagePeriod("3y"));
// QcStatements
list.add(createExtension(Extension.qCStatements, true, false));
last(list).setQcStatements(createQcStatements(true));
// biometricInfo
list.add(createExtension(Extension.biometricInfo, true, false));
last(list).setBiometricInfo(createBiometricInfo());
// authorizationTemplate
list.add(createExtension(
ObjectIdentifiers.Xipki.id_xipki_ext_authorizationTemplate, true, false));
last(list).setAuthorizationTemplate(createAuthorizationTemplate());
// SubjectAltName
list.add(createExtension(Extension.subjectAlternativeName, true, true));
GeneralNameType gn = new GeneralNameType();
last(list).setSubjectAltName(gn);
gn.addTags(GeneralNameTag.rfc822Name, GeneralNameTag.DNSName, GeneralNameTag.directoryName,
GeneralNameTag.ediPartyName, GeneralNameTag.uniformResourceIdentifier,
GeneralNameTag.IPAddress, GeneralNameTag.registeredID);
gn.addOtherNames(
createOidType(new ASN1ObjectIdentifier("1.2.3.1")),
createOidType(new ASN1ObjectIdentifier("1.2.3.2")));
// SubjectInfoAccess
list.add(createExtension(Extension.subjectInfoAccess, true, false));
SubjectInfoAccess subjectInfoAccess = new SubjectInfoAccess();
last(list).setSubjectInfoAccess(subjectInfoAccess);
List<ASN1ObjectIdentifier> accessMethods = new LinkedList<>();
accessMethods.add(Extn.id_ad_caRepository);
for (int i = 0; i < 10; i++) {
accessMethods.add(new ASN1ObjectIdentifier("2.3.4." + (i + 1)));
}
for (ASN1ObjectIdentifier accessMethod : accessMethods) {
SubjectInfoAccess.Access access = new SubjectInfoAccess.Access();
subjectInfoAccess.getAccesses().add(access);
access.setAccessMethod(createOidType(accessMethod));
GeneralNameType accessLocation = new GeneralNameType();
access.setAccessLocation(accessLocation);
accessLocation.addTags(
GeneralNameTag.rfc822Name, GeneralNameTag.DNSName, GeneralNameTag.directoryName,
GeneralNameTag.ediPartyName, GeneralNameTag.uniformResourceIdentifier,
GeneralNameTag.IPAddress, GeneralNameTag.registeredID);
accessLocation.addOtherNames(
createOidType(new ASN1ObjectIdentifier("1.2.3.1")),
createOidType(new ASN1ObjectIdentifier("1.2.3.2")));
}
marshall(profile, destFilename, true);
} // method certprofileEeComplex
private static void certprofileConstantExtImplicitTag(String destFilename) throws Exception {
certprofileConstantExt(destFilename, new ASN1ObjectIdentifier("1.2.3.6.2"), new Tag(1, false));
}
private static void certprofileConstantExtExplicitTag(String destFilename) throws Exception {
certprofileConstantExt(destFilename, new ASN1ObjectIdentifier("1.2.3.6.3"), new Tag(1, true));
}
private static void certprofileConstantExt(String destFilename) throws Exception {
certprofileConstantExt(destFilename, new ASN1ObjectIdentifier("1.2.3.6.1"), null);
}
private static void certprofileConstantExt(String destFilename, ASN1ObjectIdentifier oidPrefix,
Tag tag) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile constant-extension", CertLevel.EndEntity,
"5y", true);
// Subject
Subject subject = profile.getSubject();
subject.setKeepRdnOrder(true);
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.CN, 1, 1));
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
// Extensions
// Extensions - general
List<ExtensionType> list = profile.getExtensions();
// Extensions - controls
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, false));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(
new KeyUsage[]{KeyUsage.digitalSignature, KeyUsage.dataEncipherment,
KeyUsage.keyEncipherment},
null));
// Extensions - extenedKeyUsage
list.add(createExtension(Extension.extendedKeyUsage, true, false));
last(list).setExtendedKeyUsage(createExtendedKeyUsage(
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_serverAuth},
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_clientAuth}));
// Custom Constant Extension Value
list.addAll(createConstantExtensions(oidPrefix, tag));
marshall(profile, destFilename, true);
} // method certprofileConstantExt
private static void certprofileSyntaxExtImplicitTag(String destFilename) throws Exception {
certprofileSyntaxExt(destFilename, new ASN1ObjectIdentifier("1.2.3.6.2"), new Tag(1, false));
}
private static void certprofileSyntaxExtExplicitTag(String destFilename) throws Exception {
certprofileSyntaxExt(destFilename, new ASN1ObjectIdentifier("1.2.3.6.3"), new Tag(1, true));
}
private static void certprofileSyntaxExt(String destFilename) throws Exception {
certprofileSyntaxExt(destFilename, new ASN1ObjectIdentifier("1.2.3.6.1"), null);
}
private static void certprofileSyntaxExt(String destFilename,
ASN1ObjectIdentifier oidPrefix, Tag tag) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile syntax-extension", CertLevel.EndEntity,
"5y", true);
// Subject
Subject subject = profile.getSubject();
subject.setKeepRdnOrder(true);
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.CN, 1, 1));
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
// Extensions
// Extensions - general
List<ExtensionType> list = profile.getExtensions();
// Extensions - controls
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, false));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(
new KeyUsage[]{KeyUsage.digitalSignature, KeyUsage.dataEncipherment,
KeyUsage.keyEncipherment},
null));
// Extensions - extenedKeyUsage
list.add(createExtension(Extension.extendedKeyUsage, true, false));
last(list).setExtendedKeyUsage(createExtendedKeyUsage(
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_serverAuth},
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_clientAuth}));
// Custom extension with syntax
list.addAll(createSyntaxExtensions(oidPrefix, tag));
marshall(profile, destFilename, true);
} // method certprofileSyntaxExt
private static List<ExtensionType> createConstantExtensions(
ASN1ObjectIdentifier oidPrefix, Tag tag) throws IOException {
List<ExtensionType> list = new LinkedList<>();
// Custom Constant Extension Value
list.add(createConstantExtension(oidPrefix.branch("1"), true, false, tag,
FieldType.BIT_STRING, Base64.encodeToString(new byte[] {1, 2})));
list.add(createConstantExtension(oidPrefix.branch("2"), true, false, tag,
FieldType.BMPString, "A BMP string"));
list.add(createConstantExtension(oidPrefix.branch("3"), true, false, tag,
FieldType.BOOLEAN, Boolean.TRUE.toString()));
list.add(createConstantExtension(oidPrefix.branch("4"), true, false, tag,
FieldType.IA5String, "An IA5 string"));
list.add(createConstantExtension(oidPrefix.branch("5"), true, false, tag,
FieldType.INTEGER, "10"));
list.add(createConstantExtension(oidPrefix.branch("6"), true, false, tag,
FieldType.NULL, null));
list.add(createConstantExtension(oidPrefix.branch("7"), true, false, tag,
FieldType.OCTET_STRING, Base64.encodeToString(new byte[] {3, 4})));
list.add(createConstantExtension(oidPrefix.branch("8"), true, false, tag,
FieldType.OID, "2.3.4.5"));
list.add(createConstantExtension(oidPrefix.branch("9"), true, false, tag,
FieldType.PrintableString, "A printable string"));
list.add(createConstantExtension(oidPrefix.branch("10"), true, false, tag,
FieldType.RAW, Base64.encodeToString(DERNull.INSTANCE.getEncoded())));
last(list).getConstant().setDescription("DER NULL");
list.add(createConstantExtension(oidPrefix.branch("11"), true, false, tag,
FieldType.TeletexString, "A teletax string"));
list.add(createConstantExtension(oidPrefix.branch("12"), true, false, tag,
FieldType.UTF8String, "A UTF8 string"));
list.add(createConstantExtension(oidPrefix.branch("13"), true, false, tag,
FieldType.ENUMERATED, "2"));
list.add(createConstantExtension(oidPrefix.branch("14"), true, false, tag,
FieldType.GeneralizedTime, new ASN1GeneralizedTime("20180314130102Z").getTimeString()));
list.add(createConstantExtension(oidPrefix.branch("15"), true, false, tag,
FieldType.UTCTime, "190314130102Z"));
list.add(createConstantExtension(oidPrefix.branch("16"), true, false, tag,
FieldType.Name, "CN=abc,C=DE"));
list.add(createConstantExtension(oidPrefix.branch("17"), true, false, tag,
FieldType.SEQUENCE, null));
last(list).getConstant().setListValue(createConstantSequenceOrSet());
list.add(createConstantExtension(oidPrefix.branch("18"), true, false, tag,
FieldType.SEQUENCE_OF, null));
last(list).getConstant().setListValue(createConstantSequenceOfOrSetOf());
list.add(createConstantExtension(oidPrefix.branch("19"), true, false, tag,
FieldType.SET, null));
last(list).getConstant().setListValue(createConstantSequenceOrSet());
list.add(createConstantExtension(oidPrefix.branch("20"), true, false, tag,
FieldType.SET_OF, null));
last(list).getConstant().setListValue(createConstantSequenceOfOrSetOf());
return list;
} // method createConstantExtensions
private static List<ExtensionType> createSyntaxExtensions(ASN1ObjectIdentifier oidPrefix,
Tag tag) {
List<ExtensionType> list = new LinkedList<>();
// Custom extension with syntax
list.add(createSyntaxExtension(oidPrefix.branch("1"), true, false, tag,
FieldType.BIT_STRING));
list.add(createSyntaxExtension(oidPrefix.branch("2"), true, false, tag,
FieldType.BMPString));
list.add(createSyntaxExtension(oidPrefix.branch("3"), true, false, tag,
FieldType.BOOLEAN));
list.add(createSyntaxExtension(oidPrefix.branch("4"), true, false, tag,
FieldType.IA5String));
list.add(createSyntaxExtension(oidPrefix.branch("5"), true, false, tag,
FieldType.INTEGER));
list.add(createSyntaxExtension(oidPrefix.branch("6"), true, false, tag,
FieldType.NULL));
list.add(createSyntaxExtension(oidPrefix.branch("7"), true, false, tag,
FieldType.OCTET_STRING));
list.add(createSyntaxExtension(oidPrefix.branch("8"), true, false, tag,
FieldType.OID));
list.add(createSyntaxExtension(oidPrefix.branch("9"), true, false, tag,
FieldType.PrintableString));
list.add(createSyntaxExtension(oidPrefix.branch("10"), true, false, tag,
FieldType.RAW));
list.add(createSyntaxExtension(oidPrefix.branch("11"), true, false, tag,
FieldType.TeletexString));
list.add(createSyntaxExtension(oidPrefix.branch("12"), true, false, tag,
FieldType.UTF8String));
list.add(createSyntaxExtension(oidPrefix.branch("13"), true, false, tag,
FieldType.ENUMERATED));
list.add(createSyntaxExtension(oidPrefix.branch("14"), true, false, tag,
FieldType.GeneralizedTime));
list.add(createSyntaxExtension(oidPrefix.branch("15"), true, false, tag,
FieldType.UTCTime));
list.add(createSyntaxExtension(oidPrefix.branch("16"), true, false, tag,
FieldType.Name));
list.add(createSyntaxExtension(oidPrefix.branch("17"), true, false, tag,
FieldType.SEQUENCE));
last(list).getSyntax().setSubFields(createSyntaxSequenceOrSet());
list.add(createSyntaxExtension(oidPrefix.branch("18"), true, false, tag,
FieldType.SEQUENCE_OF));
last(list).getSyntax().setSubFields(createSyntaxSequenceOfOrSetOf());
list.add(createSyntaxExtension(oidPrefix.branch("19"), true, false, tag,
FieldType.SET));
last(list).getSyntax().setSubFields(createSyntaxSequenceOrSet());
list.add(createSyntaxExtension(oidPrefix.branch("20"), true, false, tag,
FieldType.SET_OF));
last(list).getSyntax().setSubFields(createSyntaxSequenceOfOrSetOf());
return list;
} // method createSyntaxExtensions
private static void certprofileMaxTime(String destFilename) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile max-time", CertLevel.EndEntity,
"9999y");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.CN, 1, 1, ":FQDN", null, null));
// Extensions
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(
new KeyUsage[]{KeyUsage.digitalSignature, KeyUsage.dataEncipherment,
KeyUsage.keyEncipherment},
null));
marshall(profile, destFilename, true);
} // method certprofileMaxTime
private static void certprofileFixedPartialSubject(String destFilename) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile fixed subject O and C",
CertLevel.EndEntity, "365d");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
ValueType value = new ValueType();
value.setText("DE");
value.setOverridable(true);
rdnControls.add(createRdn(DN.C, null, null, value));
value = new ValueType();
value.setText("fixed xipki.org");
value.setOverridable(false);
rdnControls.add(createRdn(DN.O, null, null, value));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.CN, 1, 1));
// Extensions
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(
new KeyUsage[]{KeyUsage.digitalSignature, KeyUsage.dataEncipherment,
KeyUsage.keyEncipherment},
null));
marshall(profile, destFilename, true);
} // method certprofileFixedPartialSubject
private static void certprofileAppleWwdr(String destFilename) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile apple WWDR",
CertLevel.EndEntity, "395d");
// Subject
Subject subject = profile.getSubject();
subject.setKeepRdnOrder(true);
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 1, 1));
rdnControls.add(createRdn(DN.CN, 1, 1));
rdnControls.add(createRdn(DN.UID, 1, 1));
// Extensions
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
list.add(createExtension(Extension.cRLDistributionPoints, true, false, null));
// Extensions - CeritifcatePolicies
// Certificate Policies
list.add(createExtension(Extension.certificatePolicies, true, false));
CertificatePolicies extValue = new CertificatePolicies();
last(list).setCertificatePolicies(extValue);
List<CertificatePolicyInformationType> pis = extValue.getCertificatePolicyInformations();
CertificatePolicyInformationType single = new CertificatePolicyInformationType();
pis.add(single);
single.setPolicyIdentifier(createOidType(
new ASN1ObjectIdentifier("1.2.840.113635.100.5.1")));
List<PolicyQualifier> qualifiers = new ArrayList<>(1);
single.setPolicyQualifiers(qualifiers);
PolicyQualifier qualifier = new PolicyQualifier();
qualifiers.add(qualifier);
qualifier.setType(PolicyQualfierType.userNotice);
qualifier.setValue("Reliance on this certificate by any party assumes acceptance of the then "
+ "applicable standard terms and conditions of use, certificate policy and certification "
+ "practice statements.");
qualifier = new PolicyQualifier();
qualifiers.add(qualifier);
qualifier.setType(PolicyQualfierType.cpsUri);
qualifier.setValue("http://www.apple.com/certificateauthority");
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(
new KeyUsage[]{KeyUsage.digitalSignature},
null));
// Extensions - extenedKeyUsage
list.add(createExtension(Extension.extendedKeyUsage, true, false));
last(list).setExtendedKeyUsage(createExtendedKeyUsage(
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_clientAuth},
null));
// apple custom extension 1.2.840.113635.100.6.3.1
list.add(createConstantExtension(new ASN1ObjectIdentifier("1.2.840.113635.100.6.3.1"),
true, false, null, FieldType.NULL, null));
// apple custom extension 1.2.840.113635.100.6.3.2
list.add(createConstantExtension(new ASN1ObjectIdentifier("1.2.840.113635.100.6.3.2"),
true, false, null, FieldType.NULL, null));
// apple custom extension 1.2.840.113635.100.6.3.6
list.add(createExtension(new ASN1ObjectIdentifier("1.2.840.113635.100.6.3.6"), true, false));
ExtnSyntax syntax = new ExtnSyntax(FieldType.SEQUENCE);
last(list).setSyntax(syntax);
last(list).setPermittedInRequest(true);
/*
* 1. SEQUENCE or SET {
* 2. UTF8String # abc.def.myBlog EXPLICIT
* 3. SEQUENCE
* 4. UTF8String # app
* 5. UTF8String # abc.def.myBlog.voip EXPLICIT
* 6. SEQUENCE EXPLICIT
* 7. UTF8String # voip
* 8. UTF8String # abc.def.myBlog.complication IMPLICIT
* 9. SEQUENCE IMPLICIT
* 10. UTF8String # complication
* 11. }
*/
List<SubFieldSyntax> subFields = new LinkedList<>();
// Line 2
SubFieldSyntax subField = new SubFieldSyntax(FieldType.UTF8String);
subFields.add(subField);
subField.setRequired(true);
// Line 3-4
subField = new SubFieldSyntax(FieldType.SEQUENCE);
subFields.add(subField);
subField.setRequired(true);
SubFieldSyntax subsubField = new SubFieldSyntax(FieldType.UTF8String);
subsubField.setRequired(true);
subField.setSubFields(Arrays.asList(subsubField));
// Line 5
subField = new SubFieldSyntax(FieldType.UTF8String);
subField.setRequired(true);
subFields.add(subField);
// Line 6-7
subField = new SubFieldSyntax(FieldType.SEQUENCE);
subFields.add(subField);
subField.setRequired(true);
subsubField = new SubFieldSyntax(FieldType.UTF8String);
subsubField.setRequired(true);
subField.setSubFields(Arrays.asList(subsubField));
// Line 8
subField = new SubFieldSyntax(FieldType.UTF8String);
subFields.add(subField);
subField.setRequired(true);
// Line 9-10
subField = new SubFieldSyntax(FieldType.SEQUENCE);
subFields.add(subField);
subField.setRequired(true);
subsubField = new SubFieldSyntax(FieldType.UTF8String);
subsubField.setRequired(true);
subField.setSubFields(Arrays.asList(subsubField));
syntax.setSubFields(subFields);
marshall(profile, destFilename, true);
} // method certprofileAppleWwdr
private static void certprofileGmt0015(String destFilename) throws Exception {
String desc = "certprofile GMT 0015";
X509ProfileType profile = getBaseProfile(desc, CertLevel.EndEntity, "5y");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.CN, 1, 1));
rdnControls.add(createRdn(Extn.id_GMT_0015_ICRegistrationNumber, 0, 1));
rdnControls.add(createRdn(Extn.id_GMT_0015_IdentityCode, 0, 1));
rdnControls.add(createRdn(Extn.id_GMT_0015_InsuranceNumber, 0, 1));
rdnControls.add(createRdn(Extn.id_GMT_0015_OrganizationCode, 0, 1));
rdnControls.add(createRdn(Extn.id_GMT_0015_TaxationNumber, 0, 1));
// Extensions
// Extensions - controls
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(
new KeyUsage[]{KeyUsage.digitalSignature, KeyUsage.dataEncipherment,
KeyUsage.keyEncipherment},
null));
// Extensions - extenedKeyUsage
list.add(createExtension(Extension.extendedKeyUsage, true, false));
last(list).setExtendedKeyUsage(createExtendedKeyUsage(
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_clientAuth},
null));
// Extension id_GMT_0015_ICRegistrationNumber
ASN1ObjectIdentifier[] gmtOids = new ASN1ObjectIdentifier[] {
Extn.id_GMT_0015_ICRegistrationNumber,
Extn.id_GMT_0015_IdentityCode,
Extn.id_GMT_0015_InsuranceNumber,
Extn.id_GMT_0015_OrganizationCode,
Extn.id_GMT_0015_TaxationNumber};
for (ASN1ObjectIdentifier m : gmtOids) {
list.add(createExtension(m, true, false));
last(list).setPermittedInRequest(true);
}
marshall(profile, destFilename, true);
} // method certprofileGmt0015
private static void certprofileExtended(String destFilename) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile extended", CertLevel.EndEntity, "5y");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.CN, 1, 1, ":FQDN", null, null));
// SubjectToSubjectAltName
List<SubjectToSubjectAltNameType> subjectToSubjectAltNames = new LinkedList<>();
profile.setSubjectToSubjectAltNames(subjectToSubjectAltNames);
SubjectToSubjectAltNameType s2sType = new SubjectToSubjectAltNameType();
subjectToSubjectAltNames.add(s2sType);
s2sType.setSource(createOidType(DN.CN));
s2sType.setTarget(GeneralNameTag.DNSName);
// Extensions
// Extensions - general
// Extensions - controls
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - SubjectAltNames
list.add(createExtension(Extension.subjectAlternativeName, true, false));
GeneralNameType gn = new GeneralNameType();
last(list).setSubjectAltName(gn);
gn.addTags(GeneralNameTag.DNSName, GeneralNameTag.IPAddress);
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(
new KeyUsage[]{KeyUsage.digitalSignature, KeyUsage.dataEncipherment,
KeyUsage.keyEncipherment},
null));
// Extensions - extenedKeyUsage
list.add(createExtension(Extension.extendedKeyUsage, true, false));
last(list).setExtendedKeyUsage(createExtendedKeyUsage(
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_serverAuth},
new ASN1ObjectIdentifier[]{ObjectIdentifiers.XKU.id_kp_clientAuth}));
// Extensions - tlsFeature
list.add(createExtension(Extn.id_pe_tlsfeature, true, true));
last(list).setTlsFeature(
createTlsFeature(
new TlsExtensionType[]{TlsExtensionType.STATUS_REQUEST,
TlsExtensionType.CLIENT_CERTIFICATE_URL}));
// Extensions - SMIMECapabilities
list.add(createExtension(Extn.id_smimeCapabilities, true, false));
last(list).setSmimeCapabilities(createSmimeCapabilities());
// Extensions - 1.2.3.4.1 (demo_without_conf)
list.add(
createExtension(new ASN1ObjectIdentifier("1.2.3.4.1"), true, false, "demo_without_conf"));
// Extensions - 1.2.3.4.2 (demo_with_conf)
list.add(
createExtension(new ASN1ObjectIdentifier("1.2.3.4.2"), true, false, "demo_with_conf"));
ExtnDemoWithConf demoWithConf = new ExtnDemoWithConf();
demoWithConf.setTexts(Arrays.asList("text1", "text2"));
last(list).setCustom(demoWithConf);
// cannot validate due to some additional customized extensions.
marshall(profile, destFilename, false);
} // method certprofileExtended
private static RdnType createRdn(ASN1ObjectIdentifier type, int min, int max) {
return createRdn(type, min, max, null, null, null);
}
private static RdnType createRdn(ASN1ObjectIdentifier type, int min, int max,
String regex, String prefix, String suffix) {
return createRdn(type, min, max, regex, prefix, suffix, null);
}
private static RdnType createRdn(ASN1ObjectIdentifier type, int min, int max,
String regex, String prefix, String suffix, String group) {
RdnType ret = new RdnType();
ret.setType(createOidType(type));
ret.setMinOccurs(min);
ret.setMaxOccurs(max);
if (regex != null) {
ret.setRegex(regex);
}
if (StringUtil.isNotBlank(prefix)) {
ret.setPrefix(prefix);
}
if (StringUtil.isNotBlank(suffix)) {
ret.setSuffix(suffix);
}
if (StringUtil.isNotBlank(group)) {
ret.setGroup(group);
}
if (NOT_IN_SUBJECT_RDNS.contains(type)) {
ret.setNotInSubject(Boolean.TRUE);
}
return ret;
} // method createRdn
private static RdnType createRdn(ASN1ObjectIdentifier type,
String regex, String group, ValueType value) {
RdnType ret = new RdnType();
ret.setType(createOidType(type));
ret.setMinOccurs(1);
ret.setMaxOccurs(1);
ret.setValue(value);
if (regex != null) {
ret.setRegex(regex);
}
if (StringUtil.isNotBlank(group)) {
ret.setGroup(group);
}
return ret;
} // method createRdn
private static ExtensionType createExtension(ASN1ObjectIdentifier type, boolean required,
boolean critical) {
return createExtension(type, required, critical, null);
}
private static ExtensionType createExtension(ASN1ObjectIdentifier type, boolean required,
boolean critical, String description) {
ExtensionType ret = new ExtensionType();
// attributes
ret.setRequired(required);
ret.setPermittedInRequest(REQUEST_EXTENSIONS.contains(type));
// children
ret.setType(createOidType(type, description));
ret.setCritical(critical);
return ret;
}
private static ExtensionType createConstantExtension(ASN1ObjectIdentifier type, boolean required,
boolean critical, Tag tag, FieldType fieldType, String value) {
ExtensionType ret = new ExtensionType();
// attributes
ret.setRequired(required);
ret.setPermittedInRequest(false);
// children
String desc = "custom constant extension " + fieldType.getText();
if (tag != null) {
desc += " (" + tag.getValue() + ", " + (tag.isExplicit() ? "EXPLICIT)" : "IMPLICIT)");
}
ret.setType(createOidType(type, desc));
ret.setCritical(critical);
ConstantExtnValue constantExtn = new ConstantExtnValue(fieldType);
ret.setConstant(constantExtn);
if (value != null) {
constantExtn.setValue(value);
}
if (tag != null) {
constantExtn.setTag(tag);
}
return ret;
} // method createConstantExtension
private static ExtensionType createSyntaxExtension(ASN1ObjectIdentifier type, boolean required,
boolean critical, Tag tag, FieldType fieldType) {
ExtensionType ret = new ExtensionType();
// attributes
ret.setRequired(required);
ret.setPermittedInRequest(true);
// children
String desc = "custom syntax extension " + fieldType.getText();
if (tag != null) {
desc += " (" + tag.getValue() + ", " + (tag.isExplicit() ? "EXPLICIT)" : "IMPLICIT)");
}
ret.setType(createOidType(type, desc));
ret.setCritical(critical);
ExtnSyntax extnSyntax = new ExtnSyntax(fieldType);
if (tag != null) {
extnSyntax.setTag(tag);
}
ret.setSyntax(extnSyntax);
return ret;
} // method createSyntaxExtension
private static ExtensionType.KeyUsage createKeyUsage(KeyUsage[] requiredUsages,
KeyUsage[] optionalUsages) {
ExtensionType.KeyUsage extValue = new ExtensionType.KeyUsage();
if (requiredUsages != null) {
for (KeyUsage m : requiredUsages) {
ExtensionType.KeyUsage.Usage usage = new ExtensionType.KeyUsage.Usage();
usage.setValue(m);
usage.setRequired(true);
extValue.getUsages().add(usage);
}
}
if (optionalUsages != null) {
for (KeyUsage m : optionalUsages) {
ExtensionType.KeyUsage.Usage usage = new ExtensionType.KeyUsage.Usage();
usage.setValue(m);
usage.setRequired(false);
extValue.getUsages().add(usage);
}
}
return extValue;
} // method createKeyUsage
// CHECKSTYLE:SKIP
private static AuthorityKeyIdentifier createAKIwithSerialAndSerial() {
AuthorityKeyIdentifier akiType = new AuthorityKeyIdentifier();
akiType.setUseIssuerAndSerial(true);
return akiType;
} // method createAKIwithSerialAndSerial
private static AuthorityInfoAccess createAuthorityInfoAccess() {
AuthorityInfoAccess extnValue = new AuthorityInfoAccess();
extnValue.setIncludeCaIssuers(true);
extnValue.setIncludeOcsp(true);
extnValue.setCaIssuersProtocols(new HashSet<>(Arrays.asList("http")));
extnValue.setOcspProtocols(new HashSet<>(Arrays.asList("http")));
return extnValue;
} // method createAuthorityInfoAccess
private static CrlDistributionPoints createCrlDistibutoionPoints() {
CrlDistributionPoints extnValue = new CrlDistributionPoints();
extnValue.setProtocols(new HashSet<>(Arrays.asList("http")));
return extnValue;
}
private static BasicConstraints createBasicConstraints(int pathLen) {
BasicConstraints extValue = new BasicConstraints();
extValue.setPathLen(pathLen);
return extValue;
}
private static ExtendedKeyUsage createExtendedKeyUsage(
ASN1ObjectIdentifier[] requiredUsages, ASN1ObjectIdentifier[] optionalUsages) {
ExtendedKeyUsage extValue = new ExtendedKeyUsage();
if (requiredUsages != null) {
List<ASN1ObjectIdentifier> oids = Arrays.asList(requiredUsages);
oids = sortOidList(oids);
for (ASN1ObjectIdentifier usage : oids) {
extValue.getUsages().add(createSingleExtKeyUsage(usage, true));
}
}
if (optionalUsages != null) {
List<ASN1ObjectIdentifier> oids = Arrays.asList(optionalUsages);
oids = sortOidList(oids);
for (ASN1ObjectIdentifier usage : oids) {
extValue.getUsages().add(createSingleExtKeyUsage(usage, false));
}
}
return extValue;
} // method createExtendedKeyUsage
private static ExtendedKeyUsage.Usage createSingleExtKeyUsage(
ASN1ObjectIdentifier usage, boolean required) {
ExtendedKeyUsage.Usage type = new ExtendedKeyUsage.Usage();
type.setOid(usage.getId());
type.setRequired(required);
String desc = getDescription(usage);
if (desc != null) {
type.setDescription(desc);
}
return type;
} // method createSingleExtKeyUsage
private static Restriction createRestriction(DirectoryStringType type, String text) {
Restriction extValue = new Restriction();
extValue.setType(type);
extValue.setText(text);
return extValue;
} // method createRestriction
private static AdditionalInformation createAdditionalInformation(DirectoryStringType type,
String text) {
AdditionalInformation extValue = new AdditionalInformation();
extValue.setType(type);
extValue.setText(text);
return extValue;
} // method createAdditionalInformation
private static PrivateKeyUsagePeriod createPrivateKeyUsagePeriod(String validity) {
PrivateKeyUsagePeriod extValue = new PrivateKeyUsagePeriod();
extValue.setValidity(validity);
return extValue;
}
private static QcStatements createQcStatements(boolean requireRequestExt) {
QcStatements extValue = new QcStatements();
QcStatementType statement = new QcStatementType();
// QcCompliance
statement.setStatementId(createOidType(Extn.id_etsi_qcs_QcCompliance));
extValue.getQcStatements().add(statement);
// QC SCD
statement = new QcStatementType();
statement.setStatementId(createOidType(Extn.id_etsi_qcs_QcSSCD));
extValue.getQcStatements().add(statement);
// QC RetentionPeriod
statement = new QcStatementType();
statement.setStatementId(createOidType(Extn.id_etsi_qcs_QcRetentionPeriod));
QcStatementValueType statementValue = new QcStatementValueType();
statementValue.setQcRetentionPeriod(10);
statement.setStatementValue(statementValue);
extValue.getQcStatements().add(statement);
// QC LimitValue
statement = new QcStatementType();
statement.setStatementId(createOidType(Extn.id_etsi_qcs_QcLimitValue));
statementValue = new QcStatementValueType();
QcEuLimitValueType euLimit = new QcEuLimitValueType();
euLimit.setCurrency("EUR");
Range2Type rangeAmount = new Range2Type();
int min = 100;
rangeAmount.setMin(min);
rangeAmount.setMax(requireRequestExt ? 200 : min);
euLimit.setAmount(rangeAmount);
Range2Type rangeExponent = new Range2Type();
min = 10;
rangeExponent.setMin(min);
rangeExponent.setMax(requireRequestExt ? 20 : min);
euLimit.setExponent(rangeExponent);
statementValue.setQcEuLimitValue(euLimit);
statement.setStatementValue(statementValue);
extValue.getQcStatements().add(statement);
// QC PDS
statement = new QcStatementType();
statement.setStatementId(createOidType(Extn.id_etsi_qcs_QcPDS));
extValue.getQcStatements().add(statement);
statementValue = new QcStatementValueType();
statement.setStatementValue(statementValue);
List<PdsLocationType> pdsLocations = new LinkedList<>();
statementValue.setPdsLocations(pdsLocations);
PdsLocationType pdsLocation = new PdsLocationType();
pdsLocations.add(pdsLocation);
pdsLocation.setUrl("http://pki.example.org/pds/en");
pdsLocation.setLanguage("en");
pdsLocation = new PdsLocationType();
pdsLocations.add(pdsLocation);
pdsLocation.setUrl("http://pki.example.org/pds/de");
pdsLocation.setLanguage("de");
// QC Constant value
statement = new QcStatementType();
statement.setStatementId(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5"), "dummy"));
statementValue = new QcStatementValueType();
DescribableBinary value = new DescribableBinary();
try {
value.setValue(DERNull.INSTANCE.getEncoded());
} catch (IOException ex) {
throw new IllegalStateException(ex);
}
value.setDescription("DER NULL");
statementValue.setConstant(value);
statement.setStatementValue(statementValue);
extValue.getQcStatements().add(statement);
return extValue;
} // method createQcStatements
private static BiometricInfo createBiometricInfo() {
BiometricInfo extValue = new BiometricInfo();
// type
// predefined image (0)
BiometricTypeType type = new BiometricTypeType();
extValue.getTypes().add(type);
DescribableInt predefined = new DescribableInt();
predefined.setValue(0);
predefined.setDescription("image");
type.setPredefined(predefined);
// predefined handwritten-signature(1)
type = new BiometricTypeType();
predefined = new DescribableInt();
predefined.setValue(1);
predefined.setDescription("handwritten-signature");
type.setPredefined(predefined);
extValue.getTypes().add(type);
// OID
type = new BiometricTypeType();
type.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5.6"), "dummy biometric type"));
extValue.getTypes().add(type);
// hash algorithm
HashAlgo[] hashAlgos = new HashAlgo[]{HashAlgo.SHA256, HashAlgo.SHA384};
for (HashAlgo hashAlgo : hashAlgos) {
extValue.getHashAlgorithms().add(createOidType(hashAlgo.getOid(), hashAlgo.getName()));
}
extValue.setIncludeSourceDataUri(TripleState.required);
return extValue;
} // method createBiometricInfo
private static AuthorizationTemplate createAuthorizationTemplate() {
AuthorizationTemplate extValue = new AuthorizationTemplate();
extValue.setType(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5"), "dummy type"));
DescribableBinary accessRights = new DescribableBinary();
accessRights.setDescription("dummy access rights");
accessRights.setValue(new byte[]{1, 2, 3, 4});
extValue.setAccessRights(accessRights);
return extValue;
} // method createAuthorizationTemplate
private static ValidityModel createValidityModel(DescribableOid modelId) {
ValidityModel extValue = new ValidityModel();
extValue.setModelId(modelId);
return extValue;
} // method createValidityModel
private static CertificatePolicies createCertificatePolicies(
Map<ASN1ObjectIdentifier, String> policies) {
if (policies == null || policies.isEmpty()) {
return null;
}
CertificatePolicies extValue = new CertificatePolicies();
List<CertificatePolicyInformationType> pis = extValue.getCertificatePolicyInformations();
for (ASN1ObjectIdentifier oid : policies.keySet()) {
CertificatePolicyInformationType single = new CertificatePolicyInformationType();
pis.add(single);
single.setPolicyIdentifier(createOidType(oid));
List<PolicyQualifier> qualifiers = new ArrayList<>(1);
String cpsUri = policies.get(oid);
if (cpsUri != null) {
PolicyQualifier qualifier = new PolicyQualifier();
qualifier.setType(PolicyQualfierType.cpsUri);
qualifier.setValue(cpsUri);
qualifiers.add(qualifier);
}
single.setPolicyQualifiers(qualifiers);
}
return extValue;
} // method createCertificatePolicies
private static String getDescription(ASN1ObjectIdentifier oid) {
return ObjectIdentifiers.getName(oid);
}
private static PolicyIdMappingType createPolicyIdMapping(
ASN1ObjectIdentifier issuerPolicyId, ASN1ObjectIdentifier subjectPolicyId) {
PolicyIdMappingType ret = new PolicyIdMappingType();
ret.setIssuerDomainPolicy(createOidType(issuerPolicyId));
ret.setSubjectDomainPolicy(createOidType(subjectPolicyId));
return ret;
} // method createPolicyIdMapping
private static PolicyConstraints createPolicyConstraints(Integer inhibitPolicyMapping,
Integer requireExplicitPolicy) {
PolicyConstraints ret = new PolicyConstraints();
if (inhibitPolicyMapping != null) {
ret.setInhibitPolicyMapping(inhibitPolicyMapping);
}
if (requireExplicitPolicy != null) {
ret.setRequireExplicitPolicy(requireExplicitPolicy);
}
return ret;
} // method createPolicyConstraints
private static NameConstraints createNameConstraints() {
NameConstraints ret = new NameConstraints();
List<GeneralSubtreeType> permitted = new LinkedList<>();
ret.setPermittedSubtrees(permitted);
GeneralSubtreeType single = new GeneralSubtreeType();
single.setBase(new GeneralSubtreeType.Base());
single.getBase().setDirectoryName("O=example organization, C=DE");
permitted.add(single);
List<GeneralSubtreeType> excluded = new LinkedList<>();
single = new GeneralSubtreeType();
excluded.add(single);
single.setBase(new GeneralSubtreeType.Base());
single.getBase().setDirectoryName("OU=bad OU, O=example organization, C=DE");
ret.setExcludedSubtrees(excluded);
return ret;
} // method createNameConstraints
private static InhibitAnyPolicy createInhibitAnyPolicy(int skipCerts) {
InhibitAnyPolicy ret = new InhibitAnyPolicy();
ret.setSkipCerts(skipCerts);
return ret;
} // method createInhibitAnyPolicy
private static DescribableOid createOidType(ASN1ObjectIdentifier oid) {
return createOidType(oid, null);
}
private static DescribableOid createOidType(ASN1ObjectIdentifier oid, String description) {
DescribableOid ret = new DescribableOid();
ret.setOid(oid.getId());
String desc = (description == null) ? getDescription(oid) : description;
if (desc != null) {
ret.setDescription(desc);
}
return ret;
} // method
private static X509ProfileType getBaseCabProfile(String description, CertLevel certLevel,
String validity) {
return getBaseCabProfile(description, certLevel, validity, false);
}
private static X509ProfileType getBaseCabProfile(String description, CertLevel certLevel,
String validity, boolean useMidnightNotBefore) {
X509ProfileType profile = new X509ProfileType();
profile.setMetadata(createDescription(description));
profile.setCertDomain(CertDomain.CABForumBR);
profile.setCertLevel(certLevel);
profile.setMaxSize(6000 * 3 / 4);
profile.setVersion(X509CertVersion.v3);
profile.setValidity(validity);
profile.setNotBeforeTime(useMidnightNotBefore ? "midnight" : "current");
profile.setSerialNumberInReq(false);
if (certLevel == CertLevel.EndEntity) {
profile.setKeypairGeneration(new KeypairGenerationType());
profile.getKeypairGeneration().setInheritCA(true);
}
// SignatureAlgorithms
List<String> algos = new LinkedList<>();
profile.setSignatureAlgorithms(algos);
String[] sigHashAlgos = new String[]{"SHA512", "SHA384", "SHA256"};
String[] algoPart2s = new String[]{"withRSA", "withDSA", "withECDSA", "withRSAandMGF1"};
for (String part2 : algoPart2s) {
for (String hashAlgo : sigHashAlgos) {
algos.add(hashAlgo + part2);
}
}
// Subject
Subject subject = new Subject();
profile.setSubject(subject);
subject.setKeepRdnOrder(false);
// Key
profile.setKeyAlgorithms(createCabKeyAlgorithms());
return profile;
} // method getBaseCabProfile
private static X509ProfileType getBaseProfile(String description, CertLevel certLevel,
String validity) {
return getBaseProfile(description, certLevel, validity, false);
}
private static X509ProfileType getBaseProfile(String description, CertLevel certLevel,
String validity, boolean useMidnightNotBefore) {
X509ProfileType profile = new X509ProfileType();
profile.setMetadata(createDescription(description));
profile.setCertLevel(certLevel);
profile.setMaxSize(4500);
profile.setVersion(X509CertVersion.v3);
profile.setValidity(validity);
profile.setNotBeforeTime(useMidnightNotBefore ? "midnight" : "current");
profile.setSerialNumberInReq(false);
if (certLevel == CertLevel.EndEntity) {
profile.setKeypairGeneration(new KeypairGenerationType());
profile.getKeypairGeneration().setInheritCA(true);
}
// SignatureAlgorithms
List<String> algos = new LinkedList<>();
profile.setSignatureAlgorithms(algos);
String[] sigHashAlgos = new String[]{"SHA3-512", "SHA3-384", "SHA3-256", "SHA3-224",
"SHA512", "SHA384", "SHA256", "SHA1"};
String[] algoPart2s = new String[]{"withRSA", "withDSA", "withECDSA", "withRSAandMGF1"};
for (String part2 : algoPart2s) {
for (String hashAlgo : sigHashAlgos) {
algos.add(hashAlgo + part2);
}
}
String part2 = "withPlainECDSA";
for (String hashAlgo : sigHashAlgos) {
if (!hashAlgo.startsWith("SHA3-")) {
algos.add(hashAlgo + part2);
}
}
algos.add("SM3withSM2");
algos.add("Ed25519");
algos.add("Ed448");
// Subject
Subject subject = new Subject();
profile.setSubject(subject);
subject.setKeepRdnOrder(false);
ASN1ObjectIdentifier[] curveIds = (CertLevel.EndEntity != certLevel) ? null :
new ASN1ObjectIdentifier[] {SECObjectIdentifiers.secp256r1,
TeleTrusTObjectIdentifiers.brainpoolP256r1, GMObjectIdentifiers.sm2p256v1};
// Key
profile.setKeyAlgorithms(createKeyAlgorithms(curveIds, certLevel));
return profile;
} // method getBaseProfile
private static X509ProfileType getEeBaseProfileForEdwardsOrMontgomeryCurves(String description,
String validity, boolean edwards, boolean curve25519) {
X509ProfileType profile = new X509ProfileType();
profile.setMetadata(createDescription(description));
profile.setCertLevel(CertLevel.EndEntity);
profile.setMaxSize(4500);
profile.setVersion(X509CertVersion.v3);
profile.setValidity(validity);
profile.setNotBeforeTime("current");
profile.setSerialNumberInReq(false);
KeypairGenerationType kpGen = new KeypairGenerationType();
profile.setKeypairGeneration(kpGen);
KeyType keyType;
ASN1ObjectIdentifier algorithm;
if (edwards) {
keyType = curve25519 ? KeyType.ed25519 : KeyType.ed448;
algorithm = curve25519 ? EdECConstants.id_ED25519 : EdECConstants.id_ED448;
} else {
keyType = curve25519 ? KeyType.x25519 : KeyType.x448;
algorithm = curve25519 ? EdECConstants.id_X25519 : EdECConstants.id_X448;
}
kpGen.setAlgorithm(createOidType(algorithm));
kpGen.setKeyType(keyType);
// SignatureAlgorithm
List<String> algos = new LinkedList<>();
profile.setSignatureAlgorithms(algos);
algos.add("Ed25519");
algos.add("Ed448");
// Subject
Subject subject = new Subject();
profile.setSubject(subject);
subject.setKeepRdnOrder(false);
// KeyUsage
KeyUsage[] usages = edwards
? new KeyUsage[]{KeyUsage.digitalSignature, KeyUsage.contentCommitment}
: new KeyUsage[]{KeyUsage.keyAgreement};
List<AlgorithmType> keyAlgorithms = createEdwardsOrMontgomeryKeyAlgorithms(
edwards, !edwards, curve25519, !curve25519);
profile.setKeyAlgorithms(keyAlgorithms);
List<ExtensionType> extensions = profile.getExtensions();
extensions.add(createExtension(Extension.keyUsage, true, true));
last(extensions).setKeyUsage(createKeyUsage(usages, null));
return profile;
} // method getEeBaseProfileForEdwardsOrMontgomeryCurves
private static List<AlgorithmType> createCabKeyAlgorithms() {
List<AlgorithmType> list = new LinkedList<>();
// RSA
list.addAll(createRSAKeyAlgorithms());
// DSA
list.add(new AlgorithmType());
last(list).getAlgorithms().add(createOidType(X9ObjectIdentifiers.id_dsa, "DSA"));
last(list).setParameters(new KeyParametersType());
DsaParametersType dsaParams = new DsaParametersType();
last(list).getParameters().setDsa(dsaParams);
List<Range> plengths = new LinkedList<>();
dsaParams.setPlengths(plengths);
plengths.add(createRange(2048));
plengths.add(createRange(3072));
List<Range> qlengths = new LinkedList<>();
dsaParams.setQlengths(qlengths);
qlengths.add(createRange(224));
qlengths.add(createRange(256));
// EC
list.add(new AlgorithmType());
last(list).getAlgorithms().add(createOidType(X9ObjectIdentifiers.id_ecPublicKey, "EC"));
last(list).setParameters(new KeyParametersType());
EcParametersType ecParams = new EcParametersType();
last(list).getParameters().setEc(ecParams);
ASN1ObjectIdentifier[] curveIds = new ASN1ObjectIdentifier[] {SECObjectIdentifiers.secp256r1,
SECObjectIdentifiers.secp384r1, SECObjectIdentifiers.secp521r1};
List<DescribableOid> curves = new LinkedList<>();
ecParams.setCurves(curves);
for (ASN1ObjectIdentifier curveId : curveIds) {
String name = AlgorithmUtil.getCurveName(curveId);
curves.add(createOidType(curveId, name));
}
ecParams.setPointEncodings(Arrays.asList(((byte) 4)));
return list;
} // method createCabKeyAlgorithms
private static List<AlgorithmType> createKeyAlgorithms(
ASN1ObjectIdentifier[] curveIds, CertLevel certLevel) {
List<AlgorithmType> list = new LinkedList<>();
// RSA
list.addAll(createRSAKeyAlgorithms());
// DSA
list.add(new AlgorithmType());
last(list).getAlgorithms().add(createOidType(X9ObjectIdentifiers.id_dsa, "DSA"));
last(list).setParameters(new KeyParametersType());
DsaParametersType dsaParams = new DsaParametersType();
last(list).getParameters().setDsa(dsaParams);
List<Range> plengths = new LinkedList<>();
dsaParams.setPlengths(plengths);
plengths.add(createRange(1024));
plengths.add(createRange(2048));
plengths.add(createRange(3072));
List<Range> qlengths = new LinkedList<>();
dsaParams.setQlengths(qlengths);
qlengths.add(createRange(160));
qlengths.add(createRange(224));
qlengths.add(createRange(256));
// EC
list.add(new AlgorithmType());
last(list).getAlgorithms().add(createOidType(X9ObjectIdentifiers.id_ecPublicKey, "EC"));
last(list).setParameters(new KeyParametersType());
EcParametersType ecParams = new EcParametersType();
last(list).getParameters().setEc(ecParams);
if (curveIds != null && curveIds.length > 0) {
List<DescribableOid> curves = new LinkedList<>();
ecParams.setCurves(curves);
for (ASN1ObjectIdentifier curveId : curveIds) {
String name = AlgorithmUtil.getCurveName(curveId);
curves.add(createOidType(curveId, name));
}
}
ecParams.setPointEncodings(Arrays.asList(((byte) 4)));
// EdDSA
if (certLevel == CertLevel.RootCA || certLevel == CertLevel.SubCA) {
list.addAll(createEdwardsOrMontgomeryKeyAlgorithms(true, false, true, true));
}
return list;
} // method createKeyAlgorithms
private static List<AlgorithmType> createEdwardsOrMontgomeryKeyAlgorithms(
boolean edwards, boolean montgomery, boolean curve25519, boolean curve448) {
List<AlgorithmType> list = new LinkedList<>();
List<ASN1ObjectIdentifier> oids = new LinkedList<>();
if (edwards) {
if (curve25519) {
oids.add(EdECConstants.id_ED25519);
}
if (curve448) {
oids.add(EdECConstants.id_ED448);
}
} else {
if (curve25519) {
oids.add(EdECConstants.id_X25519);
}
if (curve448) {
oids.add(EdECConstants.id_X448);
}
}
for (ASN1ObjectIdentifier oid : oids) {
list.add(new AlgorithmType());
last(list).getAlgorithms().add(createOidType(oid));
}
return list;
} // method createEdwardsOrMontgomeryKeyAlgorithms
// CHECKSTYLE:SKIP
private static List<AlgorithmType> createRSAKeyAlgorithms() {
List<AlgorithmType> list = new LinkedList<>();
list.add(new AlgorithmType());
last(list).getAlgorithms().add(createOidType(PKCSObjectIdentifiers.rsaEncryption, "RSA"));
last(list).setParameters(new KeyParametersType());
RsaParametersType rsaParams = new RsaParametersType();
last(list).getParameters().setRsa(rsaParams);
rsaParams.getModulusLengths().add(createRange(2048));
rsaParams.getModulusLengths().add(createRange(3072));
rsaParams.getModulusLengths().add(createRange(4096));
return list;
} // method createRSAKeyAlgorithms
private static Range createRange(int size) {
return createRange(size, size);
}
private static Range createRange(Integer min, Integer max) {
Range ret = new Range();
ret.setMin(min);
ret.setMax(max);
return ret;
} // method createRange
private static Map<String, String> createDescription(String details) {
Map<String, String> map = new HashMap<>();
map.put("category", "A");
map.put("details", details);
return map;
} // method createDescription
private static TlsFeature createTlsFeature(TlsExtensionType... features) {
List<TlsExtensionType> exts = Arrays.asList(features);
Collections.sort(exts);
TlsFeature tlsFeature = new TlsFeature();
for (TlsExtensionType m : exts) {
DescribableInt dint = new DescribableInt();
dint.setValue(m.getCode());
dint.setDescription(m.getName());
tlsFeature.getFeatures().add(dint);
}
return tlsFeature;
} // method createTlsFeature
private static SmimeCapabilities createSmimeCapabilities() {
SmimeCapabilities caps = new SmimeCapabilities();
// DES-EDE3-CBC
SmimeCapability cap = new SmimeCapability();
caps.getCapabilities().add(cap);
cap.setCapabilityId(createOidType(new ASN1ObjectIdentifier("1.2.840.113549.3.7"),
"DES-EDE3-CBC"));
// RC2-CBC keysize 128
cap = new SmimeCapability();
caps.getCapabilities().add(cap);
cap.setCapabilityId(createOidType(new ASN1ObjectIdentifier("1.2.840.113549.3.2"), "RC2-CBC"));
cap.setParameter(new SmimeCapabilityParameter());
cap.getParameter().setInteger(BigInteger.valueOf(128));
// RC2-CBC keysize 64
cap = new SmimeCapability();
caps.getCapabilities().add(cap);
cap.setCapabilityId(createOidType(new ASN1ObjectIdentifier("1.2.840.113549.3.2"), "RC2-CBC"));
cap.setParameter(new SmimeCapabilityParameter());
DescribableBinary binary = new DescribableBinary();
try {
binary.setValue(new ASN1Integer(64).getEncoded());
binary.setDescription("INTEGER 64");
} catch (IOException ex) {
throw new IllegalStateException(ex.getMessage());
}
cap.getParameter().setBinary(binary);
return caps;
} // method createSmimeCapabilities
private static List<ASN1ObjectIdentifier> sortOidList(List<ASN1ObjectIdentifier> oids) {
Args.notNull(oids, "oids");
List<String> list = new ArrayList<>(oids.size());
for (ASN1ObjectIdentifier m : oids) {
list.add(m.getId());
}
Collections.sort(list);
List<ASN1ObjectIdentifier> sorted = new ArrayList<>(oids.size());
for (String m : list) {
for (ASN1ObjectIdentifier n : oids) {
if (m.equals(n.getId()) && !sorted.contains(n)) {
sorted.add(n);
}
}
}
return sorted;
} // method sortOidList
private static <T> T last(List<T> list) {
if (list == null || list.isEmpty()) {
return null;
} else {
return list.get(list.size() - 1);
}
} // method last
}
