java source code of DemoCertprofile

xipki-master
- security
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        security
        SecurityFactoryImpl.java
        CrlReason.java
        KeyCertPair.java
        CollectionAlgorithmValidator.java
        ConcurrentContentSigner.java
        SignerFactory.java
        ctlog
        CtLogMessages.java
        package-info.java
        CtLog.java
        CertpathValidationModel.java
        X509ExtensionType.java
        SignerFactoryRegister.java
        CryptException.java
        DHSigStaticKeyCertPair.java
        AbstractSecurityFactory.java
        pkcs12
        P12KeyGenerationResult.java
        P12KeyGenerator.java
        P12XdhMacContentSignerBuilder.java
        AESGmacContentSigner.java
        HmacContentSigner.java
        P12MacContentSignerBuilder.java
        KeypairWithCert.java
        KeystoreGenerationParameters.java
        package-info.java
        P12SignerFactory.java
        P12ContentSignerBuilder.java
        DfltConcurrentContentSigner.java
        BadInputException.java
        ExtensionExistence.java
        SignerConf.java
        FpIdCalculator.java
        util
        CmpFailureUtil.java
        DSAParameterCache.java
        AlgorithmUtil.java
        SignerUtil.java
        X509Util.java
        package-info.java
        GMUtil.java
        KeyUtil.java
        RSABrokenKey.java
        SecurityFactory.java
        NoIdleSignerException.java
        asn1
        Asn1StreamParser.java
        CrlStreamParser.java
        package-info.java
        SignerFactoryRegisterImpl.java
        KeyUsage.java
        XiSecurityException.java
        package-info.java
        SignerException.java
        X509Cert.java
        pkcs11
        P11IdentityId.java
        P11PlainRSASigner.java
        P11CryptServiceFactory.java
        P11Slot.java
        P11ContentSignerBuilder.java
        P11MacContentSignerBuilder.java
        P11Params.java
        P11TokenException.java
        P11DuplicateEntityException.java
        P11KeyParameter.java
        P11PrivateKey.java
        P11CryptServiceFactoryImpl.java
        P11CryptService.java
        iaik
        IaikP11Slot.java
        IaikP11ModuleFactory.java
        package-info.java
        IaikP11Identity.java
        IaikP11Module.java
        P11UnsupportedMechanismException.java
        P11ContentSigner.java
        P11Identity.java
        Pkcs11conf.java
        P11PermissionException.java
        package-info.java
        P11SignerFactory.java
        P11SlotIdentifier.java
        P11ModuleFactoryRegisterImpl.java
        P11ModuleFactory.java
        P11ModuleConf.java
        P11ObjectIdentifier.java
        DigestOutputStream.java
        P11Module.java
        P11RSAKeyParameter.java
        P11UnknownEntityException.java
        P11ModuleFactoryRegister.java
        AlgorithmCode.java
        EdECConstants.java
        KeypairGenerationResult.java
        cmp
        CmpUtf8Pairs.java
        PkiStatusInfo.java
        CmpUtil.java
        ProtectionVerificationResult.java
        VerifiedPkiMessage.java
        package-info.java
        ProtectionResult.java
        TlsExtensionType.java
        HashAlgo.java
        XiSecurityConstants.java
        CertRevocationInfo.java
        SignatureSigner.java
        XiWrappedContentSigner.java
        BadAsn1ObjectException.java
        SignatureAlgoControl.java
        HashCalculator.java
        IssuerHash.java
        AlgorithmValidator.java
        DSAPlainDigestSigner.java
        ObjectIdentifiers.java
        Providers.java
        XiContentSigner.java
        bc
        XiXDHContentVerifierProvider.java
        package-info.java
        XiRSAContentVerifierProviderBuilder.java
        XiECContentVerifierProviderBuilder.java
        XiEdDSAContentVerifierProvider.java
        Securities.java
        ConcurrentBagEntrySigner.java
    - test
      - resources
        crls
        crl-4
        ca.crt
        no-revoked-certs.crl
        crl-5
        ca.crt
        no-crlnumber.crl
        crl-6
        ca.crt
        no-extensions.crl
        crl-1
        ca.crt
        subcawithcrl1.crl
        crl-3
        ca.crt
        subcawithcrl1.crl
        crl-2
        ca1-crl.crl
        ca1-cert.crt
        ctlog-certs
        cab-domain-validated1.crt
        githubcom.pem
        letsencrypt
        google-xenon2020-pubkey.pem
        letsencrypt-org.pem
        ca-of-letsencrypt-org.pem
        cab-org-validated1.crt
        test1.p12
        test1.der
      - java
        org
        xipki
        security
        pkcs12
        test
        Pkcs12RSATest.java
        Pkcs12SHA256withRSATest.java
        test
        CtLogVerifyTest.java
        CtLogTest.java
        CrlStreamParserTest.java
        cmp
        test
        CmpUtf8PairsTest.java
  - pom.xml
- password
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        password
        Passwords.java
        PasswordResolverException.java
        OBFPasswordService.java
        PasswordCallback.java
        PasswordResolverImpl.java
        PasswordBasedEncryption.java
        PasswordResolver.java
        PBEPasswordService.java
        package-info.java
        SecurePasswordInputPanel.java
        PBEAlgo.java
        SinglePasswordResolver.java
    - test
      - java
        org
        xipki
        password
        test
        PBEWithHmacSHA256AndAES256Test.java
  - pom.xml
- ocsp-server
  - src
    - main
      - resources
        sql
        ocsp-cache-init.xml
        version
      - java
        org
        xipki
        ocsp
        server
        IssuerFilter.java
        QuadrupleState.java
        RequestOption.java
        OcspResponseStatus.java
        OcspResponderException.java
        Template.java
        ResponderImpl.java
        OcspServerImpl.java
        type
        ExtendedExtension.java
        Extensions.java
        OID.java
        ResponseData.java
        ResponderID.java
        package-info.java
        OcspRequest.java
        CertID.java
        ASN1Type.java
        Extension.java
        EncodingException.java
        WritableOnlyExtension.java
        TaggedCertSequence.java
        SingleResponse.java
        OcspServerConf.java
        ResponderOption.java
        store
        CrlDbCertStatusStore.java
        CrlInfo.java
        IssuerEntry.java
        IssuerStore.java
        SimpleIssuerEntry.java
        DbCertStatusStore.java
        package-info.java
        ResponseCacher.java
        ejbca
        package-info.java
        EjbcaCertStatusStore.java
        EjbcaIssuerStore.java
        EjbcaIssuerEntry.java
        ImportCrl.java
        CaDbCertStatusStore.java
        package-info.java
        ResponseSigner.java
        OCSPRespBuilder.java
    - test
      - java
        org
        xipki
        ocsp
        server
        impl
        test
        Foo.java
  - pom.xml
- shells
  - dbtool-shell
    - src
      - main
        java
        org
        xipki
        dbtool
        shell
        Actions.java
        package-info.java
    - pom.xml
  - security-shell
    - src
      - main
        java
        org
        xipki
        security
        shell
        P11Actions.java
        P12Actions.java
        Actions.java
        SecurityCompleters.java
        package-info.java
      - test
        java
        org
        xipki
        security
        shell
        test
        ExtensionsConfCreatorDemo.java
    - pom.xml
  - qa-shell
    - src
      - main
        java
        org
        xipki
        qa
        shell
        QaSecurityActions.java
        QaCaActions.java
        QaP11Actions.java
        package-info.java
        QaCompleters.java
        QaOcspActions.java
    - pom.xml
  - ocsp-mgmt-shell
    - src
      - main
        java
        org
        xipki
        ocsp
        mgmt
        shell
        Actions.java
        package-info.java
    - pom.xml
  - cmpclient-shell
    - src
      - main
        java
        org
        xipki
        cmpclient
        shell
        Actions.java
        CmpClientCompleters.java
        package-info.java
    - pom.xml
  - pom.xml
  - ca-mgmt-shell
    - src
      - main
        java
        org
        xipki
        ca
        mgmt
        shell
        CaActions.java
        DbActions.java
        package-info.java
        CertActions.java
        ShellUtil.java
        CaCompleters.java
    - pom.xml
  - scep-client-shell
    - src
      - main
        java
        org
        xipki
        scep
        client
        shell
        Actions.java
        package-info.java
    - pom.xml
  - ocsp-client-shell
    - src
      - main
        java
        org
        xipki
        ocsp
        client
        shell
        Actions.java
        package-info.java
    - pom.xml
  - shell-base
    - src
      - main
        resources
        OSGI-INF
        blueprint
        config.xml
        java
        org
        xipki
        shell
        IllegalCmdParamException.java
        Actions.java
        XiAction.java
        FileUtils.java
        package-info.java
        Completers.java
        CmdFailure.java
        DynamicEnumCompleter.java
        EnumCompleter.java
    - pom.xml
- ca-api
  - src
    - main
      - resources
        conf
        areacode.cfg
        rdnorder.cfg
      - java
        org
        xipki
        ca
        api
        CertificateInfo.java
        CertWithDbId.java
        publisher
        CertPublisherException.java
        CertPublisherFactory.java
        CertPublisher.java
        package-info.java
        CertPublisherFactoryRegister.java
        NameId.java
        RequestType.java
        mgmt
        PermissionConstants.java
        MgmtRequest.java
        CaConf.java
        CrlControl.java
        CmpControl.java
        CaMgmtException.java
        CaConfType.java
        RevokeSuspendedControl.java
        RequestorInfo.java
        ProtocolSupport.java
        ValidityMode.java
        MgmtMessage.java
        MgmtEntry.java
        CaManager.java
        package-info.java
        CertListInfo.java
        CertListOrderBy.java
        MgmtResponse.java
        CertWithStatusInfo.java
        CaStatus.java
        ScepControl.java
        CaSystemStatus.java
        CertWithRevocationInfo.java
        CtlogControl.java
        CaConfs.java
        OperationException.java
        BadCertTemplateException.java
        package-info.java
        BadFormatException.java
        PublicCaInfo.java
        RestAPIConstants.java
        profile
        ExtensionValues.java
        TextVadidator.java
        KeypairGenControl.java
        ExtensionValue.java
        CertprofileException.java
        CertprofileFactory.java
        ExtensionSpec.java
        package-info.java
        Range.java
        CertprofileFactoryRegister.java
        KeyParametersOption.java
        Certprofile.java
        SubjectDnSpec.java
        DomainValidator.java
        BaseCertprofile.java
        CaUris.java
        InsuffientPermissionException.java
  - pom.xml
- ocsp-api
  - src
    - main
      - java
        org
        xipki
        ocsp
        api
        OcspStoreException.java
        ResponderAndPath.java
        OcspStore.java
        OcspRespWithCacheInfo.java
        mgmt
        OcspManager.java
        MgmtRequest.java
        MgmtMessage.java
        package-info.java
        MgmtResponse.java
        OcspMgmtException.java
        RequestIssuer.java
        package-info.java
        OcspServer.java
        Responder.java
        CertStatusInfo.java
  - pom.xml
- security-extra
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        security
        pkcs11
        provider
        P11ECDSASignatureSpi.java
        P11RSAPSSSignatureSpi.java
        P11PlainECDSASignatureSpi.java
        P11DSASignatureSpi.java
        XiKeyStoreSpi.java
        XiProvider.java
        P11RSADigestSignatureSpi.java
        package-info.java
        XiSM2ParameterSpec.java
        AbstractP11ECDSASignatureSpi.java
        XiProviderRegister.java
        P11SM3WithSM2SignatureSpi.java
        proxy
        ProxyP11Module.java
        ProxyP11ModuleFactory.java
        package-info.java
        ProxyMessage.java
        P11ProxyConstants.java
        ProxyP11Identity.java
        ProxyP11Slot.java
        emulator
        EmulatorP11Slot.java
        SM2Signer.java
        EmulatorP11ModuleFactory.java
        EmulatorP11Identity.java
        package-info.java
        PrivateKeyCryptor.java
        EmulatorP11Module.java
  - pom.xml
- examples
  - certprofile-example
    - src
      - main
        java
        org
        xipki
        ca
        certprofile
        demo
        package-info.java
        DemoCertprofile.java
        CertprofileFactoryImpl.java
    - pom.xml
  - pom.xml
  - lite-caclient-example
    - src
      - main
        java
        org
        xipki
        litecaclient
        TlsInit.java
        PbmMacCmpCaClient.java
        package-info.java
        RestCaClient.java
        example
        SignatureCmpCaClientExample.java
        Base64.java
        CaClientExample.java
        RestCaClientExample.java
        PbmMacCmpCaClientExample.java
        package-info.java
        KeyAndCert.java
        ObjectIdentifiers.java
        SdkUtil.java
        SignatureCmpCaClient.java
        CmpCaClient.java
    - pom.xml
  - ocsp-store-example
    - src
      - main
        java
        org
        xipki
        ocsp
        server
        store
        example
        IssuerEntry.java
        DummyStore.java
        package-info.java
    - pom.xml
  - dummy-ctlog-server
    - src
      - main
        java
        org
        xipki
        ctlog
        dummyserver
        CtLogServletRSA.java
        CtLogServletEC.java
        package-info.java
        CtLogServlet.java
        webapp
        WEB-INF
        web.xml
    - pom.xml
  - scep-example
    - src
      - main
        java
        org
        xipki
        scep
        example
        CaClientExample.java
        package-info.java
        ScepClientExample.java
    - pom.xml
  - ocsp-store-example-assembly
    - src
      - assembly
        unfiltered
        xipki
        etc
        ocsp
        ocsp-responder.json
        keycerts
        ocsp1.p12
        ca-cert.pem
        README.md
        descriptors
        main.xml
    - pom.xml
- pom.xml
- audit
  - src
    - main
      - java
        org
        xipki
        audit
        PciAuditEvent.java
        AuditEvent.java
        services
        package-info.java
        EmbedAuditService.java
        SyslogAuditService.java
        AuditServiceRuntimeException.java
        AuditService.java
        package-info.java
        AuditLevel.java
        AuditEventData.java
        AuditStatus.java
        Audits.java
  - pom.xml
- p11proxy-servlet
  - src
    - main
      - resources
        version
        log4j2.properties
      - java
        org
        xipki
        p11proxy
        servlet
        LocalP11CryptServicePool.java
        P11ProxyResponder.java
        package-info.java
        P11ProxyConf.java
        HttpProxyServlet.java
        ProxyServletFilter.java
      - webapp
        META-INF
        MANIFEST.MF
        WEB-INF
        web.xml
  - pom.xml
- LICENSE
- dbtool
  - src
    - main
      - java
        org
        xipki
        dbtool
        package-info.java
        LiquibaseMain.java
        InvalidInputException.java
        InitDbMain.java
  - pom.xml
- util
  - src
    - main
      - java
        org
        xipki
        util
        ValidatableConf.java
        ProcessLog.java
        StringUtil.java
        Base64Url.java
        HealthCheckResult.java
        FileOrValue.java
        Curl.java
        RandomUtil.java
        Base64.java
        LruCache.java
        DefaultCurl.java
        Hex.java
        Validity.java
        Args.java
        ObjectCreationException.java
        CompareUtil.java
        ReqRespDebug.java
        LogUtil.java
        package-info.java
        BenchmarkExecutor.java
        DateUtil.java
        XipkiBaseDir.java
        http
        SslContextConf.java
        SSLContextBuilder.java
        package-info.java
        HostnameVerifiers.java
        concurrent
        ConcurrentBag.java
        ConcurrentBagEntry.java
        FastList.java
        ClockSource.java
        package-info.java
        CountLatch.java
        IoUtil.java
        FileOrBinary.java
        HttpConstants.java
        CollectionUtil.java
        ConfPairs.java
        PemEncoder.java
        TripleState.java
        InvalidConfException.java
    - test
      - resources
        HEADER.txt
      - java
        org
        xipki
        common
        test
        DateUtilTest.java
        ConfPairsTest.java
        CanonicalizeCode.java
  - pom.xml
- ca-servlet
  - src
    - main
      - resources
        log4j2.properties
      - java
        org
        xipki
        ca
        servlet
        HttpCmpServlet.java
        HttpRestServlet.java
        TlsHelper.java
        HttpMgmtServlet.java
        HttpScepServlet.java
        HttpRespAuditException.java
        package-info.java
        HealthCheckServlet.java
        HttpRequestMetadataRetrieverImpl.java
        CaServletFilter.java
      - webapp
        META-INF
        MANIFEST.MF
        WEB-INF
        web.xml
  - pom.xml
- ca-mgmt-client
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        ca
        mgmt
        db
        DbToolBase.java
        package-info.java
        port
        AbstractOcspCertstoreDbImporter.java
        DbPorter.java
        OcspCertstoreDbImporter.java
        DbPortWorker.java
        CaCertstoreDbImporter.java
        CaCertstore.java
        CaconfDbExporter.java
        OcspCertstoreDbExporter.java
        OcspCertstore.java
        OcspCertStoreFromCaDbImporter.java
        package-info.java
        CaconfDbImporter.java
        IdentifidDbObject.java
        CaCertstoreDbExporter.java
        DbSchemaInfo.java
        diffdb
        DigestDiffWorker.java
        RefDigestReader.java
        TargetDigestReader.java
        QueueEntry.java
        DigestDiffReporter.java
        DigestDiff.java
        DbType.java
        package-info.java
        IdentifiedDigestEntry.java
        CertsBundle.java
        DigestEntry.java
        client
        CaMgmtClient.java
        package-info.java
  - pom.xml
- CHANGELOG.md
- ocsp-mgmt-client
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        ocsp
        mgmt
        client
        OcspMgmtClient.java
        package-info.java
  - pom.xml
- datasource
  - src
    - main
      - java
        org
        xipki
        datasource
        DataSourceConf.java
        DataAccessException.java
        SqlStateCodes.java
        package-info.java
        DataSourceFactory.java
        SqlErrorCodes.java
        DataSourceWrapper.java
        DatabaseType.java
  - pom.xml
- .travis.yml
- README.md
- ocsp-client
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        ocsp
        client
        OcspRequestorException.java
        XiOCSPReqBuilder.java
        OcspRequestor.java
        OcspResponseException.java
        package-info.java
        RequestOptions.java
        AbstractOcspRequestor.java
        HttpOcspRequestor.java
  - pom.xml
- CODE_OF_CONDUCT.md
- cmpclient
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        cmpclient
        EnrollCertRequest.java
        CertIdOrError.java
        CertprofileInfo.java
        CmpClientException.java
        CmpClientConf.java
        UnrevokeOrRemoveCertRequest.java
        package-info.java
        internal
        CaConf.java
        EnrollCertResponse.java
        RevokeCertResponse.java
        CsrEnrollCertRequest.java
        RemoveExpiredCertsResult.java
        Requestor.java
        package-info.java
        CmpClientImpl.java
        Responder.java
        ResultEntry.java
        CmpAgent.java
        PkiErrorException.java
        RevokeCertRequest.java
        EnrollCertResult.java
        CmpClient.java
        IdentifiedObject.java
  - pom.xml
- ca-server
  - src
    - main
      - resources
        sql
        ca-init.xml
        ca-init-v4.xml
        ocsp-init.xml
        version
      - java
        org
        xipki
        ca
        server
        CertRepublisher.java
        CaServerConf.java
        CaUtil.java
        CertRevInfoWithSerial.java
        RandomSerialNumberGenerator.java
        publisher
        OcspCertPublisher.java
        package-info.java
        OcspStoreQueryExecutor.java
        OcspCertPublisherFactory.java
        CaAuditConstants.java
        CertTemplateData.java
        SelfSignedCertBuilder.java
        DhpocControl.java
        CtLogClient.java
        IdentifiedCertprofile.java
        CaIdNameMap.java
        X509Ca.java
        CaManagerImpl.java
        PasswordHash.java
        CtLogPublicKeyFinder.java
        RequestorEntryWrapper.java
        package-info.java
        RestResponder.java
        SignerEntryWrapper.java
        UniqueIdGenerator.java
        CertStore.java
        cmp
        BaseCmpResponder.java
        CmpResponder.java
        package-info.java
        CrmfKeyWrapper.java
        PendingCertificatePool.java
        CaManagerQueryExecutor.java
        IdentifiedCertPublisher.java
        ScepResponder.java
        HttpRequestMetadataRetriever.java
        CaInfo.java
    - test
      - java
        org
        xipki
        ca
        server
        PasswordHashTest.java
  - pom.xml
- qa
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
        testkeys
        ec-1.3.132.0.26.p12
        ec-1.2.840.10045.3.0.5.p12
        ec-1.3.132.0.36.p12
        ec-1.3.132.0.10.p12
        ec-1.3.132.0.27.p12
        ec-1.2.840.10045.3.0.16.p12
        rsa-2048-0x10000000000000001.p12
        dsa-2048-256.p12
        ec-1.3.132.0.4.p12
        ec-1.3.36.3.3.2.8.1.1.6.p12
        rsa-4096-0x10000000000000001.p12
        ec-1.3.36.3.3.2.8.1.1.4.p12
        dsa-3072-256.p12
        ec-1.2.840.10045.3.0.13.p12
        ec-1.2.840.10045.3.1.2.p12
        ec-1.3.132.0.29.p12
        ec-1.3.132.0.16.p12
        rsa-4096-0x100000001.p12
        ec-1.3.36.3.3.2.8.1.1.9.p12
        ec-1.3.36.3.3.2.8.1.1.14.p12
        ec-1.3.36.3.3.2.8.1.1.7.p12
        ec-1.3.36.3.3.2.8.1.1.10.p12
        ec-1.2.840.10045.3.0.20.p12
        ec-1.3.36.3.3.2.8.1.1.8.p12
        ec-1.3.132.0.28.p12
        dsa-1024-160.p12
        ec-1.3.132.0.5.p12
        ec-1.2.840.10045.3.0.6.p12
        ec-1.2.840.10045.3.0.11.p12
        ec-1.3.132.0.9.p12
        ec-1.3.132.0.38.p12
        ec-1.2.840.10045.3.0.3.p12
        ec-1.2.840.10045.3.0.2.p12
        rsa-3072-0x10001.p12
        ec-1.2.840.10045.3.0.12.p12
        ec-1.3.132.0.35.p12
        ec-1.2.840.10045.3.0.7.p12
        ec-1.2.840.10045.3.0.4.p12
        ec-1.3.132.0.34.p12
        ec-1.3.132.0.33.p12
        ec-1.2.840.10045.3.1.7.p12
        dsa-2048-224.p12
        rsa-2048-0x10001.p12
        ec-1.3.132.0.15.p12
        ec-1.3.132.0.8.p12
        ec-1.3.132.0.30.p12
        ec-1.2.840.10045.3.1.4.p12
        ec-1.3.36.3.3.2.8.1.1.5.p12
        ec-1.2.840.10045.3.1.1.p12
        ec-1.3.132.0.2.p12
        ec-1.3.36.3.3.2.8.1.1.2.p12
        ec-1.2.840.10045.3.1.6.p12
        ec-1.2.840.10045.3.0.18.p12
        ec-1.2.840.10045.3.0.1.p12
        ec-1.3.132.0.24.p12
        ec-1.3.132.0.3.p12
        ec-1.3.132.0.6.p12
        ec-1.3.36.3.3.2.8.1.1.12.p12
        ec-1.3.36.3.3.2.8.1.1.13.p12
        ec-1.2.840.10045.3.0.19.p12
        rsa-1024-0x100000001.p12
        rsa-4096-0x10001.p12
        ec-1.3.132.0.22.p12
        ec-1.3.132.0.32.p12
        ec-1.3.132.0.7.p12
        ec-1.3.132.0.1.p12
        ec-1.2.840.10045.3.1.3.p12
        ec-1.3.36.3.3.2.8.1.1.1.p12
        ec-1.3.132.0.39.p12
        rsa-1024-0x10001.p12
        rsa-2048-0x100000001.p12
        ec-1.2.840.10045.3.0.10.p12
        ec-1.2.840.10045.3.0.17.p12
        rsa-1024-0x10000000000000001.p12
        ec-1.3.132.0.17.p12
        ec-1.3.132.0.31.p12
        rsa-3072-0x100000001.p12
        rsa-3072-0x10000000000000001.p12
        ec-1.3.36.3.3.2.8.1.1.11.p12
        ec-1.3.36.3.3.2.8.1.1.3.p12
        ec-1.3.132.0.25.p12
        ec-1.3.132.0.37.p12
        ec-1.3.132.0.23.p12
        ec-1.2.840.10045.3.1.5.p12
      - java
        org
        xipki
        qa
        security
        P11KeyGenSpeed.java
        P12SignSpeed.java
        P12KeyGenSpeed.java
        P11SignSpeed.java
        package-info.java
        ca
        QaconfType.java
        CaEnrollBenchKeyEntry.java
        SubjectChecker.java
        CaEnrollBenchmark.java
        IssuerInfo.java
        package-info.java
        CertprofileQa.java
        CaEnrollBenchEntry.java
        CaQaSystemManager.java
        QaExtensionValue.java
        ExtensionsChecker.java
        PublicKeyChecker.java
        CaQaSystemManagerImpl.java
        ValidationIssue.java
        RangeBigIntegerIterator.java
        ocsp
        OcspBenchRequestor.java
        OcspResponseOption.java
        OcspError.java
        OcspQa.java
        package-info.java
        OcspCertStatus.java
        OcspBenchmark.java
        package-info.java
        ValidationResult.java
        BigIntegerRange.java
        FileBigIntegerIterator.java
        BenchmarkHttpClient.java
  - pom.xml
- commands.md
- .gitignore
- scep-client
  - src
    - main
      - java
        org
        xipki
        scep
        transaction
        CaCapability.java
        PkiStatus.java
        Nonce.java
        Operation.java
        TransactionId.java
        package-info.java
        FailInfo.java
        MessageType.java
        TransactionException.java
        client
        Client.java
        CaIdentifier.java
        package-info.java
        ScepClient.java
        EnrolmentResponse.java
        ScepClientException.java
        ScepHttpResponse.java
        CaCertValidator.java
        util
        ScepUtil.java
        ScepConstants.java
        package-info.java
        message
        PkiMessage.java
        CaCaps.java
        DecodedPkiMessage.java
        DecodedNextCaMessage.java
        CertificateValidator.java
        IssuerAndSubject.java
        MessageDecodingException.java
        EnvelopedDataDecryptor.java
        NextCaMessage.java
        AuthorityCertStore.java
        package-info.java
        ScepObjectIdentifiers.java
        MessageEncodingException.java
    - test
      - java
        org
        xipki
        scep
        client
        test
        CaWithoutRaTest.java
        MyUtil.java
        DESOnlyCaTest.java
        HttpGetOnlyCaTest.java
        AbstractCaTest.java
        package-info.java
        CaTest.java
        NoCmsSignerCertCaTest.java
        serveremulator
        AuditEvent.java
        CaException.java
        NextCaAndRa.java
        ScepServlet.java
        CaEmulator.java
        ScepServerContainer.java
        package-info.java
        RaEmulator.java
        ScepResponder.java
        ScepControl.java
        ScepServer.java
  - pom.xml
- assemblies
  - xipki-qa
    - src
      - main
        filtered
        lib
        jdbc
        features.xml
        unfiltered
        xipki
        ctlog
        dummy-ctlog-ec-pubkey.pem
        dummy-ctlog-rsa-pubkey.pem
        cmpclient
        template.cmpclient-mac.json
        template.cmpclient-signature.json
        etc
        ca
        ca.json
        ocsp
        template.ocsp-responder.json
        ca-qa
        qa-certcheck-conf.json
        qa-benchmark-conf.json
        qa
        lifecycle.script
        cab
        template.subca.json
        lifecycle.script
        template.rootca.json
        template.cmpclient.json
        template.ra.script
        initdb.script
        template.ca-load.script
        extensions
        extensions-syntax-ext-implicit-tag.json
        extensions-gmt0015.json
        extensions-syntax-ext-explicit-tag.json
        extensions-syntax-ext.json
        extensions-apple-wwdr.json
        extensions-ee-complex.json
        keys
        crlsigner.p12
        dhpoc_certs.pem
        dhpoc.p12
        template.rest.script
        qa.d
        template.subca.json
        template.rootca.json
        template.subcawithcrl.json
        template.ra.script
        prepare-keys.script
        scep-server.script
        initdb.script
        template.ca-load.script
        template.ca.script
        main.script
        certprofile
        certprofile-subca.json
        certprofile-cab-individual-validated.json
        certprofile-tls-c.json
        certprofile-tls.json
        certprofile-syntax-ext-implicit-tag.json
        certprofile-cab-rootca.json
        certprofile-constant-ext-explicit-tag.json
        certprofile-apple-wwdr.json
        certprofile-x25519.json
        certprofile-cab-subca.json
        certprofile-ee-complex.json
        certprofile-x448.json
        certprofile-multi-valued-rdn.json
        certprofile-syntax-ext.json
        certprofile-cross.json
        certprofile-scep.json
        certprofile-ed25519.json
        certprofile-extended.json
        certprofile-qc.json
        certprofile-cab-org-validated.json
        certprofile-fixed-partial-subject.json
        certprofile-ed448.json
        certprofile-multiple-ous.json
        certprofile-subca-complex.json
        certprofile-constant-ext-implicit-tag.json
        certprofile-smime-legacy.json
        certprofile-ocsp.json
        certprofile-constant-ext.json
        certprofile-smime.json
        certprofile-gmt0015.json
        certprofile-max-time.json
        certprofile-rootca.json
        certprofile-cab-domain-validated.json
        certprofile-syntax-ext-explicit-tag.json
        benchmark.script
        setenv.script
        scep.script
        ocsp.script
        main-mgmt.script
        camgmt-qa.script
        p12
        ec
        ee-complex2.p12
        ee-complex1.p12
        gmt0015_1.p12
        smime-legacy1.p12
        tls2.p12
        tls1.p12
        multi-valued-rdn1.p12
        apple-wwdr1.p12
        tls-c1.p12
        multiple-ous1.p12
        rest-tls1.p12
        syntax-ext-explicit-tag1.p12
        fixed-partial-subject2.p12
        smime1.p12
        ocsp1.p12
        fixed-partial-subject1.p12
        syntax-ext-implicit-tag1.p12
        cab-individual-validated1.p12
        gmt0015_2.p12
        tls-neg.p12
        ocsp2.p12
        cross1.p12
        tls-c2.p12
        syntax-ext1.p12
        cab-domain-validated1.p12
        constant-ext-implicit-tag1.p12
        qc1.p12
        cab-org-validated2.p12
        constant-ext1.p12
        constant-ext-explicit-tag1.p12
        cab-individual-validated2.p12
        cab-org-validated1.p12
        cab-domain-validated2.p12
        multiple-ous2.p12
        max-time1.p12
        sm2
        ee-complex2.p12
        ee-complex1.p12
        gmt0015_1.p12
        smime-legacy1.p12
        tls2.p12
        tls1.p12
        multi-valued-rdn1.p12
        apple-wwdr1.p12
        tls-c1.p12
        multiple-ous1.p12
        rest-tls1.p12
        syntax-ext-explicit-tag1.p12
        fixed-partial-subject2.p12
        smime1.p12
        ocsp1.p12
        fixed-partial-subject1.p12
        syntax-ext-implicit-tag1.p12
        cab-individual-validated1.p12
        gmt0015_2.p12
        tls-neg.p12
        ocsp2.p12
        cross1.p12
        tls-c2.p12
        syntax-ext1.p12
        cab-domain-validated1.p12
        constant-ext-implicit-tag1.p12
        qc1.p12
        cab-org-validated2.p12
        constant-ext1.p12
        constant-ext-explicit-tag1.p12
        cab-individual-validated2.p12
        cab-org-validated1.p12
        cab-domain-validated2.p12
        multiple-ous2.p12
        max-time1.p12
        dsa
        ee-complex2.p12
        ee-complex1.p12
        gmt0015_1.p12
        smime-legacy1.p12
        tls2.p12
        tls1.p12
        multi-valued-rdn1.p12
        apple-wwdr1.p12
        tls-c1.p12
        multiple-ous1.p12
        rest-tls1.p12
        syntax-ext-explicit-tag1.p12
        fixed-partial-subject2.p12
        smime1.p12
        ocsp1.p12
        fixed-partial-subject1.p12
        syntax-ext-implicit-tag1.p12
        cab-individual-validated1.p12
        gmt0015_2.p12
        tls-neg.p12
        ocsp2.p12
        cross1.p12
        tls-c2.p12
        syntax-ext1.p12
        cab-domain-validated1.p12
        constant-ext-implicit-tag1.p12
        qc1.p12
        cab-org-validated2.p12
        constant-ext1.p12
        constant-ext-explicit-tag1.p12
        cab-individual-validated2.p12
        cab-org-validated1.p12
        cab-domain-validated2.p12
        multiple-ous2.p12
        max-time1.p12
        rsa
        ee-complex2.p12
        ee-complex1.p12
        gmt0015_1.p12
        smime-legacy1.p12
        tls2.p12
        tls1.p12
        multi-valued-rdn1.p12
        apple-wwdr1.p12
        tls-c1.p12
        multiple-ous1.p12
        rest-tls1.p12
        syntax-ext-explicit-tag1.p12
        fixed-partial-subject2.p12
        smime1.p12
        ocsp1.p12
        fixed-partial-subject1.p12
        syntax-ext-implicit-tag1.p12
        cab-individual-validated1.p12
        gmt0015_2.p12
        tls-neg.p12
        ocsp2.p12
        cross1.p12
        tls-c2.p12
        syntax-ext1.p12
        cab-domain-validated1.p12
        constant-ext-implicit-tag1.p12
        qc1.p12
        cab-org-validated2.p12
        constant-ext1.p12
        constant-ext-explicit-tag1.p12
        cab-individual-validated2.p12
        cab-org-validated1.p12
        cab-domain-validated2.p12
        multiple-ous2.p12
        max-time1.p12
        shared
        scep1.p12
        scep-ocsp2.p12
        scep-ocsp1-2.p12
        scep-ocsp1.p12
        genkeys.script
        ca-qa.script
        tools
        cmpclient.json
        main.script
        certprofile
        certprofile-tls-ed25519.json
        certprofile-tls-rsa.json
        certprofile-tls-x25519.json
        certprofile-tls-dsa-ec.json
        certprofile-rootca.json
        certprofile-tls-ed448.json
        certprofile-tls-x448.json
        gencerts.script
        template.ca-conf.json
        rest.sh
        eddsa
        template.subca.json
        lifecycle.script
        qa.script
        cmpclient.json
        ra.script
        template.rootca.json
        prepare-keys.script
        initdb.script
        template.ca-load.script
        reimport.script
        descriptors
        main.xml
    - pom.xml
    - README.md
  - ca-war
    - src
      - assembly
        unfiltered
        xipki
        etc
        ca
        database
        h2
        ca-db.properties
        ocsp-db.properties
        hsqldb
        ca-db.properties
        ocsp-db.properties
        oracle
        ca-db.properties
        ocsp-db.properties
        mysql
        ca-db.properties
        ocsp-db.properties
        pgsql
        ca-db.properties
        ocsp-db.properties
        mariadb
        ca-db.properties
        ocsp-db.properties
        db2
        ca-db.properties
        ocsp-db.properties
        ca.json
        audit.syslog.cfg
        descriptors
        main.xml
    - pom.xml
    - README.md
  - ocsp-war
    - src
      - assembly
        unfiltered
        xipki
        crls
        template
        crl-mycrl1
        UPDATEME
        README
        REVOCATION
        crl.url
        README
        etc
        ocsp
        database
        h2
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        hsqldb
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        oracle
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        mysql
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        pgsql
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        mariadb
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        db2
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        example
        crl-store
        ocsp-responder.json
        ejbca-store
        ocsp-responder.json
        xipki-ca-db-store
        ocsp-responder.json
        xipki-db-store
        ocsp-responder.json
        ocsp.json
        keycerts
        ocsp1.p12
        descriptors
        main.xml
    - pom.xml
    - README.md
  - pom.xml
  - xipki-cli
    - src
      - main
        filtered
        etc
        branding.properties
        branding-ssh.properties
        patchkaraf
        org.ops4j.pax.logging.cfg.patch
        unfiltered
        xipki
        ca-setup
        configure-ocsp.script
        cacert-present
        setup-ec-p12.script
        README
        setup-dsa-p12.script
        setup-ec-yubikey.script
        setup-sm2-p11.script
        setup-sm2-p12.script
        setup-dsa-p11.script
        setup-ec-p11.script
        setup-rsa-p11.script
        template.ca-conf.json
        setup-rsa-p12.script
        certprofile
        certprofile-subca.json
        certprofile-tls-c.json
        certprofile-tls.json
        certprofile-scep.json
        certprofile-ocsp.json
        certprofile-smime.json
        certprofile-rootca.json
        cacert-none
        setup-ec-p12.script
        README
        setup-dsa-p12.script
        setup-ec-yubikey.script
        setup-sm2-p11.script
        setup-sm2-p12.script
        configure-ca.script
        setup-dsa-p11.script
        setup-ec-p11.script
        setup-rsa-p11.script
        template.ca-conf.json
        setup-rsa-p12.script
        client-script
        cmp-client.script
        scep-client.script
        rest-client.script
        rest.sh
        cmpclient
        cmpclient-mac.json
        cmpclient-signature.json
        etc
        org.xipki.shell.curl.cfg
        org.xipki.ca.mgmt.client.cfg
        org.xipki.ocsp.mgmt.client.cfg
        org.xipki.password.cfg
        org.xipki.cmpclient.cfg
        org.xipki.ocsp.client.cfg
        custom.properties
        org.xipki.security.cfg
        custom.system.properties
        descriptors
        main.xml
    - pom.xml
  - p11proxy-war
    - src
      - assembly
        unfiltered
        xipki
        etc
        p11proxy
        p11proxy.json
        descriptors
        main.xml
    - pom.xml
    - README.md
  - features
    - pom.xml
    - cli
      - src
        main
        filtered
        features.xml
      - pom.xml
    - qa
      - src
        main
        filtered
        features.xml
      - pom.xml
  - shared
    - dbtool
      - lib
        log4j2.properties
      - bin
        initdb.bat
        initdb.sh
    - license
      - bouncycastle-LICENSE.txt
      - Apache-License-v2.txt
      - iaikPKCS11Wrapper-LICENSE.txt
    - conf
      - tomcat
        bin
        setenv.bat
        setenv.sh
      - xipki
        security
        masterpassword.secret
        example
        pkcs11-emulator.json
        pkcs11-proxy.json
        pkcs11-yubikey.json
        pkcs11-hsm.json
- doc
  - database
    - misc
    - Perf-MySQL.md
    - db-sequence.txt
  - dev-env
    - xipki_google_checks.xml
    - eclipse-java-google-style.xml
    - README.md
  - git
    - git-commands.md
  - standards
    - etsi
    - public-tls
      - rfc6962.txt
    - misc
    - pkcs
    - commonpki
    - ietf
      - cms-rfc5652.txt
      - ocsp-rfc2560.txt
      - est-rfc7030.txt
      - x509-rfc6962.txt
      - notes.txt
      - cmc-rfc5274.txt
      - draft-gutmann-scep-00.txt
      - x509-rfc4262.txt
      - cmc-rfc6402.txt
      - dh-poc-rfc6955.txt
      - edwards-rfc8410.txt
      - x509-rfc7633.txt
      - cmp-rfc4211.txt
      - cmc-rfc5273.txt
      - draft-nourse-scep-23.txt
      - ocsp-rfc6960.txt
      - edwards-rfc8032.txt
      - cmc-rfc5272.txt
      - x509-rfc3739.txt
      - edwards-rfc7748.txt
      - pkcs5-rfc8018.txt
- ocsp-servlet
  - src
    - main
      - resources
        log4j2.properties
      - java
        org
        xipki
        ocsp
        servlet
        OcspConf.java
        TlsHelper.java
        HttpMgmtServlet.java
        OcspServletFilter.java
        package-info.java
        HealthCheckServlet.java
        OcspServlet.java
      - webapp
        META-INF
        MANIFEST.MF
        WEB-INF
        web.xml
  - pom.xml
- certprofile-xijson
  - src
    - main
      - java
        org
        xipki
        ca
        certprofile
        xijson
        QcStatementOption.java
        AdmissionExtension.java
        CertificatePolicyInformation.java
        NotBeforeOption.java
        MonetaryValueOption.java
        SubjectDirectoryAttributesControl.java
        BiometricInfoOption.java
        XijsonCertprofile.java
        DirectoryStringType.java
        package-info.java
        ExtensionSyntaxChecker.java
        CertificatePolicyQualifier.java
        conf
        AlgorithmType.java
        X509ProfileType.java
        GeneralSubtreeType.java
        Subject.java
        CertificatePolicyInformationType.java
        GeneralNameType.java
        SubjectToSubjectAltNameType.java
        ExtensionType.java
        KeyParametersType.java
        package-info.java
        KeypairGenerationType.java
        Describable.java
        QcStatementType.java
        CertprofileFactoryImpl.java
    - test
      - java
        org
        xipki
        ca
        certprofile
        test
        ProfileConfCreatorDemo.java
        DummyMain.java
  - pom.xml

/*
 *
 * Copyright (c) 2013 - 2020 Lijun Liao
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.xipki.ca.certprofile.demo;

import java.util.Date;
import java.util.List;
import java.util.Map;

import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.xipki.ca.api.BadCertTemplateException;
import org.xipki.ca.api.PublicCaInfo;
import org.xipki.ca.api.profile.CertprofileException;
import org.xipki.ca.api.profile.ExtensionValue;
import org.xipki.ca.api.profile.ExtensionValues;
import org.xipki.ca.certprofile.xijson.XijsonCertprofile;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType;
import org.xipki.util.ConfPairs;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;

/**
 * Example Certprofile.
 *
 * @author Lijun Liao
 */

public class DemoCertprofile extends XijsonCertprofile {

  public static class ExtnDemoWithConf {
    private List<String> texts;

    public List<String> getTexts() {
      return texts;
    }

    public void setTexts(List<String> texts) {
      this.texts = texts;
    }

  }

  public static final ASN1ObjectIdentifier id_demo_without_conf =
      new ASN1ObjectIdentifier("1.2.3.4.1");

  public static final ASN1ObjectIdentifier id_demo_with_conf =
      new ASN1ObjectIdentifier("1.2.3.4.2");

  private boolean addExtraWithoutConf;

  private boolean addExtraWithConf;

  private ASN1Sequence sequence;

  @Override
  protected void extraReset() {
    addExtraWithoutConf = false;
    addExtraWithConf = false;
    sequence = null;
  }

  @Override
  protected boolean initExtraExtension(ExtensionType extn) throws CertprofileException {
    ASN1ObjectIdentifier extnId = extn.getType().toXiOid();
    if (id_demo_without_conf.equals(extnId)) {
      this.addExtraWithoutConf = true;
      return true;
    } else if (id_demo_with_conf.equals(extnId)) {
      Object customObj = extn.getCustom();
      if (customObj == null) {
        throw new CertprofileException("ExtensionType.custom is not specified");
      }

      if (!(customObj instanceof JSONObject)) {
        throw new CertprofileException("ExtensionType.custom is not configured correctly");
      }

      // we need to first serialize the configuration
      byte[] serializedConf = JSON.toJSONBytes(customObj);
      ExtnDemoWithConf conf = JSON.parseObject(serializedConf, ExtnDemoWithConf.class);

      List<String> list = conf.getTexts();
      DERUTF8String[] texts = new DERUTF8String[list.size()];
      for (int i = 0; i < list.size(); i++) {
        texts[i] = new DERUTF8String(list.get(i));
      }

      this.sequence = new DERSequence(texts);

      this.addExtraWithConf = true;
      return true;
    } else {
      return false;
    }
  } // method initExtraExtension

  @Override
  public ExtensionValues getExtraExtensions(
      Map<ASN1ObjectIdentifier, ExtensionControl> extensionOccurences,
      X500Name requestedSubject, X500Name grantedSubject,
      Map<ASN1ObjectIdentifier, Extension> requestedExtensions,
      Date notBefore, Date notAfter, PublicCaInfo caInfo)
      throws CertprofileException, BadCertTemplateException {
    ExtensionValues extnValues = new ExtensionValues();

    if (addExtraWithoutConf) {
      ASN1ObjectIdentifier type = id_demo_without_conf;
      ExtensionControl extnControl = extensionOccurences.get(type);
      if (extnControl != null) {
        ConfPairs caExtraControl = caInfo.getExtraControl();
        String name = "name-a";
        String value = null;
        if (caExtraControl != null) {
          value = caExtraControl.value(name);
        }

        if (value == null) {
          value = "UNDEF";
        }

        ExtensionValue extnValue = new ExtensionValue(extnControl.isCritical(),
            new DERUTF8String(name + ": " + value));
        extnValues.addExtension(type, extnValue);
      }
    }

    if (addExtraWithConf) {
      ASN1ObjectIdentifier type = id_demo_with_conf;
      ExtensionControl extnControl = extensionOccurences.get(type);
      if (extnControl != null) {
        if (sequence == null) {
          throw new IllegalStateException("Certprofile is not initialized");
        }

        ExtensionValue extnValue = new ExtensionValue(extnControl.isCritical(), sequence);
        extnValues.addExtension(type, extnValue);
      }
    }

    return extnValues.size() == 0 ? null : extnValues;
  } // method getExtraExtensions

}