static X509ResourceCertificate createManifestEECertificate() { X509ResourceCertificateBuilder builder = new X509ResourceCertificateBuilder(); builder .withCa(false) .withSubjectDN(ROOT_CERTIFICATE_NAME) .withIssuerDN(ROOT_CERTIFICATE_NAME) .withSerial(BigInteger.ONE); builder.withPublicKey(ROOT_KEY_PAIR.getPublic()); builder.withSigningKeyPair(ROOT_KEY_PAIR); builder.withInheritedResourceTypes(EnumSet.allOf(IpResourceType.class)); builder.withValidityPeriod(new ValidityPeriod(THIS_UPDATE_TIME, NEXT_UPDATE_TIME)); return builder.build(); }
static X509ResourceCertificate getRootResourceCertificate() { X509ResourceCertificateBuilder builder = new X509ResourceCertificateBuilder(); builder.withSubjectDN(ROOT_CERTIFICATE_NAME); builder.withIssuerDN(ROOT_CERTIFICATE_NAME); builder.withSerial(ROOT_SERIAL_NUMBER); builder.withValidityPeriod(VALIDITY_PERIOD); builder.withPublicKey(ROOT_KEY_PAIR.getPublic()); builder.withCa(true); builder.withKeyUsage(KeyUsage.keyCertSign); builder.withAuthorityKeyIdentifier(true); builder.withSubjectKeyIdentifier(true); builder.withResources(ROOT_RESOURCE_SET); builder.withAuthorityKeyIdentifier(false); builder.withSigningKeyPair(ROOT_KEY_PAIR); X509CertificateInformationAccessDescriptor[] descriptors = { new X509CertificateInformationAccessDescriptor( X509CertificateInformationAccessDescriptor.ID_AD_CA_REPOSITORY, ROOT_SIA_REPO_HTTP_LOCATION), new X509CertificateInformationAccessDescriptor( X509CertificateInformationAccessDescriptor.ID_AD_CA_REPOSITORY, ROOT_SIA_REPO_RSYNC_LOCATION), new X509CertificateInformationAccessDescriptor( X509CertificateInformationAccessDescriptor.ID_AD_RPKI_MANIFEST, ROOT_SIA_MANIFEST_RSYNC_LOCATION), }; builder.withSubjectInformationAccess(descriptors); return builder.build(); }