static X509ResourceCertificate createManifestEECertificate() {
X509ResourceCertificateBuilder builder = new X509ResourceCertificateBuilder();
builder
.withCa(false)
.withSubjectDN(ROOT_CERTIFICATE_NAME)
.withIssuerDN(ROOT_CERTIFICATE_NAME)
.withSerial(BigInteger.ONE);
builder.withPublicKey(ROOT_KEY_PAIR.getPublic());
builder.withSigningKeyPair(ROOT_KEY_PAIR);
builder.withInheritedResourceTypes(EnumSet.allOf(IpResourceType.class));
builder.withValidityPeriod(new ValidityPeriod(THIS_UPDATE_TIME, NEXT_UPDATE_TIME));
return builder.build();
}
static X509ResourceCertificate getRootResourceCertificate() {
X509ResourceCertificateBuilder builder = new X509ResourceCertificateBuilder();
builder.withSubjectDN(ROOT_CERTIFICATE_NAME);
builder.withIssuerDN(ROOT_CERTIFICATE_NAME);
builder.withSerial(ROOT_SERIAL_NUMBER);
builder.withValidityPeriod(VALIDITY_PERIOD);
builder.withPublicKey(ROOT_KEY_PAIR.getPublic());
builder.withCa(true);
builder.withKeyUsage(KeyUsage.keyCertSign);
builder.withAuthorityKeyIdentifier(true);
builder.withSubjectKeyIdentifier(true);
builder.withResources(ROOT_RESOURCE_SET);
builder.withAuthorityKeyIdentifier(false);
builder.withSigningKeyPair(ROOT_KEY_PAIR);
X509CertificateInformationAccessDescriptor[] descriptors = {
new X509CertificateInformationAccessDescriptor(
X509CertificateInformationAccessDescriptor.ID_AD_CA_REPOSITORY,
ROOT_SIA_REPO_HTTP_LOCATION),
new X509CertificateInformationAccessDescriptor(
X509CertificateInformationAccessDescriptor.ID_AD_CA_REPOSITORY,
ROOT_SIA_REPO_RSYNC_LOCATION),
new X509CertificateInformationAccessDescriptor(
X509CertificateInformationAccessDescriptor.ID_AD_RPKI_MANIFEST,
ROOT_SIA_MANIFEST_RSYNC_LOCATION),
};
builder.withSubjectInformationAccess(descriptors);
return builder.build();
}