Examples of CardVerifiableCertificate

Examples of org.ejbca.cvc.CardVerifiableCertificate

245
246
247
248
249
250
251
252
 
    /**
     * @see org.ejbca.core.protocol.IRequestMessage
     */
  public Date getRequestValidityNotAfter() {
      CardVerifiableCertificate cc = getCardVerifiableCertificate();
        return CertTools.getNotAfter(cc);
  }
View Full Code Here

Examples of org.ejbca.cvc.CardVerifiableCertificate

270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
        log.trace(">verify()");

        boolean ret = false;

        try {
          CardVerifiableCertificate cc = getCardVerifiableCertificate();
          if (cc != null) {
                if (pubKey == null) {
                  cc.verify(cvcert.getCertificateBody().getPublicKey());
                  ret = true; // If we came here verification was successful
                } else {
                    cc.verify(pubKey);
                  ret = true; // If we came here verification was successful
                }           
          }
        } catch (NoSuchFieldException e) {
            log.error("CVC error!", e);
View Full Code Here

Examples of org.ejbca.cvc.CardVerifiableCertificate

423
424
425
426
427
428
429
430
        }
        } catch (IllegalArgumentException e) {
            log.error("CVC not inited!", e);
            return null;
        }
      CardVerifiableCertificate cc = new CardVerifiableCertificate(cvcert);
      return cc;
    }
View Full Code Here

Examples of org.ejbca.cvc.CardVerifiableCertificate

806
807
808
809
810
811
812
813
814
815
816
817
818
      throw new Exception("Unknown public key type: " + publickey.getAlgorithm() + " (" + publickey.getClass() + ")");
    }
   
    // If this is a CVC CA we need to find out the sequence
    if (cacert instanceof CardVerifiableCertificate) {
      CardVerifiableCertificate cvccacert = (CardVerifiableCertificate) cacert;
      log.debug("Getting sequence from holderRef in CV certificate.");
      String sequence = cvccacert.getCVCertificate().getCertificateBody().getHolderReference().getSequence();
      log.debug("Setting sequence "+sequence);
      setKeySequence(sequence);
            log.debug("Setting default sequence format "+StringTools.KEY_SEQUENCE_FORMAT_NUMERIC);
      setKeySequenceFormat(StringTools.KEY_SEQUENCE_FORMAT_NUMERIC);
    } else {
View Full Code Here

Examples of org.ejbca.cvc.CardVerifiableCertificate

184
185
186
187
188
189
190
191
192
193
194
195
196
      }
      HolderReferenceField holderRef = new HolderReferenceField(country, mnemonic, seq);
      CAReferenceField caRef = null;
      if (cacert != null) {
        if (cacert instanceof CardVerifiableCertificate) {
          CardVerifiableCertificate cvcacert = (CardVerifiableCertificate) cacert;
          try {
            HolderReferenceField href = cvcacert.getCVCertificate().getCertificateBody().getHolderReference();
            caRef = new CAReferenceField(href.getCountry(), href.getMnemonic(), href.getSequence());
            log.debug("Using caRef from the CA certificate: "+caRef.getConcatenated());         
          } catch (NoSuchFieldException e) {
            log.debug("CA certificate does not contain a Holder reference to use as CARef in request.");
          }         
View Full Code Here

Examples of org.ejbca.cvc.CardVerifiableCertificate

233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
    if (log.isTraceEnabled()) {
      log.trace(">signRequest: usepreviouskey="+usepreviouskey+", createlinkcert="+createlinkcert);
    }
    byte[] ret = request;
    try {
      CardVerifiableCertificate cacert = (CardVerifiableCertificate)getCACertificate();
      if (cacert == null) {
        // if we don't have a CA certificate, we can't sign any request, just return it
        return request;
      }
      CATokenContainer catoken = getCAToken();
      // Get either the current or the previous signing key for signing this request
      int key = SecConst.CAKEYPURPOSE_CERTSIGN;
      if (usepreviouskey) {
        log.debug("Using previous CertSign key to sign request");
        key = SecConst.CAKEYPURPOSE_CERTSIGN_PREVIOUS;
      } else {
        log.debug("Using current CertSign key to sign request");
      }
      KeyPair keyPair = new KeyPair(catoken.getPublicKey(key), catoken.getPrivateKey(key));
      String signAlg = getCAToken().getCATokenInfo().getSignatureAlgorithm();
      // Create the CA reference, should be from signing certificates holder field
      HolderReferenceField caHolder = cacert.getCVCertificate().getCertificateBody().getHolderReference();
      String sequence = caHolder.getSequence();
      // See if we have a previous sequence to put in the CA reference instead of the same as we have from the request
      String propdata = catoken.getCATokenInfo().getProperties();
      Properties prop = new Properties();
      if (propdata != null) {
        prop.load(new ByteArrayInputStream(propdata.getBytes()));         
      }
      String previousSequence = (String)prop.get(ICAToken.PREVIOUS_SEQUENCE_PROPERTY);
      // Only use previous sequence if we also use previous key
      if ( (previousSequence != null) && (usepreviouskey) ) {
        sequence = previousSequence;
        log.debug("Using previous sequence in caRef: "+sequence);
      } else {
        log.debug("Using current sequence in caRef: "+sequence);       
      }
      // Set the CA reference field for the authentication signature
      CAReferenceField caRef = new CAReferenceField(caHolder.getCountry(), caHolder.getMnemonic(), sequence);

      CVCertificate cvcert = null;
      try {
        byte[] binbytes = request;
        try {
          // We don't know if this is a PEM or binary certificate or request request so we first try to
          // decode it as a PEM certificate, and if it's not we try it as a PEM request and finally as a binary request
          Collection<Certificate> col = CertTools.getCertsFromPEM(new ByteArrayInputStream(request));
          Certificate cert = col.iterator().next();
          if (cert != null) {
            binbytes = cert.getEncoded();
          }
        } catch (Exception e) {
          log.debug("This is not a PEM certificate?: "+e.getMessage());
          try {
            binbytes = RequestMessageUtils.getRequestBytes(request);
          } catch (Exception e2) {
            log.debug("This is not a PEM request?: "+e2.getMessage());           
          }
        }
        // This can be either a CV certificate, a CV certificate request, or an authenticated request that we should re-sign
        CVCObject parsedObject;
        parsedObject = CertificateParser.parseCVCObject(binbytes);
        if (parsedObject instanceof CVCertificate) {
          cvcert = (CVCertificate) parsedObject;
          log.debug("This is a reqular CV request, or cert.");         
        } else if (parsedObject instanceof CVCAuthenticatedRequest) {
          CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest)parsedObject;
          cvcert = authreq.getRequest();
          log.debug("This is an authenticated CV request, we will overwrite the old authentication with a new.");         
        }
      } catch (ParseException e) {
              String msg = intres.getLocalizedMessage("cvc.error.notcvcrequest");
        log.info(msg, e);
        return request;
      } catch (ClassCastException e) {
              String msg = intres.getLocalizedMessage("cvc.error.notcvcrequest");
        log.info(msg, e);
        return request;
      }
      // Check if the input was a CVCA certificate, which is the same CVCA as this. If all is true we should create a CVCA link certificate
      // instead of an authenticated request
      CardVerifiableCertificate cvccert = new CardVerifiableCertificate(cvcert);
      HolderReferenceField cvccertholder = cvccert.getCVCertificate().getCertificateBody().getHolderReference();
      AuthorizationRoleEnum authRole = null;
      AccessRightEnum rights = null;
      try {
        authRole = cvccert.getCVCertificate().getCertificateBody().getAuthorizationTemplate().getAuthorizationField().getRole();         
         rights = cvccert.getCVCertificate().getCertificateBody().getAuthorizationTemplate().getAuthorizationField().getAccessRight();
      } catch (NoSuchFieldException e) {
        log.debug("No AuthorizationRoleEnum or AccessRightEnum, this is not a CV certificate so we can't make a link certificate: "+e.getMessage());
       
      }
      if (createlinkcert && (authRole != null) && (rights != null)) {
        log.debug("We will create a link certificate.");
        String msg = intres.getLocalizedMessage("cvc.info.createlinkcert", cvccertholder.getConcatenated(), caRef.getConcatenated());
        log.info(msg);
        PublicKey pk = cvccert.getPublicKey();
        Date validFrom = cvccert.getCVCertificate().getCertificateBody().getValidFrom();
        Date validTo = cvccert.getCVCertificate().getCertificateBody().getValidTo();
        // Generate a new certificate with the same contents as the passed in certificate, but with new caRef and signature
        CVCertificate retcert = CertificateGenerator.createCertificate(pk, keyPair.getPrivate(), signAlg, caRef, cvccertholder, authRole, rights, validFrom, validTo, catoken.getProvider());
        ret = retcert.getDEREncoded();
        log.debug("Signed a CardVerifiableCertificate CardVerifiableCertificate.");
      } else {
View Full Code Here

Examples of org.ejbca.cvc.CardVerifiableCertificate

407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
        if (certProfile.getType() == CertificateProfile.TYPE_ROOTCA) {
          isRootCA = true;
        }
       
        // Get CA reference
        CardVerifiableCertificate cacert = (CardVerifiableCertificate)getCACertificate();
        // Get certificate validity time notBefore and notAfter
        CertificateValidity val = new CertificateValidity(subject, certProfile, notBefore, notAfter, cacert, isRootCA);

        // We must take the issuer DN directly from the CA-certificate, if we are not creating a new Root CA
        CAReferenceField caRef = null;
        AuthorizationRoleEnum authRole = AuthorizationRoleEnum.IS;
        if (isRootCA) {
          // This will be an initial root CA, since no CA-certificate exists
          if (log.isDebugEnabled()) {
            log.debug("Using Holder Ref also as CA Ref, because it is a root CA");
          }
            caRef = new CAReferenceField(holderRef.getCountry(), holderRef.getMnemonic(), holderRef.getSequence());
            log.debug("Using AuthorizationRoleEnum.CVCA");
            authRole = AuthorizationRoleEnum.CVCA;
        } else {
          if (log.isDebugEnabled()) {
            log.debug("Using CA Ref directly from the CA certificates Holder Ref");
          }
            HolderReferenceField hr = cacert.getCVCertificate().getCertificateBody().getHolderReference();
            caRef = new CAReferenceField(hr.getCountry(), hr.getMnemonic(), hr.getSequence());
            if (certProfile.getType() == CertificateProfile.TYPE_SUBCA) {
              // If the holder DV's country and the CA's country is the same, this is a domestic DV
              // If the holder DV's country is something else, it is a foreign DV
              if (StringUtils.equals(caRef.getCountry(), holderRef.getCountry())) {
                  authRole = AuthorizationRoleEnum.DV_D;               
                    log.debug("Using AuthorizationRoleEnum.DV_D");
              } else {
                  authRole = AuthorizationRoleEnum.DV_F;                 
                    log.debug("Using AuthorizationRoleEnum.DV_F");
              }
            }
        }

        AccessRightEnum accessRights = AccessRightEnum.READ_ACCESS_NONE;
        int rights = certProfile.getCVCAccessRights();
        log.debug("Access rights in certificate profile: "+rights);
        switch (rights) {
          case CertificateProfile.CVC_ACCESS_DG3: accessRights = AccessRightEnum.READ_ACCESS_DG3; break;
          case CertificateProfile.CVC_ACCESS_DG4: accessRights = AccessRightEnum.READ_ACCESS_DG4; break;
          case CertificateProfile.CVC_ACCESS_DG3DG4: accessRights = AccessRightEnum.READ_ACCESS_DG3_AND_DG4; break;
          case CertificateProfile.CVC_ACCESS_NONE: accessRights = AccessRightEnum.READ_ACCESS_NONE; break;
        }
        // Generate the CVC certificate using Keijos library
        CATokenContainer catoken = getCAToken();
        String sigAlg = catoken.getCATokenInfo().getSignatureAlgorithm();
        log.debug("Creating CV certificate with algorithm "+sigAlg+", using provider "+catoken.getProvider()+", public key algorithm from CVC request must match this algorithm.");
        log.debug("CARef: "+caRef.getConcatenated()+"; holderRef: "+holderRef.getConcatenated());
        CVCertificate cvc = CertificateGenerator.createCertificate(publicKey, catoken.getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN),
            sigAlg, caRef, holderRef, authRole, accessRights, val.getNotBefore(), val.getNotAfter(), catoken.getProvider());

        if (log.isDebugEnabled()) {
            log.debug("Certificate: "+cvc.toString());
            log.debug("Certificate bytes: "+new String(Base64.encode(cvc.getDEREncoded())));         
        }
       
        CardVerifiableCertificate retCert = new CardVerifiableCertificate(cvc);
        // Verify certificate before returning
        retCert.verify(getCAToken().getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN));
        if (log.isTraceEnabled()) {
          log.trace("<generateCertificate()");
        }
    return retCert;                                                                                       
  }
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.