Examples of CertificateInfo

• com.android.builder.signing.CertificateInfo
  Signing information. Both the {@link PrivateKey} and the {@link X509Certificate} are guaranteed to be non-null.
• org.ejbca.core.model.ca.store.CertificateInfo
  Holds information about a certificate but not the certificate itself. @version $Id: CertificateInfo.java 10498 2010-11-15 15:01:03Z jeklund $
• org.platformlayer.auth.model.CertificateInfo
• org.platformlayer.auth.v1.CertificateInfo
  3.org/2001/XMLSchema}anyType"> <sequence> <element name="publicKeyHash" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> <element name="publicKey" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> <element name="subjectDN" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> </sequence> </restriction> </complexContent> </complexType>

Examples of org.ejbca.core.model.ca.store.CertificateInfo

     *             error
     */
    public void test08IsRevoked() throws Exception {
        log.trace(">test08IsRevoked()");
        String fp = CertTools.getFingerprintAsString(cert);
        CertificateInfo data3 = certificateStoreSession.getCertificateInfo(admin, fp);
        assertNotNull("Failed to find cert", data3);
        log.debug("found by key! =" + data3);
        log.debug("fp=" + data3.getFingerprint());
        log.debug("issuer=" + data3.getIssuerDN());
        log.debug("subject=" + data3.getSubjectDN());
        log.debug("cafp=" + data3.getCAFingerprint());
        assertNotNull("wrong CAFingerprint", data3.getCAFingerprint());
        log.debug("status=" + data3.getStatus());
        assertTrue("wrong status", data3.getStatus() == SecConst.CERT_REVOKED);
        log.debug("type=" + data3.getType());
        assertTrue("wrong type", (data3.getType() == SecConst.CERTTYPE_ENDENTITY));
        log.debug("serno=" + data3.getSerialNumber());
        log.debug("expiredate=" + data3.getExpireDate());
        log.debug("revocationdate=" + data3.getRevocationDate());
        log.debug("revocationreason=" + data3.getRevocationReason());
        assertEquals("wrong reason", data3.getRevocationReason(), RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE);

        log.debug("Checking if cert is revoked DN:'" + CertTools.getIssuerDN(cert) + "', serno:'" + cert.getSerialNumber().toString() + "'.");
        CertificateStatus revinfo = certificateStoreSession.getStatus(CertTools.getIssuerDN(cert), cert.getSerialNumber());
        assertNotNull("Certificate not found, it should be!", revinfo);
        int reason = revinfo.revocationReason;
        assertEquals("Certificate not revoked, it should be!", RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE, reason);
        assertTrue("Wrong revocationDate!", revinfo.revocationDate.compareTo(data3.getRevocationDate()) == 0);
        assertEquals("Wrong reason!", revinfo.revocationReason, data3.getRevocationReason());
        log.debug("Removed it!");
        log.trace("<test08IsRevoked()");
    }

Examples of org.ejbca.core.model.ca.store.CertificateInfo

        // Test to renew a CVC CA
        dvdcainfo = caAdminSession.getCAInfo(admin, dvdcaname);
        Certificate cert = (Certificate) dvdcainfo.getCertificateChain().iterator().next();
        // Verify that fingerprint and CA fingerprint is handled correctly
        CertificateInfo certInfo = certificateStoreSession.getCertificateInfo(admin, CertTools.getFingerprintAsString(cert));
        assertFalse(certInfo.getFingerprint().equals(certInfo.getCAFingerprint()));
        int caid = dvdcainfo.getCAId();
        caAdminSession.renewCA(admin, caid, null, false);
        dvdcainfo = caAdminSession.getCAInfo(admin, dvdcaname);
        assertEquals(CAInfo.CATYPE_CVC, dvdcainfo.getCAType());
        cert = (Certificate) dvdcainfo.getCertificateChain().iterator().next();
        assertEquals("CVC", cert.getType());
        assertEquals(CertTools.getSubjectDN(cert), dvddn);
        assertEquals(CertTools.getIssuerDN(cert), rootcadn);
        assertEquals(dvdcainfo.getSubjectDN(), dvddn);
        // Verify that fingerprint and CA fingerprint is handled correctly
        certInfo = certificateStoreSession.getCertificateInfo(admin, CertTools.getFingerprintAsString(cert));
        assertFalse(certInfo.getFingerprint().equals(certInfo.getCAFingerprint()));
        // It's not possible to check the time for renewal of a CVC CA since the
        // resolution of validity is only days.
        // The only way is to generate a certificate with different access
        // rights in it
        CardVerifiableCertificate cvcert = (CardVerifiableCertificate) cert;

Examples of org.ejbca.core.model.ca.store.CertificateInfo

     * @throws ApprovalException
     * @throws WaitingForApprovalException
     */
    private void checkIfApprovalRequired(Admin admin, Certificate certificate, String username, int endEntityProfileId, boolean checkNewest, GlobalConfiguration gc) throws ApprovalException, WaitingForApprovalException{
        final int caid = CertTools.getIssuerDN(certificate).hashCode();
    final CertificateInfo certinfo = certificateStoreSession.getCertificateInfo(admin, CertTools.getFingerprintAsString(certificate));
        // Check if approvals is required.
        int numOfApprovalsRequired = caAdminSession.getNumOfApprovalRequired(admin, CAInfo.REQ_APPROVAL_KEYRECOVER, caid, certinfo.getCertificateProfileId());
        if (numOfApprovalsRequired > 0){
      KeyRecoveryApprovalRequest ar = new KeyRecoveryApprovalRequest(certificate,username,checkNewest, admin,null,numOfApprovalsRequired,caid,endEntityProfileId);
      if (ApprovalExecutorUtil.requireApproval(ar, NONAPPROVABLECLASSNAMES_KEYRECOVERY)){
        approvalSession.addApprovalRequest(admin, ar, gc);
              String msg = intres.getLocalizedMessage("keyrecovery.addedforapproval");

Examples of org.ejbca.core.model.ca.store.CertificateInfo

        // Check that the admin has revocation rights.
        if (!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.REGULAR_REVOKEENDENTITY)) {
            Authorizer.throwAuthorizationException(admin, AccessRulesConstants.REGULAR_REVOKEENDENTITY, null);
        }
        // To be fully backwards compatible we just use the first fingerprint found..
        final CertificateInfo info = certificateStoreSession.findFirstCertificateInfo(issuerdn, certserno);
        if (info == null) {
          final String msg = intres.getLocalizedMessage("ra.errorfindentitycert", issuerdn, certserno.toString(16));
            logSession.log(admin, LogConstants.INTERNALCAID, LogConstants.MODULE_RA, new Date(), null, null, LogConstants.EVENT_INFO_REVOKEDENDENTITY, msg);
            throw new FinderException(msg);
        }
        final int caid = info.getIssuerDN().hashCode();
        final String username = info.getUsername();
        assertAuthorizedToCA(admin, caid, username, LogConstants.EVENT_ERROR_REVOKEDENDENTITY);
        int certificateProfileId = info.getCertificateProfileId();
        String userDataDN = info.getSubjectDN();
        final CertReqHistory certReqHistory = certificateStoreSession.getCertReqHistory(admin, certserno, issuerdn);
        UserData data = null;
        if (certReqHistory == null || XkmsConfiguration.getEnabled()) {
          // We could use userdata later, so try to find it
          data = UserData.findByUsername(entityManager, username);
        }
        int endEntityProfileId = -1;
        if (certReqHistory != null) {
            // Get the EEP that was used in the original issuance, if we can find it
          endEntityProfileId = certReqHistory.getUserDataVO().getEndEntityProfileId();
            // Republish with the same user DN that was used in the original publication, if we can find it
            userDataDN = certReqHistory.getUserDataVO().getDN();
            // If for some reason the certificate profile id was not set in the certificate data, try to get it from the certreq history
            if (certificateProfileId == SecConst.CERTPROFILE_NO_PROFILE) {
                certificateProfileId = certReqHistory.getUserDataVO().getCertificateProfileId();
            }
        } else if (data != null) {
          // Get the EEP that is currently used as a fallback, if we can find it
          endEntityProfileId = data.getEndEntityProfileId();
          // Republish with the same user DN that is currently used as a fallback, if we can find it
          userDataDN = data.getSubjectDN();
            // If for some reason the certificate profile id was not set in the certificate data, try to get it from current userdata
            if (certificateProfileId == SecConst.CERTPROFILE_NO_PROFILE) {
                certificateProfileId = data.getCertificateProfileId();
            }
        }
        if (endEntityProfileId != -1) {
          // We can only perform this check if we have a trail of what eep was used..
            if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
              assertAuthorizedToEndEntityProfile(admin, endEntityProfileId, AccessRulesConstants.REVOKE_RIGHTS, caid, username, LogConstants.EVENT_ERROR_REVOKEDENDENTITY);
            }
        }
        // Check that unrevocation is not done on anything that can not be unrevoked
        if (reason == RevokedCertInfo.NOT_REVOKED || reason == RevokedCertInfo.REVOCATION_REASON_REMOVEFROMCRL) {
            if (info.getRevocationReason() != RevokedCertInfo.REVOCATION_REASON_CERTIFICATEHOLD) {
              final String msg = intres.getLocalizedMessage("ra.errorunrevokenotonhold", issuerdn, certserno.toString(16));
                logSession.log(admin, caid, LogConstants.MODULE_RA, new Date(), username, null, LogConstants.EVENT_INFO_REVOKEDENDENTITY, msg);
                throw new AlreadyRevokedException(msg);
            }
        } else {
            if (info.getRevocationReason() != RevokedCertInfo.NOT_REVOKED) {
              final String msg = intres.getLocalizedMessage("ra.errorrevocationexists");
                logSession.log(admin, caid, LogConstants.MODULE_RA, new Date(), username, null, LogConstants.EVENT_INFO_REVOKEDENDENTITY, msg);
                throw new AlreadyRevokedException(msg);
            }
        }

Examples of org.ejbca.core.model.ca.store.CertificateInfo

        if (!certs.isEmpty()) {
          Iterator<Certificate> j = certs.iterator();
          while (j.hasNext()) {
            certificate = j.next();
            String fingerprint = CertTools.getFingerprintAsString(certificate);
            CertificateInfo info = getCertificateInfo(admin, fingerprint);
            if (info != null && info.getStatus() != SecConst.CERT_REVOKED) {
              returnval = false;
              break;
            }
          }
        }

Examples of org.platformlayer.auth.model.CertificateInfo

  protected void requireSystemAccess() throws AuthenticatorException {
    X509Certificate[] certChain = getCertificateChain();
    if (certChain != null && certChain.length != 0) {
      CertificateChainInfo chain = new CertificateChainInfo();
      for (X509Certificate cert : certChain) {
        CertificateInfo info = new CertificateInfo();

        info.publicKey = Hex.toHex(cert.getPublicKey().getEncoded());
        info.subjectDN = Certificates.getSubject(cert);

        // Md5Hash hash = OpenSshUtils.getSignature(cert.getPublicKey());

Examples of org.platformlayer.auth.model.CertificateInfo

      return null;
    }

    // If it's a single cert; we check the cert.
    // Otherwise, we assume a CA signed the tail cert, so we check the penultimate cert
    CertificateInfo inspect;
    if (certChainInfo.certificates.size() == 1) {
      inspect = certChainInfo.certificates.get(0);
    } else {
      inspect = certChainInfo.certificates.get(1);
    }

Examples of org.platformlayer.auth.v1.CertificateInfo

public class CertificateChains {
  public static CertificateChainInfo toModel(X509Certificate[] chain) {
    CertificateChainInfo chainInfo = new CertificateChainInfo();
    List<CertificateInfo> certificates = chainInfo.getCertificates();
    for (X509Certificate cert : chain) {
      CertificateInfo certificateInfo = new CertificateInfo();

      certificateInfo.setSubjectDN(Certificates.getSubject(cert));
      Md5Hash hash = OpenSshUtils.getSignature(cert.getPublicKey());
      certificateInfo.setPublicKeyHash(hash.toHex());

      byte[] data = cert.getPublicKey().getEncoded();
      certificateInfo.setPublicKey(Hex.toHex(data));

      certificates.add(certificateInfo);
    }

    return chainInfo;