Package org.ejbca.core.model.ca.certificateprofiles

Examples of org.ejbca.core.model.ca.certificateprofiles.CertificateProfile

1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
        // check altNames, should be none
        Collection c = cert.getSubjectAlternativeNames();
        assertNull(c);

        // Change so that we allow override of validity time
        CertificateProfile prof = certificateProfileSession.getCertificateProfile(admin, cprofile);
        prof.setAllowExtensionOverride(true);
        certificateProfileSession.changeCertificateProfile(admin, "TESTEXTENSIONOVERRIDE", prof);

        userAdminSession.changeUser(admin, user, false);
        resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
        cert = (X509Certificate) CertTools.getCertfromByteArray(resp.getResponseMessage());
View Full Code Here
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
        assertNotNull("Failed to create certificate", cert);
        assertEquals("CN=testsigalg,C=SE", cert.getSubjectDN().getName());
        assertEquals(AlgorithmConstants.SIGALG_SHA1_WITH_RSA, CertTools.getSignatureAlgorithm(cert));

        // Change so that we can override signature algorithm
        CertificateProfile prof = certificateProfileSession.getCertificateProfile(admin, cprofile);
        prof.setSignatureAlgorithm(AlgorithmConstants.SIGALG_SHA256_WITH_RSA);
        certificateProfileSession.changeCertificateProfile(admin, "TESTSIGALG", prof);

        userAdminSession.changeUser(admin, user, false);
        resp = signSession.createCertificate(admin, p10, org.ejbca.core.protocol.X509ResponseMessage.class, null);
        cert = (X509Certificate) CertTools.getCertfromByteArray(resp.getResponseMessage());
View Full Code Here
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
        // Create a Sub DV domestic
        ret = false;
        try {
            adminGroupSession.init(admin, dvddn.hashCode(), DEFAULT_SUPERADMIN_CN);
            // Create a Certificate profile
            CertificateProfile profile = new CACertificateProfile();
            profile.setType(CertificateProfile.TYPE_SUBCA);
            certificateProfileSession.addCertificateProfile(admin, "TESTCVCDV", profile);
            int profileid = certificateProfileSession.getCertificateProfileId(admin, "TESTCVCDV");

            CVCCAInfo cvccainfo = new CVCCAInfo(dvddn, dvdcaname, SecConst.CA_ACTIVE, new Date(), profileid, 3650, null, // Expiretime
                    CAInfo.CATYPE_CVC, rootcadn.hashCode(), null, catokeninfo, "JUnit CVC CA", -1, null, 24, // CRLPeriod
                    0, // CRLIssueInterval
                    10, // CRLOverlapTime
                    10, // Delta CRL period
                    new ArrayList<Integer>(), // CRL publishers
                    true, // Finish User
                    extendedcaservices, new ArrayList<Integer>(), // Approvals Settings
                    1, // Number of Req approvals
                    true, // Include in health check
                    true, // isDoEnforceUniquePublicKeys
                    true, // isDoEnforceUniqueDistinguishedName
                    false, // isDoEnforceUniqueSubjectDNSerialnumber
                    true, // useCertReqHistory
                    true, // useUserStorage
                    true // useCertificateStorage
            );

            caAdminSession.createCA(admin, cvccainfo);

            dvdcainfo = caAdminSession.getCAInfo(admin, dvdcaname);
            assertEquals(CAInfo.CATYPE_CVC, dvdcainfo.getCAType());

            Certificate cert = (Certificate) dvdcainfo.getCertificateChain().iterator().next();
            assertEquals("CVC", cert.getType());
            assertEquals(CertTools.getSubjectDN(cert), dvddn);
            assertEquals(CertTools.getIssuerDN(cert), rootcadn);
            assertEquals(dvdcainfo.getSubjectDN(), dvddn);
            PublicKey pk = cert.getPublicKey();
            if (pk instanceof RSAPublicKey) {
                RSAPublicKey rsapk = (RSAPublicKey) pk;
                assertEquals(rsapk.getAlgorithm(), "RSA");
                BigInteger modulus = rsapk.getModulus();
                int len = modulus.bitLength();
                assertEquals(1024, len);
            } else {
                assertTrue("Public key is not RSA", false);
            }
            assertTrue("CA is not valid for the specified duration.", CertTools.getNotAfter(cert).after(
                    new Date(new Date().getTime() + 10 * 364 * 24 * 60 * 60 * 1000L))
                    && CertTools.getNotAfter(cert).before(new Date(new Date().getTime() + 10 * 366 * 24 * 60 * 60 * 1000L)));
            // Check role
            CardVerifiableCertificate cvcert = (CardVerifiableCertificate) cert;
            assertEquals("SETESTDV-D00001", cvcert.getCVCertificate().getCertificateBody().getHolderReference().getConcatenated());
            String role = cvcert.getCVCertificate().getCertificateBody().getAuthorizationTemplate().getAuthorizationField().getRole().name();
            assertEquals("DV_D", role);
            String accessRights = cvcert.getCVCertificate().getCertificateBody().getAuthorizationTemplate().getAuthorizationField().getAccessRight()
                    .name();
            assertEquals("READ_ACCESS_DG3_AND_DG4", accessRights);
            ret = true;
        } catch (CAExistsException pee) {
            log.info("CA exists.");
        }
        assertTrue(ret);

        // Create a Sub DV foreign
        ret = false;
        try {
            adminGroupSession.init(admin, dvfdn.hashCode(), DEFAULT_SUPERADMIN_CN);

            CVCCAInfo cvccainfo = new CVCCAInfo(dvfdn, dvfcaname, SecConst.CA_ACTIVE, new Date(), SecConst.CERTPROFILE_FIXED_SUBCA, 3650, null, // Expiretime
                    CAInfo.CATYPE_CVC, rootcadn.hashCode(), null, catokeninfo, "JUnit CVC CA", -1, null, 24, // CRLPeriod
                    0, // CRLIssueInterval
                    10, // CRLOverlapTime
                    10, // Delta CRL period
                    new ArrayList<Integer>(), // CRL publishers
                    true, // Finish User
                    extendedcaservices, new ArrayList<Integer>(), // Approvals Settings
                    1, // Number of Req approvals
                    true, // Include in health check
                    true, // isDoEnforceUniquePublicKeys
                    true, // isDoEnforceUniqueDistinguishedName
                    false, // isDoEnforceUniqueSubjectDNSerialnumber
                    true, // useCertReqHistory
                    true, // useUserStorage
                    true // useCertificateStorage
            );

            caAdminSession.createCA(admin, cvccainfo);

            CAInfo info = caAdminSession.getCAInfo(admin, dvfcaname);
            assertEquals(CAInfo.CATYPE_CVC, info.getCAType());

            Certificate cert = (Certificate) info.getCertificateChain().iterator().next();
            assertEquals("CVC", cert.getType());
            assertEquals(CertTools.getSubjectDN(cert), dvfdn);
            assertEquals(CertTools.getIssuerDN(cert), rootcadn);
            assertEquals(info.getSubjectDN(), dvfdn);
            PublicKey pk = cert.getPublicKey();
            if (pk instanceof RSAPublicKey) {
                RSAPublicKey rsapk = (RSAPublicKey) pk;
                assertEquals(rsapk.getAlgorithm(), "RSA");
                BigInteger modulus = rsapk.getModulus();
                int len = modulus.bitLength();
                assertEquals(1024, len);
            } else {
                assertTrue("Public key is not RSA", false);
            }
            assertTrue("CA is not valid for the specified duration.", CertTools.getNotAfter(cert).after(
                    new Date(new Date().getTime() + 10 * 364 * 24 * 60 * 60 * 1000L))
                    && CertTools.getNotAfter(cert).before(new Date(new Date().getTime() + 10 * 366 * 24 * 60 * 60 * 1000L)));
            // Check role
            CardVerifiableCertificate cvcert = (CardVerifiableCertificate) cert;
            assertEquals("FITESTDV-F00001", cvcert.getCVCertificate().getCertificateBody().getHolderReference().getConcatenated());
            String role = cvcert.getCVCertificate().getCertificateBody().getAuthorizationTemplate().getAuthorizationField().getRole().name();
            assertEquals("DV_F", role);
            ret = true;
        } catch (CAExistsException pee) {
            log.info("CVC CA exists.");
            fail("CVC CA exists");
        }
        assertTrue("Creating CVC CAs failed", ret);

        // Test to renew a CVC CA using a different access right
        CertificateProfile profile = certificateProfileSession.getCertificateProfile(admin, "TESTCVCDV");
        profile.setCVCAccessRights(CertificateProfile.CVC_ACCESS_DG3);
        certificateProfileSession.changeCertificateProfile(admin, "TESTCVCDV", profile);

        int caid = dvdcainfo.getCAId();
        caAdminSession.renewCA(admin, caid, null, false);
        dvdcainfo = caAdminSession.getCAInfo(admin, dvdcaname);
View Full Code Here
102
103
104
105
106
107
108
109
110
111
112
113
        for (int i = 0; i < NUMBER_OF_USERS; i++) {
            String username = genUserName(baseUsername);
            String password = genRandomPwd();
            final String certificateProfileName = "testLotsOfCertsPerUser";
            final String endEntityProfileName = "testLotsOfCertsPerUser";
            CertificateProfile certificateProfile = new EndUserCertificateProfile();
            certificateProfile.setAllowValidityOverride(true);
            try {
                certificateProfileSession.addCertificateProfile(administrator, certificateProfileName, certificateProfile);
            } catch (CertificateProfileExistsException e) {
            }
View Full Code Here
663
664
665
666
667
668
669
670
671
672
673
674
        gc.setEnableEndEntityProfileLimitations(false);
        raAdminSession.saveGlobalConfigurationRemote(intAdmin, gc);
        if (certificateProfileSession.getCertificateProfileId(intAdmin, "WSTESTPROFILE") != 0) {
            certificateProfileSession.removeCertificateProfile(intAdmin, "WSTESTPROFILE");
        }
        CertificateProfile profile = new EndUserCertificateProfile();
        profile.setAllowValidityOverride(true);
        certificateProfileSession.addCertificateProfile(intAdmin, "WSTESTPROFILE", profile);
        UserDataVOWS tokenUser1 = new UserDataVOWS();
        tokenUser1.setUsername(username);
        tokenUser1.setPassword("foo123");
        tokenUser1.setClearPwd(true);
View Full Code Here
155
156
157
158
159
160
161
162
163
164
165
166
        updatePropertyOnServer(CmpConfiguration.CONFIG_RA_ENDENTITYPROFILE, EEPNAME);
        updatePropertyOnServer(CmpConfiguration.CONFIG_RACANAME, cainfo.getName());
        // Configure a Certificate profile (CmpRA) using ENDUSER as template and
        // check "Allow validity override".
        if (certificateProfileSession.getCertificateProfile(admin, CPNAME) == null) {
            CertificateProfile cp = new EndUserCertificateProfile();
            cp.setAllowValidityOverride(true);
            try { // TODO: Fix this better
                certificateProfileSession.addCertificateProfile(admin, CPNAME, cp);
            } catch (CertificateProfileExistsException e) {
                e.printStackTrace();
            }
View Full Code Here
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
                }
            }
        }
        // Finally find the publishers for the certificate profileId that we found
        Collection<Integer> publishers = new ArrayList<Integer>(0);
        final CertificateProfile certificateProfile = certificateProfileSession.getCertificateProfile(admin, certificateProfileId);
        if (certificateProfile != null) {
            publishers = certificateProfile.getPublisherList();
            if ( publishers==null || publishers.size()==0 ) {
              if (log.isDebugEnabled()) {
                log.debug("No publishers defined for certificate with serial #"+certserno.toString(16)+ " issued by "+issuerdn);
              }
            }
View Full Code Here
468
469
470
471
472
473
474
475
476
477
478
479
480
481
          log.debug("We will create a link certificate.");
          X509CAInfo info = (X509CAInfo)getCAInfo();
              UserDataVO cadata = new UserDataVO("nobody", info.getSubjectDN(), info.getSubjectDN().hashCode(), info.getSubjectAltName(), null,
                  0,0,0,  info.getCertificateProfileId(), null, null, 0, 0, null);
         
          CertificateProfile certProfile = new RootCACertificateProfile();
              if((info.getPolicies() != null) && (info.getPolicies().size() > 0)) {
                certProfile.setUseCertificatePolicies(true);
                certProfile.setCertificatePolicies(info.getPolicies());
              }       
                PublicKey previousCaPublicKey = catoken.getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN_PREVIOUS);
                PrivateKey previousCaPrivateKey = catoken.getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN_PREVIOUS);
                String provider = catoken.getProvider();
              String sequence = catoken.getCATokenInfo().getKeySequence(); // get from CAtoken to make sure it is fresh
View Full Code Here
788
789
790
791
792
793
794
795
796
797
798
799
800
801
                log.warn("CA configured to enforce unique entity keys, but not to store issued certificates. Check will be ignored. Please verify your configuration.");
              }
            }
            // Retrieve the certificate profile this user should have
      final int certProfileId;
      final CertificateProfile certProfile;
      {
        final int tmpCertProfileId = data.getCertificateProfileId();
        final CertificateProfile tmpCertProfile = certificateProfileSession.getCertificateProfile(admin, tmpCertProfileId);
        // What if certProfile == null?
        if (tmpCertProfile != null) {
          certProfileId = tmpCertProfileId;
          certProfile = tmpCertProfile;
        } else {
View Full Code Here
TOP

Related Classes of org.ejbca.core.model.ca.certificateprofiles.CertificateProfile

  • org.cesecore.core.ejb.ca.store.CertificateProfileSessionBean
  • org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
  • org.ejbca.core.ejb.ca.caadmin.CAsTest
  • org.ejbca.core.ejb.ca.caadmin.CertificateProfileData
  • org.ejbca.core.ejb.ca.crl.CreateCRLSessionTest
  • org.ejbca.core.ejb.ca.sign.CustomCertSerialnumberTest
  • org.ejbca.core.ejb.ca.sign.RSASignSessionBean
  • org.ejbca.core.ejb.ca.sign.SignSessionTest
  • org.ejbca.core.ejb.ra.AddLotsofCertsPerUserTest
  • org.ejbca.core.ejb.ra.UserAdminSessionBean
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.