Package org.ejbca.core.model.ca.certificateprofiles

Examples of org.ejbca.core.model.ca.certificateprofiles.EndUserCertificateProfile


        }
        CertificateProfile returnval = null;
        if (id < SecConst.FIXED_CERTIFICATEPROFILE_BOUNDRY) {
            switch (id) {
            case SecConst.CERTPROFILE_FIXED_ENDUSER:
                returnval = new EndUserCertificateProfile();
                break;
            case SecConst.CERTPROFILE_FIXED_SUBCA:
                returnval = new CACertificateProfile();
                break;
            case SecConst.CERTPROFILE_FIXED_ROOTCA:
                returnval = new RootCACertificateProfile();
                break;
            case SecConst.CERTPROFILE_FIXED_OCSPSIGNER:
                returnval = new OCSPSignerCertificateProfile();
                break;
            case SecConst.CERTPROFILE_FIXED_SERVER:
                returnval = new ServerCertificateProfile();
                break;
            case SecConst.CERTPROFILE_FIXED_HARDTOKENAUTH:
                returnval = new HardTokenAuthCertificateProfile();
                break;
            case SecConst.CERTPROFILE_FIXED_HARDTOKENAUTHENC:
                returnval = new HardTokenAuthEncCertificateProfile();
                break;
            case SecConst.CERTPROFILE_FIXED_HARDTOKENENC:
                returnval = new HardTokenEncCertificateProfile();
                break;
            case SecConst.CERTPROFILE_FIXED_HARDTOKENSIGN:
                returnval = new HardTokenSignCertificateProfile();
                break;
            default:
                returnval = new EndUserCertificateProfile();
            }
        } else {
        // We need to clone the profile, otherwise the cache contents will be modifyable from the outside
          final CertificateProfile cprofile = profileCache.getProfileCache(entityManager).get(Integer.valueOf(id));
        try {
View Full Code Here


      X509Certificate cacert = CertTools.genSelfCertForPurpose("CN=dummy2", 100, null, keys.getPrivate(), keys.getPublic(),
          AlgorithmConstants.SIGALG_SHA1_WITH_RSA, true, X509KeyUsage.cRLSign|X509KeyUsage.keyCertSign);

      UserDataVO subject = new UserDataVO();

      final CertificateProfile cp = new EndUserCertificateProfile();
      cp.setValidity(encodedValidity);
      cp.setAllowValidityOverride(false);
   
      // First see that when we don't have a specified time requested and validity override is not allowed, the end time shouldbe ruled by the certificate profile.
     
      CertificateValidity cv = new CertificateValidity(subject, cp, null, null, cacert, false);
      Date notBefore = cv.getNotBefore();
      Date notAfter = cv.getNotAfter();
      Date now = new Date();
        Calendar cal1 = Calendar.getInstance();
        cal1.add(Calendar.DAY_OF_MONTH, 49);
        Calendar cal2 = Calendar.getInstance();
        cal2.add(Calendar.DAY_OF_MONTH, 51);
      assertTrue(notBefore.before(now));
      assertTrue(notAfter.after(cal1.getTime()));
      assertTrue(notAfter.before(cal2.getTime()));
     
      // See that a requested validity does not affect it
        Calendar requestNotBefore = Calendar.getInstance();
        requestNotBefore.add(Calendar.DAY_OF_MONTH, 2);
        Calendar requestNotAfter = Calendar.getInstance();
        requestNotAfter.add(Calendar.DAY_OF_MONTH, 25);
        cv = new CertificateValidity(subject, cp, requestNotBefore.getTime(), requestNotAfter.getTime(), cacert, false);
      notBefore = cv.getNotBefore();
      notAfter = cv.getNotAfter();
      assertTrue(notBefore.before(now));
      assertTrue(notAfter.after(cal1.getTime()));
      assertTrue(notAfter.before(cal2.getTime()));
     
      // Add extended information for the user and see that it does not affect it either
      ExtendedInformation ei = new ExtendedInformation();
      ei.setCustomData(EndEntityProfile.STARTTIME, "10:0:0");
      ei.setCustomData(EndEntityProfile.ENDTIME, "30:0:0");
      subject.setExtendedinformation(ei);
        cv = new CertificateValidity(subject, cp, requestNotBefore.getTime(), requestNotAfter.getTime(), cacert, false);
      notBefore = cv.getNotBefore();
      notAfter = cv.getNotAfter();
      assertTrue(notBefore.before(now));
      assertTrue(notAfter.after(cal1.getTime()));
      assertTrue(notAfter.before(cal2.getTime()));
     
      // Now allow validity override
      cp.setAllowValidityOverride(true);
     
      // Now we should get what's in the UserDataVO extended information
        cv = new CertificateValidity(subject, cp, requestNotBefore.getTime(), requestNotAfter.getTime(), cacert, false);
      notBefore = cv.getNotBefore();
      notAfter = cv.getNotAfter();
        cal1 = Calendar.getInstance();
        cal1.add(Calendar.DAY_OF_MONTH, 9);
        cal2 = Calendar.getInstance();
        cal2.add(Calendar.DAY_OF_MONTH, 11);
      assertTrue(notBefore.after(cal1.getTime()));
      assertTrue(notBefore.before(cal2.getTime()));
        cal1 = Calendar.getInstance();
        cal1.add(Calendar.DAY_OF_MONTH, 29);
        cal2 = Calendar.getInstance();
        cal2.add(Calendar.DAY_OF_MONTH, 31);
      assertTrue(notAfter.after(cal1.getTime()));
      assertTrue(notAfter.before(cal2.getTime()));
     
      // Remove extended information from UserDataVO and we should get what we pass as parameters to CertificateValidity
      subject.setExtendedinformation(null);
        cv = new CertificateValidity(subject, cp, requestNotBefore.getTime(), requestNotAfter.getTime(), cacert, false);
      notBefore = cv.getNotBefore();
      notAfter = cv.getNotAfter();
        cal1 = Calendar.getInstance();
        cal1.add(Calendar.DAY_OF_MONTH, 1);
        cal2 = Calendar.getInstance();
        cal2.add(Calendar.DAY_OF_MONTH, 3);
      assertTrue(notBefore.after(cal1.getTime()));
      assertTrue(notBefore.before(cal2.getTime()));
        cal1 = Calendar.getInstance();
        cal1.add(Calendar.DAY_OF_MONTH, 23);
        cal2 = Calendar.getInstance();
        cal2.add(Calendar.DAY_OF_MONTH, 26);
      assertTrue(notAfter.after(cal1.getTime()));
      assertTrue(notAfter.before(cal2.getTime()));
     
      // Check that we can not supersede the certificate profile end time
        requestNotAfter = Calendar.getInstance();
        requestNotAfter.add(Calendar.DAY_OF_MONTH, 200);
        cv = new CertificateValidity(subject, cp, requestNotBefore.getTime(), requestNotAfter.getTime(), cacert, false);
      notBefore = cv.getNotBefore();
      notAfter = cv.getNotAfter();
        cal1 = Calendar.getInstance();
        cal2 = Calendar.getInstance();
        // This will be counted in number of days since notBefore, and notBefore here is taken from requestNotBefore which is two,
        // so we have to add 2 to certificate profile validity to get the resulting notAfter but not if certificate end is an
        // absolute end date.
        if ( encodedValidity > Integer.MAX_VALUE) {
            cal1.add(Calendar.DAY_OF_MONTH, 49);
            cal2.add(Calendar.DAY_OF_MONTH, 51);
        } else {
            cal1.add(Calendar.DAY_OF_MONTH, 51);
            cal2.add(Calendar.DAY_OF_MONTH, 53);           
        }
      assertTrue(notAfter.after(cal1.getTime()));
      assertTrue(notAfter.before(cal2.getTime()));

      // Check that we can not supersede the CA end time
      cp.setValidity(400);
        cv = new CertificateValidity(subject, cp, requestNotBefore.getTime(), requestNotAfter.getTime(), cacert, false);
      notBefore = cv.getNotBefore();
      notAfter = cv.getNotAfter();
        // This will be the CA certificate's notAfter
        cal1 = Calendar.getInstance();
View Full Code Here

            case CertificateProfile.TYPE_SUBCA:
                returnval = new CACertificateProfile();
                break;
            case CertificateProfile.TYPE_ENDENTITY:
            default :
                returnval = new EndUserCertificateProfile();
        }
        final HashMap data = getData();
        // If CertificateProfile-data is upgraded we want to save the new data, so we must get the old version before loading the data
        // and perhaps upgrading
        final float oldversion = ((Float) data.get(UpgradeableDataHashMap.VERSION)).floatValue();
View Full Code Here

    public CrmfRARequestTest(String arg0) throws CertificateEncodingException, CertificateException {
        super(arg0);

        admin = new Admin(Admin.TYPE_BATCHCOMMANDLINE_USER);
        // Configure CMP for this test, we allow custom certificate serial numbers
      CertificateProfile profile = new EndUserCertificateProfile();
      //profile.setAllowCertSerialNumberOverride(true);
      try {
        certProfileSession.addCertificateProfile(admin, "CMPTESTPROFILE", profile);
    } catch (CertificateProfileExistsException e) {
      log.error("Could not create certificate profile.", e);
View Full Code Here

        globalConfigurationSession.saveGlobalConfigurationRemote(intAdmin, gc);
        if (certificateProfileSession.getCertificateProfileId(intAdmin, "WSTESTPROFILE") != 0) {
            certificateProfileSession.removeCertificateProfile(intAdmin, "WSTESTPROFILE");
        }

        CertificateProfile profile = new EndUserCertificateProfile();
        profile.setAllowValidityOverride(true);
        certificateProfileSession.addCertificateProfile(intAdmin, "WSTESTPROFILE", profile);

        // first a simple test
        UserDataVOWS tokenUser1 = new UserDataVOWS();
        tokenUser1.setUsername("WSTESTTOKENUSER1");
View Full Code Here

    public void test00SetupDatabase() throws Exception {
        Admin administrator = new Admin(Admin.TYPE_RA_USER);

        // Setup with two new Certificate profiles.
        EndUserCertificateProfile profile1 = new EndUserCertificateProfile();
        profile1.setKeyUsage(CertificateProfile.DIGITALSIGNATURE, false);
        profile1.setKeyUsage(CertificateProfile.KEYENCIPHERMENT, false);
        profile1.setKeyUsage(CertificateProfile.NONREPUDIATION, true);

        EndUserCertificateProfile profile2 = new EndUserCertificateProfile();
        profile2.setKeyUsage(CertificateProfile.DATAENCIPHERMENT, true);

        try {
            certificateProfileSession.addCertificateProfile(administrator, "XKMSTESTSIGN", profile1);
        } catch (CertificateProfileExistsException e) {
            log.info("Certificateprofile XKMSTESTSIGN already exists.");
View Full Code Here

    updatePropertyOnServer(CmpConfiguration.CONFIG_RA_ENDENTITYPROFILE, "KeyId");
    updatePropertyOnServer(CmpConfiguration.CONFIG_RACANAME, cainfo.getName());
    updatePropertyOnServer(CmpConfiguration.CONFIG_CERTREQHANDLER_CLASS, UnidFnrHandler.class.getName());
    // Configure a Certificate profile (CmpRA) using ENDUSER as template
    if (this.certificateProfileSession.getCertificateProfile(this.admin, CPNAME) == null) {
      final CertificateProfile cp = new EndUserCertificateProfile();
      try { // TODO: Fix this better
        this.certificateProfileSession.addCertificateProfile(this.admin, CPNAME, cp);
      } catch (CertificateProfileExistsException e) {
        log.error("Certificate profile exists: ", e);
      }
View Full Code Here

        updatePropertyOnServer(CmpConfiguration.CONFIG_RA_AUTHENTICATIONSECRET, "password");
        updatePropertyOnServer(CmpConfiguration.CONFIG_RA_CERTIFICATEPROFILE, CPNAME);
        updatePropertyOnServer(CmpConfiguration.CONFIG_RA_ENDENTITYPROFILE, EEPNAME);
        // Configure a Certificate profile (CmpRA) using ENDUSER as template and check "Allow validity override".
        if (certificateProfileSession.getCertificateProfile(admin, CPNAME) == null) {
            CertificateProfile cp = new EndUserCertificateProfile();
            cp.setAllowValidityOverride(true);
            try // TODO: Fix this better
        certificateProfileSession.addCertificateProfile(admin, CPNAME, cp);
      } catch (CertificateProfileExistsException e) {
        e.printStackTrace();
      }
View Full Code Here

    public CrmfRARequestCustomSerialNoTest(String arg0) throws CertificateEncodingException, CertificateException {
        super(arg0);

        admin = new Admin(Admin.TYPE_BATCHCOMMANDLINE_USER);
        // Configure CMP for this test, we allow custom certificate serial numbers
      CertificateProfile profile = new EndUserCertificateProfile();
      //profile.setAllowCertSerialNumberOverride(true);
      try {
        certProfileSession.addCertificateProfile(admin, "CMPTESTPROFILE", profile);
    } catch (CertificateProfileExistsException e) {
      log.error("Could not create certificate profile.", e);
View Full Code Here

    if (certificateProfileSession.getCertificateProfileId(intAdmin, "WSTESTPROFILE") != 0) {
      certificateProfileSession.removeCertificateProfile(intAdmin, "WSTESTPROFILE");
    }

    CertificateProfile profile = new EndUserCertificateProfile();
    profile.setAllowCertSerialNumberOverride(true);
    certificateProfileSession.addCertificateProfile(intAdmin, "WSTESTPROFILE", profile);

    //Creating certificate for user: wsfoo
    UserDataVOWS user = new UserDataVOWS("wsfoo", "foo123", true, "C=SE, CN=wsfoo",
        getAdminCAName(), null, "foo@anatom.se", UserDataVOWS.STATUS_NEW,
View Full Code Here

TOP

Related Classes of org.ejbca.core.model.ca.certificateprofiles.EndUserCertificateProfile

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.