}
}
}
CAInfo cainfo = null;
CA ca = null;
int validity = (int) ((CertTools.getNotAfter(caSignatureCertificate).getTime() - CertTools.getNotBefore(caSignatureCertificate).getTime()) / (24 * 3600 * 1000));
ArrayList<ExtendedCAServiceInfo> extendedcaservices = new ArrayList<ExtendedCAServiceInfo>();
ArrayList<Integer> approvalsettings = new ArrayList<Integer>();
ArrayList<Integer> crlpublishers = new ArrayList<Integer>();
if (caSignatureCertificate instanceof X509Certificate) {
// Create an X509CA
// Create and active extended CA Services (OCSP, XKMS, CMS).
extendedcaservices.add(new OCSPCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE));
// Create and active XKMS CA Service.
extendedcaservices.add(new XKMSCAServiceInfo(ExtendedCAServiceInfo.STATUS_INACTIVE, "CN=XKMSCertificate, "
+ CertTools.getSubjectDN(caSignatureCertificate), "", keySpecification, keyAlgorithm));
// Create and active CMS CA Service.
extendedcaservices.add(new CmsCAServiceInfo(ExtendedCAServiceInfo.STATUS_INACTIVE, "CN=CMSCertificate, "
+ CertTools.getSubjectDN(caSignatureCertificate), "", keySpecification, keyAlgorithm));
cainfo = new X509CAInfo(CertTools.getSubjectDN(caSignatureCertificate), caname, SecConst.CA_ACTIVE, new Date(), "", certprof, validity, CertTools
.getNotAfter(caSignatureCertificate), // Expiretime
CAInfo.CATYPE_X509, signedby, certificatechain, catoken.getCATokenInfo(), description,
-1, // revocationReason
null, // revocationDate
null, // PolicyId
24 * SimpleTime.MILLISECONDS_PER_HOUR, // CRLPeriod
0 * SimpleTime.MILLISECONDS_PER_HOUR, // CRLIssuePeriod
10 * SimpleTime.MILLISECONDS_PER_HOUR, // CRLOverlapTime
0 * SimpleTime.MILLISECONDS_PER_HOUR, // DeltaCRLPeriod
crlpublishers, // CRL publishers
true, // Authority Key Identifier
false, // Authority Key Identifier Critical
true, // CRL Number
false, // CRL Number Critical
"", // Default CRL Dist Point
"", // Default CRL Issuer
"", // Default OCSP Service Locator
"", // CA defined freshest CRL
true, // Finish User
extendedcaservices, false, // use default utf8 settings
approvalsettings, // Approvals Settings
1, // Number of Req approvals
false, // Use UTF8 subject DN by default
true, // Use LDAP DN order by default
false, // Use CRL Distribution Point on CRL
false, // CRL Distribution Point on CRL critical,
true, // Include in HealthCheck
true, // isDoEnforceUniquePublicKeys
true, // isDoEnforceUniqueDistinguishedName
false, // isDoEnforceUniqueSubjectDNSerialnumber
true, // useCertReqHistory
true, // useUserStorage
true, // useCertificateStorage
null //cmpRaAuthSecret
);
ca = new X509CA((X509CAInfo) cainfo);
} else if (caSignatureCertificate.getType().equals("CVC")) {
// Create a CVC CA
// Create the CAInfo to be used for either generating the whole CA
// or making a request
cainfo = new CVCCAInfo(CertTools.getSubjectDN(caSignatureCertificate), caname, SecConst.CA_ACTIVE, new Date(), certprof, validity, CertTools
.getNotAfter(caSignatureCertificate), CAInfo.CATYPE_CVC, signedby, certificatechain, catoken.getCATokenInfo(), description, -1,
(Date) null, 24, 0, 10, 0, // CRL periods
crlpublishers, // CRL publishers
true, // Finish user
extendedcaservices, approvalsettings, // Approvals Settings
1, // Number of Req approvals
true, // Include in HealthCheck
true, // isDoEnforceUniquePublicKeys
true, // isDoEnforceUniqueDistinguishedName
false, // isDoEnforceUniqueSubjectDNSerialnumber
true, // useCertReqHistory
true, // useUserStorage
true // useCertificateStorage
);
ca = new CVCCA((CVCCAInfo) cainfo);
}
// We must activate the token, in case it does not have the default
// password
catoken.activate(keystorepass);
ca.setCAToken(catoken);
ca.setCertificateChain(certificatechain);
log.debug("CA-Info: " + catoken.getCATokenInfo().getSignatureAlgorithm() + " " + ca.getCAToken().getCATokenInfo().getEncryptionAlgorithm());
// Publish CA certificates.
publishCACertificate(admin, ca.getCertificateChain(), ca.getCRLPublishers(), ca.getSubjectDN());
// activate External CA Services
activateAndPublishExternalCAServices(admin, cainfo.getExtendedCAServiceInfos(), ca);
// Store CA in database.
entityManager.persist(new CAData(cainfo.getSubjectDN(), cainfo.getName(), SecConst.CA_ACTIVE, ca));
crlCreateSession.run(admin, ca);