Package org.ejbca.core.model.ca.caadmin

Examples of org.ejbca.core.model.ca.caadmin.CAInfo


    try {
      cas = ejb.getCaSession().getAvailableCAs(getAdmin());
      Iterator<Integer> iter = cas.iterator();
      while (iter.hasNext()) {
        int caid = ((Integer)iter.next()).intValue();
        CAInfo info = ejb.getCAAdminSession().getCAInfo(getAdmin(), caid);
        existingCas += (existingCas.length()==0?"":", ") + "\"" + info.getName() + "\"";
      }
    } catch (Exception e) {
      existingCas += "<unable to fetch available CA(s)>";
    }
    getLogger().info(" Existing CAs: " + existingCas);
View Full Code Here


   * @return the CACertChain.
   * @throws ConfigurationException if any of the CAs doesn't exist or is revoked
   */
  public static Collection<Certificate> getCACertChain(Admin admin, String cAName, boolean checkRevokation, CAAdminSession caAdminSession) throws ConfigurationException{   
    try{
      CAInfo cainfo = caAdminSession.getCAInfo(admin, cAName);
      if(cainfo == null){
        log.error("Misconfigured CA Name in RAService");
        throw new ConfigurationException("Misconfigured CA Name in RAService");
      }
     
      if(checkRevokation){
        if(cainfo.getStatus()==SecConst.CA_REVOKED){
        throw new ConfigurationException("CA " + cainfo.getName() + " Have been revoked");
        }
     
        Iterator<Certificate> iter = cainfo.getCertificateChain().iterator();
        iter.next(); // Throw away the first one.
        while(iter.hasNext()){
        X509Certificate cacert = (X509Certificate) iter.next();
        CAInfo cainfo2 = caAdminSession.getCAInfo(admin,CertTools.stringToBCDNString(cacert.getSubjectDN().toString()).hashCode());
        // This CA may be an external CA, so we don't bother if we can not find it.
        if ((cainfo2 != null) && (cainfo2.getStatus()==SecConst.CA_REVOKED) ) {
          throw new ConfigurationException("CA " + cainfo2.getName() + " Have been revoked");
        }
        }
      } 
      return cainfo.getCertificateChain();
    }catch(Exception e){
View Full Code Here

    }
    return retval;
  }

  private int getCAId(Admin admin, String cAName) throws EjbcaException {
    CAInfo info = caAdminSession.getCAInfo(admin,cAName);
    if(info == null){
      throw new EjbcaException("Error CA '" + cAName + "' doesn't exists.");
    }
    int retval = info.getCAId();
    return retval;
  }
View Full Code Here

        if (!userAdminSession.existsUser(intAdmin, TEST_ADMIN_USERNAME)) {
            UserDataVO user1 = new UserDataVO();
            user1.setUsername(TEST_ADMIN_USERNAME);
            user1.setPassword("foo123");
            user1.setDN("CN=wstest");
            CAInfo cainfo = caAdminSessionRemote.getCAInfo(intAdmin, getAdminCAName());
            assertNotNull("No CA with name "+getAdminCAName()+" was found.", cainfo);
            user1.setCAId(cainfo.getCAId());
            user1.setEmail(null);
            user1.setSubjectAltName(null);
            user1.setStatus(UserDataVOWS.STATUS_NEW);
            user1.setTokenType(SecConst.TOKEN_SOFT_JKS);
            user1.setEndEntityProfileId(SecConst.EMPTY_ENDENTITYPROFILE);
            user1.setCertificateProfileId(SecConst.CERTPROFILE_FIXED_ENDUSER);
            user1.setType(65);

            userAdminSession.addUser(intAdmin, user1, true);
            userAdded = true;

            boolean adminExists = false;
            AdminGroup admingroup = adminGroupSession.getAdminGroup(intAdmin, AdminGroup.TEMPSUPERADMINGROUP);
            Iterator<AdminEntity> iter = admingroup.getAdminEntities().iterator();
            while (iter.hasNext()) {
                AdminEntity adminEntity = iter.next();
                if (adminEntity.getMatchValue().equals(TEST_ADMIN_USERNAME)) {
                    adminExists = true;
                }
            }

            if (!adminExists) {
                List<AdminEntity> list = new ArrayList<AdminEntity>();
                list.add(new AdminEntity(AdminEntity.WITH_COMMONNAME, AdminEntity.TYPE_EQUALCASE, TEST_ADMIN_USERNAME, cainfo.getCAId()));
                adminEntitySession.addAdminEntities(intAdmin, AdminGroup.TEMPSUPERADMINGROUP, list);
                authorizationSession.forceRuleUpdate(intAdmin);
            }

        }

        if (!userAdminSession.existsUser(intAdmin, TEST_NONADMIN_USERNAME)) {
            UserDataVO user1 = new UserDataVO();
            user1.setUsername(TEST_NONADMIN_USERNAME);
            user1.setPassword("foo123");
            user1.setDN("CN=wsnonadmintest");
            CAInfo cainfo = caAdminSessionRemote.getCAInfo(intAdmin, getAdminCAName());
            user1.setCAId(cainfo.getCAId());
            user1.setEmail(null);
            user1.setSubjectAltName(null);
            user1.setStatus(UserDataVOWS.STATUS_NEW);
            user1.setTokenType(SecConst.TOKEN_SOFT_JKS);
            user1.setEndEntityProfileId(SecConst.EMPTY_ENDENTITYPROFILE);
View Full Code Here

        final UserDataVOWS ca1userData1 = getUserData(CA1_WSTESTUSER1);
        final UserDataVOWS ca1userData2 = getUserData(CA1_WSTESTUSER2);
        final UserDataVOWS ca2userData1 = getUserData(CA2_WSTESTUSER1);
        final String p10_1 = getP10();
        final String p10_2 = getP10();
        final CAInfo ca1Info = caAdminSessionRemote.getCAInfo(admin, CA1);

        // make sure same keys for different users is prevented
        ca1Info.setDoEnforceUniquePublicKeys(true);
        caAdminSessionRemote.editCA(admin, ca1Info);

        // fetching cert for new key on should be no problem
        assertNull(certreqInternal(ca1userData1, p10_1, CertificateHelper.CERT_REQ_TYPE_PKCS10));

        // fetching cert for existing key for a user that does not have a
        // certificate for this key should be impossible
        final ErrorCode errorCode = certreqInternal(ca1userData2, p10_1, CertificateHelper.CERT_REQ_TYPE_PKCS10);
        assertNotNull("error code should not be null", errorCode);
        assertEquals(org.ejbca.core.ErrorCode.CERTIFICATE_FOR_THIS_KEY_ALLREADY_EXISTS_FOR_ANOTHER_USER.getInternalErrorCode(), errorCode
                .getInternalErrorCode());

        // test that the user that was denied a cert can get a cert with another
        // key.
        assertNull(certreqInternal(ca1userData2, p10_2, CertificateHelper.CERT_REQ_TYPE_PKCS10));

        // fetching more than one cert for the same key should be possible for
        // the same user
        assertNull(certreqInternal(ca1userData1, p10_1, CertificateHelper.CERT_REQ_TYPE_PKCS10));

        // A user could get a certificate for a key already included in a
        // certificate from another user if another CA is issuing it.
        assertNull(certreqInternal(ca2userData1, p10_1, CertificateHelper.CERT_REQ_TYPE_PKCS10));

        // permit same key for different users
        ca1Info.setDoEnforceUniquePublicKeys(false);
        caAdminSessionRemote.editCA(admin, ca1Info);
        // fetching cert for existing key for a user that does not have a
        // certificate for this key is now permitted
        assertNull(certreqInternal(ca1userData2, p10_1, CertificateHelper.CERT_REQ_TYPE_PKCS10));
        // forbid same key for different users
        ca1Info.setDoEnforceUniquePublicKeys(true);
        caAdminSessionRemote.editCA(admin, ca1Info);
    }
View Full Code Here

      log.trace(">enforcementOfUniqueSubjectDN");
        final Admin admin = new Admin(Admin.TYPE_CACOMMANDLINE_USER);
        final UserDataVOWS ca1userData1 = getUserData(CA1_WSTESTUSER1);
        final UserDataVOWS ca1userData2 = getUserData(CA1_WSTESTUSER2);
        final UserDataVOWS ca2userData1 = getUserData(CA2_WSTESTUSER1);
        final CAInfo ca1Info = caAdminSessionRemote.getCAInfo(admin, CA1);
        final int iRandom = SecureRandom.getInstance("SHA1PRNG").nextInt(); // to
        // make sure a new DN is used in next test
        final String subjectDN_A = "CN=EnforcementOfUniqueSubjectDN Test A " + iRandom;
        final String subjectDN_B = "CN=EnforcementOfUniqueSubjectDN Test B " + iRandom;

        // set same DN for all users
        editUser(ca1userData1, subjectDN_A);
        editUser(ca1userData2, subjectDN_A);
        editUser(ca2userData1, subjectDN_A);

        // make sure same DN for different users is prevented
        ca1Info.setDoEnforceUniqueDistinguishedName(true);
        caAdminSessionRemote.editCA(admin, ca1Info);

        // fetching first cert for a DN should be no problem
        assertNull(certreqInternal(ca1userData1, getP10(), CertificateHelper.CERT_REQ_TYPE_PKCS10));

        // fetching another cert for the same DN for a user that does not have a
        // certificate with this DN should fail
        final ErrorCode errorCode = certreqInternal(ca1userData2, getP10(), CertificateHelper.CERT_REQ_TYPE_PKCS10);
        assertNotNull("error code should not be null", errorCode);
        assertEquals(org.ejbca.core.ErrorCode.CERTIFICATE_WITH_THIS_SUBJECTDN_ALLREADY_EXISTS_FOR_ANOTHER_USER.getInternalErrorCode(), errorCode
                .getInternalErrorCode());

        // test that the user that was denied a cert can get a cert with another
        // DN.
        editUser(ca1userData2, subjectDN_B);
        assertNull(certreqInternal(ca1userData2, getP10(), CertificateHelper.CERT_REQ_TYPE_PKCS10));
        editUser(ca1userData2, subjectDN_A);

        // fetching more than one cert with the same DN should be possible for
        // the same user
        assertNull(certreqInternal(ca1userData1, getP10(), CertificateHelper.CERT_REQ_TYPE_PKCS10));

        // A user could get a certificate for a DN used in another certificate
        // from another user if another CA is issuing it.
        assertNull(certreqInternal(ca2userData1, getP10(), CertificateHelper.CERT_REQ_TYPE_PKCS10));

        // permit same DN for different users
        ca1Info.setDoEnforceUniqueDistinguishedName(false);
        caAdminSessionRemote.editCA(admin, ca1Info);
        // fetching cert for existing DN for a user that does not have a
        // certificate with this DN is now permitted
        assertNull(certreqInternal(ca1userData2, getP10(), CertificateHelper.CERT_REQ_TYPE_PKCS10));
        // forbid same DN for different users
        ca1Info.setDoEnforceUniqueDistinguishedName(true);
        caAdminSessionRemote.editCA(admin, ca1Info);

        // set back original DN for all users
        editUser(ca1userData1, getDN(CA1_WSTESTUSER1));
        editUser(ca1userData2, getDN(CA1_WSTESTUSER2));
View Full Code Here

        // A request like this can be used to request a cross certificate
        byte[] request = ejbcaraws.caRenewCertRequest(getAdminCAName(), cachain, false, false, false, pwd);
        assertNotNull(request);
        PKCS10RequestMessage msg = RequestMessageUtils.genPKCS10RequestMessage(request);
        assertNotNull(msg);
        CAInfo info = caAdminSessionRemote.getCAInfo(intAdmin, getAdminCAName());
        assertEquals(info.getSubjectDN(), msg.getRequestDN());
        assertTrue(msg.verify());
        // System.out.println(ASN1Dump.dumpAsString(msg.getCertificationRequest()));

        /*
         * First test is to renew a CA signed by an external CA *without
         * renewing the keys*. This just creates a new certificate request,
         * without setting status to "waiting for certificate response" or
         * anything.
         */
        // Now we want to renew a DVCA signed by an external CVCA

        // Create the self signed CVCA, we do it here locally
        final KeyPair cvcakeypair = KeyTools.genKeys(keyspec, keyalg);
        CAReferenceField caRef = new CAReferenceField("SE", cvcaMnemonic, "00001");
        HolderReferenceField holderRef = new HolderReferenceField("SE", cvcaMnemonic, "00001");
        CVCertificate cvcert = CertificateGenerator.createTestCertificate(cvcakeypair.getPublic(), cvcakeypair.getPrivate(), caRef, holderRef, signalg,
                AuthorizationRoleEnum.CVCA);
        CardVerifiableCertificate cvcacert = new CardVerifiableCertificate(cvcert);

        // Create the DVCA signed by our external CVCA
        String caname = createDVCCASignedByExternal(dvcaName, dvcaMnemonic, keyspec, keyalg, signalg);
        assertNotNull("Failed to create DVC CA " + dvcaName + "Signed By External.", caname);
        assertEquals(caname, dvcaName);
        // Now test our WS API to generate a request, setting status to
        // "WAITING_FOR_CERTIFICATE_RESPONSE"
        CAInfo dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
        assertEquals(SecConst.CA_WAITING_CERTIFICATE_RESPONSE, dvinfo.getStatus());
        cachain.add(cvcacert.getEncoded());
        // Create the request with WS API
        request = ejbcaraws.caRenewCertRequest(caname, cachain, false, false, false, pwd);
        // make the mandatory junit checks...
        assertNotNull(request);
        CVCRequestMessage cvcreq = RequestMessageUtils.genCVCRequestMessage(request);
        assertNotNull(cvcreq);
        assertEquals(dvinfo.getSubjectDN(), cvcreq.getRequestDN());
        CVCObject obj = CertificateParser.parseCVCObject(request);
        // System.out.println(obj.getAsText());
        CVCertificate cert = (CVCertificate) obj;
        assertEquals(cvcacert.getCVCertificate().getCertificateBody().getAuthorityReference().getConcatenated(), cert.getCertificateBody()
                .getAuthorityReference().getConcatenated());

        // Receive the response so the DV CA is activated
        HolderReferenceField dvholderref = cert.getCertificateBody().getHolderReference();
        CVCertificate dvretcert = CertificateGenerator.createTestCertificate(cert.getCertificateBody().getPublicKey(), cvcakeypair.getPrivate(), caRef,
                dvholderref, signalg, AuthorizationRoleEnum.DV_D);
        ejbcaraws.caCertResponse(caname, dvretcert.getDEREncoded(), cachain, pwd);
        // Check that the cert was received and the CA activated
        dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
        assertEquals(SecConst.CA_ACTIVE, dvinfo.getStatus());
        Collection<java.security.cert.Certificate> dvcerts = dvinfo.getCertificateChain();
        assertEquals(2, dvcerts.size());
        CardVerifiableCertificate dvcertactive = (CardVerifiableCertificate)dvcerts.iterator().next();
        obj = CertificateParser.parseCVCObject(dvcertactive.getEncoded());
        // System.out.println(obj.getAsText());
        dvcertactive.verify(cvcakeypair.getPublic());
        // Check to see that is really the same keypair
        String pubk1 = new String(Base64.encode(dvcertactive.getPublicKey().getEncoded(), false));
        String pubk2 = new String(Base64.encode(cert.getCertificateBody().getPublicKey().getEncoded(), false));
        assertTrue(pubk1.compareTo(pubk2) == 0);
        String sequence1 = dvcertactive.getCVCertificate().getCertificateBody().getHolderReference().getSequence();

        /*
         * Second test is to renew a CA signed by an external CA *with renewing
         * the keys*, and activating them. This creates a new key pair and a
         * certificate request. Status is set to
         * "waiting for certificate response" because the new keys can not be
         * used until we have receive a certificate.
         */
        // Now we want to renew a DVCA signed by an external CVCA, generating
        // new keys
        // Create the request with WS API, cachain is our CVCA cert from
        // previously created CVCA, we use the previously created DV as well.
        pwd = "foo123";
        request = ejbcaraws.caRenewCertRequest(caname, cachain, true, false, true, pwd);
        // make the mandatory junit checks...
        assertNotNull(request);
        cvcreq = RequestMessageUtils.genCVCRequestMessage(request);
        assertNotNull(cvcreq);
        assertEquals(dvinfo.getSubjectDN(), cvcreq.getRequestDN());
        obj = CertificateParser.parseCVCObject(request);
        // System.out.println(obj.getAsText());
        // We should have created an authenticated request signed by the old
        // certificate
        CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest) obj;
        assertEquals(dvcertactive.getCVCertificate().getCertificateBody().getHolderReference().getConcatenated(), authreq.getAuthorityReference()
                .getConcatenated());
        cert = authreq.getRequest();
    // The request should be targeted for the CVCA, i.e. ca_ref in request should be the same as the CVCAs ref
        assertEquals(cvcacert.getCVCertificate().getCertificateBody().getAuthorityReference().getConcatenated(), cert.getCertificateBody()
                .getAuthorityReference().getConcatenated());
        // Now test our WS API that it has set status to "WAITING_FOR_CERTIFICATE_RESPONSE"
        dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
        assertEquals(SecConst.CA_WAITING_CERTIFICATE_RESPONSE, dvinfo.getStatus());
        assertEquals ("DV should not be available", ejbcaraws.getLastCAChain(caname).size (),0);
        // Check to see that is really is a new keypair
        pubk1 = new String(Base64.encode(dvcertactive.getPublicKey().getEncoded(), false));
        pubk2 = new String(Base64.encode(cert.getCertificateBody().getPublicKey().getEncoded(), false));
        assertTrue(pubk1.compareTo(pubk2) != 0);

        // Receive the response so the DV CA is activated
        dvholderref = cert.getCertificateBody().getHolderReference();
        dvretcert = CertificateGenerator.createTestCertificate(cert.getCertificateBody().getPublicKey(), cvcakeypair.getPrivate(), caRef, dvholderref, signalg,
                AuthorizationRoleEnum.DV_D);
        ejbcaraws.caCertResponse(caname, dvretcert.getDEREncoded(), cachain, pwd);
        // Check that the cert was received and the CA activated
        dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
        assertEquals(SecConst.CA_ACTIVE, dvinfo.getStatus());
        dvcerts = dvinfo.getCertificateChain();
        assertEquals(2, dvcerts.size());
        dvcertactive = (CardVerifiableCertificate)dvcerts.iterator().next();
        obj = CertificateParser.parseCVCObject(dvcertactive.getEncoded());
        // System.out.println(obj.getAsText());
        dvcertactive.verify(cvcakeypair.getPublic());
        String sequence2 = dvcertactive.getCVCertificate().getCertificateBody().getHolderReference().getSequence();
        int s1 = Integer.parseInt(sequence1);
        int s2 = Integer.parseInt(sequence2);
        assertEquals(s1 + 1, s2); // sequence in new certificate should be old
        // sequence + 1

        /*
         * Third test is to renew a CA signed by an external CA *with renewing
         * the keys* saying to *not* activate the key now. This creates a new
         * key pair and a certificate request, but the new key pair is not used
         * by the CA for issuing certificates. Status is not set to
         * "waiting for certificate response" because the old keys can still be
         * used until we have received a certificate and activated the new keys.
         */
        request = ejbcaraws.caRenewCertRequest(caname, cachain, true, false, false, pwd);
        // make the mandatory junit checks...
        assertNotNull(request);
        cvcreq = RequestMessageUtils.genCVCRequestMessage(request);
        assertNotNull(request);
        assertEquals(dvinfo.getSubjectDN(), cvcreq.getRequestDN());
        obj = CertificateParser.parseCVCObject(request);
        // System.out.println(obj.getAsText());
        // We should have created an authenticated request signed by the old
        // certificate
        authreq = (CVCAuthenticatedRequest) obj;
        assertEquals(dvcertactive.getCVCertificate().getCertificateBody().getHolderReference().getConcatenated(), authreq.getAuthorityReference()
                .getConcatenated());
        cert = authreq.getRequest();
        assertEquals(cvcacert.getCVCertificate().getCertificateBody().getAuthorityReference().getConcatenated(), cert.getCertificateBody()
                .getAuthorityReference().getConcatenated());
        String sequence3 = cert.getCertificateBody().getHolderReference().getSequence();
        int s3 = Integer.parseInt(sequence3);
        assertEquals(s2 + 1, s3); // sequence in new certificate request should
        // be old certificate sequence + 1
        // status should not be "WAITING_FOR_CERTIFICATE_RESPONSE"
        dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
        assertEquals(SecConst.CA_ACTIVE, dvinfo.getStatus());
        // Check to see that is really is a new keypair
        dvcerts = dvinfo.getCertificateChain();
        assertEquals(2, dvcerts.size());
        dvcertactive = (CardVerifiableCertificate)dvcerts.iterator().next();
        String sequence4 = dvcertactive.getCVCertificate().getCertificateBody().getHolderReference().getSequence();
        assertEquals(sequence2, sequence4);
        PublicKey oldPublicKey = dvcertactive.getPublicKey();
        PublicKey newPublicKey = cert.getCertificateBody().getPublicKey();
        pubk1 = new String(Base64.encode(oldPublicKey.getEncoded(), false));
        pubk2 = new String(Base64.encode(newPublicKey.getEncoded(), false));
        assertTrue(pubk1.compareTo(pubk2) != 0);

        // Try to issue an IS certificate, it should be issued using the OLD
        // private key
        // Simple self signed request
        KeyPair keyPair = KeyTools.genKeys(keyspec, keyalg);
        CVCertificate isrequest = CertificateGenerator.createRequest(keyPair, signalg, caRef, holderRef);
        // Edit our favorite test user
        UserDataVOWS user1 = new UserDataVOWS();
        user1.setUsername("WSTESTUSER1");
        user1.setPassword("foo123");
        user1.setClearPwd(true);
        user1.setSubjectDN("CN=Test,C=SE");
        user1.setCaName(caname);
        user1.setStatus(UserDataConstants.STATUS_NEW);
        user1.setTokenType("USERGENERATED");
        user1.setEndEntityProfileName("EMPTY");
        user1.setCertificateProfileName("ENDUSER");
        // editUser and set status to new
        ejbcaraws.editUser(user1);
        List<Certificate> certenv = ejbcaraws.cvcRequest(user1.getUsername(), user1.getPassword(), new String(Base64.encode(isrequest.getDEREncoded())));
        assertNotNull(certenv);
        Certificate wscert = certenv.get(0);
        byte[] b64cert = wscert.getCertificateData();
        java.security.cert.Certificate iscert = CertTools.getCertfromByteArray(Base64.decode(b64cert));
        obj = CertificateParser.parseCVCObject(Base64.decode(b64cert));
        CVCertificate iscvc = (CVCertificate) obj;
        assertEquals("Test", iscvc.getCertificateBody().getHolderReference().getMnemonic());
        // It must verify using the DVCAs old public key
        PublicKey pk = KeyTools.getECPublicKeyWithParams(oldPublicKey, cvcacert.getPublicKey());
        iscert.verify(pk);
        boolean thrown = false;
        try {
            // it must not be possible to verify this with the new public key
            pk = KeyTools.getECPublicKeyWithParams(newPublicKey, cvcacert.getPublicKey());
            iscert.verify(pk);
        } catch (SignatureException e) {
            thrown = true;
        }
        assertTrue(thrown);

        // Receive the CA certificate response so the DV CA's new key is
        // activated
        dvholderref = cert.getCertificateBody().getHolderReference();
        dvretcert = CertificateGenerator.createTestCertificate(cert.getCertificateBody().getPublicKey(), cvcakeypair.getPrivate(), caRef, dvholderref, signalg,
                AuthorizationRoleEnum.DV_D);
        // Here we want to activate the new key pair
        // System.out.println(dvretcert.getAsText());
        ejbcaraws.caCertResponse(caname, dvretcert.getDEREncoded(), cachain, pwd);
        // Check that the cert was received and the CA activated
        dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
        assertEquals(SecConst.CA_ACTIVE, dvinfo.getStatus());
        dvcerts = dvinfo.getCertificateChain();
        assertEquals(2, dvcerts.size());
        dvcertactive = (CardVerifiableCertificate) dvcerts.iterator().next();
        obj = CertificateParser.parseCVCObject(dvcertactive.getEncoded());
        // System.out.println(obj.getAsText());
        dvcertactive.verify(cvcakeypair.getPublic());
View Full Code Here

        byte[] request = ejbcaraws.caRenewCertRequest(caname, new ArrayList<byte[]>(), false, false, false, null);
        // make the mandatory junit checks...
        assertNotNull(request);
        CVCRequestMessage cvcreq = RequestMessageUtils.genCVCRequestMessage(request);
        assertNotNull(cvcreq);
        CAInfo dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
        assertEquals(dvinfo.getSubjectDN(), cvcreq.getRequestDN());
        CVCObject obj = CertificateParser.parseCVCObject(request);
        //System.out.println(obj.getAsText());
        // We should have created an authenticated request signed by the old certificate
    CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest)obj;
    CVCertificate cert = authreq.getRequest();
View Full Code Here

    }

    protected void cleanUpAdmins() throws Exception {
        if (userAdminSession.existsUser(intAdmin, TEST_ADMIN_USERNAME)) {
            // Remove from admin group
            CAInfo cainfo = caAdminSessionRemote.getCAInfo(intAdmin, getAdminCAName());
            AdminGroup admingroup = adminGroupSession.getAdminGroup(intAdmin, AdminGroup.TEMPSUPERADMINGROUP);
            Iterator<AdminEntity> iter = admingroup.getAdminEntities().iterator();
            while (iter.hasNext()) {
                AdminEntity adminEntity = iter.next();
                if (adminEntity.getMatchValue().equals(TEST_ADMIN_USERNAME)) {
                    ArrayList<AdminEntity> list = new ArrayList<AdminEntity>();
                    list.add(new AdminEntity(AdminEntity.WITH_COMMONNAME, AdminEntity.TYPE_EQUALCASE, TEST_ADMIN_USERNAME, cainfo.getCAId()));
                    adminEntitySession.removeAdminEntities(intAdmin, AdminGroup.TEMPSUPERADMINGROUP, list);
                    authorizationSession.forceRuleUpdate(intAdmin);
                }
            }
            // Remove user
View Full Code Here

                    true // useCertificateStorage
            );

            caAdminSessionRemote.createCA(intAdmin, cvccainfo);

            CAInfo info = caAdminSessionRemote.getCAInfo(intAdmin, rootcaname);
            cvcaid = info.getCAId();
            assertEquals(CAInfo.CATYPE_CVC, info.getCAType());
            Collection<java.security.cert.Certificate> col = info.getCertificateChain();
            assertEquals(1, col.size());
            Iterator<java.security.cert.Certificate> iter = col.iterator();
            cvcacert = iter.next();
        } catch (CAExistsException pee) {
            pee.printStackTrace();
        }

        try {

            CVCCAInfo cvcdvinfo = new CVCCAInfo(subcadn, subcaname, SecConst.CA_ACTIVE, new Date(), SecConst.CERTPROFILE_FIXED_SUBCA, 3650, null, // Expiretime
                    CAInfo.CATYPE_CVC, cvcaid, null, catokeninfo, "JUnit WS CVC DV CA", -1, null, 24, // CRLPeriod
                    0, // CRLIssueInterval
                    10, // CRLOverlapTime
                    10, // Delta CRL period
                    new ArrayList(), // CRL publishers
                    true, // Finish User
                    extendedcaservices, new ArrayList(), // Approvals Settings
                    1, // Number of Req approvals
                    true, // Include in health check
                    true, // isDoEnforceUniquePublicKeys
                    true, // isDoEnforceUniqueDistinguishedName
                    false, // isDoEnforceUniqueSubjectDNSerialnumber
                    true, // useCertReqHistory
                    true, // useUserStorage
                    true // useCertificateStorage
            );

            caAdminSessionRemote.createCA(intAdmin, cvcdvinfo);

            CAInfo info = caAdminSessionRemote.getCAInfo(intAdmin, subcaname);
            assertEquals(CAInfo.CATYPE_CVC, info.getCAType());
            Collection<java.security.cert.Certificate> col = info.getCertificateChain();
            assertEquals(2, col.size());
            Iterator<java.security.cert.Certificate> iter = col.iterator();
            java.security.cert.Certificate dvcacert = iter.next();
            dvcacert.verify(cvcacert.getPublicKey());
        } catch (CAExistsException pee) {
View Full Code Here

TOP

Related Classes of org.ejbca.core.model.ca.caadmin.CAInfo

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.