Examples of org.ejbca.core.model.ca.caadmin.CAInfo

• org.ejbca.core.model.ca.caadmin.CAInfo
  Holds nonsensitive information about a CA. @version $Id: CAInfo.java 11009 2010-12-29 15:20:37Z jeklund $

      }
    }
   }

 public void renewAndRevokeCmsCertificate(int caid) throws CATokenOfflineException, CADoesntExistsException, UnsupportedEncodingException, IllegalKeyStoreException, AuthorizationDeniedException{
     CAInfo cainfo = caadminsession.getCAInfo(administrator, caid);
    Iterator<ExtendedCAServiceInfo> iter = cainfo.getExtendedCAServiceInfos().iterator();
    while(iter.hasNext()){
      ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter.next();
      if(next instanceof CmsCAServiceInfo){
        List cmscerts = ((CmsCAServiceInfo) next).getCertificatePath();
        if (cmscerts != null) {
            X509Certificate cmscert = (X509Certificate)cmscerts.get(0);
          certificatesession.revokeCertificate(administrator,cmscert, cainfo.getCRLPublishers(), RevokedCertInfo.REVOCATION_REASON_UNSPECIFIED, cainfo.getSubjectDN());
        }
        caadminsession.initExternalCAService(administrator, caid, next);
      }
    }
   }

      String caname = req.getParameter(HIDDEN_CANAME);
      String capassword = req.getParameter(TEXTFIELD_EXPORTCA_PASSWORD);
      log.info("Got request from "+req.getRemoteAddr()+" to export "+caname);
      try{
        byte[] keystorebytes = null;
          CAInfo cainfo = caAdminSession.getCAInfo(ejbcawebbean.getAdminObject(), caname);
          String ext = "p12"; // Default for X.509 CAs
          if (cainfo.getCAType() == CAInfo.CATYPE_CVC) {
            ext = "pkcs8";
          }
      keystorebytes = caAdminSession.exportCAKeyStore(ejbcawebbean.getAdminObject(), caname, capassword, capassword, "SignatureKeyAlias", "EncryptionKeyAlias");
            ServletUtils.removeCacheHeaders(res);  // We must remove cache headers for IE
          res.setContentType("application/octet-stream");

  /** Updates the IncludeInChealthCheck flag in the database for the CA
   */
  public CAInfo updateMonitored(int caid, boolean monitored) throws Exception {
    CAInfoView cv = caBean.getCAInfo(caid);
    if (cv != null) {
      CAInfo cainfo = cv.getCAInfo();
      cainfo.setIncludeInHealthCheck(monitored);
      cadatahandler.editCA(cainfo);
      return cainfo;
    } else {
      log.debug("No CA with id: "+caid);
    }

          wrapper.setCAActivationMessage("");
        }
        // Update the monitored flag in the DB if it changed
        CAInfoView cv = caBean.getCAInfo(wrapper.getID());
        if (cv != null) {
          CAInfo cainfo = cv.getCAInfo();
          if (wrapper.getMonitored() != cainfo.getIncludeInHealthCheck()) {
            wrapper.updateMonitored();
          }
        } else {
          log.debug("No CA with id: "+wrapper.getID());
        }

       this.adminGroupSession.init(admin, dn.hashCode(), DEFAULT_SUPERADMIN_CN);
    } catch (AdminGroupExistsException e) {
      log.error("",e);
    }
    // Search for requested CA
    CAInfo caInfo = this.caAdminSessionRemote.getCAInfo(admin, caName);
    if (caInfo != null) {
      return true;
    }
    // Create request CA, if necessary
        SoftCATokenInfo catokeninfo = new SoftCATokenInfo();
        catokeninfo.setSignKeySpec(""+keyStrength);
        catokeninfo.setEncKeySpec(""+keyStrength);
        catokeninfo.setSignKeyAlgorithm(AlgorithmConstants.KEYALGORITHM_RSA);
        catokeninfo.setEncKeyAlgorithm(AlgorithmConstants.KEYALGORITHM_RSA);
        catokeninfo.setSignatureAlgorithm(AlgorithmConstants.SIGALG_SHA1_WITH_RSA);
        catokeninfo.setEncryptionAlgorithm(AlgorithmConstants.SIGALG_SHA1_WITH_RSA);
        // Create and active OSCP CA Service.
        ArrayList extendedcaservices = new ArrayList();
        extendedcaservices.add(new OCSPCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE));
        extendedcaservices.add(new XKMSCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE,
                "CN=XKMSCertificate, " + dn,
                "",
                ""+keyStrength,
                AlgorithmConstants.KEYALGORITHM_RSA));
        /*
        extendedcaservices.add(new CmsCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE,
            "CN=CMSCertificate, " + dn,
            "",
            ""+keyStrength,
                AlgorithmConstants.KEYALGORITHM_RSA));
        */
        X509CAInfo cainfo = new X509CAInfo(dn,
                caName, SecConst.CA_ACTIVE, new Date(),
                "", signedBy==CAInfo.SELFSIGNED ? SecConst.CERTPROFILE_FIXED_ROOTCA : SecConst.CERTPROFILE_FIXED_SUBCA,
                3650,
                null, // Expiretime
                CAInfo.CATYPE_X509,
                signedBy,
                certificateChain,
                catokeninfo,
                "JUnit RSA CA",
                -1, null,
                null, // PolicyId
                24, // CRLPeriod
                0, // CRLIssueInterval
                10, // CRLOverlapTime
                10, // Delta CRL period
                new ArrayList(),
                true, // Authority Key Identifier
                false, // Authority Key Identifier Critical
                true, // CRL Number
                false, // CRL Number Critical
                null, // defaultcrldistpoint
                null, // defaultcrlissuer
                null, // defaultocsplocator
                null, // defaultfreshestcrl
                true, // Finish User
                extendedcaservices,
                false, // use default utf8 settings
                new ArrayList(), // Approvals Settings
                1, // Number of Req approvals
                false, // Use UTF8 subject DN by default
            true, // Use LDAP DN order by default
            false, // Use CRL Distribution Point on CRL
            false,  // CRL Distribution Point on CRL critical
            true,
                true, // isDoEnforceUniquePublicKeys
                true, // isDoEnforceUniqueDistinguishedName
                false, // isDoEnforceUniqueSubjectDNSerialnumber
                true, // useCertReqHistory
                true, // useUserStorage
                true, // useCertificateStorage
                null // cmpRaAuthSecret
            );

        try {
          this.caAdminSessionRemote.createCA(admin, cainfo);
    } catch (Exception e) {
      log.error("", e);
      return false;
    }
        final CAInfo info = this.caAdminSessionRemote.getCAInfo(admin, caName);
    final String normalizedDN = CertTools.stringToBCDNString(dn);
        final X509Certificate cert = (X509Certificate) info.getCertificateChain().iterator().next();
        final String normalizedCertDN = CertTools.stringToBCDNString(cert.getSubjectDN().toString());
        if ( !normalizedCertDN.equals(normalizedDN) ) {
          log.error("CA certificate DN is not what it should. Is '"+normalizedDN+"'. Should be '"+normalizedCertDN+"'.");
      return false;
        }
        if (!info.getSubjectDN().equals(normalizedCertDN)) {
          log.error("Creating CA failed!");
      return false;
        }
        if ( this.certificateStoreSession.findCertificateByFingerprint(admin, CertTools.getFingerprintAsString(cert)) == null) {
          log.error("CA certificate not available in database!!");

     * @return the CA certificate
     */
    public Certificate getTestCACert(String caName) {
        Certificate cacert = null;
        Admin admin = new Admin(Admin.TYPE_CACOMMANDLINE_USER);
        CAInfo cainfo = caAdminSessionRemote.getCAInfo(admin, getTestCAId(caName));
        Collection certs = cainfo.getCertificateChain();
        if (certs.size() > 0) {
            Iterator certiter = certs.iterator();
            cacert = (X509Certificate) certiter.next();
        } else {
            log.error("NO CACERT for caid " + getTestCAId(caName));

     */
    public boolean removeTestCA(String caName) {
        // Search for requested CA
        Admin admin = new Admin(Admin.TYPE_CACOMMANDLINE_USER);
        try {
            final CAInfo caInfo = this.caAdminSessionRemote.getCAInfo(admin, caName);
            if (caInfo == null) {
                return true;
            }
            this.caSession.removeCA(admin, caInfo.getCAId());
        } catch (Exception e) {
            log.error("", e);
            return false;
        }
        return true;

                SecConst.EMPTY_ENDENTITYPROFILE, SecConst.CERTPROFILE_FIXED_ENDUSER, SecConst.USER_ENDUSER, SecConst.TOKEN_SOFT_P12, 0, caid);
        assertTrue("User " + thisusername + " was not added to the database.", userAdminSession.existsUser(admin, thisusername));
        usernames.add(thisusername);

        // Set the CA to enforce unique subjectDN serialnumber
        CAInfo cainfo = caSession.getCA(admin, caid).getCAInfo();
        boolean requiredUniqueSerialnumber = cainfo.isDoEnforceUniqueSubjectDNSerialnumber();
        cainfo.setDoEnforceUniqueSubjectDNSerialnumber(true);
        caAdminSession.editCA(admin, cainfo);

        // Add another user with the same serialnumber
        thisusername = genRandomUserName();
        try {
            userAdminSession.addUser(admin, thisusername, pwd, "C=SE, CN=" + thisusername + ", SN=" + serialnumber, "rfc822name=" + email, email, false,
                    SecConst.EMPTY_ENDENTITYPROFILE, SecConst.CERTPROFILE_FIXED_ENDUSER, SecConst.USER_ENDUSER, SecConst.TOKEN_SOFT_P12, 0, caid);
            usernames.add(thisusername);
        } catch (EjbcaException e) {
            assertEquals(ErrorCode.SUBJECTDN_SERIALNUMBER_ALREADY_EXISTS, e.getErrorCode());
        }
        assertFalse(userAdminSession.existsUser(admin, thisusername));

        // Set the CA to NOT enforcing unique subjectDN serialnumber
        cainfo.setDoEnforceUniqueSubjectDNSerialnumber(false);
        caAdminSession.editCA(admin, cainfo);
        userAdminSession.addUser(admin, thisusername, pwd, "C=SE, CN=" + thisusername + ", SN=" + serialnumber, "rfc822name=" + email, email, false,
                SecConst.EMPTY_ENDENTITYPROFILE, SecConst.CERTPROFILE_FIXED_ENDUSER, SecConst.USER_ENDUSER, SecConst.TOKEN_SOFT_P12, 0, caid);
        assertTrue(userAdminSession.existsUser(admin, thisusername));
        usernames.add(thisusername);

        // Set the CA back to its original settings of enforcing unique
        // subjectDN serialnumber.
        cainfo.setDoEnforceUniqueSubjectDNSerialnumber(requiredUniqueSerialnumber);
        caAdminSession.editCA(admin, cainfo);

        log.trace("<test02AddUserWithUniqueDNSerialnumber()");
    }

        } else {
            thisusername = username;
        }
        String email = thisusername + username + "@anatomanatom.se";

        CAInfo cainfo = caSession.getCA(admin, caid).getCAInfo();
        boolean requiredUniqueSerialnumber = cainfo.isDoEnforceUniqueSubjectDNSerialnumber();

        // Set the CA to enforce unique serialnumber
        cainfo.setDoEnforceUniqueSubjectDNSerialnumber(true);
        caAdminSession.editCA(admin, cainfo);
        try {
            userAdminSession.changeUser(admin, thisusername, pwd, "C=SE, CN=" + thisusername + ", SN=" + serialnumber, "rfc822name=" + email, email, false,
                    SecConst.EMPTY_ENDENTITYPROFILE, SecConst.CERTPROFILE_FIXED_ENDUSER, SecConst.USER_ENDUSER, SecConst.TOKEN_SOFT_P12, 0,
                    UserDataConstants.STATUS_NEW, caid);
        } catch (EjbcaException e) {
            assertEquals(ErrorCode.SUBJECTDN_SERIALNUMBER_ALREADY_EXISTS, e.getErrorCode());
        }
        assertTrue("The user '" + thisusername + "' was changed eventhough the serialnumber already exists.", userAdminSession.findUserByEmail(admin, email)
                .size() == 0);

        // Set the CA to NOT enforcing unique subjectDN serialnumber
        cainfo.setDoEnforceUniqueSubjectDNSerialnumber(false);
        caAdminSession.editCA(admin, cainfo);
        userAdminSession.changeUser(admin, thisusername, pwd, "C=SE, CN=" + thisusername + ", SN=" + serialnumber, "rfc822name=" + email, email, false,
                SecConst.EMPTY_ENDENTITYPROFILE, SecConst.CERTPROFILE_FIXED_ENDUSER, SecConst.USER_ENDUSER, SecConst.TOKEN_SOFT_P12, 0,
                UserDataConstants.STATUS_NEW, caid);
        assertTrue("The user '" + thisusername + "' was not changed even though unique serialnumber is not enforced", userAdminSession.findUserByEmail(admin,
                email).size() > 0);

        // Set the CA back to its original settings of enforcing unique
        // subjectDN serialnumber.
        cainfo.setDoEnforceUniqueSubjectDNSerialnumber(requiredUniqueSerialnumber);
        caAdminSession.editCA(admin, cainfo);

        log.trace("<test03ChangeUserWithUniqueDNSerialnumber()");
    }

    super(name);

    CryptoProviderTools.installBCProvider();

    assertTrue("Could not create TestCA.", createTestCA());
    CAInfo inforsa = caAdminSession.getCAInfo(admin, "TEST");
    assertTrue("No active RSA CA! Must have at least one active CA to run tests!", inforsa != null);
    rsacaid = inforsa.getCAId();
  }