Examples of org.ejbca.core.model.ca.caadmin.X509CA

• org.ejbca.core.model.ca.caadmin.X509CA
  X509CA is a implementation of a CA and holds data specific for Certificate and CRL generation according to the X509 standard. @version $Id: X509CA.java 11112 2011-01-09 16:17:33Z anatom $

            // If CA-data is upgraded we want to save the new data, so we must get the old version before loading the data
            // and perhaps upgrading
            final float oldversion = ((Float) data.get(UpgradeableDataHashMap.VERSION)).floatValue();
            switch(((Integer)(data.get(CA.CATYPE))).intValue()){
                case CAInfo.CATYPE_X509:
                    ca = new X509CA(data, getCaId().intValue(), getSubjectDN(), getName(), getStatus(), getUpdateTimeAsDate(), new Date(getExpireTime()));
                    break;
                case CAInfo.CATYPE_CVC:
                    ca = new CVCCA(data, getCaId().intValue(), getSubjectDN(), getName(), getStatus(), getUpdateTimeAsDate());
                    break;
            }

  }

  private X509Certificate setupCA(String caName, String pbeSecret) throws Exception {
    LOG.trace(">setupCA");
    assertTrue("Failed to create " + caName, createTestCA(caName, 512));
    X509CA x509Ca = (X509CA) InterfaceCache.getCaSession().getCA(ADMIN, getTestCAId(caName));
    X509CAInfo x509CaInfo = (X509CAInfo) x509Ca.getCAInfo();
    x509CaInfo.setCmpRaAuthSecret(pbeSecret);
    x509CaInfo.setUseCertReqHistory(false);  // Disable storage of certificate history, to save some clean up
    InterfaceCache.getCAAdminSession().editCA(ADMIN, x509CaInfo);
    X509Certificate ret = (X509Certificate) x509Ca.getCertificateChain().iterator().next();
    assertNotNull("CA certificate was null.", ret);
    LOG.trace("<setupCA");
    return ret;
  }

        // X509 CA is the normal type of CA
        if (cainfo instanceof X509CAInfo) {
            log.info("Creating an X509 CA");
            X509CAInfo x509cainfo = (X509CAInfo) cainfo;
            // Create X509CA
            ca = new X509CA(x509cainfo);
            X509CA x509ca = (X509CA) ca;
            ca.setCAToken(catoken);

            // getCertificateProfile
            if ((x509cainfo.getPolicies() != null) && (x509cainfo.getPolicies().size() > 0)) {
                certprofile.setUseCertificatePolicies(true);
                certprofile.setCertificatePolicies(x509cainfo.getPolicies());
            } else if (certprofile.getUseCertificatePolicies()) {
                x509ca.setPolicies(certprofile.getCertificatePolicies());
            }
            caAltName = x509cainfo.getSubjectAltName();
        } else {
            // CVC CA is a special type of CA for EAC electronic passports
            log.info("Creating a CVC CA");

                    if (!processinternalca) {
                        // If this is an internal CA, we don't create it and set
                        // a NULL token, since the CA is already created
                        if (cainfo instanceof X509CAInfo) {
                            log.info("Creating a X509 CA (process request)");
                            ca = new X509CA((X509CAInfo) cainfo);
                        } else if (cainfo instanceof CVCCAInfo) {
                            // CVC CA is a special type of CA for EAC electronic
                            // passports
                            log.info("Creating a CVC CA (process request)");
                            CVCCAInfo cvccainfo = (CVCCAInfo) cainfo;

                    true // useCertificateStorage
            );
        }
        if (cainfo instanceof X509CAInfo) {
            log.info("Creating a X509 CA (process request)");
            ca = new X509CA((X509CAInfo) cainfo);
        } else if (cainfo instanceof CVCCAInfo) {
            // CVC CA is a special type of CA for EAC electronic passports
            log.info("Creating a CVC CA (process request)");
            CVCCAInfo cvccainfo = (CVCCAInfo) cainfo;
            ca = new CVCCA(cvccainfo);

            if (ca.getSignedBy() != CAInfo.SIGNEDBYEXTERNALCA) {
                if (ca.getSignedBy() == CAInfo.SELFSIGNED) {
                    // create selfsigned certificate
                    String subjectAltName = null;
                    if (ca instanceof X509CA) {
                        X509CA x509ca = (X509CA) ca;
                        subjectAltName = x509ca.getSubjectAltName();
                    }
                    UserDataVO cainfodata = new UserDataVO("nobody", ca.getSubjectDN(), ca.getSubjectDN().hashCode(), subjectAltName, null, 0, 0, 0, ca
                            .getCertificateProfileId(), null, null, 0, 0, null);

                    CertificateProfile certprofile = certificateProfileSession.getCertificateProfile(admin, ca.getCertificateProfileId());
                    // get from CAtoken to make sure it is fresh
                    String sequence = caToken.getCATokenInfo().getKeySequence();
                    cacertificate = ca.generateCertificate(cainfodata, ca.getCAToken().getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN), -1, ca.getValidity(),
                            certprofile, sequence);
                    // Build Certificate Chain
                    cachain = new ArrayList<Certificate>();
                    cachain.add(cacertificate);

                } else {
                    // Resign with CA above.
                    if (ca.getSignedBy() > CAInfo.SPECIALCAIDBORDER || ca.getSignedBy() < 0) {
                        // Create CA signed by other internal CA.
                      CAData signcadata = CAData.findByIdOrThrow(entityManager, Integer.valueOf(ca.getSignedBy()));
                        CA signca = signcadata.getCA();
                        // Check that the signer is valid
                        checkSignerValidity(admin, signcadata);
                        // Create cacertificate
                        String subjectAltName = null;
                        if (ca instanceof X509CA) {
                            X509CA x509ca = (X509CA) ca;
                            subjectAltName = x509ca.getSubjectAltName();
                        }
                        UserDataVO cainfodata = new UserDataVO("nobody", ca.getSubjectDN(), ca.getSubjectDN().hashCode(), subjectAltName, null, 0, 0, 0, ca
                                .getCertificateProfileId(), null, null, 0, 0, null);

                        CertificateProfile certprofile = certificateProfileSession.getCertificateProfile(admin, ca.getCertificateProfileId());

                    true, // useCertReqHistory
                    true, // useUserStorage
                    true, // useCertificateStorage
                    null //cmpRaAuthSecret
            );
            ca = new X509CA((X509CAInfo) cainfo);
        } else if (caSignatureCertificate.getType().equals("CVC")) {
            // Create a CVC CA
            // Create the CAInfo to be used for either generating the whole CA
            // or making a request
            cainfo = new CVCCAInfo(CertTools.getSubjectDN(caSignatureCertificate), caname, SecConst.CA_ACTIVE, new Date(), certprof, validity, CertTools

  @Override
  public DEREncodable getValue(final UserDataVO subject, final CA ca, final CertificateProfile certProfile, final PublicKey userPublicKey, final PublicKey caPublicKey ) throws CertificateExtentionConfigurationException, CertificateExtensionException {
    DERSequence ret = null;
      // The UserNotice policy qualifier can have two different character encodings,
      // the correct one (UTF8) or the wrong one (BMP) used by IE < 7.
    final X509CA x509ca = (X509CA)ca;
      int displayencoding = DisplayText.CONTENT_TYPE_BMPSTRING;
      if (x509ca.getUseUTF8PolicyText()) {
        displayencoding = DisplayText.CONTENT_TYPE_UTF8STRING;
      }
      // Iterate through policies and add oids and policy qualifiers if they exist
      final List policies = certProfile.getCertificatePolicies();
      final Map policiesMap = new HashMap(); //<DERObjectIdentifier, ASN1EncodableVector>

  @Override
  public DEREncodable getValue(final UserDataVO subject, final CA ca, final CertificateProfile certProfile, final PublicKey userPublicKey, final PublicKey caPublicKey ) throws CertificateExtentionConfigurationException, CertificateExtensionException {
    String crldistpoint = certProfile.getCRLDistributionPointURI();
    String crlissuer=certProfile.getCRLIssuer();
    final X509CA x509ca = (X509CA)ca;
    if(certProfile.getUseDefaultCRLDistributionPoint()){
      crldistpoint = x509ca.getDefaultCRLDistPoint();
      crlissuer = x509ca.getDefaultCRLIssuer();
    }
    // Multiple CDPs are separated with the ';' sign
    final ArrayList<DistributionPointName> dpns = new ArrayList<DistributionPointName>();
    if (StringUtils.isNotEmpty(crldistpoint)) {
      final Iterator<String> it = StringTools.splitURIs(crldistpoint).iterator();

  }

  @Override
  public DEREncodable getValue(final UserDataVO subject, final CA ca, final CertificateProfile certProfile, final PublicKey userPublicKey, final PublicKey caPublicKey ) throws CertificateExtentionConfigurationException, CertificateExtensionException {
        String freshestcrldistpoint = certProfile.getFreshestCRLURI();
        final X509CA x509ca = (X509CA)ca;
        if(certProfile.getUseCADefinedFreshestCRL()){
            freshestcrldistpoint = x509ca.getCADefinedFreshestCRL();
        }
        // Multiple FCDPs are separated with the ';' sign
        CRLDistPoint ret = null;
        if (freshestcrldistpoint != null) {
          final StringTokenizer tokenizer = new StringTokenizer(freshestcrldistpoint, ";", false);