logSession.log(admin, admin.getCaId(), LogConstants.MODULE_CA, new java.util.Date(), null, null, LogConstants.EVENT_ERROR_CACREATED, msg);
throw new CAExistsException(msg);
}
// Create CAToken
CATokenInfo catokeninfo = cainfo.getCATokenInfo();
CATokenContainer catoken = new CATokenContainerImpl(catokeninfo, cainfo.getCAId());
String authCode = catokeninfo.getAuthenticationCode();
authCode = getDefaultKeyStorePassIfSWAndEmpty(authCode, catokeninfo);
if (catokeninfo instanceof SoftCATokenInfo) {
try {
// There are two ways to get the authentication code:
// 1. The user provided one when creating the CA on the create
// CA page
// 2. We use the system default password
boolean renew = false;
catoken.generateKeys(authCode, renew, true);
} catch (Exception e) {
String msg = intres.getLocalizedMessage("caadmin.errorcreatetoken");
logSession.log(admin, admin.getCaId(), LogConstants.MODULE_CA, new java.util.Date(), null, null, LogConstants.EVENT_ERROR_CACREATED, msg, e);
throw new EJBException(e);
}
}
try {
catoken.activate(authCode);
} catch (CATokenAuthenticationFailedException ctaf) {
String msg = intres.getLocalizedMessage("caadmin.errorcreatetokenpin");
logSession.log(admin, admin.getCaId(), LogConstants.MODULE_CA, new java.util.Date(), null, null, LogConstants.EVENT_ERROR_CACREATED, msg, ctaf);
throw ctaf;
} catch (CATokenOfflineException ctoe) {
String msg = intres.getLocalizedMessage("error.catokenoffline", cainfo.getName());
logSession.log(admin, admin.getCaId(), LogConstants.MODULE_CA, new java.util.Date(), null, null, LogConstants.EVENT_ERROR_CACREATED, msg, ctoe);
throw ctoe;
}
// Create CA
CA ca = null;
// The certificate profile used for the CAs certificate
CertificateProfile certprofile = certificateProfileSession.getCertificateProfile(admin, cainfo.getCertificateProfileId());
// AltName is not implemented for all CA types
String caAltName = null;
// X509 CA is the normal type of CA
if (cainfo instanceof X509CAInfo) {
log.info("Creating an X509 CA");
X509CAInfo x509cainfo = (X509CAInfo) cainfo;
// Create X509CA
ca = new X509CA(x509cainfo);
X509CA x509ca = (X509CA) ca;
ca.setCAToken(catoken);
// getCertificateProfile
if ((x509cainfo.getPolicies() != null) && (x509cainfo.getPolicies().size() > 0)) {
certprofile.setUseCertificatePolicies(true);
certprofile.setCertificatePolicies(x509cainfo.getPolicies());
} else if (certprofile.getUseCertificatePolicies()) {
x509ca.setPolicies(certprofile.getCertificatePolicies());
}
caAltName = x509cainfo.getSubjectAltName();
} else {
// CVC CA is a special type of CA for EAC electronic passports
log.info("Creating a CVC CA");
CVCCAInfo cvccainfo = (CVCCAInfo) cainfo;
// Create CVCCA
ca = new CVCCA(cvccainfo);
ca.setCAToken(catoken);
}
// Certificate chain
Collection<Certificate> certificatechain = null;
String sequence = catoken.getCATokenInfo().getKeySequence(); // get from CAtoken to make sure it is fresh
if (cainfo.getSignedBy() == CAInfo.SELFSIGNED) {
try {
// create selfsigned certificate
Certificate cacertificate = null;
log.debug("CAAdminSessionBean : " + cainfo.getSubjectDN());
UserDataVO cadata = new UserDataVO("nobody", cainfo.getSubjectDN(), cainfo.getSubjectDN().hashCode(), caAltName, null, 0, 0, 0, cainfo
.getCertificateProfileId(), null, null, 0, 0, null);
cacertificate = ca.generateCertificate(cadata, catoken.getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN), -1, cainfo.getValidity(), certprofile,
sequence);
log.debug("CAAdminSessionBean : " + CertTools.getSubjectDN(cacertificate));
// Build Certificate Chain
certificatechain = new ArrayList<Certificate>();
certificatechain.add(cacertificate);
// set status to active
castatus = SecConst.CA_ACTIVE;
} catch (CATokenOfflineException e) {
String msg = intres.getLocalizedMessage("error.catokenoffline", cainfo.getName());
logSession.log(admin, admin.getCaId(), LogConstants.MODULE_CA, new java.util.Date(), null, null, LogConstants.EVENT_ERROR_CACREATED, msg, e);
throw e;
} catch (Exception fe) {
String msg = intres.getLocalizedMessage("caadmin.errorcreateca", cainfo.getName());
logSession.log(admin, admin.getCaId(), LogConstants.MODULE_CA, new java.util.Date(), null, null, LogConstants.EVENT_ERROR_CACREATED, msg, fe);
throw new EJBException(fe);
}
}
if (cainfo.getSignedBy() == CAInfo.SIGNEDBYEXTERNALCA) {
certificatechain = new ArrayList<Certificate>();
// set status to waiting certificate response.
castatus = SecConst.CA_WAITING_CERTIFICATE_RESPONSE;
}
if (cainfo.getSignedBy() > CAInfo.SPECIALCAIDBORDER || cainfo.getSignedBy() < 0) {
// Create CA signed by other internal CA.
try {
CAData signcadata = CAData.findByIdOrThrow(entityManager, Integer.valueOf(cainfo.getSignedBy()));
CA signca = signcadata.getCA();
// Check that the signer is valid
checkSignerValidity(admin, signcadata);
// Create CA certificate
Certificate cacertificate = null;
UserDataVO cadata = new UserDataVO("nobody", cainfo.getSubjectDN(), cainfo.getSubjectDN().hashCode(), caAltName, null, 0, 0, 0, cainfo
.getCertificateProfileId(), null, null, 0, 0, null);
cacertificate = signca.generateCertificate(cadata, catoken.getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN), -1, cainfo.getValidity(), certprofile,
sequence);
// Build Certificate Chain
Collection<Certificate> rootcachain = signca.getCertificateChain();
certificatechain = new ArrayList<Certificate>();