Examples of org.ejbca.core.model.ca.catoken.SoftCATokenInfo

• org.ejbca.core.model.ca.catoken.SoftCATokenInfo
  Holds nonsensitive information about a CAToken. @version $Id: SoftCATokenInfo.java 8629 2010-02-08 15:47:15Z jeklund $

            if (tokentype != CATokenConstants.CATOKENTYPE_P12 && thisCAToken.getCATokenInfo() instanceof SoftCATokenInfo) {
                throw new Exception("Cannot export anything but a soft token.");
            }
            // Create a new CAToken with the same properties but OFFLINE and
            // without keystore
            SoftCATokenInfo thisCATokenInfo = (SoftCATokenInfo) thisCAToken.getCATokenInfo();
            thisCATokenInfo.setCATokenStatus(ICAToken.STATUS_OFFLINE);
            CATokenContainer emptyToken = new CATokenContainerImpl(thisCATokenInfo, caData.getCaId());
            thisCa.setCAToken(emptyToken);
            // Save to database
            caData.setCA(thisCa);
            // Log

    @Override
    public void importCAFromKeys(Admin admin, String caname, String keystorepass, Certificate[] signatureCertChain, PublicKey p12PublicSignatureKey,
            PrivateKey p12PrivateSignatureKey, PrivateKey p12PrivateEncryptionKey, PublicKey p12PublicEncryptionKey) throws Exception,
            CATokenAuthenticationFailedException, CATokenOfflineException, IllegalKeyStoreException, CreateException {
        // Transform into token
        SoftCATokenInfo sinfo = new SoftCATokenInfo();
        CATokenContainer catoken = new CATokenContainerImpl(sinfo, CertTools.stringToBCDNString(
                StringTools.strip(CertTools.getSubjectDN(signatureCertChain[0]))).hashCode());
        catoken.importKeys(keystorepass, p12PrivateSignatureKey, p12PublicSignatureKey, p12PrivateEncryptionKey, p12PublicEncryptionKey, signatureCertChain);
        log.debug("CA-Info: " + catoken.getCATokenInfo().getSignatureAlgorithm() + " " + catoken.getCATokenInfo().getEncryptionAlgorithm());
        // Identify the key algorithms for extended CA services, OCSP, XKMS, CMS

     *
     * @return the CA's ID.
     */
    static public int createApprovalCA(Admin internalAdmin, String nameOfCA, int approvalRequirementType, CAAdminSessionRemote caAdminSession, CaSessionRemote caSession)
            throws Exception {
        CATokenInfo catokeninfo = new SoftCATokenInfo();
        catokeninfo.setSignatureAlgorithm(AlgorithmConstants.SIGALG_SHA1_WITH_RSA);
        ((SoftCATokenInfo) catokeninfo).setSignKeyAlgorithm(AlgorithmConstants.KEYALGORITHM_RSA);
        ((SoftCATokenInfo) catokeninfo).setSignKeySpec("1024");
        catokeninfo.setEncryptionAlgorithm(AlgorithmConstants.SIGALG_SHA1_WITH_RSA);
        ((SoftCATokenInfo) catokeninfo).setEncKeyAlgorithm(AlgorithmConstants.KEYALGORITHM_RSA);
        ((SoftCATokenInfo) catokeninfo).setEncKeySpec("1024");
        ArrayList<Integer> approvalSettings = new ArrayList<Integer>();
        approvalSettings.add(approvalRequirementType);
        X509CAInfo cainfo = new X509CAInfo("CN=" + nameOfCA, nameOfCA, SecConst.CA_ACTIVE, new Date(), "", SecConst.CERTPROFILE_FIXED_ROOTCA, 365, new Date(

        return certProfileId;
    }

    public static int createCA(Admin internalAdmin, String nameOfCA, Integer[] approvalRequirementTypes, CAAdminSessionRemote caAdminSession, CaSessionRemote caSession, int certProfileId)
            throws Exception {
        SoftCATokenInfo catokeninfo = new SoftCATokenInfo();
        catokeninfo.setSignatureAlgorithm(AlgorithmConstants.SIGALG_SHA1_WITH_RSA);
        catokeninfo.setSignKeyAlgorithm(AlgorithmConstants.KEYALGORITHM_RSA);
        catokeninfo.setSignKeySpec("1024");
        catokeninfo.setEncryptionAlgorithm(AlgorithmConstants.SIGALG_SHA1_WITH_RSA);
        catokeninfo.setEncKeyAlgorithm(AlgorithmConstants.KEYALGORITHM_RSA);
        catokeninfo.setEncKeySpec("1024");
        List<Integer> approvalSettings = approvalRequirementTypes.length == 0 ? new ArrayList<Integer>() : Arrays.asList(approvalRequirementTypes);
        log.info("approvalSettings: " + approvalSettings);

        X509CAInfo cainfo = new X509CAInfo("CN=" + nameOfCA, nameOfCA, SecConst.CA_ACTIVE, new Date(), "", certProfileId, 365, new Date(System
                .currentTimeMillis()

            initAuthorizationModule(dn.hashCode(), superAdminCN);
            // Define CAToken type (soft token or hsm).
            CATokenInfo catokeninfo = null;
            if ( catokentype.equals("soft")) {
              SoftCATokenInfo softcatokeninfo = new SoftCATokenInfo();
              if (!catokenpassword.equalsIgnoreCase("null")) {
              softcatokeninfo.setAuthenticationCode(catokenpassword);
              }
              softcatokeninfo.setSignKeySpec(keyspec);
              softcatokeninfo.setSignKeyAlgorithm(keytype);
              softcatokeninfo.setSignatureAlgorithm(signAlg);
              softcatokeninfo.setEncKeySpec("2048");
              softcatokeninfo.setEncKeyAlgorithm(AlgorithmConstants.KEYALGORITHM_RSA);
              softcatokeninfo.setEncryptionAlgorithm(AlgorithmConstants.SIGALG_SHA1_WITH_RSA);
              catokeninfo = softcatokeninfo;
            } else {
              HardCATokenInfo hardcatokeninfo = new HardCATokenInfo();
              hardcatokeninfo.setAuthenticationCode(catokenpassword);
              hardcatokeninfo.setCATokenStatus(ICAToken.STATUS_ACTIVE);

      CATokenInfo tokeninfo = cainfo.getCATokenInfo();
      tokeninfo.setSignatureAlgorithm(signAlg);
      if (args.length > 3) {
        String keyspec = args[3];
        if (tokeninfo instanceof SoftCATokenInfo) {
          SoftCATokenInfo sinfo = (SoftCATokenInfo) tokeninfo;
          getLogger().info("Setting new signature keyspec: " + keyspec);
          sinfo.setSignKeySpec(keyspec);
        } else {
          getLogger().info("CA token is not a soft token, not setting keyspec.");
        }
      }
      cainfo.setCATokenInfo(tokeninfo);

     * Create a CVCA, and a DV CA signed by the CVCA
     *
     */
    private void createCVCCA(String rootcadn, String rootcaname, String subcadn, String subcaname, String keyspec, String keyalg, String signalg)
            throws Exception {
        SoftCATokenInfo catokeninfo = new SoftCATokenInfo();
        catokeninfo.setSignKeySpec(keyspec);
        catokeninfo.setEncKeySpec("1024");
        catokeninfo.setSignKeyAlgorithm(keyalg);
        catokeninfo.setEncKeyAlgorithm(AlgorithmConstants.KEYALGORITHM_RSA);
        catokeninfo.setSignatureAlgorithm(signalg);
        catokeninfo.setEncryptionAlgorithm(AlgorithmConstants.SIGALG_SHA256_WITH_RSA_AND_MGF1);
        // No CA Services.
        List extendedcaservices = new ArrayList();

        java.security.cert.Certificate cvcacert = null;
        int cvcaid = rootcadn.hashCode();

     * Create a DVCA, signed by an external CVCA
     *
     */
    private String createDVCCASignedByExternal(final String dvcaname, final String dvcaMnemonic,
            final String keyspec, final String keyalg, final String signalg) throws Exception {
        SoftCATokenInfo catokeninfo = new SoftCATokenInfo();
        catokeninfo.setSignKeySpec(keyspec);
        catokeninfo.setEncKeySpec(keyspec);
        catokeninfo.setSignKeyAlgorithm(keyalg);
        catokeninfo.setEncKeyAlgorithm(keyalg);
        catokeninfo.setSignatureAlgorithm(signalg);
        catokeninfo.setEncryptionAlgorithm(signalg);
        // No CA Services.
        ArrayList extendedcaservices = new ArrayList();

        try {
            String dvcadn = "CN=" + dvcaMnemonic + ",C=SE";

        boolean ret = false;
        X509Certificate cacert = null;
        try {
            adminGroupSession.init(admin, dn.hashCode(), DEFAULT_SUPERADMIN_CN);

            SoftCATokenInfo catokeninfo = new SoftCATokenInfo();
            catokeninfo.setSignKeySpec(keySpec);
            catokeninfo.setEncKeySpec("1024");
            catokeninfo.setSignKeyAlgorithm(AlgorithmConstants.KEYALGORITHM_ECDSA);
            catokeninfo.setEncKeyAlgorithm(AlgorithmConstants.KEYALGORITHM_RSA);
            catokeninfo.setSignatureAlgorithm(AlgorithmConstants.SIGALG_SHA256_WITH_ECDSA);
            catokeninfo.setEncryptionAlgorithm(AlgorithmConstants.SIGALG_SHA1_WITH_RSA);
            // Create and active OSCP CA Service.
            ArrayList<ExtendedCAServiceInfo> extendedcaservices = new ArrayList<ExtendedCAServiceInfo>();
            extendedcaservices.add(new OCSPCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE));

            ArrayList<CertificatePolicy> policies = new ArrayList<CertificatePolicy>(1);

        boolean ret = false;
        X509Certificate cacert = null;
        try {
            adminGroupSession.init(admin, dn.hashCode(), DEFAULT_SUPERADMIN_CN);

            SoftCATokenInfo catokeninfo = new SoftCATokenInfo();
            catokeninfo.setSignKeySpec(keySpec);
            catokeninfo.setEncKeySpec("1024");
            catokeninfo.setSignKeyAlgorithm(AlgorithmConstants.KEYALGORITHM_DSA);
            catokeninfo.setEncKeyAlgorithm(AlgorithmConstants.KEYALGORITHM_RSA);
            catokeninfo.setSignatureAlgorithm(AlgorithmConstants.SIGALG_SHA1_WITH_DSA);
            catokeninfo.setEncryptionAlgorithm(AlgorithmConstants.SIGALG_SHA1_WITH_RSA);
            // Create and active OSCP CA Service.
            ArrayList<ExtendedCAServiceInfo> extendedcaservices = new ArrayList<ExtendedCAServiceInfo>();
            extendedcaservices.add(new OCSPCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE));

            ArrayList<CertificatePolicy> policies = new ArrayList<CertificatePolicy>(1);