// Create a Sub DV domestic
ret = false;
try {
adminGroupSession.init(admin, dvddn.hashCode(), DEFAULT_SUPERADMIN_CN);
// Create a Certificate profile
CertificateProfile profile = new CACertificateProfile();
profile.setType(CertificateProfile.TYPE_SUBCA);
certificateProfileSession.addCertificateProfile(admin, "TESTCVCDV", profile);
int profileid = certificateProfileSession.getCertificateProfileId(admin, "TESTCVCDV");
CVCCAInfo cvccainfo = new CVCCAInfo(dvddn, dvdcaname, SecConst.CA_ACTIVE, new Date(), profileid, 3650, null, // Expiretime
CAInfo.CATYPE_CVC, rootcadn.hashCode(), null, catokeninfo, "JUnit CVC CA", -1, null, 24, // CRLPeriod
0, // CRLIssueInterval
10, // CRLOverlapTime
10, // Delta CRL period
new ArrayList<Integer>(), // CRL publishers
true, // Finish User
extendedcaservices, new ArrayList<Integer>(), // Approvals Settings
1, // Number of Req approvals
true, // Include in health check
true, // isDoEnforceUniquePublicKeys
true, // isDoEnforceUniqueDistinguishedName
false, // isDoEnforceUniqueSubjectDNSerialnumber
true, // useCertReqHistory
true, // useUserStorage
true // useCertificateStorage
);
caAdminSession.createCA(admin, cvccainfo);
dvdcainfo = caAdminSession.getCAInfo(admin, dvdcaname);
assertEquals(CAInfo.CATYPE_CVC, dvdcainfo.getCAType());
Certificate cert = (Certificate) dvdcainfo.getCertificateChain().iterator().next();
assertEquals("CVC", cert.getType());
assertEquals(CertTools.getSubjectDN(cert), dvddn);
assertEquals(CertTools.getIssuerDN(cert), rootcadn);
assertEquals(dvdcainfo.getSubjectDN(), dvddn);
PublicKey pk = cert.getPublicKey();
if (pk instanceof RSAPublicKey) {
RSAPublicKey rsapk = (RSAPublicKey) pk;
assertEquals(rsapk.getAlgorithm(), "RSA");
BigInteger modulus = rsapk.getModulus();
int len = modulus.bitLength();
assertEquals(1024, len);
} else {
assertTrue("Public key is not RSA", false);
}
assertTrue("CA is not valid for the specified duration.", CertTools.getNotAfter(cert).after(
new Date(new Date().getTime() + 10 * 364 * 24 * 60 * 60 * 1000L))
&& CertTools.getNotAfter(cert).before(new Date(new Date().getTime() + 10 * 366 * 24 * 60 * 60 * 1000L)));
// Check role
CardVerifiableCertificate cvcert = (CardVerifiableCertificate) cert;
assertEquals("SETESTDV-D00001", cvcert.getCVCertificate().getCertificateBody().getHolderReference().getConcatenated());
String role = cvcert.getCVCertificate().getCertificateBody().getAuthorizationTemplate().getAuthorizationField().getRole().name();
assertEquals("DV_D", role);
String accessRights = cvcert.getCVCertificate().getCertificateBody().getAuthorizationTemplate().getAuthorizationField().getAccessRight()
.name();
assertEquals("READ_ACCESS_DG3_AND_DG4", accessRights);
ret = true;
} catch (CAExistsException pee) {
log.info("CA exists.");
}
assertTrue(ret);
// Create a Sub DV foreign
ret = false;
try {
adminGroupSession.init(admin, dvfdn.hashCode(), DEFAULT_SUPERADMIN_CN);
CVCCAInfo cvccainfo = new CVCCAInfo(dvfdn, dvfcaname, SecConst.CA_ACTIVE, new Date(), SecConst.CERTPROFILE_FIXED_SUBCA, 3650, null, // Expiretime
CAInfo.CATYPE_CVC, rootcadn.hashCode(), null, catokeninfo, "JUnit CVC CA", -1, null, 24, // CRLPeriod
0, // CRLIssueInterval
10, // CRLOverlapTime
10, // Delta CRL period
new ArrayList<Integer>(), // CRL publishers
true, // Finish User
extendedcaservices, new ArrayList<Integer>(), // Approvals Settings
1, // Number of Req approvals
true, // Include in health check
true, // isDoEnforceUniquePublicKeys
true, // isDoEnforceUniqueDistinguishedName
false, // isDoEnforceUniqueSubjectDNSerialnumber
true, // useCertReqHistory
true, // useUserStorage
true // useCertificateStorage
);
caAdminSession.createCA(admin, cvccainfo);
CAInfo info = caAdminSession.getCAInfo(admin, dvfcaname);
assertEquals(CAInfo.CATYPE_CVC, info.getCAType());
Certificate cert = (Certificate) info.getCertificateChain().iterator().next();
assertEquals("CVC", cert.getType());
assertEquals(CertTools.getSubjectDN(cert), dvfdn);
assertEquals(CertTools.getIssuerDN(cert), rootcadn);
assertEquals(info.getSubjectDN(), dvfdn);
PublicKey pk = cert.getPublicKey();
if (pk instanceof RSAPublicKey) {
RSAPublicKey rsapk = (RSAPublicKey) pk;
assertEquals(rsapk.getAlgorithm(), "RSA");
BigInteger modulus = rsapk.getModulus();
int len = modulus.bitLength();
assertEquals(1024, len);
} else {
assertTrue("Public key is not RSA", false);
}
assertTrue("CA is not valid for the specified duration.", CertTools.getNotAfter(cert).after(
new Date(new Date().getTime() + 10 * 364 * 24 * 60 * 60 * 1000L))
&& CertTools.getNotAfter(cert).before(new Date(new Date().getTime() + 10 * 366 * 24 * 60 * 60 * 1000L)));
// Check role
CardVerifiableCertificate cvcert = (CardVerifiableCertificate) cert;
assertEquals("FITESTDV-F00001", cvcert.getCVCertificate().getCertificateBody().getHolderReference().getConcatenated());
String role = cvcert.getCVCertificate().getCertificateBody().getAuthorizationTemplate().getAuthorizationField().getRole().name();
assertEquals("DV_F", role);
ret = true;
} catch (CAExistsException pee) {
log.info("CVC CA exists.");
fail("CVC CA exists");
}
assertTrue("Creating CVC CAs failed", ret);
// Test to renew a CVC CA using a different access right
CertificateProfile profile = certificateProfileSession.getCertificateProfile(admin, "TESTCVCDV");
profile.setCVCAccessRights(CertificateProfile.CVC_ACCESS_DG3);
certificateProfileSession.changeCertificateProfile(admin, "TESTCVCDV", profile);
int caid = dvdcainfo.getCAId();
caAdminSession.renewCA(admin, caid, null, false);
dvdcainfo = caAdminSession.getCAInfo(admin, dvdcaname);