Package org.ejbca.core.model.ca.certificateprofiles

Examples of org.ejbca.core.model.ca.certificateprofiles.EndUserCertificateProfile

199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
        }
        CertificateProfile returnval = null;
        if (id < SecConst.FIXED_CERTIFICATEPROFILE_BOUNDRY) {
            switch (id) {
            case SecConst.CERTPROFILE_FIXED_ENDUSER:
                returnval = new EndUserCertificateProfile();
                break;
            case SecConst.CERTPROFILE_FIXED_SUBCA:
                returnval = new CACertificateProfile();
                break;
            case SecConst.CERTPROFILE_FIXED_ROOTCA:
                returnval = new RootCACertificateProfile();
                break;
            case SecConst.CERTPROFILE_FIXED_OCSPSIGNER:
                returnval = new OCSPSignerCertificateProfile();
                break;
            case SecConst.CERTPROFILE_FIXED_SERVER:
                returnval = new ServerCertificateProfile();
                break;
            case SecConst.CERTPROFILE_FIXED_HARDTOKENAUTH:
                returnval = new HardTokenAuthCertificateProfile();
                break;
            case SecConst.CERTPROFILE_FIXED_HARDTOKENAUTHENC:
                returnval = new HardTokenAuthEncCertificateProfile();
                break;
            case SecConst.CERTPROFILE_FIXED_HARDTOKENENC:
                returnval = new HardTokenEncCertificateProfile();
                break;
            case SecConst.CERTPROFILE_FIXED_HARDTOKENSIGN:
                returnval = new HardTokenSignCertificateProfile();
                break;
            default:
                returnval = new EndUserCertificateProfile();
            }
        } else {
        // We need to clone the profile, otherwise the cache contents will be modifyable from the outside
          final CertificateProfile cprofile = profileCache.getProfileCache(entityManager).get(Integer.valueOf(id));
        try {
View Full Code Here
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
      X509Certificate cacert = CertTools.genSelfCertForPurpose("CN=dummy2", 100, null, keys.getPrivate(), keys.getPublic(),
          AlgorithmConstants.SIGALG_SHA1_WITH_RSA, true, X509KeyUsage.cRLSign|X509KeyUsage.keyCertSign);

      UserDataVO subject = new UserDataVO();

      final CertificateProfile cp = new EndUserCertificateProfile();
      cp.setValidity(encodedValidity);
      cp.setAllowValidityOverride(false);
   
      // First see that when we don't have a specified time requested and validity override is not allowed, the end time shouldbe ruled by the certificate profile.
     
      CertificateValidity cv = new CertificateValidity(subject, cp, null, null, cacert, false);
      Date notBefore = cv.getNotBefore();
      Date notAfter = cv.getNotAfter();
      Date now = new Date();
        Calendar cal1 = Calendar.getInstance();
        cal1.add(Calendar.DAY_OF_MONTH, 49);
        Calendar cal2 = Calendar.getInstance();
        cal2.add(Calendar.DAY_OF_MONTH, 51);
      assertTrue(notBefore.before(now));
      assertTrue(notAfter.after(cal1.getTime()));
      assertTrue(notAfter.before(cal2.getTime()));
     
      // See that a requested validity does not affect it
        Calendar requestNotBefore = Calendar.getInstance();
        requestNotBefore.add(Calendar.DAY_OF_MONTH, 2);
        Calendar requestNotAfter = Calendar.getInstance();
        requestNotAfter.add(Calendar.DAY_OF_MONTH, 25);
        cv = new CertificateValidity(subject, cp, requestNotBefore.getTime(), requestNotAfter.getTime(), cacert, false);
      notBefore = cv.getNotBefore();
      notAfter = cv.getNotAfter();
      assertTrue(notBefore.before(now));
      assertTrue(notAfter.after(cal1.getTime()));
      assertTrue(notAfter.before(cal2.getTime()));
     
      // Add extended information for the user and see that it does not affect it either
      ExtendedInformation ei = new ExtendedInformation();
      ei.setCustomData(EndEntityProfile.STARTTIME, "10:0:0");
      ei.setCustomData(EndEntityProfile.ENDTIME, "30:0:0");
      subject.setExtendedinformation(ei);
        cv = new CertificateValidity(subject, cp, requestNotBefore.getTime(), requestNotAfter.getTime(), cacert, false);
      notBefore = cv.getNotBefore();
      notAfter = cv.getNotAfter();
      assertTrue(notBefore.before(now));
      assertTrue(notAfter.after(cal1.getTime()));
      assertTrue(notAfter.before(cal2.getTime()));
     
      // Now allow validity override
      cp.setAllowValidityOverride(true);
     
      // Now we should get what's in the UserDataVO extended information
        cv = new CertificateValidity(subject, cp, requestNotBefore.getTime(), requestNotAfter.getTime(), cacert, false);
      notBefore = cv.getNotBefore();
      notAfter = cv.getNotAfter();
        cal1 = Calendar.getInstance();
        cal1.add(Calendar.DAY_OF_MONTH, 9);
        cal2 = Calendar.getInstance();
        cal2.add(Calendar.DAY_OF_MONTH, 11);
      assertTrue(notBefore.after(cal1.getTime()));
      assertTrue(notBefore.before(cal2.getTime()));
        cal1 = Calendar.getInstance();
        cal1.add(Calendar.DAY_OF_MONTH, 29);
        cal2 = Calendar.getInstance();
        cal2.add(Calendar.DAY_OF_MONTH, 31);
      assertTrue(notAfter.after(cal1.getTime()));
      assertTrue(notAfter.before(cal2.getTime()));
     
      // Remove extended information from UserDataVO and we should get what we pass as parameters to CertificateValidity
      subject.setExtendedinformation(null);
        cv = new CertificateValidity(subject, cp, requestNotBefore.getTime(), requestNotAfter.getTime(), cacert, false);
      notBefore = cv.getNotBefore();
      notAfter = cv.getNotAfter();
        cal1 = Calendar.getInstance();
        cal1.add(Calendar.DAY_OF_MONTH, 1);
        cal2 = Calendar.getInstance();
        cal2.add(Calendar.DAY_OF_MONTH, 3);
      assertTrue(notBefore.after(cal1.getTime()));
      assertTrue(notBefore.before(cal2.getTime()));
        cal1 = Calendar.getInstance();
        cal1.add(Calendar.DAY_OF_MONTH, 23);
        cal2 = Calendar.getInstance();
        cal2.add(Calendar.DAY_OF_MONTH, 26);
      assertTrue(notAfter.after(cal1.getTime()));
      assertTrue(notAfter.before(cal2.getTime()));
     
      // Check that we can not supersede the certificate profile end time
        requestNotAfter = Calendar.getInstance();
        requestNotAfter.add(Calendar.DAY_OF_MONTH, 200);
        cv = new CertificateValidity(subject, cp, requestNotBefore.getTime(), requestNotAfter.getTime(), cacert, false);
      notBefore = cv.getNotBefore();
      notAfter = cv.getNotAfter();
        cal1 = Calendar.getInstance();
        cal2 = Calendar.getInstance();
        // This will be counted in number of days since notBefore, and notBefore here is taken from requestNotBefore which is two,
        // so we have to add 2 to certificate profile validity to get the resulting notAfter but not if certificate end is an
        // absolute end date.
        if ( encodedValidity > Integer.MAX_VALUE) {
            cal1.add(Calendar.DAY_OF_MONTH, 49);
            cal2.add(Calendar.DAY_OF_MONTH, 51);
        } else {
            cal1.add(Calendar.DAY_OF_MONTH, 51);
            cal2.add(Calendar.DAY_OF_MONTH, 53);           
        }
      assertTrue(notAfter.after(cal1.getTime()));
      assertTrue(notAfter.before(cal2.getTime()));

      // Check that we can not supersede the CA end time
      cp.setValidity(400);
        cv = new CertificateValidity(subject, cp, requestNotBefore.getTime(), requestNotAfter.getTime(), cacert, false);
      notBefore = cv.getNotBefore();
      notAfter = cv.getNotAfter();
        // This will be the CA certificate's notAfter
        cal1 = Calendar.getInstance();
View Full Code Here
127
128
129
130
131
132
133
134
135
136
137
            case CertificateProfile.TYPE_SUBCA:
                returnval = new CACertificateProfile();
                break;
            case CertificateProfile.TYPE_ENDENTITY:
            default :
                returnval = new EndUserCertificateProfile();
        }
        final HashMap data = getData();
        // If CertificateProfile-data is upgraded we want to save the new data, so we must get the old version before loading the data
        // and perhaps upgrading
        final float oldversion = ((Float) data.get(UpgradeableDataHashMap.VERSION)).floatValue();
View Full Code Here
79
80
81
82
83
84
85
86
87
88
89
    public CrmfRARequestTest(String arg0) throws CertificateEncodingException, CertificateException {
        super(arg0);

        admin = new Admin(Admin.TYPE_BATCHCOMMANDLINE_USER);
        // Configure CMP for this test, we allow custom certificate serial numbers
      CertificateProfile profile = new EndUserCertificateProfile();
      //profile.setAllowCertSerialNumberOverride(true);
      try {
        certProfileSession.addCertificateProfile(admin, "CMPTESTPROFILE", profile);
    } catch (CertificateProfileExistsException e) {
      log.error("Could not create certificate profile.", e);
View Full Code Here
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
        globalConfigurationSession.saveGlobalConfigurationRemote(intAdmin, gc);
        if (certificateProfileSession.getCertificateProfileId(intAdmin, "WSTESTPROFILE") != 0) {
            certificateProfileSession.removeCertificateProfile(intAdmin, "WSTESTPROFILE");
        }

        CertificateProfile profile = new EndUserCertificateProfile();
        profile.setAllowValidityOverride(true);
        certificateProfileSession.addCertificateProfile(intAdmin, "WSTESTPROFILE", profile);

        // first a simple test
        UserDataVOWS tokenUser1 = new UserDataVOWS();
        tokenUser1.setUsername("WSTESTTOKENUSER1");
View Full Code Here
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
    public void test00SetupDatabase() throws Exception {
        Admin administrator = new Admin(Admin.TYPE_RA_USER);

        // Setup with two new Certificate profiles.
        EndUserCertificateProfile profile1 = new EndUserCertificateProfile();
        profile1.setKeyUsage(CertificateProfile.DIGITALSIGNATURE, false);
        profile1.setKeyUsage(CertificateProfile.KEYENCIPHERMENT, false);
        profile1.setKeyUsage(CertificateProfile.NONREPUDIATION, true);

        EndUserCertificateProfile profile2 = new EndUserCertificateProfile();
        profile2.setKeyUsage(CertificateProfile.DATAENCIPHERMENT, true);

        try {
            certificateProfileSession.addCertificateProfile(administrator, "XKMSTESTSIGN", profile1);
        } catch (CertificateProfileExistsException e) {
            log.info("Certificateprofile XKMSTESTSIGN already exists.");
View Full Code Here
143
144
145
146
147
148
149
150
151
152
153
    updatePropertyOnServer(CmpConfiguration.CONFIG_RA_ENDENTITYPROFILE, "KeyId");
    updatePropertyOnServer(CmpConfiguration.CONFIG_RACANAME, cainfo.getName());
    updatePropertyOnServer(CmpConfiguration.CONFIG_CERTREQHANDLER_CLASS, UnidFnrHandler.class.getName());
    // Configure a Certificate profile (CmpRA) using ENDUSER as template
    if (this.certificateProfileSession.getCertificateProfile(this.admin, CPNAME) == null) {
      final CertificateProfile cp = new EndUserCertificateProfile();
      try { // TODO: Fix this better
        this.certificateProfileSession.addCertificateProfile(this.admin, CPNAME, cp);
      } catch (CertificateProfileExistsException e) {
        log.error("Certificate profile exists: ", e);
      }
View Full Code Here
125
126
127
128
129
130
131
132
133
134
135
136
        updatePropertyOnServer(CmpConfiguration.CONFIG_RA_AUTHENTICATIONSECRET, "password");
        updatePropertyOnServer(CmpConfiguration.CONFIG_RA_CERTIFICATEPROFILE, CPNAME);
        updatePropertyOnServer(CmpConfiguration.CONFIG_RA_ENDENTITYPROFILE, EEPNAME);
        // Configure a Certificate profile (CmpRA) using ENDUSER as template and check "Allow validity override".
        if (certificateProfileSession.getCertificateProfile(admin, CPNAME) == null) {
            CertificateProfile cp = new EndUserCertificateProfile();
            cp.setAllowValidityOverride(true);
            try // TODO: Fix this better
        certificateProfileSession.addCertificateProfile(admin, CPNAME, cp);
      } catch (CertificateProfileExistsException e) {
        e.printStackTrace();
      }
View Full Code Here
78
79
80
81
82
83
84
85
86
87
88
    public CrmfRARequestCustomSerialNoTest(String arg0) throws CertificateEncodingException, CertificateException {
        super(arg0);

        admin = new Admin(Admin.TYPE_BATCHCOMMANDLINE_USER);
        // Configure CMP for this test, we allow custom certificate serial numbers
      CertificateProfile profile = new EndUserCertificateProfile();
      //profile.setAllowCertSerialNumberOverride(true);
      try {
        certProfileSession.addCertificateProfile(admin, "CMPTESTPROFILE", profile);
    } catch (CertificateProfileExistsException e) {
      log.error("Could not create certificate profile.", e);
View Full Code Here
78
79
80
81
82
83
84
85
86
87
88
89
    if (certificateProfileSession.getCertificateProfileId(intAdmin, "WSTESTPROFILE") != 0) {
      certificateProfileSession.removeCertificateProfile(intAdmin, "WSTESTPROFILE");
    }

    CertificateProfile profile = new EndUserCertificateProfile();
    profile.setAllowCertSerialNumberOverride(true);
    certificateProfileSession.addCertificateProfile(intAdmin, "WSTESTPROFILE", profile);

    //Creating certificate for user: wsfoo
    UserDataVOWS user = new UserDataVOWS("wsfoo", "foo123", true, "C=SE, CN=wsfoo",
        getAdminCAName(), null, "foo@anatom.se", UserDataVOWS.STATUS_NEW,
View Full Code Here
TOP

Related Classes of org.ejbca.core.model.ca.certificateprofiles.EndUserCertificateProfile

  • org.cesecore.core.ejb.ca.store.CertificateProfileSessionBean
  • org.ejbca.core.ejb.ca.caadmin.CertificateProfileData
  • org.ejbca.core.ejb.ca.sign.CustomCertSerialnumberTest
  • org.ejbca.core.ejb.ca.sign.ExtendedKeyUsageTest
  • org.ejbca.core.ejb.ca.sign.SignSessionTest
  • org.ejbca.core.ejb.ra.AddLotsofCertsPerUserTest
  • org.ejbca.core.model.ca.caadmin.CertificateValidityTest
  • org.ejbca.core.protocol.cmp.CmpRAUnidTest
  • org.ejbca.core.protocol.cmp.CrmfRAPbeRequestTest
  • org.ejbca.core.protocol.cmp.CrmfRAPbeTcpRequestTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.