Package org.ejbca.core.model.ca.store

Examples of org.ejbca.core.model.ca.store.CertificateInfo


        retval = new ExtRAResponse(submessage.getRequestId(),false,"An authentication cert, a signature cert, an authentication request and a signature request are required");
      } else {
        BigInteger serno = CertTools.getSerialNumber(authcert);
        String issuerDN = CertTools.getIssuerDN(authcert);
                // Verify the certificates with CA cert, and then verify the pcks10 requests
                CertificateInfo authInfo = certificateStoreSession.getCertificateInfo(admin, CertTools.getFingerprintAsString(authcert));
                Certificate authcacert = certificateStoreSession.findCertificateByFingerprint(admin, authInfo.getCAFingerprint());
                CertificateInfo signInfo = certificateStoreSession.getCertificateInfo(admin, CertTools.getFingerprintAsString(signcert));
                Certificate signcacert = certificateStoreSession.findCertificateByFingerprint(admin, signInfo.getCAFingerprint());
                // Verify certificate
                try {
                    authcert.verify(authcacert.getPublicKey());                   
                } catch (Exception e) {
                    log.error("Error verifying authentication certificate: ", e);
View Full Code Here


      username = certreqhist.getUserDataVO().getUsername();
      password = certreqhist.getUserDataVO().getPassword();
      dn = certreqhist.getUserDataVO().getDN();
      ei = certreqhist.getUserDataVO().getExtendedinformation();
    }
    final CertificateInfo certinfo = certificatesession.getCertificateInfo(administrator, CertTools.getFingerprintAsString(certificate));
    if (certinfo != null) {
      // If we are missing Certificate Request History for this certificate, we can at least recover some of this info
      if (certificateProfileId == SecConst.CERTPROFILE_NO_PROFILE) {
        certificateProfileId = certinfo.getCertificateProfileId();
      }
      if (username == null) {
        username = certinfo.getUsername();
      }
      if (dn == null) {
        dn = certinfo.getSubjectDN();
      }
    }
    if (certificateProfileId == SecConst.CERTPROFILE_NO_PROFILE) {
      // If there is no cert req history and the cert profile was not defined in the CertificateData row, so we can't do anything about it..
      returnval = "CERTREQREPUBLISHFAILED";
    } else {
      final CertificateProfile certprofile = certificateProfileSession.getCertificateProfile(administrator, certificateProfileId);
      if (certprofile != null) {
        if (certprofile.getPublisherList().size() > 0) {
          if (publishersession.storeCertificate(administrator, certprofile.getPublisherList(), certificatedata.getCertificate(), username, password, dn,
              certinfo.getCAFingerprint(), certinfo.getStatus() , certinfo.getType(), certinfo.getRevocationDate().getTime(), certinfo.getRevocationReason(),
              certinfo.getTag(), certificateProfileId, certinfo.getUpdateTime().getTime(), ei)) {
            returnval = "CERTREPUBLISHEDSUCCESS";
          }
        } else {
          returnval = "NOPUBLISHERSDEFINED";
        }
View Full Code Here

        log.trace(">test02FindAndChange()");
        String fp = CertTools.getFingerprintAsString(cert);

        X509Certificate ce = (X509Certificate) certificateStoreSession.findCertificateByFingerprint(admin, fp);
        assertNotNull("Cannot find certificate with fp=" + fp, ce);
        CertificateInfo info = certificateStoreSession.getCertificateInfo(admin, fp);
        // log.info("Got certificate info for cert with fp="+fp);
        assertEquals("fingerprint does not match.", fp, info.getFingerprint());
        assertEquals("CAfingerprint does not match.", "1234", info.getCAFingerprint());
        assertEquals("serialnumber does not match.", ce.getSerialNumber(), info.getSerialNumber());
        assertEquals("issuerdn does not match.", CertTools.getIssuerDN(ce), info.getIssuerDN());
        assertEquals("subjectdn does not match.", CertTools.getSubjectDN(ce), info.getSubjectDN());
        // The cert was just stored above with status INACTIVE
        assertEquals("status does not match.", SecConst.CERT_INACTIVE, info.getStatus());
        assertEquals("type does not match.", SecConst.CERT_TYPE_ENCRYPTION, info.getType());
        assertEquals("exiredate does not match.", ce.getNotAfter(), info.getExpireDate());
        // We just stored it above, not revoked
        assertEquals("revocation reason does not match.", RevokedCertInfo.NOT_REVOKED, info.getRevocationReason());
        log.info("revocationdate (before rev)=" + info.getRevocationDate());
        assertEquals(SecConst.CERTPROFILE_FIXED_ENDUSER, info.getCertificateProfileId());
        assertEquals("footag", info.getTag());
        Date now = new Date();
        assertNotNull(info.getUpdateTime());
        assertTrue(now.after(info.getUpdateTime()));
        certificateStoreSession.revokeCertificate(admin, ce, null, RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE, null);
        CertificateInfo info1 = certificateStoreSession.getCertificateInfo(admin, fp);
        assertEquals("revocation reason does not match.", RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE, info1.getRevocationReason());
        log.info("revocationdate (after rev)=" + info1.getRevocationDate());
        assertTrue("Revocation date in future.", new Date().compareTo(info1.getRevocationDate()) >= 0);

        log.trace("<test02FindAndChange()");
    }
View Full Code Here

        // Verify that cert are revoked
        Iterator<Certificate> iter = certfps.iterator();
        while (iter.hasNext()) {
            Certificate cert = iter.next();
            String fp = CertTools.getFingerprintAsString(cert);
            CertificateInfo rev = certificateStoreSession.getCertificateInfo(admin, fp);
            log.info("revocationdate (after rev)=" + rev.getRevocationDate());
            assertTrue("Revocation date in future.", new Date().compareTo(rev.getRevocationDate()) >= 0);
            assertTrue(rev.getStatus() == SecConst.CERT_REVOKED);
        }

        log.trace("<test04CheckRevoked()");
    }
View Full Code Here

     *             error
     */
    public void test05FindAgain() throws Exception {
        log.trace(">test05FindAgain()");
        String fp = CertTools.getFingerprintAsString(cert);
        CertificateInfo data3 = certificateStoreSession.getCertificateInfo(admin, fp);
        assertNotNull("Failed to find cert", data3);
        log.debug("found by key! =" + data3);
        log.debug("fp=" + data3.getFingerprint());
        log.debug("issuer=" + data3.getIssuerDN());
        log.debug("subject=" + data3.getSubjectDN());
        log.debug("cafp=" + data3.getCAFingerprint());
        assertNotNull("wrong CAFingerprint", data3.getCAFingerprint());
        log.debug("status=" + data3.getStatus());
        assertTrue("wrong status", data3.getStatus() == SecConst.CERT_REVOKED);
        log.debug("type=" + data3.getType());
        assertTrue("wrong type", (data3.getType() & SecConst.USER_ENDUSER) == SecConst.USER_ENDUSER);
        log.debug("serno=" + data3.getSerialNumber());
        log.debug("expiredate=" + data3.getExpireDate());
        log.debug("revocationdate=" + data3.getRevocationDate());
        log.debug("revocationreason=" + data3.getRevocationReason());
        assertEquals("Wrong revocation reason", data3.getRevocationReason(), RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE);

        log.debug("Looking for cert with DN=" + CertTools.getSubjectDN(cert));
        Collection<Certificate> certs = certificateStoreSession.findCertificatesBySubjectAndIssuer(admin, CertTools.getSubjectDN(cert),
                CertTools.getIssuerDN(cert));
        Iterator<Certificate> iter = certs.iterator();
View Full Code Here

     */
    public void test06FindByExpireTime() throws Exception {
        log.trace(">test06FindByExpireTime()");
        String fp = CertTools.getFingerprintAsString(cert);

        CertificateInfo data = certificateStoreSession.getCertificateInfo(admin, fp);
        assertNotNull("Failed to find cert", data);
        log.debug("expiredate=" + data.getExpireDate());

        // Seconds in a year
        long yearmillis = 365 * 24 * 60 * 60 * 1000;
        long findDateSecs = data.getExpireDate().getTime() - (yearmillis * 200);
        Date findDate = new Date(findDateSecs);

        log.info("1. Looking for cert with expireDate=" + findDate);

        Collection<Certificate> certs = certificateStoreSession.findCertificatesByExpireTimeWithLimit(admin, findDate);
        log.debug("findCertificatesByExpireTime returned " + certs.size() + " certs.");
        assertTrue("No certs should have expired before this date", certs.size() == 0);
        Collection<String> usernames = certificateStoreSession.findUsernamesByExpireTimeWithLimit(admin, findDate);
        log.debug("findUsernamesByExpireTimeWithLimit returned " + usernames.size() + " usernames.");
        assertTrue("No certs should have expired before this date", usernames.size() == 0);
        findDateSecs = data.getExpireDate().getTime() + 10000;
        findDate = new Date(findDateSecs);
        log.info("2. Looking for cert with expireDate=" + findDate);
        certs = certificateStoreSession.findCertificatesByExpireTimeWithLimit(admin, findDate);
        log.debug("findCertificatesByExpireTime returned " + certs.size() + " certs.");
        assertTrue("Some certs should have expired before this date", certs.size() != 0);
View Full Code Here

    public void test07FindByIssuerAndSerno() throws Exception {
        log.trace(">test07FindByIssuerAndSerno()");

        String issuerDN = CertTools.getIssuerDN(cert);
        String fp = CertTools.getFingerprintAsString(cert);
        CertificateInfo data3 = certificateStoreSession.getCertificateInfo(admin, fp);
        assertNotNull("Failed to find cert", data3);

        log.debug("Looking for cert with DN:" + CertTools.getIssuerDN(cert) + " and serno " + cert.getSerialNumber());
        Certificate fcert = certificateStoreSession.findCertificateByIssuerAndSerno(admin, issuerDN, cert.getSerialNumber());
        assertNotNull("Cant find by issuer and serno", fcert);
View Full Code Here

     *             error
     */
    public void test08IsRevoked() throws Exception {
        log.trace(">test08IsRevoked()");
        String fp = CertTools.getFingerprintAsString(cert);
        CertificateInfo data3 = certificateStoreSession.getCertificateInfo(admin, fp);
        assertNotNull("Failed to find cert", data3);
        log.debug("found by key! =" + data3);
        log.debug("fp=" + data3.getFingerprint());
        log.debug("issuer=" + data3.getIssuerDN());
        log.debug("subject=" + data3.getSubjectDN());
        log.debug("cafp=" + data3.getCAFingerprint());
        assertNotNull("wrong CAFingerprint", data3.getCAFingerprint());
        log.debug("status=" + data3.getStatus());
        assertTrue("wrong status", data3.getStatus() == SecConst.CERT_REVOKED);
        log.debug("type=" + data3.getType());
        assertTrue("wrong type", (data3.getType() == SecConst.CERTTYPE_ENDENTITY));
        log.debug("serno=" + data3.getSerialNumber());
        log.debug("expiredate=" + data3.getExpireDate());
        log.debug("revocationdate=" + data3.getRevocationDate());
        log.debug("revocationreason=" + data3.getRevocationReason());
        assertEquals("wrong reason", data3.getRevocationReason(), RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE);

        log.debug("Checking if cert is revoked DN:'" + CertTools.getIssuerDN(cert) + "', serno:'" + cert.getSerialNumber().toString() + "'.");
        CertificateStatus revinfo = certificateStoreSession.getStatus(CertTools.getIssuerDN(cert), cert.getSerialNumber());
        assertNotNull("Certificate not found, it should be!", revinfo);
        int reason = revinfo.revocationReason;
        assertEquals("Certificate not revoked, it should be!", RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE, reason);
        assertTrue("Wrong revocationDate!", revinfo.revocationDate.compareTo(data3.getRevocationDate()) == 0);
        assertEquals("Wrong reason!", revinfo.revocationReason, data3.getRevocationReason());
        log.debug("Removed it!");
        log.trace("<test08IsRevoked()");
    }
View Full Code Here

        // Test to renew a CVC CA
        dvdcainfo = caAdminSession.getCAInfo(admin, dvdcaname);
        Certificate cert = (Certificate) dvdcainfo.getCertificateChain().iterator().next();
        // Verify that fingerprint and CA fingerprint is handled correctly
        CertificateInfo certInfo = certificateStoreSession.getCertificateInfo(admin, CertTools.getFingerprintAsString(cert));
        assertFalse(certInfo.getFingerprint().equals(certInfo.getCAFingerprint()));
        int caid = dvdcainfo.getCAId();
        caAdminSession.renewCA(admin, caid, null, false);
        dvdcainfo = caAdminSession.getCAInfo(admin, dvdcaname);
        assertEquals(CAInfo.CATYPE_CVC, dvdcainfo.getCAType());
        cert = (Certificate) dvdcainfo.getCertificateChain().iterator().next();
        assertEquals("CVC", cert.getType());
        assertEquals(CertTools.getSubjectDN(cert), dvddn);
        assertEquals(CertTools.getIssuerDN(cert), rootcadn);
        assertEquals(dvdcainfo.getSubjectDN(), dvddn);
        // Verify that fingerprint and CA fingerprint is handled correctly
        certInfo = certificateStoreSession.getCertificateInfo(admin, CertTools.getFingerprintAsString(cert));
        assertFalse(certInfo.getFingerprint().equals(certInfo.getCAFingerprint()));
        // It's not possible to check the time for renewal of a CVC CA since the
        // resolution of validity is only days.
        // The only way is to generate a certificate with different access
        // rights in it
        CardVerifiableCertificate cvcert = (CardVerifiableCertificate) cert;
View Full Code Here

     * @throws ApprovalException
     * @throws WaitingForApprovalException
     */
    private void checkIfApprovalRequired(Admin admin, Certificate certificate, String username, int endEntityProfileId, boolean checkNewest, GlobalConfiguration gc) throws ApprovalException, WaitingForApprovalException{     
        final int caid = CertTools.getIssuerDN(certificate).hashCode();
    final CertificateInfo certinfo = certificateStoreSession.getCertificateInfo(admin, CertTools.getFingerprintAsString(certificate));
        // Check if approvals is required.
        int numOfApprovalsRequired = caAdminSession.getNumOfApprovalRequired(admin, CAInfo.REQ_APPROVAL_KEYRECOVER, caid, certinfo.getCertificateProfileId());
        if (numOfApprovalsRequired > 0){   
      KeyRecoveryApprovalRequest ar = new KeyRecoveryApprovalRequest(certificate,username,checkNewest, admin,null,numOfApprovalsRequired,caid,endEntityProfileId);
      if (ApprovalExecutorUtil.requireApproval(ar, NONAPPROVABLECLASSNAMES_KEYRECOVERY)){
        approvalSession.addApprovalRequest(admin, ar, gc);
              String msg = intres.getLocalizedMessage("keyrecovery.addedforapproval");             
View Full Code Here

TOP

Related Classes of org.ejbca.core.model.ca.store.CertificateInfo

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.