} else if (ca.isUseUserStorage() && req.getPassword() == null) {
String msg = intres.getLocalizedMessage("signsession.nopasswordinrequest");
logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(), req.getUsername(), null, LogConstants.EVENT_ERROR_CREATECERTIFICATE, msg);
throw new SignRequestException(msg);
} else {
ResponseStatus status = ResponseStatus.SUCCESS;
FailInfo failInfo = null;
String failText = null;
Certificate cert = null;
try {
// If we haven't done so yet, authenticate user. (Only if we store UserData for this CA.)
if (ca.isUseUserStorage()) {
data = authUser(admin, req.getUsername(), req.getPassword());
} else {
data = suppliedUserData;
}
PublicKey reqpk = req.getRequestPublicKey();
if (reqpk == null) {
logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(), req.getUsername(), null, LogConstants.EVENT_ERROR_CREATECERTIFICATE, intres.getLocalizedMessage("signsession.nokeyinrequest"));
throw new InvalidKeyException("Key is null!");
}
// We need to make sure we use the users registered CA here
if (data.getCAId() != ca.getCAId()) {
failText = intres.getLocalizedMessage("signsession.wrongauthority", Integer.valueOf(ca.getCAId()), Integer.valueOf(data.getCAId()));
status = ResponseStatus.FAILURE;
failInfo = FailInfo.WRONG_AUTHORITY;
logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(), req.getUsername(), null, LogConstants.EVENT_ERROR_CREATECERTIFICATE, failText);
}
if (status.equals(ResponseStatus.SUCCESS)) {
Date notBefore = req.getRequestValidityNotBefore(); // Optionally requested validity
Date notAfter = req.getRequestValidityNotAfter(); // Optionally requested validity
X509Extensions exts = req.getRequestExtensions(); // Optionally requested extensions
int keyusage = -1;
if (exts != null) {