Package org.ejbca.cvc

Examples of org.ejbca.cvc.CardVerifiableCertificate


 
    /**
     * @see org.ejbca.core.protocol.IRequestMessage
     */
  public Date getRequestValidityNotAfter() {
      CardVerifiableCertificate cc = getCardVerifiableCertificate();
        return CertTools.getNotAfter(cc);
  }
View Full Code Here


        log.trace(">verify()");

        boolean ret = false;

        try {
          CardVerifiableCertificate cc = getCardVerifiableCertificate();
          if (cc != null) {
                if (pubKey == null) {
                  cc.verify(cvcert.getCertificateBody().getPublicKey());
                  ret = true; // If we came here verification was successful
                } else {
                    cc.verify(pubKey);
                  ret = true; // If we came here verification was successful
                }           
          }
        } catch (NoSuchFieldException e) {
            log.error("CVC error!", e);
View Full Code Here

        }
        } catch (IllegalArgumentException e) {
            log.error("CVC not inited!", e);
            return null;
        }
      CardVerifiableCertificate cc = new CardVerifiableCertificate(cvcert);
      return cc;
    }
View Full Code Here

      throw new Exception("Unknown public key type: " + publickey.getAlgorithm() + " (" + publickey.getClass() + ")");
    }
   
    // If this is a CVC CA we need to find out the sequence
    if (cacert instanceof CardVerifiableCertificate) {
      CardVerifiableCertificate cvccacert = (CardVerifiableCertificate) cacert;
      log.debug("Getting sequence from holderRef in CV certificate.");
      String sequence = cvccacert.getCVCertificate().getCertificateBody().getHolderReference().getSequence();
      log.debug("Setting sequence "+sequence);
      setKeySequence(sequence);
            log.debug("Setting default sequence format "+StringTools.KEY_SEQUENCE_FORMAT_NUMERIC);
      setKeySequenceFormat(StringTools.KEY_SEQUENCE_FORMAT_NUMERIC);
    } else {
View Full Code Here

      }
      HolderReferenceField holderRef = new HolderReferenceField(country, mnemonic, seq);
      CAReferenceField caRef = null;
      if (cacert != null) {
        if (cacert instanceof CardVerifiableCertificate) {
          CardVerifiableCertificate cvcacert = (CardVerifiableCertificate) cacert;
          try {
            HolderReferenceField href = cvcacert.getCVCertificate().getCertificateBody().getHolderReference();
            caRef = new CAReferenceField(href.getCountry(), href.getMnemonic(), href.getSequence());
            log.debug("Using caRef from the CA certificate: "+caRef.getConcatenated());         
          } catch (NoSuchFieldException e) {
            log.debug("CA certificate does not contain a Holder reference to use as CARef in request.");
          }         
View Full Code Here

    if (log.isTraceEnabled()) {
      log.trace(">signRequest: usepreviouskey="+usepreviouskey+", createlinkcert="+createlinkcert);
    }
    byte[] ret = request;
    try {
      CardVerifiableCertificate cacert = (CardVerifiableCertificate)getCACertificate();
      if (cacert == null) {
        // if we don't have a CA certificate, we can't sign any request, just return it
        return request;
      }
      CATokenContainer catoken = getCAToken();
      // Get either the current or the previous signing key for signing this request
      int key = SecConst.CAKEYPURPOSE_CERTSIGN;
      if (usepreviouskey) {
        log.debug("Using previous CertSign key to sign request");
        key = SecConst.CAKEYPURPOSE_CERTSIGN_PREVIOUS;
      } else {
        log.debug("Using current CertSign key to sign request");
      }
      KeyPair keyPair = new KeyPair(catoken.getPublicKey(key), catoken.getPrivateKey(key));
      String signAlg = getCAToken().getCATokenInfo().getSignatureAlgorithm();
      // Create the CA reference, should be from signing certificates holder field
      HolderReferenceField caHolder = cacert.getCVCertificate().getCertificateBody().getHolderReference();
      String sequence = caHolder.getSequence();
      // See if we have a previous sequence to put in the CA reference instead of the same as we have from the request
      String propdata = catoken.getCATokenInfo().getProperties();
      Properties prop = new Properties();
      if (propdata != null) {
        prop.load(new ByteArrayInputStream(propdata.getBytes()));         
      }
      String previousSequence = (String)prop.get(ICAToken.PREVIOUS_SEQUENCE_PROPERTY);
      // Only use previous sequence if we also use previous key
      if ( (previousSequence != null) && (usepreviouskey) ) {
        sequence = previousSequence;
        log.debug("Using previous sequence in caRef: "+sequence);
      } else {
        log.debug("Using current sequence in caRef: "+sequence);       
      }
      // Set the CA reference field for the authentication signature
      CAReferenceField caRef = new CAReferenceField(caHolder.getCountry(), caHolder.getMnemonic(), sequence);

      CVCertificate cvcert = null;
      try {
        byte[] binbytes = request;
        try {
          // We don't know if this is a PEM or binary certificate or request request so we first try to
          // decode it as a PEM certificate, and if it's not we try it as a PEM request and finally as a binary request
          Collection<Certificate> col = CertTools.getCertsFromPEM(new ByteArrayInputStream(request));
          Certificate cert = col.iterator().next();
          if (cert != null) {
            binbytes = cert.getEncoded();
          }
        } catch (Exception e) {
          log.debug("This is not a PEM certificate?: "+e.getMessage());
          try {
            binbytes = RequestMessageUtils.getRequestBytes(request);
          } catch (Exception e2) {
            log.debug("This is not a PEM request?: "+e2.getMessage());           
          }
        }
        // This can be either a CV certificate, a CV certificate request, or an authenticated request that we should re-sign
        CVCObject parsedObject;
        parsedObject = CertificateParser.parseCVCObject(binbytes);
        if (parsedObject instanceof CVCertificate) {
          cvcert = (CVCertificate) parsedObject;
          log.debug("This is a reqular CV request, or cert.");         
        } else if (parsedObject instanceof CVCAuthenticatedRequest) {
          CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest)parsedObject;
          cvcert = authreq.getRequest();
          log.debug("This is an authenticated CV request, we will overwrite the old authentication with a new.");         
        }
      } catch (ParseException e) {
              String msg = intres.getLocalizedMessage("cvc.error.notcvcrequest");
        log.info(msg, e);
        return request;
      } catch (ClassCastException e) {
              String msg = intres.getLocalizedMessage("cvc.error.notcvcrequest");
        log.info(msg, e);
        return request;
      }
      // Check if the input was a CVCA certificate, which is the same CVCA as this. If all is true we should create a CVCA link certificate
      // instead of an authenticated request
      CardVerifiableCertificate cvccert = new CardVerifiableCertificate(cvcert);
      HolderReferenceField cvccertholder = cvccert.getCVCertificate().getCertificateBody().getHolderReference();
      AuthorizationRoleEnum authRole = null;
      AccessRightEnum rights = null;
      try {
        authRole = cvccert.getCVCertificate().getCertificateBody().getAuthorizationTemplate().getAuthorizationField().getRole();         
         rights = cvccert.getCVCertificate().getCertificateBody().getAuthorizationTemplate().getAuthorizationField().getAccessRight();
      } catch (NoSuchFieldException e) {
        log.debug("No AuthorizationRoleEnum or AccessRightEnum, this is not a CV certificate so we can't make a link certificate: "+e.getMessage());
       
      }
      if (createlinkcert && (authRole != null) && (rights != null)) {
        log.debug("We will create a link certificate.");
        String msg = intres.getLocalizedMessage("cvc.info.createlinkcert", cvccertholder.getConcatenated(), caRef.getConcatenated());
        log.info(msg);
        PublicKey pk = cvccert.getPublicKey();
        Date validFrom = cvccert.getCVCertificate().getCertificateBody().getValidFrom();
        Date validTo = cvccert.getCVCertificate().getCertificateBody().getValidTo();
        // Generate a new certificate with the same contents as the passed in certificate, but with new caRef and signature
        CVCertificate retcert = CertificateGenerator.createCertificate(pk, keyPair.getPrivate(), signAlg, caRef, cvccertholder, authRole, rights, validFrom, validTo, catoken.getProvider());
        ret = retcert.getDEREncoded();
        log.debug("Signed a CardVerifiableCertificate CardVerifiableCertificate.");
      } else {
View Full Code Here

        if (certProfile.getType() == CertificateProfile.TYPE_ROOTCA) {
          isRootCA = true;
        }
       
        // Get CA reference
        CardVerifiableCertificate cacert = (CardVerifiableCertificate)getCACertificate();
        // Get certificate validity time notBefore and notAfter
        CertificateValidity val = new CertificateValidity(subject, certProfile, notBefore, notAfter, cacert, isRootCA);

        // We must take the issuer DN directly from the CA-certificate, if we are not creating a new Root CA
        CAReferenceField caRef = null;
        AuthorizationRoleEnum authRole = AuthorizationRoleEnum.IS;
        if (isRootCA) {
          // This will be an initial root CA, since no CA-certificate exists
          if (log.isDebugEnabled()) {
            log.debug("Using Holder Ref also as CA Ref, because it is a root CA");
          }
            caRef = new CAReferenceField(holderRef.getCountry(), holderRef.getMnemonic(), holderRef.getSequence());
            log.debug("Using AuthorizationRoleEnum.CVCA");
            authRole = AuthorizationRoleEnum.CVCA;
        } else {
          if (log.isDebugEnabled()) {
            log.debug("Using CA Ref directly from the CA certificates Holder Ref");
          }
            HolderReferenceField hr = cacert.getCVCertificate().getCertificateBody().getHolderReference();
            caRef = new CAReferenceField(hr.getCountry(), hr.getMnemonic(), hr.getSequence());
            if (certProfile.getType() == CertificateProfile.TYPE_SUBCA) {
              // If the holder DV's country and the CA's country is the same, this is a domestic DV
              // If the holder DV's country is something else, it is a foreign DV
              if (StringUtils.equals(caRef.getCountry(), holderRef.getCountry())) {
                  authRole = AuthorizationRoleEnum.DV_D;               
                    log.debug("Using AuthorizationRoleEnum.DV_D");
              } else {
                  authRole = AuthorizationRoleEnum.DV_F;                 
                    log.debug("Using AuthorizationRoleEnum.DV_F");
              }
            }
        }

        AccessRightEnum accessRights = AccessRightEnum.READ_ACCESS_NONE;
        int rights = certProfile.getCVCAccessRights();
        log.debug("Access rights in certificate profile: "+rights);
        switch (rights) {
          case CertificateProfile.CVC_ACCESS_DG3: accessRights = AccessRightEnum.READ_ACCESS_DG3; break;
          case CertificateProfile.CVC_ACCESS_DG4: accessRights = AccessRightEnum.READ_ACCESS_DG4; break;
          case CertificateProfile.CVC_ACCESS_DG3DG4: accessRights = AccessRightEnum.READ_ACCESS_DG3_AND_DG4; break;
          case CertificateProfile.CVC_ACCESS_NONE: accessRights = AccessRightEnum.READ_ACCESS_NONE; break;
        }
        // Generate the CVC certificate using Keijos library
        CATokenContainer catoken = getCAToken();
        String sigAlg = catoken.getCATokenInfo().getSignatureAlgorithm();
        log.debug("Creating CV certificate with algorithm "+sigAlg+", using provider "+catoken.getProvider()+", public key algorithm from CVC request must match this algorithm.");
        log.debug("CARef: "+caRef.getConcatenated()+"; holderRef: "+holderRef.getConcatenated());
        CVCertificate cvc = CertificateGenerator.createCertificate(publicKey, catoken.getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN),
            sigAlg, caRef, holderRef, authRole, accessRights, val.getNotBefore(), val.getNotAfter(), catoken.getProvider());

        if (log.isDebugEnabled()) {
            log.debug("Certificate: "+cvc.toString());
            log.debug("Certificate bytes: "+new String(Base64.encode(cvc.getDEREncoded())));         
        }
       
        CardVerifiableCertificate retCert = new CardVerifiableCertificate(cvc);
        // Verify certificate before returning
        retCert.verify(getCAToken().getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN));
        if (log.isTraceEnabled()) {
          log.trace("<generateCertificate()");
        }
    return retCert;                                                                                       
  }
View Full Code Here

TOP

Related Classes of org.ejbca.cvc.CardVerifiableCertificate

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.