Package org.ejbca.cvc

Examples of org.ejbca.cvc.HolderReferenceField


        log.debug("Using current CertSign key to sign request");
      }
      KeyPair keyPair = new KeyPair(catoken.getPublicKey(key), catoken.getPrivateKey(key));
      String signAlg = getCAToken().getCATokenInfo().getSignatureAlgorithm();
      // Create the CA reference, should be from signing certificates holder field
      HolderReferenceField caHolder = cacert.getCVCertificate().getCertificateBody().getHolderReference();
      String sequence = caHolder.getSequence();
      // See if we have a previous sequence to put in the CA reference instead of the same as we have from the request
      String propdata = catoken.getCATokenInfo().getProperties();
      Properties prop = new Properties();
      if (propdata != null) {
        prop.load(new ByteArrayInputStream(propdata.getBytes()));         
      }
      String previousSequence = (String)prop.get(ICAToken.PREVIOUS_SEQUENCE_PROPERTY);
      // Only use previous sequence if we also use previous key
      if ( (previousSequence != null) && (usepreviouskey) ) {
        sequence = previousSequence;
        log.debug("Using previous sequence in caRef: "+sequence);
      } else {
        log.debug("Using current sequence in caRef: "+sequence);       
      }
      // Set the CA reference field for the authentication signature
      CAReferenceField caRef = new CAReferenceField(caHolder.getCountry(), caHolder.getMnemonic(), sequence);

      CVCertificate cvcert = null;
      try {
        byte[] binbytes = request;
        try {
          // We don't know if this is a PEM or binary certificate or request request so we first try to
          // decode it as a PEM certificate, and if it's not we try it as a PEM request and finally as a binary request
          Collection<Certificate> col = CertTools.getCertsFromPEM(new ByteArrayInputStream(request));
          Certificate cert = col.iterator().next();
          if (cert != null) {
            binbytes = cert.getEncoded();
          }
        } catch (Exception e) {
          log.debug("This is not a PEM certificate?: "+e.getMessage());
          try {
            binbytes = RequestMessageUtils.getRequestBytes(request);
          } catch (Exception e2) {
            log.debug("This is not a PEM request?: "+e2.getMessage());           
          }
        }
        // This can be either a CV certificate, a CV certificate request, or an authenticated request that we should re-sign
        CVCObject parsedObject;
        parsedObject = CertificateParser.parseCVCObject(binbytes);
        if (parsedObject instanceof CVCertificate) {
          cvcert = (CVCertificate) parsedObject;
          log.debug("This is a reqular CV request, or cert.");         
        } else if (parsedObject instanceof CVCAuthenticatedRequest) {
          CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest)parsedObject;
          cvcert = authreq.getRequest();
          log.debug("This is an authenticated CV request, we will overwrite the old authentication with a new.");         
        }
      } catch (ParseException e) {
              String msg = intres.getLocalizedMessage("cvc.error.notcvcrequest");
        log.info(msg, e);
        return request;
      } catch (ClassCastException e) {
              String msg = intres.getLocalizedMessage("cvc.error.notcvcrequest");
        log.info(msg, e);
        return request;
      }
      // Check if the input was a CVCA certificate, which is the same CVCA as this. If all is true we should create a CVCA link certificate
      // instead of an authenticated request
      CardVerifiableCertificate cvccert = new CardVerifiableCertificate(cvcert);
      HolderReferenceField cvccertholder = cvccert.getCVCertificate().getCertificateBody().getHolderReference();
      AuthorizationRoleEnum authRole = null;
      AccessRightEnum rights = null;
      try {
        authRole = cvccert.getCVCertificate().getCertificateBody().getAuthorizationTemplate().getAuthorizationField().getRole();         
         rights = cvccert.getCVCertificate().getCertificateBody().getAuthorizationTemplate().getAuthorizationField().getAccessRight();
      } catch (NoSuchFieldException e) {
        log.debug("No AuthorizationRoleEnum or AccessRightEnum, this is not a CV certificate so we can't make a link certificate: "+e.getMessage());
       
      }
      if (createlinkcert && (authRole != null) && (rights != null)) {
        log.debug("We will create a link certificate.");
        String msg = intres.getLocalizedMessage("cvc.info.createlinkcert", cvccertholder.getConcatenated(), caRef.getConcatenated());
        log.info(msg);
        PublicKey pk = cvccert.getPublicKey();
        Date validFrom = cvccert.getCVCertificate().getCertificateBody().getValidFrom();
        Date validTo = cvccert.getCVCertificate().getCertificateBody().getValidTo();
        // Generate a new certificate with the same contents as the passed in certificate, but with new caRef and signature
View Full Code Here


        seq = "0"+seq;         
      }
    }
    // The DN 'CN=00111,O=CVCA-RPS,C=SE' will make the following reference
        //HolderReferenceField holderRef = new HolderReferenceField("SE","CVCA-RPS","00111");   
        HolderReferenceField holderRef = new HolderReferenceField(country, mnemonic, seq);

        // Check if this is a root CA we are creating
        boolean isRootCA = false;
        if (certProfile.getType() == CertificateProfile.TYPE_ROOTCA) {
          isRootCA = true;
        }
       
        // Get CA reference
        CardVerifiableCertificate cacert = (CardVerifiableCertificate)getCACertificate();
        // Get certificate validity time notBefore and notAfter
        CertificateValidity val = new CertificateValidity(subject, certProfile, notBefore, notAfter, cacert, isRootCA);

        // We must take the issuer DN directly from the CA-certificate, if we are not creating a new Root CA
        CAReferenceField caRef = null;
        AuthorizationRoleEnum authRole = AuthorizationRoleEnum.IS;
        if (isRootCA) {
          // This will be an initial root CA, since no CA-certificate exists
          if (log.isDebugEnabled()) {
            log.debug("Using Holder Ref also as CA Ref, because it is a root CA");
          }
            caRef = new CAReferenceField(holderRef.getCountry(), holderRef.getMnemonic(), holderRef.getSequence());
            log.debug("Using AuthorizationRoleEnum.CVCA");
            authRole = AuthorizationRoleEnum.CVCA;
        } else {
          if (log.isDebugEnabled()) {
            log.debug("Using CA Ref directly from the CA certificates Holder Ref");
          }
            HolderReferenceField hr = cacert.getCVCertificate().getCertificateBody().getHolderReference();
            caRef = new CAReferenceField(hr.getCountry(), hr.getMnemonic(), hr.getSequence());
            if (certProfile.getType() == CertificateProfile.TYPE_SUBCA) {
              // If the holder DV's country and the CA's country is the same, this is a domestic DV
              // If the holder DV's country is something else, it is a foreign DV
              if (StringUtils.equals(caRef.getCountry(), holderRef.getCountry())) {
                  authRole = AuthorizationRoleEnum.DV_D;               
View Full Code Here

TOP

Related Classes of org.ejbca.cvc.HolderReferenceField

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.