List of usage examples for org.bouncycastle.asn1.x509.qualified ETSIQCObjectIdentifiers id_etsi_qcs_LimiteValue
ASN1ObjectIdentifier id_etsi_qcs_LimiteValue
To view the source code for org.bouncycastle.asn1.x509.qualified ETSIQCObjectIdentifiers id_etsi_qcs_LimiteValue.
Click Source Link
From source file:it.trento.comune.j4sign.verification.CertValidity.java
License:Open Source License
public boolean getHasQcStatements() { try {// w w w. j a v a2s . co m hasQCStatements = it.trento.comune.j4sign.verification.utils.CertUtils.QCStatements .hasQcStatement(cert); qcCompliance = false; qcStatementsStrings = null; if (hasQCStatements) { qcStatementsStrings = new ArrayList<String>(); ASN1Sequence qcStatements = CertUtils.QCStatements.getQcStatements(cert); Enumeration<?> qcStatementEnum = qcStatements.getObjects(); while (qcStatementEnum.hasMoreElements()) { QCStatement qc = QCStatement.getInstance(qcStatementEnum.nextElement()); DERObjectIdentifier statementId = qc.getStatementId(); if (ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance.getId().equals(statementId.getId())) { qcCompliance = true; qcStatementsStrings.add(statementId.getId() + " (etsi_qcs_QcCompliance)"); } else if (ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue.getId() .equals(statementId.getId())) { String qcLimit = CertUtils.QCStatements.getQcStatementValueLimit(cert); qcStatementsStrings.add(statementId.getId() + " (id_etsi_qcs_LimiteValue): " + qcLimit); } else if (ETSIQCObjectIdentifiers.id_etsi_qcs_RetentionPeriod.getId() .equals(statementId.getId())) { String qcRetentionPeriod = DERInteger.getInstance(qc.getStatementInfo()).toString(); qcStatementsStrings .add(statementId.getId() + " (etsi_qcs_RetentionPeriod): " + qcRetentionPeriod); } else if (ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD.getId().equals(statementId.getId())) { qcStatementsStrings.add(statementId.getId() + " (etsi_qcs_QcSSCD)"); } else qcStatementsStrings.add(statementId.getId() + " (Unknown)"); } } } catch (IOException e) { hasQCStatements = false; } return hasQCStatements; }
From source file:org.cesecore.certificates.certificate.certextensions.standard.QcStatement.java
License:Open Source License
@Override public ASN1Encodable getValue(final EndEntityInformation subject, final CA ca, final CertificateProfile certProfile, final PublicKey userPublicKey, final PublicKey caPublicKey, CertificateValidity val) throws CertificateExtensionException { DERSequence ret = null;/*from www . j av a 2 s. co m*/ final String names = certProfile.getQCStatementRAName(); final GeneralNames san = CertTools.getGeneralNamesFromAltName(names); SemanticsInformation si = null; if (san != null) { if (StringUtils.isNotEmpty(certProfile.getQCSemanticsId())) { si = new SemanticsInformation(new ASN1ObjectIdentifier(certProfile.getQCSemanticsId()), san.getNames()); } else { si = new SemanticsInformation(san.getNames()); } } else if (StringUtils.isNotEmpty(certProfile.getQCSemanticsId())) { si = new SemanticsInformation(new ASN1ObjectIdentifier(certProfile.getQCSemanticsId())); } final ArrayList<QCStatement> qcs = new ArrayList<QCStatement>(); QCStatement qc = null; // First the standard rfc3739 QCStatement with an optional SematicsInformation // We never add RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1. This is so old so we think it has never been used in the wild basically. // That means no need to have code we have to maintain for that. if (certProfile.getUsePkixQCSyntaxV2()) { ASN1ObjectIdentifier pkixQcSyntax = RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2; if ((si != null)) { qc = new QCStatement(pkixQcSyntax, si); qcs.add(qc); } else { qc = new QCStatement(pkixQcSyntax); qcs.add(qc); } } // ETSI Statement that the certificate is a Qualified Certificate if (certProfile.getUseQCEtsiQCCompliance()) { qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance); qcs.add(qc); } // ETSI Statement regarding limit on the value of transactions // Both value and currency must be available for this extension if (certProfile.getUseQCEtsiValueLimit() && (certProfile.getQCEtsiValueLimit() >= 0) && (certProfile.getQCEtsiValueLimitCurrency() != null)) { final int limit = certProfile.getQCEtsiValueLimit(); // The exponent should be default 0 final int exponent = certProfile.getQCEtsiValueLimitExp(); final MonetaryValue value = new MonetaryValue( new Iso4217CurrencyCode(certProfile.getQCEtsiValueLimitCurrency()), limit, exponent); qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue, value); qcs.add(qc); } if (certProfile.getUseQCEtsiRetentionPeriod()) { final ASN1Integer years = new ASN1Integer(((Integer) certProfile.getQCEtsiRetentionPeriod())); qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_RetentionPeriod, years); qcs.add(qc); } // ETSI Statement claiming that the private key resides in a Signature Creation Device if (certProfile.getUseQCEtsiSignatureDevice()) { qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD); qcs.add(qc); } // Custom UTF8String QC-statement: // qcStatement-YourCustom QC-STATEMENT ::= { SYNTAX YourCustomUTF8String // IDENTIFIED BY youroid } // -- This statement gives you the possibility to define your own QC-statement // -- using an OID and a simple UTF8String, with describing text. A sample text could for example be: // -- This certificate, according to Act. No. xxxx Electronic Signature Law is a qualified electronic certificate // // YourCustomUTF8String ::= UTF8String if (certProfile.getUseQCCustomString() && !StringUtils.isEmpty(certProfile.getQCCustomStringOid()) && !StringUtils.isEmpty(certProfile.getQCCustomStringText())) { final DERUTF8String str = new DERUTF8String(certProfile.getQCCustomStringText()); final ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(certProfile.getQCCustomStringOid()); qc = new QCStatement(oid, str); qcs.add(qc); } if (!qcs.isEmpty()) { final ASN1EncodableVector vec = new ASN1EncodableVector(); final Iterator<QCStatement> iter = qcs.iterator(); while (iter.hasNext()) { final QCStatement q = (QCStatement) iter.next(); vec.add(q); } ret = new DERSequence(vec); } if (ret == null) { log.error( "Qualified certificate statements extension has been enabled, but no statements were included!"); throw new CertificateExtensionException( "If qualified certificate statements extension has been enabled, at least one statement must be included!"); } return ret; }
From source file:org.cesecore.certificates.util.cert.QCStatementExtension.java
License:Open Source License
/** Returns the value limit ETSI QCStatement if present. * /*from w w w. j a va 2s. c om*/ * @param cert Certificate possibly containing the QCStatement extension * @return String with the value and currency (ex '50000 SEK')or null if the extension is not present * @throws IOException if there is a problem parsing the certificate */ public static String getQcStatementValueLimit(final Certificate cert) throws IOException { String ret = null; if (cert instanceof X509Certificate) { final X509Certificate x509cert = (X509Certificate) cert; final ASN1Primitive obj = getExtensionValue(x509cert, Extension.qCStatements.getId()); if (obj == null) { return null; } final ASN1Sequence seq = (ASN1Sequence) obj; MonetaryValue mv = null; // Look through all the QCStatements and see if we have a stadard ETSI LimitValue for (int i = 0; i < seq.size(); i++) { final QCStatement qc = QCStatement.getInstance(seq.getObjectAt(i)); final ASN1ObjectIdentifier oid = qc.getStatementId(); if ((oid != null) && oid.equals(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue)) { // We MAY have a MonetaryValue object here final ASN1Encodable enc = qc.getStatementInfo(); if (enc != null) { mv = MonetaryValue.getInstance(enc); // We can break the loop now, we got it! break; } } } if (mv != null) { final BigInteger amount = mv.getAmount(); final BigInteger exp = mv.getExponent(); final BigInteger ten = BigInteger.valueOf(10); // A possibly gotcha here if the monetary value is larger than what fits in a long... final long value = amount.longValue() * (ten.pow(exp.intValue())).longValue(); if (value < 0) { log.error("ETSI LimitValue amount is < 0."); } final String curr = mv.getCurrency().getAlphabetic(); if (curr == null) { log.error("ETSI LimitValue currency is null"); } if ((value >= 0) && (curr != null)) { ret = value + " " + curr; } } } return ret; }
From source file:org.cesecore.util.CertToolsTest.java
License:Open Source License
@Test public void test14QCStatement() throws Exception { Certificate cert = CertTools.getCertfromByteArray(qcRefCert); // log.debug(cert); assertEquals("rfc822name=municipality@darmstadt.de", QCStatementExtension.getQcStatementAuthorities(cert)); Collection<String> ids = QCStatementExtension.getQcStatementIds(cert); assertTrue(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2.getId())); Certificate cert2 = CertTools.getCertfromByteArray(qcPrimeCert); assertEquals("rfc822name=qc@primekey.se", QCStatementExtension.getQcStatementAuthorities(cert2)); ids = QCStatementExtension.getQcStatementIds(cert2); assertTrue(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue.getId())); String limit = QCStatementExtension.getQcStatementValueLimit(cert2); assertEquals("50000 SEK", limit); }
From source file:org.ejbca.core.ejb.ca.sign.SignSessionTest.java
License:Open Source License
/** Tests creating a certificate with QC statement */ public void test10TestQcCert() throws Exception { log.trace(">test10TestQcCert()"); // Create a good certificate profile (good enough), using QC statement certificateProfileSession.removeCertificateProfile(admin, "TESTQC"); EndUserCertificateProfile certprof = new EndUserCertificateProfile(); certprof.setUseQCStatement(true);//from w w w . j a v a2s . c om certprof.setQCStatementRAName("rfc822Name=qc@primekey.se"); certprof.setUseQCEtsiQCCompliance(true); certprof.setUseQCEtsiSignatureDevice(true); certprof.setUseQCEtsiValueLimit(true); certprof.setQCEtsiValueLimit(50000); certprof.setQCEtsiValueLimitCurrency("SEK"); certificateProfileSession.addCertificateProfile(admin, "TESTQC", certprof); int cprofile = certificateProfileSession.getCertificateProfileId(admin, "TESTQC"); // Create a good end entity profile (good enough), allowing multiple UPN // names endEntityProfileSession.removeEndEntityProfile(admin, "TESTQC"); EndEntityProfile profile = new EndEntityProfile(); profile.addField(DnComponents.COUNTRY); profile.addField(DnComponents.COMMONNAME); profile.setValue(EndEntityProfile.AVAILCAS, 0, Integer.toString(SecConst.ALLCAS)); profile.setValue(EndEntityProfile.AVAILCERTPROFILES, 0, Integer.toString(cprofile)); endEntityProfileSession.addEndEntityProfile(admin, "TESTQC", profile); int eeprofile = endEntityProfileSession.getEndEntityProfileId(admin, "TESTQC"); // Change a user that we know... userAdminSession.changeUser(admin, "foo", "foo123", "C=SE,CN=qc", null, "foo@anatom.nu", false, eeprofile, cprofile, SecConst.USER_ENDUSER, SecConst.TOKEN_SOFT_PEM, 0, UserDataConstants.STATUS_NEW, rsacaid); log.debug("created user: foo, foo123, C=SE, CN=qc"); X509Certificate cert = (X509Certificate) signSession.createCertificate(admin, "foo", "foo123", rsakeys.getPublic()); assertNotNull("Failed to create certificate", cert); // FileOutputStream fos = new FileOutputStream("cert.crt"); // fos.write(cert.getEncoded()); // fos.close(); String dn = cert.getSubjectDN().getName(); assertEquals(CertTools.stringToBCDNString("cn=qc,c=SE"), CertTools.stringToBCDNString(dn)); assertEquals("rfc822name=qc@primekey.se", QCStatementExtension.getQcStatementAuthorities(cert)); Collection<String> ids = QCStatementExtension.getQcStatementIds(cert); assertTrue(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue.getId())); String limit = QCStatementExtension.getQcStatementValueLimit(cert); assertEquals("50000 SEK", limit); // Clean up endEntityProfileSession.removeEndEntityProfile(admin, "TESTQC"); certificateProfileSession.removeCertificateProfile(admin, "TESTQC"); log.trace("<test10TestQcCert()"); }
From source file:org.ejbca.core.ejb.ca.sign.SignSessionWithRsaTest.java
License:Open Source License
/** Tests creating a certificate with QC statement */ @Test/*from www.j a v a2s . c o m*/ public void testQcCert() throws Exception { log.trace(">test10TestQcCert()"); final String qcCertProfileName = "TESTQC"; final String qcCertEndEntityName = "TESTQC"; // Create a good certificate profile (good enough), using QC statement certificateProfileSession.removeCertificateProfile(internalAdmin, qcCertProfileName); final CertificateProfile certprof = new CertificateProfile( CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER); certprof.setUseQCStatement(true); certprof.setQCStatementRAName("rfc822Name=qc@primekey.se"); certprof.setUseQCEtsiQCCompliance(true); certprof.setUseQCEtsiSignatureDevice(true); certprof.setUseQCEtsiValueLimit(true); certprof.setQCEtsiValueLimit(50000); certprof.setQCEtsiValueLimitCurrency("SEK"); certificateProfileSession.addCertificateProfile(internalAdmin, qcCertProfileName, certprof); int cprofile = certificateProfileSession.getCertificateProfileId(qcCertProfileName); // Create a good end entity profile (good enough), allowing multiple UPN // names endEntityProfileSession.removeEndEntityProfile(internalAdmin, qcCertProfileName); EndEntityProfile profile = new EndEntityProfile(); profile.addField(DnComponents.COUNTRY); profile.addField(DnComponents.COMMONNAME); profile.setValue(EndEntityProfile.AVAILCAS, 0, Integer.toString(SecConst.ALLCAS)); profile.setValue(EndEntityProfile.AVAILCERTPROFILES, 0, Integer.toString(cprofile)); endEntityProfileSession.addEndEntityProfile(internalAdmin, qcCertProfileName, profile); int eeprofile = endEntityProfileSession.getEndEntityProfileId(qcCertProfileName); int rsacaid = caSession.getCAInfo(internalAdmin, getTestCAName()).getCAId(); KeyPair anotheKey = KeyTools.genKeys("1024", AlgorithmConstants.KEYALGORITHM_RSA); createEndEntity(qcCertEndEntityName, eeprofile, cprofile, rsacaid); try { // Change a user that we know... EndEntityInformation endEntity = new EndEntityInformation(qcCertEndEntityName, "C=SE,CN=qc", rsacaid, null, "foo@anatom.nu", EndEntityConstants.STATUS_NEW, EndEntityTypes.ENDUSER.toEndEntityType(), eeprofile, cprofile, null, null, SecConst.TOKEN_SOFT_PEM, 0, null); endEntity.setPassword("foo123"); endEntityManagementSession.changeUser(internalAdmin, endEntity, false); log.debug("created user: foo, foo123, C=SE, CN=qc"); X509Certificate cert = (X509Certificate) signSession.createCertificate(internalAdmin, qcCertEndEntityName, "foo123", new PublicKeyWrapper(anotheKey.getPublic())); assertNotNull("Failed to create certificate", cert); String dn = cert.getSubjectDN().getName(); assertEquals(CertTools.stringToBCDNString("cn=qc,c=SE"), CertTools.stringToBCDNString(dn)); // Since we do not have pkixQCSyntax_v1 or pkixQCSyntax_v2, no semanticsId will be added assertNull("rfc822name=qc@primekey.se", QCStatementExtension.getQcStatementAuthorities(cert)); Collection<String> ids = QCStatementExtension.getQcStatementIds(cert); // This certificate should neither have the deprecated pkixQCSyntax_v1 (we do not support it) or pkixQCSyntax_v2 (not selected9 assertFalse(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1.getId())); assertFalse(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue.getId())); String limit = QCStatementExtension.getQcStatementValueLimit(cert); assertEquals("50000 SEK", limit); // Test pkixQCSyntax_v2, where a semanticsId will also be added certprof.setUsePkixQCSyntaxV2(true); certificateProfileSession.changeCertificateProfile(internalAdmin, qcCertProfileName, certprof); endEntityManagementSession.changeUser(internalAdmin, endEntity, false); log.debug("created user: foo, foo123, C=SE, CN=qc"); cert = (X509Certificate) signSession.createCertificate(internalAdmin, qcCertEndEntityName, "foo123", new PublicKeyWrapper(anotheKey.getPublic())); assertNotNull("Failed to create certificate", cert); dn = cert.getSubjectDN().getName(); assertEquals(CertTools.stringToBCDNString("cn=qc,c=SE"), CertTools.stringToBCDNString(dn)); // Since we have pkixQCSyntax_v2, a semanticsId will be added assertEquals("rfc822name=qc@primekey.se", QCStatementExtension.getQcStatementAuthorities(cert)); ids = QCStatementExtension.getQcStatementIds(cert); // This certificate should neither have the deprecated pkixQCSyntax_v1 (we do not support it) or pkixQCSyntax_v2 (not selected9 assertFalse(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1.getId())); assertTrue(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue.getId())); assertEquals("50000 SEK", QCStatementExtension.getQcStatementValueLimit(cert)); } finally { // Clean up endEntityProfileSession.removeEndEntityProfile(internalAdmin, qcCertProfileName); certificateProfileSession.removeCertificateProfile(internalAdmin, qcCertProfileName); endEntityManagementSession.deleteUser(internalAdmin, qcCertEndEntityName); } log.trace("<test10TestQcCert()"); }
From source file:org.ejbca.core.model.ca.certextensions.standard.QcStatement.java
License:Open Source License
@Override public DEREncodable getValue(final UserDataVO subject, final CA ca, final CertificateProfile certProfile, final PublicKey userPublicKey, final PublicKey caPublicKey) throws CertificateExtentionConfigurationException, CertificateExtensionException { DERSequence ret = null;/*ww w. jav a 2s. c om*/ final String names = certProfile.getQCStatementRAName(); final GeneralNames san = CertTools.getGeneralNamesFromAltName(names); SemanticsInformation si = null; if (san != null) { if (StringUtils.isNotEmpty(certProfile.getQCSemanticsId())) { si = new SemanticsInformation(new DERObjectIdentifier(certProfile.getQCSemanticsId()), san.getNames()); } else { si = new SemanticsInformation(san.getNames()); } } else if (StringUtils.isNotEmpty(certProfile.getQCSemanticsId())) { si = new SemanticsInformation(new DERObjectIdentifier(certProfile.getQCSemanticsId())); } final ArrayList<QCStatement> qcs = new ArrayList<QCStatement>(); QCStatement qc = null; // First the standard rfc3739 QCStatement with an optional SematicsInformation DERObjectIdentifier pkixQcSyntax = RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1; if (certProfile.getUsePkixQCSyntaxV2()) { pkixQcSyntax = RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2; } if ((si != null)) { qc = new QCStatement(pkixQcSyntax, si); qcs.add(qc); } else { qc = new QCStatement(pkixQcSyntax); qcs.add(qc); } // ETSI Statement that the certificate is a Qualified Certificate if (certProfile.getUseQCEtsiQCCompliance()) { qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance); qcs.add(qc); } // ETSI Statement regarding limit on the value of transactions // Both value and currency must be available for this extension if (certProfile.getUseQCEtsiValueLimit() && (certProfile.getQCEtsiValueLimit() >= 0) && (certProfile.getQCEtsiValueLimitCurrency() != null)) { final int limit = certProfile.getQCEtsiValueLimit(); // The exponent should be default 0 final int exponent = certProfile.getQCEtsiValueLimitExp(); final MonetaryValue value = new MonetaryValue( new Iso4217CurrencyCode(certProfile.getQCEtsiValueLimitCurrency()), limit, exponent); qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue, value); qcs.add(qc); } if (certProfile.getUseQCEtsiRetentionPeriod()) { final DERInteger years = new DERInteger(((Integer) certProfile.getQCEtsiRetentionPeriod())); qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_RetentionPeriod, years); qcs.add(qc); } // ETSI Statement claiming that the private key resides in a Signature Creation Device if (certProfile.getUseQCEtsiSignatureDevice()) { qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD); qcs.add(qc); } // Custom UTF8String QC-statement: // qcStatement-YourCustom QC-STATEMENT ::= { SYNTAX YourCustomUTF8String // IDENTIFIED BY youroid } // -- This statement gives you the possibility to define your own QC-statement // -- using an OID and a simple UTF8String, with describing text. A sample text could for example be: // -- This certificate, according to Act. No. xxxx Electronic Signature Law is a qualified electronic certificate // // YourCustomUTF8String ::= UTF8String if (certProfile.getUseQCCustomString() && !StringUtils.isEmpty(certProfile.getQCCustomStringOid()) && !StringUtils.isEmpty(certProfile.getQCCustomStringText())) { final DERUTF8String str = new DERUTF8String(certProfile.getQCCustomStringText()); final DERObjectIdentifier oid = new DERObjectIdentifier(certProfile.getQCCustomStringOid()); qc = new QCStatement(oid, str); qcs.add(qc); } if (!qcs.isEmpty()) { final ASN1EncodableVector vec = new ASN1EncodableVector(); final Iterator<QCStatement> iter = qcs.iterator(); while (iter.hasNext()) { final QCStatement q = (QCStatement) iter.next(); vec.add(q); } ret = new DERSequence(vec); } if (ret == null) { log.error("QcStatements is used, but no statement defined!"); } return ret; }
From source file:org.ejbca.util.cert.QCStatementExtension.java
License:Open Source License
/** Returns the value limit ETSI QCStatement if present. * // w ww. j av a2 s .c o m * @param cert Certificate possibly containing the QCStatement extension * @return String with the value and currency (ex '50000 SEK')or null if the extension is not present * @throws IOException if there is a problem parsing the certificate */ public static String getQcStatementValueLimit(final Certificate cert) throws IOException { String ret = null; if (cert instanceof X509Certificate) { final X509Certificate x509cert = (X509Certificate) cert; final DERObject obj = getExtensionValue(x509cert, X509Extensions.QCStatements.getId()); if (obj == null) { return null; } final ASN1Sequence seq = (ASN1Sequence) obj; MonetaryValue mv = null; // Look through all the QCStatements and see if we have a stadard ETSI LimitValue for (int i = 0; i < seq.size(); i++) { final QCStatement qc = QCStatement.getInstance(seq.getObjectAt(i)); final DERObjectIdentifier oid = qc.getStatementId(); if ((oid != null) && oid.equals(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue)) { // We MAY have a MonetaryValue object here final ASN1Encodable enc = qc.getStatementInfo(); if (enc != null) { mv = MonetaryValue.getInstance(enc); // We can break the loop now, we got it! break; } } } if (mv != null) { final BigInteger amount = mv.getAmount(); final BigInteger exp = mv.getExponent(); final BigInteger ten = BigInteger.valueOf(10); // A possibly gotcha here if the monetary value is larger than what fits in a long... final long value = amount.longValue() * (ten.pow(exp.intValue())).longValue(); if (value < 0) { log.error("ETSI LimitValue amount is < 0."); } final String curr = mv.getCurrency().getAlphabetic(); if (curr == null) { log.error("ETSI LimitValue currency is null"); } if ((value >= 0) && (curr != null)) { ret = value + " " + curr; } } } return ret; }
From source file:org.ejbca.util.CertToolsTest.java
License:Open Source License
public void test14QCStatement() throws Exception { Certificate cert = CertTools.getCertfromByteArray(qcRefCert); // log.debug(cert); assertEquals("rfc822name=municipality@darmstadt.de", QCStatementExtension.getQcStatementAuthorities(cert)); Collection<String> ids = QCStatementExtension.getQcStatementIds(cert); assertTrue(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2.getId())); Certificate cert2 = CertTools.getCertfromByteArray(qcPrimeCert); assertEquals("rfc822name=qc@primekey.se", QCStatementExtension.getQcStatementAuthorities(cert2)); ids = QCStatementExtension.getQcStatementIds(cert2); assertTrue(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue.getId())); String limit = QCStatementExtension.getQcStatementValueLimit(cert2); assertEquals("50000 SEK", limit); }