List of usage examples for org.bouncycastle.asn1.x509.qualified ETSIQCObjectIdentifiers id_etsi_qcs_QcSSCD
ASN1ObjectIdentifier id_etsi_qcs_QcSSCD
To view the source code for org.bouncycastle.asn1.x509.qualified ETSIQCObjectIdentifiers id_etsi_qcs_QcSSCD.
Click Source Link
From source file:eu.europa.ejusticeportal.dss.applet.model.token.MoccaDssActionTest.java
License:EUPL
/** * Test that we can sign with MOCCA// ww w .ja v a 2 s .c om * @throws CodeException * @throws FileNotFoundException * @throws IOException * @throws NoSuchAlgorithmException */ public void testSign() throws CodeException, FileNotFoundException, IOException, NoSuchAlgorithmException { CardProfile cp = new CardProfile(); cp.setApi(SignatureTokenType.MOCCA.name()); cp.setAtr("00 00 00 00 00 00 00 00 00 00"); cp.setCardDescription("A test card"); cp.setDigestAlgo(DigestAlgorithm.SHA1.name()); Security.addProvider(new BouncyCastleProvider()); MOCCADSSAction m = new MOCCADSSAction(); m.setCardProfile(cp); m.setChosenDigestAlgo(DigestAlgorithm.SHA1); m.setPasswordProvider(new MoccaPasswordProvider()); m.connect(); List<DSSPrivateKeyEntry> keys = m.getCertificates(); MessageBundle mb = new MessageBundle(); mb.setMessages(new HashMap<String, String>()); MessageBundleHome.getInstance().init(mb); InMemoryDocument toBeSigned = new InMemoryDocument( IOUtils.toByteArray(new FileInputStream(new File("src/test/resources/hello-world.pdf")))); // m.sign(toBeSigned, keys.get(0)); for (DSSPrivateKeyEntry key : keys) { //DSSPrivateKeyEntry key = keys.get(1); String name = key.getCertificate().getSubjectDN().getName(); QcStatementCondition cond = new QcStatementCondition(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD); if (key.getCertificate().getKeyUsage()[1]) { m.sign(toBeSigned, key); } } }
From source file:eu.europa.ejusticeportal.dss.applet.model.token.MSCAPIDssActionTest.java
License:EUPL
/** * /* w w w. jav a 2 s . co m*/ * Test that we can sign with MSCAPI * @throws CodeException * @throws FileNotFoundException * @throws IOException * @throws NoSuchAlgorithmException */ public void testSign() throws CodeException, FileNotFoundException, IOException, NoSuchAlgorithmException { CardProfile cp = new CardProfile(); cp.setApi(SignatureTokenType.MSCAPI.name()); cp.setAtr("00 00 00 00 00 00 00 00 00 00"); cp.setCardDescription("A test card"); cp.setDigestAlgo(DigestAlgorithm.SHA512.name()); Security.addProvider(new BouncyCastleProvider()); Security.addProvider(new DssMscapiProvider()); NewMSCAPIDSSAction m = new NewMSCAPIDSSAction(cp, DssMscapiProvider.KEYSTORE_ID); LibraryLoader.getInstance().run(); m.connect(); for (DSSPrivateKeyEntry key : m.getCertificates()) { //DSSPrivateKeyEntry key = m.getCertificates().get(m.getCertificates().size()-1); // { //DSSPrivateKeyEntry key = m.getCertificates().get(1); String name = key.getCertificate().getSubjectDN().getName(); QcStatementCondition cond = new QcStatementCondition(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD); // InMemoryDocument toBeSigned = new InMemoryDocument(IOUtils.toByteArray(new FileInputStream(new File("src/test/resources/hello-world.pdf")))); // DSSDocument d2 = m.sign(toBeSigned, key); } }
From source file:it.trento.comune.j4sign.verification.CertValidity.java
License:Open Source License
public boolean getHasQcStatements() { try {// w w w .j av a 2 s . co m hasQCStatements = it.trento.comune.j4sign.verification.utils.CertUtils.QCStatements .hasQcStatement(cert); qcCompliance = false; qcStatementsStrings = null; if (hasQCStatements) { qcStatementsStrings = new ArrayList<String>(); ASN1Sequence qcStatements = CertUtils.QCStatements.getQcStatements(cert); Enumeration<?> qcStatementEnum = qcStatements.getObjects(); while (qcStatementEnum.hasMoreElements()) { QCStatement qc = QCStatement.getInstance(qcStatementEnum.nextElement()); DERObjectIdentifier statementId = qc.getStatementId(); if (ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance.getId().equals(statementId.getId())) { qcCompliance = true; qcStatementsStrings.add(statementId.getId() + " (etsi_qcs_QcCompliance)"); } else if (ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue.getId() .equals(statementId.getId())) { String qcLimit = CertUtils.QCStatements.getQcStatementValueLimit(cert); qcStatementsStrings.add(statementId.getId() + " (id_etsi_qcs_LimiteValue): " + qcLimit); } else if (ETSIQCObjectIdentifiers.id_etsi_qcs_RetentionPeriod.getId() .equals(statementId.getId())) { String qcRetentionPeriod = DERInteger.getInstance(qc.getStatementInfo()).toString(); qcStatementsStrings .add(statementId.getId() + " (etsi_qcs_RetentionPeriod): " + qcRetentionPeriod); } else if (ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD.getId().equals(statementId.getId())) { qcStatementsStrings.add(statementId.getId() + " (etsi_qcs_QcSSCD)"); } else qcStatementsStrings.add(statementId.getId() + " (Unknown)"); } } } catch (IOException e) { hasQCStatements = false; } return hasQCStatements; }
From source file:org.cesecore.certificates.certificate.certextensions.QcStatementTest.java
License:Open Source License
@Test public void testQcStatement() throws CertificateExtensionException, IOException { CertificateProfile prof = new CertificateProfile(CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER); prof.setUseQCStatement(true);//from ww w. j ava 2 s . c o m prof.setUseQCEtsiQCCompliance(true); prof.setUseQCEtsiSignatureDevice(true); prof.setQCEtsiType("0.4.0.1862.1.6.1"); prof.setQCEtsiPds(Arrays.asList(new PKIDisclosureStatement("http://qcs.localhost/QcPDS", "en"))); QcStatement statement = new QcStatement(); byte[] value = statement.getValueEncoded(null, null, prof, null, null, null); @SuppressWarnings("resource") final String dump = ASN1Dump.dumpAsString(new ASN1InputStream(value).readObject(), true); log.info(dump); // Hex dump can be used in Custom Certificate Extensions log.info(new String(Hex.encode(value))); // Dump included IDs final ASN1Sequence seq = (ASN1Sequence) ASN1Sequence.fromByteArray(value); // This is just a loop to get all the statement IDs in the QcStatements extension, so we can view them and count them ArrayList<String> oids = new ArrayList<>(); for (int i = 0; i < seq.size(); i++) { final QCStatement qc = QCStatement.getInstance(seq.getObjectAt(i)); final ASN1ObjectIdentifier oid = qc.getStatementId(); if (oid != null) { oids.add(oid.getId()); } else { fail("QC statements have empty statement"); } } log.info(oids); // Check that all OIDs we set exist assertEquals("Not all QC statement Ids were included", 4, oids.size()); assertTrue(oids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance.getId())); assertTrue(oids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD.getId())); assertTrue(oids.contains("0.4.0.1862.1.6")); // ETSIQCObjectIdentifiers.id_etsi_qcs_QcType assertTrue(oids.contains("0.4.0.1862.1.5")); // ETSIQCObjectIdentifiers.id_etsi_qcs_QcPds // Check the values we set assertEquals("0.4.0.1862.1.6.1", QCStatementExtension.getStatementStringValue(seq, "0.4.0.1862.1.6", 0)); assertEquals("[http://qcs.localhost/QcPDS, en]", QCStatementExtension.getStatementStringValue(seq, "0.4.0.1862.1.5", 0)); }
From source file:org.cesecore.certificates.certificate.certextensions.standard.QcStatement.java
License:Open Source License
@Override public ASN1Encodable getValue(final EndEntityInformation subject, final CA ca, final CertificateProfile certProfile, final PublicKey userPublicKey, final PublicKey caPublicKey, CertificateValidity val) throws CertificateExtensionException { DERSequence ret = null;/* w w w.j ava2s. co m*/ final String names = certProfile.getQCStatementRAName(); final GeneralNames san = CertTools.getGeneralNamesFromAltName(names); SemanticsInformation si = null; if (san != null) { if (StringUtils.isNotEmpty(certProfile.getQCSemanticsId())) { si = new SemanticsInformation(new ASN1ObjectIdentifier(certProfile.getQCSemanticsId()), san.getNames()); } else { si = new SemanticsInformation(san.getNames()); } } else if (StringUtils.isNotEmpty(certProfile.getQCSemanticsId())) { si = new SemanticsInformation(new ASN1ObjectIdentifier(certProfile.getQCSemanticsId())); } final ArrayList<QCStatement> qcs = new ArrayList<QCStatement>(); QCStatement qc = null; // First the standard rfc3739 QCStatement with an optional SematicsInformation // We never add RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1. This is so old so we think it has never been used in the wild basically. // That means no need to have code we have to maintain for that. if (certProfile.getUsePkixQCSyntaxV2()) { ASN1ObjectIdentifier pkixQcSyntax = RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2; if ((si != null)) { qc = new QCStatement(pkixQcSyntax, si); qcs.add(qc); } else { qc = new QCStatement(pkixQcSyntax); qcs.add(qc); } } // ETSI Statement that the certificate is a Qualified Certificate if (certProfile.getUseQCEtsiQCCompliance()) { qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance); qcs.add(qc); } // ETSI Statement regarding limit on the value of transactions // Both value and currency must be available for this extension if (certProfile.getUseQCEtsiValueLimit() && (certProfile.getQCEtsiValueLimit() >= 0) && (certProfile.getQCEtsiValueLimitCurrency() != null)) { final int limit = certProfile.getQCEtsiValueLimit(); // The exponent should be default 0 final int exponent = certProfile.getQCEtsiValueLimitExp(); final MonetaryValue value = new MonetaryValue( new Iso4217CurrencyCode(certProfile.getQCEtsiValueLimitCurrency()), limit, exponent); qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue, value); qcs.add(qc); } if (certProfile.getUseQCEtsiRetentionPeriod()) { final ASN1Integer years = new ASN1Integer(((Integer) certProfile.getQCEtsiRetentionPeriod())); qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_RetentionPeriod, years); qcs.add(qc); } // ETSI Statement claiming that the private key resides in a Signature Creation Device if (certProfile.getUseQCEtsiSignatureDevice()) { qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD); qcs.add(qc); } // Custom UTF8String QC-statement: // qcStatement-YourCustom QC-STATEMENT ::= { SYNTAX YourCustomUTF8String // IDENTIFIED BY youroid } // -- This statement gives you the possibility to define your own QC-statement // -- using an OID and a simple UTF8String, with describing text. A sample text could for example be: // -- This certificate, according to Act. No. xxxx Electronic Signature Law is a qualified electronic certificate // // YourCustomUTF8String ::= UTF8String if (certProfile.getUseQCCustomString() && !StringUtils.isEmpty(certProfile.getQCCustomStringOid()) && !StringUtils.isEmpty(certProfile.getQCCustomStringText())) { final DERUTF8String str = new DERUTF8String(certProfile.getQCCustomStringText()); final ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(certProfile.getQCCustomStringOid()); qc = new QCStatement(oid, str); qcs.add(qc); } if (!qcs.isEmpty()) { final ASN1EncodableVector vec = new ASN1EncodableVector(); final Iterator<QCStatement> iter = qcs.iterator(); while (iter.hasNext()) { final QCStatement q = (QCStatement) iter.next(); vec.add(q); } ret = new DERSequence(vec); } if (ret == null) { log.error( "Qualified certificate statements extension has been enabled, but no statements were included!"); throw new CertificateExtensionException( "If qualified certificate statements extension has been enabled, at least one statement must be included!"); } return ret; }
From source file:org.cesecore.util.CertToolsTest.java
License:Open Source License
@Test public void test14QCStatement() throws Exception { Certificate cert = CertTools.getCertfromByteArray(qcRefCert); // log.debug(cert); assertEquals("rfc822name=municipality@darmstadt.de", QCStatementExtension.getQcStatementAuthorities(cert)); Collection<String> ids = QCStatementExtension.getQcStatementIds(cert); assertTrue(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2.getId())); Certificate cert2 = CertTools.getCertfromByteArray(qcPrimeCert); assertEquals("rfc822name=qc@primekey.se", QCStatementExtension.getQcStatementAuthorities(cert2)); ids = QCStatementExtension.getQcStatementIds(cert2); assertTrue(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue.getId())); String limit = QCStatementExtension.getQcStatementValueLimit(cert2); assertEquals("50000 SEK", limit); }
From source file:org.ejbca.core.ejb.ca.sign.SignSessionTest.java
License:Open Source License
/** Tests creating a certificate with QC statement */ public void test10TestQcCert() throws Exception { log.trace(">test10TestQcCert()"); // Create a good certificate profile (good enough), using QC statement certificateProfileSession.removeCertificateProfile(admin, "TESTQC"); EndUserCertificateProfile certprof = new EndUserCertificateProfile(); certprof.setUseQCStatement(true);//from w w w .j a v a2 s .co m certprof.setQCStatementRAName("rfc822Name=qc@primekey.se"); certprof.setUseQCEtsiQCCompliance(true); certprof.setUseQCEtsiSignatureDevice(true); certprof.setUseQCEtsiValueLimit(true); certprof.setQCEtsiValueLimit(50000); certprof.setQCEtsiValueLimitCurrency("SEK"); certificateProfileSession.addCertificateProfile(admin, "TESTQC", certprof); int cprofile = certificateProfileSession.getCertificateProfileId(admin, "TESTQC"); // Create a good end entity profile (good enough), allowing multiple UPN // names endEntityProfileSession.removeEndEntityProfile(admin, "TESTQC"); EndEntityProfile profile = new EndEntityProfile(); profile.addField(DnComponents.COUNTRY); profile.addField(DnComponents.COMMONNAME); profile.setValue(EndEntityProfile.AVAILCAS, 0, Integer.toString(SecConst.ALLCAS)); profile.setValue(EndEntityProfile.AVAILCERTPROFILES, 0, Integer.toString(cprofile)); endEntityProfileSession.addEndEntityProfile(admin, "TESTQC", profile); int eeprofile = endEntityProfileSession.getEndEntityProfileId(admin, "TESTQC"); // Change a user that we know... userAdminSession.changeUser(admin, "foo", "foo123", "C=SE,CN=qc", null, "foo@anatom.nu", false, eeprofile, cprofile, SecConst.USER_ENDUSER, SecConst.TOKEN_SOFT_PEM, 0, UserDataConstants.STATUS_NEW, rsacaid); log.debug("created user: foo, foo123, C=SE, CN=qc"); X509Certificate cert = (X509Certificate) signSession.createCertificate(admin, "foo", "foo123", rsakeys.getPublic()); assertNotNull("Failed to create certificate", cert); // FileOutputStream fos = new FileOutputStream("cert.crt"); // fos.write(cert.getEncoded()); // fos.close(); String dn = cert.getSubjectDN().getName(); assertEquals(CertTools.stringToBCDNString("cn=qc,c=SE"), CertTools.stringToBCDNString(dn)); assertEquals("rfc822name=qc@primekey.se", QCStatementExtension.getQcStatementAuthorities(cert)); Collection<String> ids = QCStatementExtension.getQcStatementIds(cert); assertTrue(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue.getId())); String limit = QCStatementExtension.getQcStatementValueLimit(cert); assertEquals("50000 SEK", limit); // Clean up endEntityProfileSession.removeEndEntityProfile(admin, "TESTQC"); certificateProfileSession.removeCertificateProfile(admin, "TESTQC"); log.trace("<test10TestQcCert()"); }
From source file:org.ejbca.core.ejb.ca.sign.SignSessionWithRsaTest.java
License:Open Source License
/** Tests creating a certificate with QC statement */ @Test/*from www . java 2s .c o m*/ public void testQcCert() throws Exception { log.trace(">test10TestQcCert()"); final String qcCertProfileName = "TESTQC"; final String qcCertEndEntityName = "TESTQC"; // Create a good certificate profile (good enough), using QC statement certificateProfileSession.removeCertificateProfile(internalAdmin, qcCertProfileName); final CertificateProfile certprof = new CertificateProfile( CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER); certprof.setUseQCStatement(true); certprof.setQCStatementRAName("rfc822Name=qc@primekey.se"); certprof.setUseQCEtsiQCCompliance(true); certprof.setUseQCEtsiSignatureDevice(true); certprof.setUseQCEtsiValueLimit(true); certprof.setQCEtsiValueLimit(50000); certprof.setQCEtsiValueLimitCurrency("SEK"); certificateProfileSession.addCertificateProfile(internalAdmin, qcCertProfileName, certprof); int cprofile = certificateProfileSession.getCertificateProfileId(qcCertProfileName); // Create a good end entity profile (good enough), allowing multiple UPN // names endEntityProfileSession.removeEndEntityProfile(internalAdmin, qcCertProfileName); EndEntityProfile profile = new EndEntityProfile(); profile.addField(DnComponents.COUNTRY); profile.addField(DnComponents.COMMONNAME); profile.setValue(EndEntityProfile.AVAILCAS, 0, Integer.toString(SecConst.ALLCAS)); profile.setValue(EndEntityProfile.AVAILCERTPROFILES, 0, Integer.toString(cprofile)); endEntityProfileSession.addEndEntityProfile(internalAdmin, qcCertProfileName, profile); int eeprofile = endEntityProfileSession.getEndEntityProfileId(qcCertProfileName); int rsacaid = caSession.getCAInfo(internalAdmin, getTestCAName()).getCAId(); KeyPair anotheKey = KeyTools.genKeys("1024", AlgorithmConstants.KEYALGORITHM_RSA); createEndEntity(qcCertEndEntityName, eeprofile, cprofile, rsacaid); try { // Change a user that we know... EndEntityInformation endEntity = new EndEntityInformation(qcCertEndEntityName, "C=SE,CN=qc", rsacaid, null, "foo@anatom.nu", EndEntityConstants.STATUS_NEW, EndEntityTypes.ENDUSER.toEndEntityType(), eeprofile, cprofile, null, null, SecConst.TOKEN_SOFT_PEM, 0, null); endEntity.setPassword("foo123"); endEntityManagementSession.changeUser(internalAdmin, endEntity, false); log.debug("created user: foo, foo123, C=SE, CN=qc"); X509Certificate cert = (X509Certificate) signSession.createCertificate(internalAdmin, qcCertEndEntityName, "foo123", new PublicKeyWrapper(anotheKey.getPublic())); assertNotNull("Failed to create certificate", cert); String dn = cert.getSubjectDN().getName(); assertEquals(CertTools.stringToBCDNString("cn=qc,c=SE"), CertTools.stringToBCDNString(dn)); // Since we do not have pkixQCSyntax_v1 or pkixQCSyntax_v2, no semanticsId will be added assertNull("rfc822name=qc@primekey.se", QCStatementExtension.getQcStatementAuthorities(cert)); Collection<String> ids = QCStatementExtension.getQcStatementIds(cert); // This certificate should neither have the deprecated pkixQCSyntax_v1 (we do not support it) or pkixQCSyntax_v2 (not selected9 assertFalse(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1.getId())); assertFalse(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue.getId())); String limit = QCStatementExtension.getQcStatementValueLimit(cert); assertEquals("50000 SEK", limit); // Test pkixQCSyntax_v2, where a semanticsId will also be added certprof.setUsePkixQCSyntaxV2(true); certificateProfileSession.changeCertificateProfile(internalAdmin, qcCertProfileName, certprof); endEntityManagementSession.changeUser(internalAdmin, endEntity, false); log.debug("created user: foo, foo123, C=SE, CN=qc"); cert = (X509Certificate) signSession.createCertificate(internalAdmin, qcCertEndEntityName, "foo123", new PublicKeyWrapper(anotheKey.getPublic())); assertNotNull("Failed to create certificate", cert); dn = cert.getSubjectDN().getName(); assertEquals(CertTools.stringToBCDNString("cn=qc,c=SE"), CertTools.stringToBCDNString(dn)); // Since we have pkixQCSyntax_v2, a semanticsId will be added assertEquals("rfc822name=qc@primekey.se", QCStatementExtension.getQcStatementAuthorities(cert)); ids = QCStatementExtension.getQcStatementIds(cert); // This certificate should neither have the deprecated pkixQCSyntax_v1 (we do not support it) or pkixQCSyntax_v2 (not selected9 assertFalse(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1.getId())); assertTrue(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue.getId())); assertEquals("50000 SEK", QCStatementExtension.getQcStatementValueLimit(cert)); } finally { // Clean up endEntityProfileSession.removeEndEntityProfile(internalAdmin, qcCertProfileName); certificateProfileSession.removeCertificateProfile(internalAdmin, qcCertProfileName); endEntityManagementSession.deleteUser(internalAdmin, qcCertEndEntityName); } log.trace("<test10TestQcCert()"); }
From source file:org.ejbca.core.model.ca.certextensions.standard.QcStatement.java
License:Open Source License
@Override public DEREncodable getValue(final UserDataVO subject, final CA ca, final CertificateProfile certProfile, final PublicKey userPublicKey, final PublicKey caPublicKey) throws CertificateExtentionConfigurationException, CertificateExtensionException { DERSequence ret = null;/* www .j av a 2 s . c om*/ final String names = certProfile.getQCStatementRAName(); final GeneralNames san = CertTools.getGeneralNamesFromAltName(names); SemanticsInformation si = null; if (san != null) { if (StringUtils.isNotEmpty(certProfile.getQCSemanticsId())) { si = new SemanticsInformation(new DERObjectIdentifier(certProfile.getQCSemanticsId()), san.getNames()); } else { si = new SemanticsInformation(san.getNames()); } } else if (StringUtils.isNotEmpty(certProfile.getQCSemanticsId())) { si = new SemanticsInformation(new DERObjectIdentifier(certProfile.getQCSemanticsId())); } final ArrayList<QCStatement> qcs = new ArrayList<QCStatement>(); QCStatement qc = null; // First the standard rfc3739 QCStatement with an optional SematicsInformation DERObjectIdentifier pkixQcSyntax = RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1; if (certProfile.getUsePkixQCSyntaxV2()) { pkixQcSyntax = RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2; } if ((si != null)) { qc = new QCStatement(pkixQcSyntax, si); qcs.add(qc); } else { qc = new QCStatement(pkixQcSyntax); qcs.add(qc); } // ETSI Statement that the certificate is a Qualified Certificate if (certProfile.getUseQCEtsiQCCompliance()) { qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance); qcs.add(qc); } // ETSI Statement regarding limit on the value of transactions // Both value and currency must be available for this extension if (certProfile.getUseQCEtsiValueLimit() && (certProfile.getQCEtsiValueLimit() >= 0) && (certProfile.getQCEtsiValueLimitCurrency() != null)) { final int limit = certProfile.getQCEtsiValueLimit(); // The exponent should be default 0 final int exponent = certProfile.getQCEtsiValueLimitExp(); final MonetaryValue value = new MonetaryValue( new Iso4217CurrencyCode(certProfile.getQCEtsiValueLimitCurrency()), limit, exponent); qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue, value); qcs.add(qc); } if (certProfile.getUseQCEtsiRetentionPeriod()) { final DERInteger years = new DERInteger(((Integer) certProfile.getQCEtsiRetentionPeriod())); qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_RetentionPeriod, years); qcs.add(qc); } // ETSI Statement claiming that the private key resides in a Signature Creation Device if (certProfile.getUseQCEtsiSignatureDevice()) { qc = new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD); qcs.add(qc); } // Custom UTF8String QC-statement: // qcStatement-YourCustom QC-STATEMENT ::= { SYNTAX YourCustomUTF8String // IDENTIFIED BY youroid } // -- This statement gives you the possibility to define your own QC-statement // -- using an OID and a simple UTF8String, with describing text. A sample text could for example be: // -- This certificate, according to Act. No. xxxx Electronic Signature Law is a qualified electronic certificate // // YourCustomUTF8String ::= UTF8String if (certProfile.getUseQCCustomString() && !StringUtils.isEmpty(certProfile.getQCCustomStringOid()) && !StringUtils.isEmpty(certProfile.getQCCustomStringText())) { final DERUTF8String str = new DERUTF8String(certProfile.getQCCustomStringText()); final DERObjectIdentifier oid = new DERObjectIdentifier(certProfile.getQCCustomStringOid()); qc = new QCStatement(oid, str); qcs.add(qc); } if (!qcs.isEmpty()) { final ASN1EncodableVector vec = new ASN1EncodableVector(); final Iterator<QCStatement> iter = qcs.iterator(); while (iter.hasNext()) { final QCStatement q = (QCStatement) iter.next(); vec.add(q); } ret = new DERSequence(vec); } if (ret == null) { log.error("QcStatements is used, but no statement defined!"); } return ret; }
From source file:org.ejbca.util.CertToolsTest.java
License:Open Source License
public void test14QCStatement() throws Exception { Certificate cert = CertTools.getCertfromByteArray(qcRefCert); // log.debug(cert); assertEquals("rfc822name=municipality@darmstadt.de", QCStatementExtension.getQcStatementAuthorities(cert)); Collection<String> ids = QCStatementExtension.getQcStatementIds(cert); assertTrue(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2.getId())); Certificate cert2 = CertTools.getCertfromByteArray(qcPrimeCert); assertEquals("rfc822name=qc@primekey.se", QCStatementExtension.getQcStatementAuthorities(cert2)); ids = QCStatementExtension.getQcStatementIds(cert2); assertTrue(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue.getId())); String limit = QCStatementExtension.getQcStatementValueLimit(cert2); assertEquals("50000 SEK", limit); }