Example 1 with CryptoMarkerBuilder
use of org.openecard.mdlw.sal.didfactory.CryptoMarkerBuilder in project open-ecard by ecsec.
the class CIFCreator method createCryptoDID.
private DIDInfoType createCryptoDID(List<MwCertificate> mwCerts, SignatureAlgorithms sigalg) throws WSMarshallerException, CryptokiException {
LOG.debug("Creating Crypto DID object.");
DIDInfoType di = new DIDInfoType();
String keyLabel = mwCerts.get(0).getLabel();
// create differential identity
DifferentialIdentityType did = new DifferentialIdentityType();
di.setDifferentialIdentity(did);
String didName = keyLabel + "_" + mwCerts.get(0).getLabel() + "_" + sigalg.getJcaAlg();
LOG.debug("DIDName: {}", didName);
did.setDIDName(didName);
did.setDIDProtocol("urn:oid:1.3.162.15480.3.0.25");
did.setDIDScope(DIDScopeType.LOCAL);
// create crypto marker
CryptoMarkerBuilder markerBuilder = new CryptoMarkerBuilder();
// add AlgorithmInfo
AlgorithmInfoType algInfo = new AlgorithmInfoType();
algInfo.setAlgorithm(sigalg.getJcaAlg());
AlgorithmIdentifierType algIdentifier = new AlgorithmIdentifierType();
algIdentifier.setAlgorithm(sigalg.getAlgId());
algInfo.setAlgorithmIdentifier(algIdentifier);
algInfo.getSupportedOperations().add("Compute-signature");
markerBuilder.setAlgInfo(algInfo);
markerBuilder.setLegacyKeyname(keyLabel);
// add certificates
for (MwCertificate nextCert : mwCerts) {
try {
CertificateRefType certRef = new CertificateRefType();
certRef.setDataSetName(nextCert.getLabel());
markerBuilder.getCertRefs().add(certRef);
} catch (CryptokiException ex) {
LOG.warn("Certificate chain is not complete.");
break;
}
}
// wrap crypto marker and add to parent
CryptoMarkerType marker = markerBuilder.build();
DIDMarkerType markerWrapper = new DIDMarkerType();
markerWrapper.setCryptoMarker(marker);
did.setDIDMarker(markerWrapper);
// create acl
AccessControlListType acl = new AccessControlListType();
di.setDIDACL(acl);
List<AccessRuleType> rules = acl.getAccessRule();
rules.add(createRuleTrue(AuthorizationServiceActionName.ACL_LIST));
rules.add(createRuleTrue(DifferentialIdentityServiceActionName.DID_GET));
// create sign rule with PIN reference
AccessRuleType signRule = createRuleTrue(CryptographicServiceActionName.SIGN);
signRule.setSecurityCondition(createDidCond(PIN_NAME));
rules.add(signRule);
return di;
}
Also used :
CryptoMarkerBuilder(org.openecard.mdlw.sal.didfactory.CryptoMarkerBuilder)
AccessControlListType(iso.std.iso_iec._24727.tech.schema.AccessControlListType)
CryptoMarkerType(iso.std.iso_iec._24727.tech.schema.CryptoMarkerType)
CertificateRefType(iso.std.iso_iec._24727.tech.schema.CertificateRefType)
DIDMarkerType(iso.std.iso_iec._24727.tech.schema.DIDMarkerType)
DifferentialIdentityType(iso.std.iso_iec._24727.tech.schema.DifferentialIdentityType)
DIDInfoType(iso.std.iso_iec._24727.tech.schema.DIDInfoType)
AlgorithmInfoType(iso.std.iso_iec._24727.tech.schema.AlgorithmInfoType)
CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException)
AlgorithmIdentifierType(iso.std.iso_iec._24727.tech.schema.AlgorithmIdentifierType)
AccessRuleType(iso.std.iso_iec._24727.tech.schema.AccessRuleType)
Aggregations
AccessControlListType (iso.std.iso_iec._24727.tech.schema.AccessControlListType)1
AccessRuleType (iso.std.iso_iec._24727.tech.schema.AccessRuleType)1
AlgorithmIdentifierType (iso.std.iso_iec._24727.tech.schema.AlgorithmIdentifierType)1
AlgorithmInfoType (iso.std.iso_iec._24727.tech.schema.AlgorithmInfoType)1
CertificateRefType (iso.std.iso_iec._24727.tech.schema.CertificateRefType)1
CryptoMarkerType (iso.std.iso_iec._24727.tech.schema.CryptoMarkerType)1
DIDInfoType (iso.std.iso_iec._24727.tech.schema.DIDInfoType)1
DIDMarkerType (iso.std.iso_iec._24727.tech.schema.DIDMarkerType)1
DifferentialIdentityType (iso.std.iso_iec._24727.tech.schema.DifferentialIdentityType)1
CryptoMarkerBuilder (org.openecard.mdlw.sal.didfactory.CryptoMarkerBuilder)1
CryptokiException (org.openecard.mdlw.sal.exceptions.CryptokiException)1
