diff -urN ../../312/ejbca/Changelog.txt ./Changelog.txt
--- ../../312/ejbca/Changelog.txt	Thu Aug 18 16:36:46 2005
+++ ./Changelog.txt	Wed Nov 30 10:01:29 2005
@@ -1,3 +1,49 @@
+3.1.3
+---
+Bug
+    * [ECA-75] - SCEP not working with Hard token CAs (HSMs)
+    * [ECA-107] - can't view logs using oracle due to column 'comment'
+    * [ECA-139] - It is not possible to use a HSM to sign a pkcs10 req to an external root CA.
+    * [ECA-141] - Unstable default idle-timeout for datasource
+    * [ECA-144] - Scep not working with Cryptlib
+    * [ECA-145] - Bug in hard token profile pages, Nullpointer when changing profile type or saving new pages
+    * [ECA-147] - Star (*) not working in subject alt names
+    * [ECA-148] - Scep not working with Cisco PIX
+    * [ECA-149] - unstructuredName/address in DN does not work
+    * [ECA-153] - cli not working on windows when java_home contains space char
+    * [ECA-154] - install does not work when JAVA_HOME contain space char
+    * [ECA-155] - OCSP using CA key does not work with HSMs
+    * [ECA-156] - binary chars in ejbca-mail-service.xml
+    * [ECA-160] - display of mail.smtp.host during ant deploy is wrong (cosmetic)
+    * [ECA-165] - Not possible to remove UnstructuredName from entity profile
+    * [ECA-167] - CN Postfix doesn't work if UID have the same value or DN is reversed
+    * [ECA-168] - Hard Token SN search doesn't work with primecard 1.3 >
+    * [ECA-169] - Hard Token Profiles cannot be cloned
+    * [ECA-170] - Malformed SVG Template craches the Hard Token Profile pages
+    * [ECA-171] - Typo in language file
+    * [ECA-176] - Method CertUtil.getEMailAddress(X509Certificate certificate) hangs jboss
+    * [ECA-177] - SCEP not working with Netscreen/Juniper boxes
+    * [ECA-180] - Select, unselect javascript features doesn't work anymort
+
+New Feature
+    * [ECA-109] - Support RSASSA-PSS signatures
+    * [ECA-140] - Add $UID as a variable to the SVG templates
+    * [ECA-181] - Javascript checks use unicode for internationlized chars
+    * [ECA-182] - Possible to select a subset of fields in DN and Subject AltNames in the certificate profiles
+    * [ECA-186] - Possibility to specify the BasicConstraint path length
+
+Task
+    * [ECA-127] - Add references of installations to EJBCA home page
+
+Improvement
+    * [ECA-146] - Device schema for sun directory server missing X-ORIGIN
+    * [ECA-159] - Not possible to view historical data in CertReqHistory
+    * [ECA-161] - easy configuration of smtp auth
+    * [ECA-163] - Describe how to install com.mysql.jdbc.Driver in the documentation
+    * [ECA-178] - Better error messages when HSM provider not found
+    * [ECA-183] - Possible to configure for different JBoss targets
+    * [ECA-185] - new version of batik lib
+
 3.1.2
 ---
 New Feature
diff -urN ../../312/ejbca/bin/cli.xml ./bin/cli.xml
--- ../../312/ejbca/bin/cli.xml	Tue Jun 14 14:20:31 2005
+++ ./bin/cli.xml	Sun Sep 25 11:30:28 2005
@@ -81,8 +81,8 @@
         <antcall target="ejbca:adminweb"/>
         <echo message="Creating root certificate in DER format..."/>
         <ejbca:cli name="ca" arg='getrootcert ${ca.name} ${java.io.tmpdir}/rootca.der -der'/>
-        <ejbca:keytool arg="-v -alias EJBCA-CA -delete -keystore ${java.home}/lib/security/cacerts -storepass ${java.trustpassword}"/>
-        <ejbca:keytool arg="-v -alias EJBCA-CA -import -trustcacerts -file ${java.io.tmpdir}/rootca.der -keystore ${java.home}/lib/security/cacerts -storepass ${java.trustpassword} -noprompt"/>
+        <ejbca:keytool arg="-v -alias EJBCA-CA -delete -keystore '${java.home}/lib/security/cacerts' -storepass ${java.trustpassword}"/>
+        <ejbca:keytool arg="-v -alias EJBCA-CA -import -trustcacerts -file '${java.io.tmpdir}/rootca.der' -keystore '${java.home}/lib/security/cacerts' -storepass ${java.trustpassword} -noprompt"/>
         <delete file="${java.io.tmpdir}/rootca.der"/>
     </target>
 
diff -urN ../../312/ejbca/bin/ejbca.cmd ./bin/ejbca.cmd
--- ../../312/ejbca/bin/ejbca.cmd	Tue May  3 18:34:20 2005
+++ ./bin/ejbca.cmd	Sun Sep 25 11:17:38 2005
@@ -85,6 +85,6 @@
 shift
 set m=%9
 rem echo %a% %b% %c% %d% %e% %f% %g% %h% %i% %j% %k% %l% %m%
-%JAVA_HOME%\bin\java -cp %CLASSPATH% %class_name% %a% %b% %c% %d% %e% %f% %g% %h% %i% %j% %k% %l% %m%
+"%JAVA_HOME%\bin\java" -cp %CLASSPATH% %class_name% %a% %b% %c% %d% %e% %f% %g% %h% %i% %j% %k% %l% %m%
 
 :end
diff -urN ../../312/ejbca/bin/jboss.xml ./bin/jboss.xml
--- ../../312/ejbca/bin/jboss.xml	Mon May  9 17:34:38 2005
+++ ./bin/jboss.xml	Fri Nov 25 10:09:13 2005
@@ -2,12 +2,12 @@
 	<property environment="env"/>
 
     <property name="jboss.home" value="${env.JBOSS_HOME}"/>
-	<property name="jboss.deploy.dir" location="${jboss.home}/server/default/deploy"/>
-	<property name="jboss.server.home.dir" location="${jboss.deploy.dir}/.."/>
-	<property name="keystore.file" value="conf/keystore/keystore.jks"/>
-
-	<property name="jboss.deploy.dir" location="${jboss.home}/server/default/deploy"/>
-	<property name="jboss.server.home.dir" location="${jboss.deploy.dir}/.."/>
+    <property name="jboss.config" value="default"/>
+    <property name="jboss.farm.name" value="deploy"/>
+	<property name="jboss.server.home.dir" location="${jboss.home}/server/${jboss.config}"/>
+    <property name="jboss.conf.dir" location="${jboss.server.home.dir}/conf"/>
+	<property name="jboss.farm.dir" location="${jboss.server.home.dir}/${jboss.farm.name}"/>
+	<property name="jboss.deploy.dir" location="${jboss.server.home.dir}/deploy"/>
 	<property name="keystore.file" value="conf/keystore/keystore.jks"/>
 
     <!-- FIXME: It must match the password in cli.xml !! -->
@@ -38,7 +38,7 @@
 	</target>
 
 	<target name="j2ee:web-configure" depends="j2ee:check" unless="j2ee.web-noconfigure" description="Configure the servlet container">
-        <echo message="Using JBoss deploy directory ${jboss.deploy.dir}"/>
+        <echo message="Using JBoss deploy directory ${jboss.farm.dir}"/>
 
 		<!-- copy the keystore file to the server -->
 		<available file="p12/tomcat.jks" property="keystore.file.present"/>
@@ -76,7 +76,7 @@
 	</target>
 
 	<target name="j2ee:deploy" description="Deploy the application" depends="j2ee:configure">
-        <copy todir="${jboss.deploy.dir}" overwrite="true">
+        <copy todir="${jboss.farm.dir}" overwrite="true">
             <fileset dir="src/appserver/jboss">
             	<include name="ejbca-ds.xml"/>
             	<include name="ejbca-mail-service.xml"/>
@@ -85,7 +85,7 @@
                 <expandproperties/>
             </filterchain>
         </copy>
-    	<copy todir="${jboss.deploy.dir}">
+    	<copy todir="${jboss.farm.dir}">
     		<fileset dir="${dist.dir}" includes="*.ear"/>
     	</copy>
 	</target>
diff -urN ../../312/ejbca/build.xml ./build.xml
--- ../../312/ejbca/build.xml	Thu Aug 18 16:32:07 2005
+++ ./build.xml	Fri Nov 25 10:09:10 2005
@@ -3,7 +3,7 @@
 
 	<property name="app.name" value="ejbca" />
     <property name="app.name.cap" value="EJBCA" />
-	<property name="app.version" value="${app.name.cap} 3.1.2" />
+	<property name="app.version" value="${app.name.cap} 3.1.3" />
 	
     <property name="ejbca.home" location="." />
     <property environment="env" />
@@ -14,6 +14,8 @@
        net it checks the properties file here. -->
     <property file="${user.home}/${app.name}.properties" />
     <property file="${app.name}.properties" />
+	<property name="java.ver" value="14" />
+	
 
     <import file="bin/jboss.xml" />
 
@@ -63,7 +65,7 @@
 	
     <property name="createcrlservicejar" value="${dist.dir}/${createcrlservice.name}" />
 
-    <property name="jar.extclasspath" value="lib/bcmail-jdk14.jar lib/bcprov-jdk14.jar lib/log4j-1.2.7.jar lib/ldap.jar lib/commons-lang-2.0.jar lib/commons-collections.jar lib/commons-fileupload-1.0.jar"/>
+    <property name="jar.extclasspath" value="lib/bcmail-jdk${java.ver}.jar lib/bcprov-jdk${java.ver}.jar lib/log4j-1.2.7.jar lib/ldap.jar lib/commons-lang-2.0.jar lib/commons-collections.jar lib/commons-fileupload-1.0.jar"/>
 
     <path id="ext.classpath">
         <fileset dir="lib/ext" includes="*.jar" />
@@ -71,7 +73,9 @@
 
     <path id="compile.classpath">
         <path refid="ext.classpath" />
-        <fileset dir="lib" includes="*.jar" />
+        <fileset dir="lib" includes="*.jar" excludes="bc*.jar"/>
+        <fileset dir="lib" includes="bcmail-jdk${java.ver}.jar"/>
+    	<fileset dir="lib" includes="bcprov-jdk${java.ver}.jar"/>
         <path refid="j2ee.classpath" />
     </path>
 
@@ -113,8 +117,9 @@
     <property name="mail.from" value="ejbca-donotreply@domain.com" />
     <property name="mail.user" value="ejbca_user" />
     <property name="mail.password" value="primekey" />
-    <property name="mail.pop3" value="localhost" />
-    <property name="mail.smtp" value="localhost" />
+    <property name="mail.pop3.host" value="localhost" />
+    <property name="mail.smtp.host" value="localhost" />
+    <property name="mail.smtp.auth" value="false" />
     <property name="mail.subject" value="Retrieve your certificate" />
     <property name="mail.message" value="Hello $CN$NL$NL This is a notification. $NL$NL Your username: $Username$NL password: $Password$NL$NL Your are NOT supposed to go and fetch your certificate, this is only a test." />
     <property name="mail.debug" value="false" />
@@ -136,6 +141,7 @@
         <echo>
 ---------- ${app.version} CONFIGURATION PROPERTIES ----------
 jboss.home             = ${jboss.home}
+java.ver               = ${java.ver}
 ca.keystorepass        = ${ca.keystorepass}
 ca.ocspkeystorepass    = ${ca.ocspkeystorepass}
 ocsp.defaultresponder  = ${ocsp.defaultresponder}
@@ -153,8 +159,8 @@
 mail.message           = ${mail.message}
 mail.user              = ${mail.user}
 mail.password          = ${mail.password}
-mail.pop3              = ${mail.pop3}
-mail.smtp              = ${mail.smtp}
+mail.smtp.host         = ${mail.smtp.host}
+mail.smtp.auth         = ${mail.smtp.auth}
 mail.debug             = ${mail.debug}
 httpserver.pubhttp	   = ${httpserver.pubhttp}
 httpserver.pubhttps	   = ${httpserver.pubhttps}
@@ -263,6 +269,7 @@
             <fileset dir="src">
               <include name="**"/>
               <exclude name="**/*.java"/>
+              <exclude name="**/*.java.15"/>
               <exclude name="**/*.html"/>
               <exclude name="**/*.htm"/>            	
               <exclude name="**/*.xml"/>
@@ -289,6 +296,12 @@
 			</tokenfilter>
 			</filterchain>
 	    </copy>
+		<echo>Ignore warnings about 'Couldn't find file' during preprocessing if you are running jdk 1.4</echo>
+        <copy file="src/java/se/anatom/ejbca/ca/caadmin/CATokenInfo.java.${java.ver}" tofile="${preprocessed}/java/se/anatom/ejbca/ca/caadmin/CATokenInfo.java" overwrite="true" failonerror="false"/>
+        <copy file="src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CertificateObject.java.${java.ver}" tofile="${preprocessed}/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CertificateObject.java" overwrite="true" failonerror="false"/>
+        <copy file="src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CRLObject.java.${java.ver}" tofile="${preprocessed}/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CRLObject.java" overwrite="true" failonerror="false"/>
+        <copy file="src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509Util.java.${java.ver}" tofile="${preprocessed}/java/se/anatom/ejbca/ca/caadmin/ExtendedX509Util.java" overwrite="true" failonerror="false"/>
+        <copy file="src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509V3CertificateGenerator.java.${java.ver}" tofile="${preprocessed}/java/se/anatom/ejbca/ca/caadmin/ExtendedX509V3CertificateGenerator.java" overwrite="true" failonerror="false"/>
 		<replace file="${src.java}/se/anatom/ejbca/ra/raadmin/GlobalConfiguration.java" token="@ejbca.version@" value="${app.version}"/>	
 	</target>
 	<!--
@@ -433,8 +446,8 @@
                 <exclude name="META-INF/application.xml" />
             </fileset>
             <fileset dir=".">
-                <include name="${lib}/bcmail-jdk14.jar" />
-                <include name="${lib}/bcprov-jdk14.jar" />
+                <include name="${lib}/bcmail-jdk${java.ver}.jar" />
+                <include name="${lib}/bcprov-jdk${java.ver}.jar" />
                 <include name="${lib}/log4j-1.2.7.jar" />
                 <include name="${lib}/ldap.jar" />
                 <include name="${lib}/commons-lang-2.0.jar" />
@@ -475,7 +488,7 @@
         <!-- validargs="hsql,oracle,mssql,mysql,postgres,postgres8,sapdb,hsqldb,sybase" -->
         <input message="Data source (default java:/DefaultDS):" addproperty="ejbca.DS" defaultvalue="java:/DefaultDS" />
         <input message="CA name(default MyCA):" addproperty="ejbca.CA" defaultvalue="MyCA" />
-        <input message="CA keystore filename (default $JBOSS_HOME/server/default/conf/server.p12):" addproperty="ejbca.KS" defaultvalue="${jboss.home}/server/default/conf/server.p12" />
+        <input message="CA keystore filename (default $JBOSS_HOME/server/default/conf/server.p12):" addproperty="ejbca.KS" defaultvalue="${jboss.conf.dir}/server.p12" />
         <input message="CA keystore password:" addproperty="ejbca.KSPWD" />
         <java classname="se.anatom.ejbca.admin.Upgrade" fork="true">
             <sysproperty key="ejbcaOS" value="${ejbca.OS}" />
@@ -536,7 +549,7 @@
     <!--Deploy Jboss Specific Services                       -->
     <!-- =================================================================== -->
     <target name="deployjbossservices" depends="jbossservices">
-        <copy file="${createcrlservicejar}" tofile="${jboss.home}/server/default/deploy/createcrlservice.jar" verbose="true" />
+        <copy file="${createcrlservicejar}" tofile="${jboss.farm.dir}/createcrlservice.jar" verbose="true" />
     </target>
 	
     <!-- =================================================================== -->
@@ -654,11 +667,11 @@
             <echo message="Verifying EJB jar @{file}" />
             <java classname="org.jboss.verifier.Main" fork="true">
                 <classpath>
-                    <fileset dir="${jboss.home}/server/default/lib" includes="*.jar" />
+                    <fileset dir="${jboss.server.home.dir}/lib" includes="*.jar" />
                     <fileset dir="${jboss.home}/client" includes="*.jar" />
                     <fileset dir="${jboss.home}/lib" includes="*.jar" />
                     <fileset dir="${dist.dir}" includes="*.jar" />
-                    <pathelement location="${jboss.home}/server/default/conf" />
+                    <pathelement location="${jboss.conf.dir}" />
                 </classpath>
                 <arg value="@{file}" />
             </java>
diff -urN ../../312/ejbca/doc/RELEASE_NOTES ./doc/RELEASE_NOTES
--- ../../312/ejbca/doc/RELEASE_NOTES	Thu Aug 18 16:36:46 2005
+++ ./doc/RELEASE_NOTES	Sun Nov 27 12:12:33 2005
@@ -1,10 +1,45 @@
+EJBCA V3.1.3
+------------
+This is a minor release with some new features and some bugfixes.
+Read the changelog for details.
+
+This is a plugin-upgrade from 3.1.2.
+Simply keep/copy ejbca.properties from the earlier installation, 
+copy the directory 'p12' from the earlier installation and 'ant deploy' 
+(or deploywithjbossservice) this new one.
+
+Note that to fix ECA-144, 148 and 75, new version of lib/bcmail*.jar and
+lib/bcprov*.jar are used. Since they are binary files they are not
+included in the patch from version 3.1.2 to 3.1.3. You can use the patch and
+manually replace the jar-files from the full distribution.
+
+The 3.1.3 release have support for RSASSA-PSS signatures to conform to the 
+Swedish standard for MRTD certificates (Electronic Passports). 
+The RSASSA-PSS parameters can be seen and edited in the file
+src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509Util.java.15 
+
+IMPORTANT, compliation using jdk1.5 is required for this algorithm. 
+Otherwise this algorithm option won't show up
+
+Enhanced support for international characters in the adminweb gui (Add/Edit pages). 
+Should work with most languages now.
+
+It's now also possible to select a subset of a users SubjectDN and SubjectAltName 
+fields used in a particular kind of certificate. This is defined in the certificate profiles
+
+
 EJBCA V3.1.2
 ------------
-This is a minor release with a few minor new features and some bugfixes.
+This is a minor release with two new features and some bugfixes.
 Read the changelog for details.
 
 This is a plugin-upgrade from 3.1/3.1.1.
 Simply keep ejbca.properties from the earlier release, and 'ant deploy' this new one.
+
+Note that to fix ECA-126, new version of lib/bcmail-jdk14.jar and
+lib/bcprov-jdk14.jar are used. Since they are binary files they are not
+included in the patch from version 3.1 to 3.1.2. You can use the patch and
+manually replace the jar-files.
 
 EJBCA V3.1.1
 ------------
diff -urN ../../312/ejbca/doc/howto/HOWTO-database.txt ./doc/howto/HOWTO-database.txt
--- ../../312/ejbca/doc/howto/HOWTO-database.txt	Fri May 20 13:02:52 2005
+++ ./doc/howto/HOWTO-database.txt	Fri Nov 25 09:22:51 2005
@@ -95,7 +95,8 @@
 Typically for mysql: 'mysqladmin create ejbca' will create the database. 
 Start 'mysql -u root mysql' and create the user with "grant all on ejbca.* to ejbca@'<host>' identified by '<pwd>'".
 
-3. Put the JDBC driver for the database in <jboss-home>/server/default/lib/.
+3. Put the JDBC driver for the database in <jboss-home>/server/default/lib/ (or replace default if you are running 
+   another JBoss target, perhaps all?).
 
 4. DONE! Start JBoss. Run tests with 'ant test:run'.
    Use your favorite database graphic editor to look at the beautiful database tables.
@@ -109,6 +110,11 @@
 
 Download JDBC driver for mySQL from http://www.mysql.com/
 
+Sometimes there can be problems with MySQL related to case sensitivity of database tables.
+If you run into this see:
+http://mysqld.active-venture.com/Name_case_sensitivity.html
+http://dev.mysql.com/doc/refman/4.1/en/name-case-sensitivity.html
+
 PostgreSQL specifics
 --------------------
 EJBCA have been tested with PostgreSQL 7.2 and 8.0.
@@ -128,9 +134,19 @@
 The JDBC-driver from http://www.datadirect.com/ also works fine, but it's not for free.
 
 JDBC driver: ojdbc14.zip 
-Use latest driver from at least Oracle 10 that can be downloaded from http://www.oracle.com/.
 
+Use latest driver from at least Oracle 10 that can be downloaded from http://www.oracle.com/.
+We also had reports that some version of the Oracle 10 driver does not work, but that the driver 
+from Oracle 9.2i works. Since oracles JDBC driver seems to be of such bad quality, we have to 
+recommend that you try different versions until you find one that works...or use another database.
+Version 10.1.0.4.0 is confirmed to work.
 
 MS-SQL specifics
 ----------------
-JDBC driver: http://msdn.microsoft.com/downloads/default.asp?url=/downloads/sample.asp?url=/MSDN-FILES/027/001/779/msdncompositedoc.xml&frame=true
+Microsofts JDBC driver:
+http://msdn.microsoft.com/downloads/default.asp?url=/downloads/sample.asp?url=/MSDN-FILES/027/001/779/msdncompositedoc.xml&frame=true
+
+There is also an open source JDBC driver at:
+http://jtds.sourceforge.net/
+This driver is not tested by us (yet), but it has received very good reviews as beeing much better than Microsofts
+driver, so I suggest you take it for a spin.
diff -urN ../../312/ejbca/doc/ldapschema/85ejbca.ldif ./doc/ldapschema/85ejbca.ldif
--- ../../312/ejbca/doc/ldapschema/85ejbca.ldif	Sun Feb 20 17:56:55 2005
+++ ./doc/ldapschema/85ejbca.ldif	Thu Sep 15 10:05:26 2005
@@ -30,6 +30,7 @@
   NAME 'ejbcaDeviceCertificate'
   DESC 'Cerfificate for devices'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.5
+  X-ORIGIN 'EJBCA'
   )
 #
 #********************************************************************
@@ -51,6 +52,7 @@
   AUXILIARY
   MUST ( ejbcaDeviceCertificate )
   MAY  ( description )
+  X-ORIGIN 'EJBCA'
   )
 #
 #********************************************************************
diff -urN ../../312/ejbca/doc/xdocs/index.xml ./doc/xdocs/index.xml
--- ../../312/ejbca/doc/xdocs/index.xml	Mon Jun 13 11:46:42 2005
+++ ./doc/xdocs/index.xml	Thu Aug 18 21:35:38 2005
@@ -8,7 +8,7 @@
 <body>
   <section name="Latest News">
     <note>
-    EJBCA 3.1.0 is now available for <a
+    EJBCA 3.1.2 is now available for <a
     href="http://sourceforge.net/project/showfiles.php?group_id=39716&amp;package_id=108797">download</a>.
     </note>
     <p>
diff -urN ../../312/ejbca/ejbca.properties.sample ./ejbca.properties.sample
--- ../../312/ejbca/ejbca.properties.sample	Fri Jun 10 08:50:12 2005
+++ ./ejbca.properties.sample	Fri Nov 25 10:09:10 2005
@@ -1,5 +1,5 @@
 #
-# $Id: ejbca.properties.sample,v 1.21 2005/06/10 06:50:12 anatom Exp $
+# $Id: ejbca.properties.sample,v 1.21.2.6 2005/11/25 09:09:10 primelars Exp $
 #
 # This is a sample file to override properties used
 # during development (or deployment) of EJBCA
@@ -17,6 +17,10 @@
 # default: javac
 #build.compiler=jikes
 
+# which java version to use 14 for 1.4 and 15 for 1.5
+# default: 14
+java.ver =14
+
 # ------------ Basic CA configuration ---------------------
 # When upgrading, the important options are:
 # - ca.keystorepass
@@ -103,11 +107,14 @@
 # Default 8443
 #httpserver.privhttps=8443
 
-# Defines the available languages by languagecodes separated with a comma (example EN,CH).
+# Defines the available languages by languagecodes separated with a comma (example EN,ZH).
+# If you are not sure that you know how to add a new language (languagefile.XX.properties etc), 
+# we suggest you stick with the default the first time you install if you wan't to add your own language.
+# Otherwise you may not be able to log in to the admin-GUI.
 # Default: EN,FR,IT,ES 
 #web.availablelanguages=EN,FR,IT,ES
 
-# Default content encoding used to display JSP pages.
+# Default content encoding used to display JSP pages, for example ISO-8859-1 or UTF-8.
 # Default: ISO-8859-1
 #web.contentencoding=ISO-8859-1
 
@@ -184,12 +191,13 @@
 #mail.user=ejbca_user
 #mail.password=primekey
 
-# POP3 and SMTP servers.
+# SMTP server for sending mail.
 # Default: localhost
-#mail.pop3.host=localhost
 #mail.smtp.host=localhost
-#mail.pop3.host=pop3.domain.com
-#mail.smtp.host=smtp.domain.com
+
+# Use SMTP authentication if you smtp host requires it
+# Default: false
+#mail.smtp.auth=false
 
 # Email address used to send emails.
 # Default: ejbca-donotreply@domain.com
@@ -204,7 +212,16 @@
 #mail.subject=Retrieve your certificate
 
 # Defines the default message of the notification. 
-# Use the values $Username, $Password, $CN, $O, $OU, $C, $DATE to indicate which texts 
-# that should be replaced (Case insensitive), $NL stands for newline.
+# Use the values ${USERNAME}, ${PASSWORD}, ${CN}, ${O}, ${OU}, ${C}, ${DATE} to indicate which texts 
+# that should be replaced (Case sensitive), ${NL} stands for newline.
 # Default: below
-#mail.message=Hello $CN$NL$NL This is a notification. $NL$NL Your username: $Username$NL password: $Password$NL$NL Your are NOT supposed to go and fetch your certificate, this is only a test.
+#mail.message=Hello ${CN}${NL}${NL} This is a notification. ${NL}${NL} Your username: ${USERNAME}${NL} password: ${PASSWORD}${NL}${NL} Your are NOT supposed to go and fetch your certificate, this is only a test.
+
+# ----------------- cluster configuration ----------------
+# The configuration. Use "all" when clustering.
+# Default: default
+#jboss.config=all
+
+# Name of the farm directory. Use "farm" when clustering.
+# Default: deploy
+#jboss.farm.name=farm
\ No newline at end of file
Binary files ../../312/ejbca/lib/batik-awt-util.jar and ./lib/batik-awt-util.jar differ
Binary files ../../312/ejbca/lib/batik-bridge.jar and ./lib/batik-bridge.jar differ
Binary files ../../312/ejbca/lib/batik-css.jar and ./lib/batik-css.jar differ
Binary files ../../312/ejbca/lib/batik-dom.jar and ./lib/batik-dom.jar differ
Binary files ../../312/ejbca/lib/batik-ext.jar and ./lib/batik-ext.jar differ
Binary files ../../312/ejbca/lib/batik-gvt.jar and ./lib/batik-gvt.jar differ
Binary files ../../312/ejbca/lib/batik-parser.jar and ./lib/batik-parser.jar differ
Binary files ../../312/ejbca/lib/batik-script.jar and ./lib/batik-script.jar differ
Binary files ../../312/ejbca/lib/batik-svg-dom.jar and ./lib/batik-svg-dom.jar differ
Binary files ../../312/ejbca/lib/batik-svggen.jar and ./lib/batik-svggen.jar differ
Binary files ../../312/ejbca/lib/batik-transcoder.jar and ./lib/batik-transcoder.jar differ
Binary files ../../312/ejbca/lib/batik-util.jar and ./lib/batik-util.jar differ
Binary files ../../312/ejbca/lib/batik-xml.jar and ./lib/batik-xml.jar differ
Binary files ../../312/ejbca/lib/bcmail-jdk14.jar and ./lib/bcmail-jdk14.jar differ
Binary files ../../312/ejbca/lib/bcmail-jdk15.jar and ./lib/bcmail-jdk15.jar differ
Binary files ../../312/ejbca/lib/bcprov-jdk14.jar and ./lib/bcprov-jdk14.jar differ
Binary files ../../312/ejbca/lib/bcprov-jdk15.jar and ./lib/bcprov-jdk15.jar differ
diff -urN ../../312/ejbca/src/adminweb/ca/editcas/editcas.jsp ./src/adminweb/ca/editcas/editcas.jsp
--- ../../312/ejbca/src/adminweb/ca/editcas/editcas.jsp	Mon Nov  8 13:59:31 2004
+++ ./src/adminweb/ca/editcas/editcas.jsp	Thu Nov 24 22:16:37 2005
@@ -1,817 +1,817 @@
-<%@ page pageEncoding="ISO-8859-1"%>
-<%@page errorPage="/errorpage.jsp" import="java.util.*, java.io.*, org.apache.commons.fileupload.*, se.anatom.ejbca.webdist.webconfiguration.EjbcaWebBean,se.anatom.ejbca.ra.raadmin.GlobalConfiguration, se.anatom.ejbca.SecConst, se.anatom.ejbca.util.FileTools, se.anatom.ejbca.util.CertTools, se.anatom.ejbca.authorization.AuthorizationDeniedException,
-               se.anatom.ejbca.webdist.cainterface.CAInterfaceBean, se.anatom.ejbca.ca.caadmin.CAInfo, se.anatom.ejbca.ca.caadmin.X509CAInfo, se.anatom.ejbca.ca.caadmin.CATokenInfo, se.anatom.ejbca.ca.caadmin.SoftCATokenInfo, se.anatom.ejbca.webdist.cainterface.CADataHandler,
-               se.anatom.ejbca.webdist.rainterface.RevokedInfoView, se.anatom.ejbca.ca.caadmin.CATokenInfo, se.anatom.ejbca.ca.caadmin.SoftCATokenInfo, se.anatom.ejbca.webdist.webconfiguration.InformationMemory, org.bouncycastle.asn1.x509.X509Name, org.bouncycastle.jce.PKCS10CertificationRequest, 
-               se.anatom.ejbca.protocol.PKCS10RequestMessage, se.anatom.ejbca.ca.exception.CAExistsException, se.anatom.ejbca.ca.exception.CADoesntExistsException, se.anatom.ejbca.ca.exception.CATokenOfflineException, se.anatom.ejbca.ca.exception.CATokenAuthenticationFailedException,
-               se.anatom.ejbca.ca.caadmin.extendedcaservices.OCSPCAServiceInfo, se.anatom.ejbca.ca.caadmin.extendedcaservices.ExtendedCAServiceInfo, se.anatom.ejbca.ca.caadmin.hardcatokens.HardCATokenManager, se.anatom.ejbca.ca.caadmin.AvailableHardCAToken, se.anatom.ejbca.ca.caadmin.HardCATokenInfo"%>
-
-<html>
-<jsp:useBean id="ejbcawebbean" scope="session" class="se.anatom.ejbca.webdist.webconfiguration.EjbcaWebBean" />
-<jsp:useBean id="cabean" scope="session" class="se.anatom.ejbca.webdist.cainterface.CAInterfaceBean" />
-
-<%! // Declarations 
-  static final String ACTION                              = "action";
-  static final String ACTION_EDIT_CAS                     = "editcas";
-  static final String ACTION_EDIT_CA                      = "editca";
-  static final String ACTION_CREATE_CA                    = "createca";
-  static final String ACTION_CHOOSE_CATYPE                = "choosecatype";
-  static final String ACTION_CHOOSE_CATOKENTYPE           = "choosecatokentype";
-  static final String ACTION_MAKEREQUEST                  = "makerequest";
-  static final String ACTION_RECEIVERESPONSE              = "receiveresponse";
-  static final String ACTION_PROCESSREQUEST               = "processrequest";
-  static final String ACTION_PROCESSREQUEST2              = "processrequest2";
-  static final String ACTION_RENEWCA_MAKEREQUEST          = "renewcamakeresponse";  
-  static final String ACTION_RENEWCA_RECIEVERESPONSE      = "renewcarecieveresponse";  
-
-
-
-  static final String CHECKBOX_VALUE           = "true";
-
-//  Used in choosecapage.jsp
-  static final String BUTTON_EDIT_CA                       = "buttoneditca"; 
-  static final String BUTTON_DELETE_CA                     = "buttondeleteca";
-  static final String BUTTON_CREATE_CA                     = "buttoncreateca"; 
-  static final String BUTTON_RENAME_CA                     = "buttonrenameca";
-  static final String BUTTON_PROCESSREQUEST                = "buttonprocessrequest";
-  
-
-  static final String SELECT_CAS                           = "selectcas";
-  static final String TEXTFIELD_CANAME                     = "textfieldcaname";
-  static final String HIDDEN_CANAME                        = "hiddencaname";
-  static final String HIDDEN_CAID                          = "hiddencaid";
-  static final String HIDDEN_CATYPE                        = "hiddencatype";
-  static final String HIDDEN_CATOKENPATH                   = "hiddencatokenpath";
-  static final String HIDDEN_CATOKENTYPE                   = "hiddencatokentype";
- 
-// Buttons used in editcapage.jsp
-  static final String BUTTON_SAVE                       = "buttonsave";
-  static final String BUTTON_CREATE                     = "buttoncreate";
-  static final String BUTTON_CANCEL                     = "buttoncancel";
-  static final String BUTTON_MAKEREQUEST                = "buttonmakerequest";
-  static final String BUTTON_RECEIVEREQUEST             = "buttonreceiverequest";
-  static final String BUTTON_RENEWCA                    = "buttonrenewca";
-  static final String BUTTON_REVOKECA                   = "buttonrevokeca";  
-  static final String BUTTON_RECIEVEFILE                = "buttonrecievefile";     
-  static final String BUTTON_PUBLISHCA                  = "buttonpublishca";     
-  static final String BUTTON_REVOKERENEWOCSPCERTIFICATE = "checkboxrenewocspcertificate";
-
-  static final String TEXTFIELD_SUBJECTDN             = "textfieldsubjectdn";
-  static final String TEXTFIELD_SUBJECTALTNAME        = "textfieldsubjectaltname";  
-  static final String TEXTFIELD_CRLPERIOD             = "textfieldcrlperiod";
-  static final String TEXTFIELD_DESCRIPTION           = "textfielddescription";
-  static final String TEXTFIELD_VALIDITY              = "textfieldvalidity";
-  static final String TEXTFIELD_POLICYID              = "textfieldpolicyid";
-  static final String TEXTFIELD_HARDCATOKENPROPERTIES = "textfieldhardcatokenproperties";
-  static final String TEXTFIELD_AUTHENTICATIONCODE    = "textfieldauthenticationcode";
-
-  static final String CHECKBOX_AUTHORITYKEYIDENTIFIER             = "checkboxauthoritykeyidentifier";
-  static final String CHECKBOX_AUTHORITYKEYIDENTIFIERCRITICAL     = "checkboxauthoritykeyidentifiercritical";
-  static final String CHECKBOX_USECRLNUMBER                       = "checkboxusecrlnumber";
-  static final String CHECKBOX_CRLNUMBERCRITICAL                  = "checkboxcrlnumbercritical";
-  static final String CHECKBOX_FINISHUSER                         = "checkboxfinishuser";
-  static final String CHECKBOX_ACTIVATEOCSPSERVICE                = "checkboxactivateocspservice";  
-  
-  static final String HIDDEN_CATOKEN                              = "hiddencatoken";  
-  
-  static final String SELECT_REVOKEREASONS                        = "selectrevokereasons";
-  static final String SELECT_CATYPE                               = "selectcatype";  
-  static final String SELECT_CATOKEN                              = "selectcatoken";
-  static final String SELECT_SIGNEDBY                             = "selectsignedby";  
-  static final String SELECT_KEYSIZE                              = "selectsize";
-  static final String SELECT_AVAILABLECRLPUBLISHERS               = "selectavailablecrlpublishers";
-  static final String SELECT_CERTIFICATEPROFILE                   = "selectcertificateprofile";
-  static final String SELECT_SIGNATUREALGORITHM                   = "selectsignaturealgorithm";
-
-  static final String FILE_RECIEVEFILE                            = "filerecievefile";
-  static final String FILE_CACERTFILE                             = "filecacertfile";
-  static final String FILE_REQUESTFILE                            = "filerequestfile";   
-
-  static final String CERTSERNO_PARAMETER       = "certsernoparameter"; 
-
-  static final int    MAKEREQUESTMODE     = 0;
-  static final int    RECIEVERESPONSEMODE = 1;
-  static final int    PROCESSREQUESTMODE  = 2;   
-  
-  static final int    CERTREQGENMODE      = 0;
-  static final int    CERTGENMODE         = 1;
-%>
-<% 
-         
-  // Initialize environment
-  int caid = 0;
-  String caname = null;
-  String includefile = "choosecapage.jspf"; 
-  String processedsubjectdn = "";
-  int catype = CAInfo.CATYPE_X509;  // default
-  int catokentype = CATokenInfo.CATOKENTYPE_P12; // default
-  String catokenpath = "NONE";
-
-  InputStream file = null;
-
-  boolean  caexists             = false;
-  boolean  cadeletefailed       = false;
-  boolean  illegaldnoraltname   = false;
-  boolean  errorrecievingfile   = false;
-  boolean  ocsprenewed          = false;
-  boolean  catokenoffline       = false;
-  boolean  catokenauthfailed    = false;
-  
-
-  GlobalConfiguration globalconfiguration = ejbcawebbean.initialize(request, "/super_administrator"); 
-                                            cabean.initialize(request, ejbcawebbean); 
-
-  CADataHandler cadatahandler = cabean.getCADataHandler(); 
-  String THIS_FILENAME            =  globalconfiguration.getCaPath()  + "/editcas/editcas.jsp";
-  String action = "";
-
-  final String VIEWCERT_LINK            = globalconfiguration.getBaseUrl() + globalconfiguration.getAdminWebPath() + "viewcertificate.jsp";
-  
-  boolean issuperadministrator = false;
-  boolean editca = false;
-  boolean processrequest = false;
-  boolean buttoncancel = false; 
-  boolean caactivated = false;
-  boolean carenewed = false;
-  boolean capublished = false;
-
-  int filemode = 0;
-  int row = 0;
-
-  HashMap caidtonamemap = cabean.getCAIdToNameMap();
-  InformationMemory info = ejbcawebbean.getInformationMemory();
-
-%>
- 
-<head>
-  <title><%= globalconfiguration .getEjbcaTitle() %></title>
-  <base href="<%= ejbcawebbean.getBaseUrl() %>">
-  <link rel=STYLESHEET href="<%= ejbcawebbean.getCssFile() %>">
-  <script language=javascript src="<%= globalconfiguration.getAdminWebPath() %>ejbcajslib.js"></script>
-</head>
-
-
-<%
-   if(FileUpload.isMultipartContent(request)){     
-     errorrecievingfile = true;
-     DiskFileUpload upload = new DiskFileUpload();
-     upload.setSizeMax(60000);                   
-     upload.setSizeThreshold(59999);
-     List /* FileItem */ items = upload.parseRequest(request);     
-
-     Iterator iter = items.iterator();
-     while (iter.hasNext()) {     
-     FileItem item = (FileItem) iter.next();
-
-
-       if (item.isFormField()) {         
-         if(item.getFieldName().equals(ACTION))
-           action = item.getString(); 
-         if(item.getFieldName().equals(HIDDEN_CAID))
-           caid = Integer.parseInt(item.getString());
-         if(item.getFieldName().equals(HIDDEN_CANAME))
-           caname = item.getString();
-         if(item.getFieldName().equals(BUTTON_CANCEL))
-           buttoncancel = true; 
-       }else{         
-         file = item.getInputStream(); 
-         errorrecievingfile = false;                          
-       }
-     } 
-   }else{
-     action = request.getParameter(ACTION);
-   }
-  try{
-  // Determine action 
-  if( action != null){
-    if( action.equals(ACTION_EDIT_CAS)){
-      // Actions in the choose CA page.
-      if( request.getParameter(BUTTON_EDIT_CA) != null){
-          // Display  profilepage.jsp         
-         includefile="choosecapage.jspf";
-         if(request.getParameter(SELECT_CAS) != null){
-           caid = Integer.parseInt(request.getParameter(SELECT_CAS));
-           if(caid != 0){             
-             editca = true;
-             includefile="editcapage.jspf";              
-           }
-         } 
-      }
-      if( request.getParameter(BUTTON_DELETE_CA) != null) {
-          // Delete profile and display choosecapage. 
-          if(request.getParameter(SELECT_CAS) != null){
-            caid = Integer.parseInt(request.getParameter(SELECT_CAS));
-            if(caid != 0){             
-                cadeletefailed = !cadatahandler.removeCA(caid);
-            }
-          }
-          includefile="choosecapage.jspf";             
-      }
-      if( request.getParameter(BUTTON_RENAME_CA) != null){ 
-         // Rename selected profile and display profilespage.
-       if(request.getParameter(SELECT_CAS) != null && request.getParameter(TEXTFIELD_CANAME) != null){
-         String newcaname = request.getParameter(TEXTFIELD_CANAME).trim();
-         String oldcaname = (String) caidtonamemap.get(new Integer(request.getParameter(SELECT_CAS)));    
-         if(!newcaname.equals("") ){           
-           try{
-             cadatahandler.renameCA(oldcaname, newcaname);
-           }catch( CAExistsException e){
-             caexists=true;
-           }                
-         }
-        }      
-        includefile="choosecapage.jspf"; 
-      }
-      if( request.getParameter(BUTTON_CREATE_CA) != null){
-         // Add profile and display profilespage.
-         includefile="choosecapage.jspf"; 
-         caname = request.getParameter(TEXTFIELD_CANAME);
-         if(caname != null){
-           caname = caname.trim();
-           if(!caname.equals("")){             
-             editca = false;
-             includefile="editcapage.jspf";              
-           }      
-         }         
-      }
-      if( request.getParameter(BUTTON_PROCESSREQUEST) != null){
-         caname = request.getParameter(TEXTFIELD_CANAME);
-         if(caname != null){
-           caname = caname.trim();
-           if(!caname.equals("")){             
-             filemode = PROCESSREQUESTMODE;
-             includefile="recievefile.jspf";               
-           }      
-         }                        
-      }
-    }
-    if( action.equals(ACTION_CREATE_CA)){
-      if( request.getParameter(BUTTON_CREATE)  != null || request.getParameter(BUTTON_MAKEREQUEST)  != null){
-         // Create and save CA                          
-         caname = request.getParameter(HIDDEN_CANAME);
-          
-         CATokenInfo catoken = null;
-         catokentype = Integer.parseInt(request.getParameter(HIDDEN_CATOKENTYPE));
-         if(catokentype == CATokenInfo.CATOKENTYPE_P12){
-           int keysize = Integer.parseInt(request.getParameter(SELECT_KEYSIZE));
-           String signalg = request.getParameter(SELECT_SIGNATUREALGORITHM);
-           if(keysize == 0 || signalg == null)
-             throw new Exception("Error in CATokenData");  
-           catoken = new SoftCATokenInfo();
-           catoken.setSignatureAlgorithm(signalg);
-           ((SoftCATokenInfo) catoken).setKeySize(keysize);              
-         } 
-         if(catokentype == CATokenInfo.CATOKENTYPE_HSM){
-            catokenpath = request.getParameter(HIDDEN_CATOKENPATH);
-            String properties = request.getParameter(TEXTFIELD_HARDCATOKENPROPERTIES);
-            String signalg = request.getParameter(SELECT_SIGNATUREALGORITHM);
-            String authenticationcode = request.getParameter(TEXTFIELD_AUTHENTICATIONCODE);
-            if(catokenpath == null || catokenpath == null || signalg == null)
-              throw new Exception("Error in CATokenData");  
-            catoken = new HardCATokenInfo();           
-            ((HardCATokenInfo) catoken).setClassPath(catokenpath);
-            ((HardCATokenInfo) catoken).setProperties(properties);
-            ((HardCATokenInfo) catoken).setSignatureAlgorithm(signalg);
-            ((HardCATokenInfo) catoken).setAuthenticationCode(authenticationcode);
-         }
-
-         catype  = Integer.parseInt(request.getParameter(HIDDEN_CATYPE));
-         String subjectdn = request.getParameter(TEXTFIELD_SUBJECTDN);
-         try{
-           X509Name dummy = new X509Name(subjectdn);
-         }catch(Exception e){
-           illegaldnoraltname = true;
-         }
-         int certprofileid = 0;
-         if(request.getParameter(SELECT_CERTIFICATEPROFILE) != null)
-           certprofileid = Integer.parseInt(request.getParameter(SELECT_CERTIFICATEPROFILE));
-         int signedby = 0;
-         if(request.getParameter(SELECT_SIGNEDBY) != null)
-            signedby = Integer.parseInt(request.getParameter(SELECT_SIGNEDBY));
-         String description = request.getParameter(TEXTFIELD_DESCRIPTION);        
-         if(description == null)
-           description = "";
-         
-         int validity = 0;
-         if(request.getParameter(TEXTFIELD_VALIDITY) != null)
-           validity = Integer.parseInt(request.getParameter(TEXTFIELD_VALIDITY));  
-
-         if(catoken != null && catype != 0 && subjectdn != null && caname != null 
-            && signedby != 0  ){
-           if(catype == CAInfo.CATYPE_X509){
-              // Create a X509 CA
-              String subjectaltname = request.getParameter(TEXTFIELD_SUBJECTALTNAME);             
-              if(subjectaltname == null)
-                subjectaltname = ""; 
-              else{
-                if(!subjectaltname.trim().equals("")){
-                   se.anatom.ejbca.ra.raadmin.DNFieldExtractor subtest = 
-                     new se.anatom.ejbca.ra.raadmin.DNFieldExtractor(subjectaltname,se.anatom.ejbca.ra.raadmin.DNFieldExtractor.TYPE_SUBJECTALTNAME);                   
-                   if(subtest.isIllegal() || subtest.existsOther()){
-                     illegaldnoraltname = true;
-                   }
-                }
-              }    
-
-              String policyid = request.getParameter(TEXTFIELD_POLICYID);
-              if(policyid == null || policyid.trim().equals(""))
-                 policyid = null; 
-
-              int crlperiod = Integer.parseInt(request.getParameter(TEXTFIELD_CRLPERIOD));
-
-              boolean useauthoritykeyidentifier = false;
-              boolean authoritykeyidentifiercritical = false;
-              String value = request.getParameter(CHECKBOX_AUTHORITYKEYIDENTIFIER);
-              if(value != null){
-                 useauthoritykeyidentifier = value.equals(CHECKBOX_VALUE);                 
-                 value = request.getParameter(CHECKBOX_AUTHORITYKEYIDENTIFIERCRITICAL); 
-                 if(value != null){
-                   authoritykeyidentifiercritical = value.equals(CHECKBOX_VALUE);
-                 } 
-                 else
-                   authoritykeyidentifiercritical = false;
-              }
-
-              boolean usecrlnumber = false;
-              boolean crlnumbercritical = false;
-              value = request.getParameter(CHECKBOX_USECRLNUMBER);
-              if(value != null){
-                 usecrlnumber = value.equals(CHECKBOX_VALUE);                 
-                 value = request.getParameter(CHECKBOX_CRLNUMBERCRITICAL); 
-                 if(value != null){
-                   crlnumbercritical = value.equals(CHECKBOX_VALUE);
-                 } 
-                 else
-                   crlnumbercritical = false;
-              }              
-              
-             boolean finishuser = false;
-             value = request.getParameter(CHECKBOX_FINISHUSER);
-             if(value != null)
-               finishuser = value.equals(CHECKBOX_VALUE);         
-
-             String[] values = request.getParameterValues(SELECT_AVAILABLECRLPUBLISHERS);
-             ArrayList crlpublishers = new ArrayList(); 
-             if(values != null){
-               for(int i=0; i < values.length; i++){
-                  crlpublishers.add(new Integer(values[i]));
-               }
-             }
-
-             int ocspactive = ExtendedCAServiceInfo.STATUS_INACTIVE;
-             value = request.getParameter(CHECKBOX_ACTIVATEOCSPSERVICE);
-             if(value != null && value.equals(CHECKBOX_VALUE))
-                ocspactive = ExtendedCAServiceInfo.STATUS_ACTIVE;             
-              
-             if(crlperiod != 0 && !illegaldnoraltname){
-               if(request.getParameter(BUTTON_CREATE) != null){           
-      
-		 // Create and active OSCP CA Service.
-		 ArrayList extendedcaservices = new ArrayList();
-		 extendedcaservices.add(
-		             new OCSPCAServiceInfo(ocspactive,
-						  "CN=OCSPSignerCertificate, " + subjectdn,
-			     		  "",
-						  2048,
-						  OCSPCAServiceInfo.KEYALGORITHM_RSA));
-                 X509CAInfo x509cainfo = new X509CAInfo(subjectdn, caname, 0, subjectaltname,
-                                                        certprofileid, validity, 
-                                                        null, catype, signedby,
-                                                        null, catoken, description, -1, null,
-                                                        policyid, crlperiod, crlpublishers, 
-                                                        useauthoritykeyidentifier, 
-                                                        authoritykeyidentifiercritical,
-                                                        usecrlnumber, 
-                                                        crlnumbercritical, 
-                                                        finishuser, extendedcaservices);
-                 try{
-                   cadatahandler.createCA((CAInfo) x509cainfo);
-                 }catch(CAExistsException caee){
-                    caexists = true; 
-                 }catch(CATokenAuthenticationFailedException catfe){
-                    catokenauthfailed = true;
-                 }
-                 includefile="choosecapage.jspf"; 
-               }
-               if(request.getParameter(BUTTON_MAKEREQUEST) != null){
-                 caid = CertTools.stringToBCDNString(subjectdn).hashCode();  
-		 // Create and OSCP CA Service.
-		 ArrayList extendedcaservices = new ArrayList();
-		 extendedcaservices.add(
-		             new OCSPCAServiceInfo(ocspactive,
-						  "CN=OCSPSignerCertificate, " + subjectdn,
-			     		          "",
-						  2048,
-						  OCSPCAServiceInfo.KEYALGORITHM_RSA));
-                 X509CAInfo x509cainfo = new X509CAInfo(subjectdn, caname, caid, subjectaltname,
-                                                        certprofileid, validity,
-                                                        null, catype, CAInfo.SIGNEDBYEXTERNALCA,
-                                                        null, catoken, description, -1, null, 
-                                                        policyid, crlperiod, crlpublishers, 
-                                                        useauthoritykeyidentifier, 
-                                                        authoritykeyidentifiercritical,
-                                                        usecrlnumber, 
-                                                        crlnumbercritical, 
-                                                        finishuser, extendedcaservices);
-                 cabean.saveRequestInfo(x509cainfo);                
-                 filemode = MAKEREQUESTMODE;
-                 includefile="recievefile.jspf"; 
-               }
-             }                          
-           } 
-         } 
-       } 
-       if(request.getParameter(BUTTON_CANCEL) != null){
-         // Don't save changes.
-         includefile="choosecapage.jspf"; 
-       }                        
-      }
-    if( action.equals(ACTION_EDIT_CA)){
-      if( request.getParameter(BUTTON_SAVE)  != null || 
-          request.getParameter(BUTTON_RECEIVEREQUEST)  != null || 
-          request.getParameter(BUTTON_RENEWCA)  != null ||
-          request.getParameter(BUTTON_REVOKECA)  != null ||
-          request.getParameter(BUTTON_PUBLISHCA) != null ||
-          request.getParameter(BUTTON_REVOKERENEWOCSPCERTIFICATE) != null){
-         // Create and save CA                          
-         caid = Integer.parseInt(request.getParameter(HIDDEN_CAID));
-         caname = request.getParameter(HIDDEN_CANAME);
-         catype = Integer.parseInt(request.getParameter(HIDDEN_CATYPE));
-         
-         CATokenInfo catoken = null;
-         catokentype = Integer.parseInt(request.getParameter(HIDDEN_CATOKENTYPE));
-         if(catokentype == CATokenInfo.CATOKENTYPE_P12){
-           catoken = new SoftCATokenInfo();          
-         } 
-         if(catokentype == CATokenInfo.CATOKENTYPE_HSM){
-            String properties = request.getParameter(TEXTFIELD_HARDCATOKENPROPERTIES);
-            if(catokenpath == null)
-              throw new Exception("Error in CATokenData");  
-            catoken = new HardCATokenInfo();                       
-            ((HardCATokenInfo) catoken).setProperties(properties);
-         }
-
-          
-         String description = request.getParameter(TEXTFIELD_DESCRIPTION);        
-
-         int validity = 0;
-         if(request.getParameter(TEXTFIELD_VALIDITY) != null)
-           validity = Integer.parseInt(request.getParameter(TEXTFIELD_VALIDITY));
-            
-
-         if(caid != 0 && description != null && catype !=0 ){
-           if(catype == CAInfo.CATYPE_X509){
-              // Edit X509 CA data              
-              
-              int crlperiod = Integer.parseInt(request.getParameter(TEXTFIELD_CRLPERIOD));
-
-              boolean useauthoritykeyidentifier = false;
-              boolean authoritykeyidentifiercritical = false;
-              String value = request.getParameter(CHECKBOX_AUTHORITYKEYIDENTIFIER);
-              if(value != null){
-                 useauthoritykeyidentifier = value.equals(CHECKBOX_VALUE);                 
-                 value = request.getParameter(CHECKBOX_AUTHORITYKEYIDENTIFIERCRITICAL); 
-                 if(value != null){
-                   authoritykeyidentifiercritical = value.equals(CHECKBOX_VALUE);
-                 } 
-                 else
-                   authoritykeyidentifiercritical = false;
-              }
-
-
-              boolean usecrlnumber = false;
-              boolean crlnumbercritical = false;
-
-              value = request.getParameter(CHECKBOX_USECRLNUMBER);
-              if(value != null){
-                 usecrlnumber = value.equals(CHECKBOX_VALUE);                 
-                 value = request.getParameter(CHECKBOX_CRLNUMBERCRITICAL); 
-                 if(value != null){
-                   crlnumbercritical = value.equals(CHECKBOX_VALUE);
-                 } 
-                 else
-                   crlnumbercritical = false;
-              }              
-              
-             boolean finishuser = false;
-             value = request.getParameter(CHECKBOX_FINISHUSER);
-             if(value != null)
-               finishuser = value.equals(CHECKBOX_VALUE);         
-
-             String[] values = request.getParameterValues(SELECT_AVAILABLECRLPUBLISHERS);
-             ArrayList crlpublishers = new ArrayList(); 
-             if(values != null){
-                 for(int i=0; i < values.length; i++){
-                    crlpublishers.add(new Integer(values[i]));
-                 }
-              }
-              
-              // Create extended CA Service updatedata.
-              int active = ExtendedCAServiceInfo.STATUS_INACTIVE;
-              value = request.getParameter(CHECKBOX_ACTIVATEOCSPSERVICE);
-              if(value != null && value.equals(CHECKBOX_VALUE))
-                active = ExtendedCAServiceInfo.STATUS_ACTIVE;             
-
-              boolean renew = false;
-              if(active == ExtendedCAServiceInfo.STATUS_ACTIVE && 
-                 request.getParameter(BUTTON_REVOKERENEWOCSPCERTIFICATE) != null){
-                 cadatahandler.revokeOCSPCertificate(caid);
-                 renew=true;
-                 ocsprenewed = true;             
-                 includefile="choosecapage.jspf"; 
-               }
-
-	      ArrayList extendedcaservices = new ArrayList();
-              extendedcaservices.add(
-		             new OCSPCAServiceInfo(active, renew));       
-
-             if(crlperiod != 0){
-               X509CAInfo x509cainfo = new X509CAInfo(caid, validity,
-                                                      catoken, description, 
-                                                      crlperiod, crlpublishers, 
-                                                      useauthoritykeyidentifier, 
-                                                      authoritykeyidentifiercritical,
-                                                      usecrlnumber, 
-                                                      crlnumbercritical, 
-                                                      finishuser,extendedcaservices);
-                 
-               cadatahandler.editCA((CAInfo) x509cainfo);
-                 
-
-               
-               if(request.getParameter(BUTTON_SAVE) != null){
-                  // Do nothing More
-
-                  includefile="choosecapage.jspf"; 
-               }
-               if(request.getParameter(BUTTON_RECEIVEREQUEST) != null){                  
-                  filemode = RECIEVERESPONSEMODE;
-                  includefile="recievefile.jspf"; 
-               }
-               if(request.getParameter(BUTTON_RENEWCA) != null){
-                 int signedby = cadatahandler.getCAInfo(caid).getCAInfo().getSignedBy();
-                 if(signedby != CAInfo.SIGNEDBYEXTERNALCA){
-                   cadatahandler.renewCA(caid, null);
-                   carenewed = true;
-                 }else{                   
-                   includefile="renewexternal.jspf"; 
-                 }  
-               }
-               if(request.getParameter(BUTTON_REVOKECA) != null){
-                 int revokereason = Integer.parseInt(request.getParameter(SELECT_REVOKEREASONS));
-                 cadatahandler.revokeCA(caid, revokereason);                   
-                 includefile="choosecapage.jspf"; 
-               }                 
-               if(request.getParameter(BUTTON_PUBLISHCA) != null){
-                 cadatahandler.publishCA(caid);
-                 capublished = true;             
-                 includefile="choosecapage.jspf"; 
-               }
-
-             }                          
-           } 
-         } 
-       } 
-       if(request.getParameter(BUTTON_CANCEL) != null){
-         // Don't save changes.
-         includefile="choosecapage.jspf"; 
-       }               
-
-         
-      }
-      if( action.equals(ACTION_MAKEREQUEST)){         
-       if(!buttoncancel){
-         try{
-           Collection certchain = CertTools.getCertsFromPEM(file);           
-           try{
-             CAInfo cainfo = cabean.getRequestInfo();              
-             cadatahandler.createCA(cainfo);                           
-             PKCS10CertificationRequest certreq = null;
-             try{ 
-               certreq=cadatahandler.makeRequest(caid, certchain, true);
-               cabean.savePKCS10RequestData(certreq);     
-               filemode = CERTREQGENMODE;
-               includefile = "displayresult.jspf";
-             }catch(Exception e){  
-               cadatahandler.removeCA(caid); 
-               errorrecievingfile = true;
-               includefile="choosecapage.jspf";  
-             }
-           }catch(CAExistsException caee){
-              caexists = true; 
-           } 
-         }catch(Exception e){
-           errorrecievingfile = true; 
-         } 
-       }else{
-         cabean.saveRequestInfo((CAInfo) null); 
-       }
-      }
-
-      if( action.equals(ACTION_RECEIVERESPONSE)){        
-        if(!buttoncancel){
-          try{                                                                                     
-            if (caid != 0) {                             
-              cadatahandler.receiveResponse(caid, file);   
-              caactivated = true;
-            }           
-          }catch(Exception e){                       
-            errorrecievingfile = true; 
-          }  
-        }
-      }
-      if( action.equals(ACTION_PROCESSREQUEST)){       
-       if(!buttoncancel){
-         try{           
-           BufferedReader bufRdr = new BufferedReader(new InputStreamReader(file));
-           while (bufRdr.ready()) {
-            ByteArrayOutputStream ostr = new ByteArrayOutputStream();
-            PrintStream opstr = new PrintStream(ostr);
-            String temp;
-            while ((temp = bufRdr.readLine()) != null){            
-              opstr.print(temp + "\n");                
-            }  
-            opstr.close();                
-                                         
-            PKCS10RequestMessage certreq = se.anatom.ejbca.apply.RequestHelper.genPKCS10RequestMessageFromPEM(ostr.toByteArray());
-            
-             if (certreq != null) {               
-               cabean.savePKCS10RequestData(certreq.getCertificationRequest());                                
-               processedsubjectdn = certreq.getCertificationRequest().getCertificationRequestInfo().getSubject().toString();
-               processrequest = true;
-               includefile="editcapage.jspf";
-             }
-           }
-         }catch(Exception e){                      
-           errorrecievingfile = true; 
-         } 
-       }else{
-         cabean.savePKCS10RequestData((org.bouncycastle.jce.PKCS10CertificationRequest) null);  
-       }
-      }
-      if( action.equals(ACTION_PROCESSREQUEST2)){        
-        if(request.getParameter(BUTTON_CANCEL) == null){
-         // Create and process CA                          
-         caname = request.getParameter(HIDDEN_CANAME);
-          
-         catype  = Integer.parseInt(request.getParameter(HIDDEN_CATYPE));
-         String subjectdn = request.getParameter(TEXTFIELD_SUBJECTDN);
-         try{
-           X509Name dummy = new X509Name(subjectdn);
-         }catch(Exception e){
-           illegaldnoraltname = true;
-         }
-         
-         int certprofileid = 0;
-         if(request.getParameter(SELECT_CERTIFICATEPROFILE) != null)
-           certprofileid = Integer.parseInt(request.getParameter(SELECT_CERTIFICATEPROFILE));
-         int signedby = 0;
-         if(request.getParameter(SELECT_SIGNEDBY) != null)
-            signedby = Integer.parseInt(request.getParameter(SELECT_SIGNEDBY));
-         String description = request.getParameter(TEXTFIELD_DESCRIPTION);        
-         if(description == null)
-           description = "";
-         
-         int validity = 0;
-         if(request.getParameter(TEXTFIELD_VALIDITY) != null)
-           validity = Integer.parseInt(request.getParameter(TEXTFIELD_VALIDITY));         
-
-         if(catype != 0 && subjectdn != null && caname != null && 
-            certprofileid != 0 && signedby != 0 && validity !=0 ){
-           if(catype == CAInfo.CATYPE_X509){
-              // Create a X509 CA
-              String subjectaltname = request.getParameter(TEXTFIELD_SUBJECTALTNAME);             
-              if(subjectaltname == null)
-                subjectaltname = ""; 
-              else{
-                if(!subjectaltname.trim().equals("")){
-                   se.anatom.ejbca.ra.raadmin.DNFieldExtractor subtest = 
-                     new se.anatom.ejbca.ra.raadmin.DNFieldExtractor(subjectaltname,se.anatom.ejbca.ra.raadmin.DNFieldExtractor.TYPE_SUBJECTALTNAME);                   
-                   if(subtest.isIllegal() || subtest.existsOther()){
-                     illegaldnoraltname = true;
-                   }
-                }
-              }
-
-              String policyid = request.getParameter(TEXTFIELD_POLICYID);
-              if(policyid == null || policyid.trim().equals(""))
-                 policyid = null; 
-
-              int crlperiod = 0;
-
-              boolean useauthoritykeyidentifier = false;
-              boolean authoritykeyidentifiercritical = false;              
-
-              boolean usecrlnumber = false;
-              boolean crlnumbercritical = false;                            
-              
-              boolean finishuser = false;
-              ArrayList crlpublishers = new ArrayList(); 
-              
-             if(!illegaldnoraltname){
-               if(request.getParameter(BUTTON_PROCESSREQUEST) != null){
-                 X509CAInfo x509cainfo = new X509CAInfo(subjectdn, caname, 0, subjectaltname,
-                                                        certprofileid, validity, 
-                                                        null, catype, signedby,
-                                                        null, null, description, -1, null,
-                                                        policyid, crlperiod, crlpublishers, 
-                                                        useauthoritykeyidentifier, 
-                                                        authoritykeyidentifiercritical,
-                                                        usecrlnumber, 
-                                                        crlnumbercritical, 
-                                                        finishuser, 
-                                                        new ArrayList());
-                 try{
-                   PKCS10CertificationRequest req = cabean.getPKCS10RequestData(); 
-                   java.security.cert.Certificate result = cadatahandler.processRequest(x509cainfo, new PKCS10RequestMessage(req));
-                   cabean.saveProcessedCertificate(result);
-                   filemode = CERTGENMODE;   
-                   includefile="displayresult.jspf";
-                 }catch(CAExistsException caee){
-                    caexists = true;
-                 }                  
-               }
-             }
-           }
-         }
-        } 
-      }
-
-      if( action.equals(ACTION_RENEWCA_MAKEREQUEST)){
-        if(!buttoncancel){
-          try{
-           Collection certchain = CertTools.getCertsFromPEM(file);                       
-           PKCS10CertificationRequest certreq = cadatahandler.makeRequest(caid, certchain, false);
-           cabean.savePKCS10RequestData(certreq);   
-               
-           filemode = CERTREQGENMODE;
-           includefile = "displayresult.jspf";
-          }catch(Exception e){
-           errorrecievingfile = true; 
-           includefile="choosecapage.jspf"; 
-          } 
-        }else{
-          cabean.saveRequestInfo((CAInfo) null); 
-        }      
-      }
-      if( action.equals(ACTION_RENEWCA_RECIEVERESPONSE)){
-        if(!buttoncancel){
-          try{                                                                                     
-            if (caid != 0) {                             
-              cadatahandler.receiveResponse(caid, file);   
-              carenewed = true;
-            }           
-          }catch(Exception e){                       
-            errorrecievingfile = true; 
-          }  
-        }        
-      }
-      if( action.equals(ACTION_CHOOSE_CATYPE)){
-        // Currently not need        
-      }
-      if( action.equals(ACTION_CHOOSE_CATOKENTYPE)){
-        
-        catokenpath = request.getParameter(SELECT_CATOKEN);   
-        caname = request.getParameter(HIDDEN_CANAME);   
-        if(catokenpath.equals("NONE")){
-          catokentype = CATokenInfo.CATOKENTYPE_P12;
-        }else{
-          catokentype = CATokenInfo.CATOKENTYPE_HSM;
-        }
-        editca = false;
-        includefile="editcapage.jspf";              
-      }
-
-    }
-  }catch(CATokenOfflineException ctoe){
-    catokenoffline = true;
-    includefile="choosecapage.jspf";
-  }   
-
-
- // Include page
-  if( includefile.equals("editcapage.jspf")){ 
-%>
-   <%@ include file="editcapage.jspf" %>
-<%}
-  if( includefile.equals("choosecapage.jspf")){ %>
-   <%@ include file="choosecapage.jspf" %> 
-<%}  
-  if( includefile.equals("recievefile.jspf")){ %>
-   <%@ include file="recievefile.jspf" %> 
-<%} 
-  if( includefile.equals("displayresult.jspf")){ %>
-   <%@ include file="displayresult.jspf" %> 
-<%}
-  if( includefile.equals("renewexternal.jspf")){ %>
-   <%@ include file="renewexternal.jspf" %> 
-<%}
-
-
-   // Include Footer 
-   String footurl =   globalconfiguration.getFootBanner(); %>
-   
-  <jsp:include page="<%= footurl %>" />
-
-</body>
-</html>
-
+<%@ page pageEncoding="ISO-8859-1"%>
+<%@page errorPage="/errorpage.jsp" import="java.util.*, java.io.*, org.apache.commons.fileupload.*, se.anatom.ejbca.webdist.webconfiguration.EjbcaWebBean,se.anatom.ejbca.ra.raadmin.GlobalConfiguration, se.anatom.ejbca.SecConst, se.anatom.ejbca.util.FileTools, se.anatom.ejbca.util.CertTools, se.anatom.ejbca.authorization.AuthorizationDeniedException,
+               se.anatom.ejbca.webdist.cainterface.CAInterfaceBean, se.anatom.ejbca.ca.caadmin.CAInfo, se.anatom.ejbca.ca.caadmin.X509CAInfo, se.anatom.ejbca.ca.caadmin.CATokenInfo, se.anatom.ejbca.ca.caadmin.SoftCATokenInfo, se.anatom.ejbca.webdist.cainterface.CADataHandler,
+               se.anatom.ejbca.webdist.rainterface.RevokedInfoView, se.anatom.ejbca.ca.caadmin.CATokenInfo, se.anatom.ejbca.ca.caadmin.SoftCATokenInfo, se.anatom.ejbca.webdist.webconfiguration.InformationMemory, org.bouncycastle.asn1.x509.X509Name, se.anatom.ejbca.common.ExtendedPKCS10CertificationRequest, 
+               se.anatom.ejbca.protocol.PKCS10RequestMessage, se.anatom.ejbca.ca.exception.CAExistsException, se.anatom.ejbca.ca.exception.CADoesntExistsException, se.anatom.ejbca.ca.exception.CATokenOfflineException, se.anatom.ejbca.ca.exception.CATokenAuthenticationFailedException,
+               se.anatom.ejbca.ca.caadmin.extendedcaservices.OCSPCAServiceInfo, se.anatom.ejbca.ca.caadmin.extendedcaservices.ExtendedCAServiceInfo, se.anatom.ejbca.ca.caadmin.hardcatokens.HardCATokenManager, se.anatom.ejbca.ca.caadmin.AvailableHardCAToken, se.anatom.ejbca.ca.caadmin.HardCATokenInfo"%>
+
+<html>
+<jsp:useBean id="ejbcawebbean" scope="session" class="se.anatom.ejbca.webdist.webconfiguration.EjbcaWebBean" />
+<jsp:useBean id="cabean" scope="session" class="se.anatom.ejbca.webdist.cainterface.CAInterfaceBean" />
+
+<%! // Declarations 
+  static final String ACTION                              = "action";
+  static final String ACTION_EDIT_CAS                     = "editcas";
+  static final String ACTION_EDIT_CA                      = "editca";
+  static final String ACTION_CREATE_CA                    = "createca";
+  static final String ACTION_CHOOSE_CATYPE                = "choosecatype";
+  static final String ACTION_CHOOSE_CATOKENTYPE           = "choosecatokentype";
+  static final String ACTION_MAKEREQUEST                  = "makerequest";
+  static final String ACTION_RECEIVERESPONSE              = "receiveresponse";
+  static final String ACTION_PROCESSREQUEST               = "processrequest";
+  static final String ACTION_PROCESSREQUEST2              = "processrequest2";
+  static final String ACTION_RENEWCA_MAKEREQUEST          = "renewcamakeresponse";  
+  static final String ACTION_RENEWCA_RECIEVERESPONSE      = "renewcarecieveresponse";  
+
+
+
+  static final String CHECKBOX_VALUE           = "true";
+
+//  Used in choosecapage.jsp
+  static final String BUTTON_EDIT_CA                       = "buttoneditca"; 
+  static final String BUTTON_DELETE_CA                     = "buttondeleteca";
+  static final String BUTTON_CREATE_CA                     = "buttoncreateca"; 
+  static final String BUTTON_RENAME_CA                     = "buttonrenameca";
+  static final String BUTTON_PROCESSREQUEST                = "buttonprocessrequest";
+  
+
+  static final String SELECT_CAS                           = "selectcas";
+  static final String TEXTFIELD_CANAME                     = "textfieldcaname";
+  static final String HIDDEN_CANAME                        = "hiddencaname";
+  static final String HIDDEN_CAID                          = "hiddencaid";
+  static final String HIDDEN_CATYPE                        = "hiddencatype";
+  static final String HIDDEN_CATOKENPATH                   = "hiddencatokenpath";
+  static final String HIDDEN_CATOKENTYPE                   = "hiddencatokentype";
+ 
+// Buttons used in editcapage.jsp
+  static final String BUTTON_SAVE                       = "buttonsave";
+  static final String BUTTON_CREATE                     = "buttoncreate";
+  static final String BUTTON_CANCEL                     = "buttoncancel";
+  static final String BUTTON_MAKEREQUEST                = "buttonmakerequest";
+  static final String BUTTON_RECEIVEREQUEST             = "buttonreceiverequest";
+  static final String BUTTON_RENEWCA                    = "buttonrenewca";
+  static final String BUTTON_REVOKECA                   = "buttonrevokeca";  
+  static final String BUTTON_RECIEVEFILE                = "buttonrecievefile";     
+  static final String BUTTON_PUBLISHCA                  = "buttonpublishca";     
+  static final String BUTTON_REVOKERENEWOCSPCERTIFICATE = "checkboxrenewocspcertificate";
+
+  static final String TEXTFIELD_SUBJECTDN             = "textfieldsubjectdn";
+  static final String TEXTFIELD_SUBJECTALTNAME        = "textfieldsubjectaltname";  
+  static final String TEXTFIELD_CRLPERIOD             = "textfieldcrlperiod";
+  static final String TEXTFIELD_DESCRIPTION           = "textfielddescription";
+  static final String TEXTFIELD_VALIDITY              = "textfieldvalidity";
+  static final String TEXTFIELD_POLICYID              = "textfieldpolicyid";
+  static final String TEXTFIELD_HARDCATOKENPROPERTIES = "textfieldhardcatokenproperties";
+  static final String TEXTFIELD_AUTHENTICATIONCODE    = "textfieldauthenticationcode";
+
+  static final String CHECKBOX_AUTHORITYKEYIDENTIFIER             = "checkboxauthoritykeyidentifier";
+  static final String CHECKBOX_AUTHORITYKEYIDENTIFIERCRITICAL     = "checkboxauthoritykeyidentifiercritical";
+  static final String CHECKBOX_USECRLNUMBER                       = "checkboxusecrlnumber";
+  static final String CHECKBOX_CRLNUMBERCRITICAL                  = "checkboxcrlnumbercritical";
+  static final String CHECKBOX_FINISHUSER                         = "checkboxfinishuser";
+  static final String CHECKBOX_ACTIVATEOCSPSERVICE                = "checkboxactivateocspservice";  
+  
+  static final String HIDDEN_CATOKEN                              = "hiddencatoken";  
+  
+  static final String SELECT_REVOKEREASONS                        = "selectrevokereasons";
+  static final String SELECT_CATYPE                               = "selectcatype";  
+  static final String SELECT_CATOKEN                              = "selectcatoken";
+  static final String SELECT_SIGNEDBY                             = "selectsignedby";  
+  static final String SELECT_KEYSIZE                              = "selectsize";
+  static final String SELECT_AVAILABLECRLPUBLISHERS               = "selectavailablecrlpublishers";
+  static final String SELECT_CERTIFICATEPROFILE                   = "selectcertificateprofile";
+  static final String SELECT_SIGNATUREALGORITHM                   = "selectsignaturealgorithm";
+
+  static final String FILE_RECIEVEFILE                            = "filerecievefile";
+  static final String FILE_CACERTFILE                             = "filecacertfile";
+  static final String FILE_REQUESTFILE                            = "filerequestfile";   
+
+  static final String CERTSERNO_PARAMETER       = "certsernoparameter"; 
+
+  static final int    MAKEREQUESTMODE     = 0;
+  static final int    RECIEVERESPONSEMODE = 1;
+  static final int    PROCESSREQUESTMODE  = 2;   
+  
+  static final int    CERTREQGENMODE      = 0;
+  static final int    CERTGENMODE         = 1;
+%>
+<% 
+         
+  // Initialize environment
+  int caid = 0;
+  String caname = null;
+  String includefile = "choosecapage.jspf"; 
+  String processedsubjectdn = "";
+  int catype = CAInfo.CATYPE_X509;  // default
+  int catokentype = CATokenInfo.CATOKENTYPE_P12; // default
+  String catokenpath = "NONE";
+
+  InputStream file = null;
+
+  boolean  caexists             = false;
+  boolean  cadeletefailed       = false;
+  boolean  illegaldnoraltname   = false;
+  boolean  errorrecievingfile   = false;
+  boolean  ocsprenewed          = false;
+  boolean  catokenoffline       = false;
+  boolean  catokenauthfailed    = false;
+  
+
+  GlobalConfiguration globalconfiguration = ejbcawebbean.initialize(request, "/super_administrator"); 
+                                            cabean.initialize(request, ejbcawebbean); 
+
+  CADataHandler cadatahandler = cabean.getCADataHandler(); 
+  String THIS_FILENAME            =  globalconfiguration.getCaPath()  + "/editcas/editcas.jsp";
+  String action = "";
+
+  final String VIEWCERT_LINK            = globalconfiguration.getBaseUrl() + globalconfiguration.getAdminWebPath() + "viewcertificate.jsp";
+  
+  boolean issuperadministrator = false;
+  boolean editca = false;
+  boolean processrequest = false;
+  boolean buttoncancel = false; 
+  boolean caactivated = false;
+  boolean carenewed = false;
+  boolean capublished = false;
+
+  int filemode = 0;
+  int row = 0;
+
+  HashMap caidtonamemap = cabean.getCAIdToNameMap();
+  InformationMemory info = ejbcawebbean.getInformationMemory();
+
+%>
+ 
+<head>
+  <title><%= globalconfiguration .getEjbcaTitle() %></title>
+  <base href="<%= ejbcawebbean.getBaseUrl() %>">
+  <link rel=STYLESHEET href="<%= ejbcawebbean.getCssFile() %>">
+  <script language=javascript src="<%= globalconfiguration.getAdminWebPath() %>ejbcajslib.js"></script>
+</head>
+
+
+<%
+   if(FileUpload.isMultipartContent(request)){     
+     errorrecievingfile = true;
+     DiskFileUpload upload = new DiskFileUpload();
+     upload.setSizeMax(60000);                   
+     upload.setSizeThreshold(59999);
+     List /* FileItem */ items = upload.parseRequest(request);     
+
+     Iterator iter = items.iterator();
+     while (iter.hasNext()) {     
+     FileItem item = (FileItem) iter.next();
+
+
+       if (item.isFormField()) {         
+         if(item.getFieldName().equals(ACTION))
+           action = item.getString(); 
+         if(item.getFieldName().equals(HIDDEN_CAID))
+           caid = Integer.parseInt(item.getString());
+         if(item.getFieldName().equals(HIDDEN_CANAME))
+           caname = item.getString();
+         if(item.getFieldName().equals(BUTTON_CANCEL))
+           buttoncancel = true; 
+       }else{         
+         file = item.getInputStream(); 
+         errorrecievingfile = false;                          
+       }
+     } 
+   }else{
+     action = request.getParameter(ACTION);
+   }
+  try{
+  // Determine action 
+  if( action != null){
+    if( action.equals(ACTION_EDIT_CAS)){
+      // Actions in the choose CA page.
+      if( request.getParameter(BUTTON_EDIT_CA) != null){
+          // Display  profilepage.jsp         
+         includefile="choosecapage.jspf";
+         if(request.getParameter(SELECT_CAS) != null){
+           caid = Integer.parseInt(request.getParameter(SELECT_CAS));
+           if(caid != 0){             
+             editca = true;
+             includefile="editcapage.jspf";              
+           }
+         } 
+      }
+      if( request.getParameter(BUTTON_DELETE_CA) != null) {
+          // Delete profile and display choosecapage. 
+          if(request.getParameter(SELECT_CAS) != null){
+            caid = Integer.parseInt(request.getParameter(SELECT_CAS));
+            if(caid != 0){             
+                cadeletefailed = !cadatahandler.removeCA(caid);
+            }
+          }
+          includefile="choosecapage.jspf";             
+      }
+      if( request.getParameter(BUTTON_RENAME_CA) != null){ 
+         // Rename selected profile and display profilespage.
+       if(request.getParameter(SELECT_CAS) != null && request.getParameter(TEXTFIELD_CANAME) != null){
+         String newcaname = request.getParameter(TEXTFIELD_CANAME).trim();
+         String oldcaname = (String) caidtonamemap.get(new Integer(request.getParameter(SELECT_CAS)));    
+         if(!newcaname.equals("") ){           
+           try{
+             cadatahandler.renameCA(oldcaname, newcaname);
+           }catch( CAExistsException e){
+             caexists=true;
+           }                
+         }
+        }      
+        includefile="choosecapage.jspf"; 
+      }
+      if( request.getParameter(BUTTON_CREATE_CA) != null){
+         // Add profile and display profilespage.
+         includefile="choosecapage.jspf"; 
+         caname = request.getParameter(TEXTFIELD_CANAME);
+         if(caname != null){
+           caname = caname.trim();
+           if(!caname.equals("")){             
+             editca = false;
+             includefile="editcapage.jspf";              
+           }      
+         }         
+      }
+      if( request.getParameter(BUTTON_PROCESSREQUEST) != null){
+         caname = request.getParameter(TEXTFIELD_CANAME);
+         if(caname != null){
+           caname = caname.trim();
+           if(!caname.equals("")){             
+             filemode = PROCESSREQUESTMODE;
+             includefile="recievefile.jspf";               
+           }      
+         }                        
+      }
+    }
+    if( action.equals(ACTION_CREATE_CA)){
+      if( request.getParameter(BUTTON_CREATE)  != null || request.getParameter(BUTTON_MAKEREQUEST)  != null){
+         // Create and save CA                          
+         caname = request.getParameter(HIDDEN_CANAME);
+          
+         CATokenInfo catoken = null;
+         catokentype = Integer.parseInt(request.getParameter(HIDDEN_CATOKENTYPE));
+         if(catokentype == CATokenInfo.CATOKENTYPE_P12){
+           int keysize = Integer.parseInt(request.getParameter(SELECT_KEYSIZE));
+           String signalg = request.getParameter(SELECT_SIGNATUREALGORITHM);
+           if(keysize == 0 || signalg == null)
+             throw new Exception("Error in CATokenData");  
+           catoken = new SoftCATokenInfo();
+           catoken.setSignatureAlgorithm(signalg);
+           ((SoftCATokenInfo) catoken).setKeySize(keysize);              
+         } 
+         if(catokentype == CATokenInfo.CATOKENTYPE_HSM){
+            catokenpath = request.getParameter(HIDDEN_CATOKENPATH);
+            String properties = request.getParameter(TEXTFIELD_HARDCATOKENPROPERTIES);
+            String signalg = request.getParameter(SELECT_SIGNATUREALGORITHM);
+            String authenticationcode = request.getParameter(TEXTFIELD_AUTHENTICATIONCODE);
+            if(catokenpath == null || catokenpath == null || signalg == null)
+              throw new Exception("Error in CATokenData");  
+            catoken = new HardCATokenInfo();           
+            ((HardCATokenInfo) catoken).setClassPath(catokenpath);
+            ((HardCATokenInfo) catoken).setProperties(properties);
+            ((HardCATokenInfo) catoken).setSignatureAlgorithm(signalg);
+            ((HardCATokenInfo) catoken).setAuthenticationCode(authenticationcode);
+         }
+
+         catype  = Integer.parseInt(request.getParameter(HIDDEN_CATYPE));
+         String subjectdn = request.getParameter(TEXTFIELD_SUBJECTDN);
+         try{
+           X509Name dummy = new X509Name(subjectdn);
+         }catch(Exception e){
+           illegaldnoraltname = true;
+         }
+         int certprofileid = 0;
+         if(request.getParameter(SELECT_CERTIFICATEPROFILE) != null)
+           certprofileid = Integer.parseInt(request.getParameter(SELECT_CERTIFICATEPROFILE));
+         int signedby = 0;
+         if(request.getParameter(SELECT_SIGNEDBY) != null)
+            signedby = Integer.parseInt(request.getParameter(SELECT_SIGNEDBY));
+         String description = request.getParameter(TEXTFIELD_DESCRIPTION);        
+         if(description == null)
+           description = "";
+         
+         int validity = 0;
+         if(request.getParameter(TEXTFIELD_VALIDITY) != null)
+           validity = Integer.parseInt(request.getParameter(TEXTFIELD_VALIDITY));  
+
+         if(catoken != null && catype != 0 && subjectdn != null && caname != null 
+            && signedby != 0  ){
+           if(catype == CAInfo.CATYPE_X509){
+              // Create a X509 CA
+              String subjectaltname = request.getParameter(TEXTFIELD_SUBJECTALTNAME);             
+              if(subjectaltname == null)
+                subjectaltname = ""; 
+              else{
+                if(!subjectaltname.trim().equals("")){
+                   se.anatom.ejbca.ra.raadmin.DNFieldExtractor subtest = 
+                     new se.anatom.ejbca.ra.raadmin.DNFieldExtractor(subjectaltname,se.anatom.ejbca.ra.raadmin.DNFieldExtractor.TYPE_SUBJECTALTNAME);                   
+                   if(subtest.isIllegal() || subtest.existsOther()){
+                     illegaldnoraltname = true;
+                   }
+                }
+              }    
+
+              String policyid = request.getParameter(TEXTFIELD_POLICYID);
+              if(policyid == null || policyid.trim().equals(""))
+                 policyid = null; 
+
+              int crlperiod = Integer.parseInt(request.getParameter(TEXTFIELD_CRLPERIOD));
+
+              boolean useauthoritykeyidentifier = false;
+              boolean authoritykeyidentifiercritical = false;
+              String value = request.getParameter(CHECKBOX_AUTHORITYKEYIDENTIFIER);
+              if(value != null){
+                 useauthoritykeyidentifier = value.equals(CHECKBOX_VALUE);                 
+                 value = request.getParameter(CHECKBOX_AUTHORITYKEYIDENTIFIERCRITICAL); 
+                 if(value != null){
+                   authoritykeyidentifiercritical = value.equals(CHECKBOX_VALUE);
+                 } 
+                 else
+                   authoritykeyidentifiercritical = false;
+              }
+
+              boolean usecrlnumber = false;
+              boolean crlnumbercritical = false;
+              value = request.getParameter(CHECKBOX_USECRLNUMBER);
+              if(value != null){
+                 usecrlnumber = value.equals(CHECKBOX_VALUE);                 
+                 value = request.getParameter(CHECKBOX_CRLNUMBERCRITICAL); 
+                 if(value != null){
+                   crlnumbercritical = value.equals(CHECKBOX_VALUE);
+                 } 
+                 else
+                   crlnumbercritical = false;
+              }              
+              
+             boolean finishuser = false;
+             value = request.getParameter(CHECKBOX_FINISHUSER);
+             if(value != null)
+               finishuser = value.equals(CHECKBOX_VALUE);         
+
+             String[] values = request.getParameterValues(SELECT_AVAILABLECRLPUBLISHERS);
+             ArrayList crlpublishers = new ArrayList(); 
+             if(values != null){
+               for(int i=0; i < values.length; i++){
+                  crlpublishers.add(new Integer(values[i]));
+               }
+             }
+
+             int ocspactive = ExtendedCAServiceInfo.STATUS_INACTIVE;
+             value = request.getParameter(CHECKBOX_ACTIVATEOCSPSERVICE);
+             if(value != null && value.equals(CHECKBOX_VALUE))
+                ocspactive = ExtendedCAServiceInfo.STATUS_ACTIVE;             
+              
+             if(crlperiod != 0 && !illegaldnoraltname){
+               if(request.getParameter(BUTTON_CREATE) != null){           
+      
+		 // Create and active OSCP CA Service.
+		 ArrayList extendedcaservices = new ArrayList();
+		 extendedcaservices.add(
+		             new OCSPCAServiceInfo(ocspactive,
+						  "CN=OCSPSignerCertificate, " + subjectdn,
+			     		  "",
+						  2048,
+						  OCSPCAServiceInfo.KEYALGORITHM_RSA));
+                 X509CAInfo x509cainfo = new X509CAInfo(subjectdn, caname, 0, subjectaltname,
+                                                        certprofileid, validity, 
+                                                        null, catype, signedby,
+                                                        null, catoken, description, -1, null,
+                                                        policyid, crlperiod, crlpublishers, 
+                                                        useauthoritykeyidentifier, 
+                                                        authoritykeyidentifiercritical,
+                                                        usecrlnumber, 
+                                                        crlnumbercritical, 
+                                                        finishuser, extendedcaservices);
+                 try{
+                   cadatahandler.createCA((CAInfo) x509cainfo);
+                 }catch(CAExistsException caee){
+                    caexists = true; 
+                 }catch(CATokenAuthenticationFailedException catfe){
+                    catokenauthfailed = true;
+                 }
+                 includefile="choosecapage.jspf"; 
+               }
+               if(request.getParameter(BUTTON_MAKEREQUEST) != null){
+                 caid = CertTools.stringToBCDNString(subjectdn).hashCode();  
+		 // Create and OSCP CA Service.
+		 ArrayList extendedcaservices = new ArrayList();
+		 extendedcaservices.add(
+		             new OCSPCAServiceInfo(ocspactive,
+						  "CN=OCSPSignerCertificate, " + subjectdn,
+			     		          "",
+						  2048,
+						  OCSPCAServiceInfo.KEYALGORITHM_RSA));
+                 X509CAInfo x509cainfo = new X509CAInfo(subjectdn, caname, caid, subjectaltname,
+                                                        certprofileid, validity,
+                                                        null, catype, CAInfo.SIGNEDBYEXTERNALCA,
+                                                        null, catoken, description, -1, null, 
+                                                        policyid, crlperiod, crlpublishers, 
+                                                        useauthoritykeyidentifier, 
+                                                        authoritykeyidentifiercritical,
+                                                        usecrlnumber, 
+                                                        crlnumbercritical, 
+                                                        finishuser, extendedcaservices);
+                 cabean.saveRequestInfo(x509cainfo);                
+                 filemode = MAKEREQUESTMODE;
+                 includefile="recievefile.jspf"; 
+               }
+             }                          
+           } 
+         } 
+       } 
+       if(request.getParameter(BUTTON_CANCEL) != null){
+         // Don't save changes.
+         includefile="choosecapage.jspf"; 
+       }                        
+      }
+    if( action.equals(ACTION_EDIT_CA)){
+      if( request.getParameter(BUTTON_SAVE)  != null || 
+          request.getParameter(BUTTON_RECEIVEREQUEST)  != null || 
+          request.getParameter(BUTTON_RENEWCA)  != null ||
+          request.getParameter(BUTTON_REVOKECA)  != null ||
+          request.getParameter(BUTTON_PUBLISHCA) != null ||
+          request.getParameter(BUTTON_REVOKERENEWOCSPCERTIFICATE) != null){
+         // Create and save CA                          
+         caid = Integer.parseInt(request.getParameter(HIDDEN_CAID));
+         caname = request.getParameter(HIDDEN_CANAME);
+         catype = Integer.parseInt(request.getParameter(HIDDEN_CATYPE));
+         
+         CATokenInfo catoken = null;
+         catokentype = Integer.parseInt(request.getParameter(HIDDEN_CATOKENTYPE));
+         if(catokentype == CATokenInfo.CATOKENTYPE_P12){
+           catoken = new SoftCATokenInfo();          
+         } 
+         if(catokentype == CATokenInfo.CATOKENTYPE_HSM){
+            String properties = request.getParameter(TEXTFIELD_HARDCATOKENPROPERTIES);
+            if(catokenpath == null)
+              throw new Exception("Error in CATokenData");  
+            catoken = new HardCATokenInfo();                       
+            ((HardCATokenInfo) catoken).setProperties(properties);
+         }
+
+          
+         String description = request.getParameter(TEXTFIELD_DESCRIPTION);        
+
+         int validity = 0;
+         if(request.getParameter(TEXTFIELD_VALIDITY) != null)
+           validity = Integer.parseInt(request.getParameter(TEXTFIELD_VALIDITY));
+            
+
+         if(caid != 0 && description != null && catype !=0 ){
+           if(catype == CAInfo.CATYPE_X509){
+              // Edit X509 CA data              
+              
+              int crlperiod = Integer.parseInt(request.getParameter(TEXTFIELD_CRLPERIOD));
+
+              boolean useauthoritykeyidentifier = false;
+              boolean authoritykeyidentifiercritical = false;
+              String value = request.getParameter(CHECKBOX_AUTHORITYKEYIDENTIFIER);
+              if(value != null){
+                 useauthoritykeyidentifier = value.equals(CHECKBOX_VALUE);                 
+                 value = request.getParameter(CHECKBOX_AUTHORITYKEYIDENTIFIERCRITICAL); 
+                 if(value != null){
+                   authoritykeyidentifiercritical = value.equals(CHECKBOX_VALUE);
+                 } 
+                 else
+                   authoritykeyidentifiercritical = false;
+              }
+
+
+              boolean usecrlnumber = false;
+              boolean crlnumbercritical = false;
+
+              value = request.getParameter(CHECKBOX_USECRLNUMBER);
+              if(value != null){
+                 usecrlnumber = value.equals(CHECKBOX_VALUE);                 
+                 value = request.getParameter(CHECKBOX_CRLNUMBERCRITICAL); 
+                 if(value != null){
+                   crlnumbercritical = value.equals(CHECKBOX_VALUE);
+                 } 
+                 else
+                   crlnumbercritical = false;
+              }              
+              
+             boolean finishuser = false;
+             value = request.getParameter(CHECKBOX_FINISHUSER);
+             if(value != null)
+               finishuser = value.equals(CHECKBOX_VALUE);         
+
+             String[] values = request.getParameterValues(SELECT_AVAILABLECRLPUBLISHERS);
+             ArrayList crlpublishers = new ArrayList(); 
+             if(values != null){
+                 for(int i=0; i < values.length; i++){
+                    crlpublishers.add(new Integer(values[i]));
+                 }
+              }
+              
+              // Create extended CA Service updatedata.
+              int active = ExtendedCAServiceInfo.STATUS_INACTIVE;
+              value = request.getParameter(CHECKBOX_ACTIVATEOCSPSERVICE);
+              if(value != null && value.equals(CHECKBOX_VALUE))
+                active = ExtendedCAServiceInfo.STATUS_ACTIVE;             
+
+              boolean renew = false;
+              if(active == ExtendedCAServiceInfo.STATUS_ACTIVE && 
+                 request.getParameter(BUTTON_REVOKERENEWOCSPCERTIFICATE) != null){
+                 cadatahandler.revokeOCSPCertificate(caid);
+                 renew=true;
+                 ocsprenewed = true;             
+                 includefile="choosecapage.jspf"; 
+               }
+
+	      ArrayList extendedcaservices = new ArrayList();
+              extendedcaservices.add(
+		             new OCSPCAServiceInfo(active, renew));       
+
+             if(crlperiod != 0){
+               X509CAInfo x509cainfo = new X509CAInfo(caid, validity,
+                                                      catoken, description, 
+                                                      crlperiod, crlpublishers, 
+                                                      useauthoritykeyidentifier, 
+                                                      authoritykeyidentifiercritical,
+                                                      usecrlnumber, 
+                                                      crlnumbercritical, 
+                                                      finishuser,extendedcaservices);
+                 
+               cadatahandler.editCA((CAInfo) x509cainfo);
+                 
+
+               
+               if(request.getParameter(BUTTON_SAVE) != null){
+                  // Do nothing More
+
+                  includefile="choosecapage.jspf"; 
+               }
+               if(request.getParameter(BUTTON_RECEIVEREQUEST) != null){                  
+                  filemode = RECIEVERESPONSEMODE;
+                  includefile="recievefile.jspf"; 
+               }
+               if(request.getParameter(BUTTON_RENEWCA) != null){
+                 int signedby = cadatahandler.getCAInfo(caid).getCAInfo().getSignedBy();
+                 if(signedby != CAInfo.SIGNEDBYEXTERNALCA){
+                   cadatahandler.renewCA(caid, null);
+                   carenewed = true;
+                 }else{                   
+                   includefile="renewexternal.jspf"; 
+                 }  
+               }
+               if(request.getParameter(BUTTON_REVOKECA) != null){
+                 int revokereason = Integer.parseInt(request.getParameter(SELECT_REVOKEREASONS));
+                 cadatahandler.revokeCA(caid, revokereason);                   
+                 includefile="choosecapage.jspf"; 
+               }                 
+               if(request.getParameter(BUTTON_PUBLISHCA) != null){
+                 cadatahandler.publishCA(caid);
+                 capublished = true;             
+                 includefile="choosecapage.jspf"; 
+               }
+
+             }                          
+           } 
+         } 
+       } 
+       if(request.getParameter(BUTTON_CANCEL) != null){
+         // Don't save changes.
+         includefile="choosecapage.jspf"; 
+       }               
+
+         
+      }
+      if( action.equals(ACTION_MAKEREQUEST)){         
+       if(!buttoncancel){
+         try{
+           Collection certchain = CertTools.getCertsFromPEM(file);           
+           try{
+             CAInfo cainfo = cabean.getRequestInfo();              
+             cadatahandler.createCA(cainfo);                           
+             ExtendedPKCS10CertificationRequest certreq = null;
+             try{ 
+               certreq=cadatahandler.makeRequest(caid, certchain, true);
+               cabean.savePKCS10RequestData(certreq);     
+               filemode = CERTREQGENMODE;
+               includefile = "displayresult.jspf";
+             }catch(Exception e){  
+               cadatahandler.removeCA(caid); 
+               errorrecievingfile = true;
+               includefile="choosecapage.jspf";  
+             }
+           }catch(CAExistsException caee){
+              caexists = true; 
+           } 
+         }catch(Exception e){
+           errorrecievingfile = true; 
+         } 
+       }else{
+         cabean.saveRequestInfo((CAInfo) null); 
+       }
+      }
+
+      if( action.equals(ACTION_RECEIVERESPONSE)){        
+        if(!buttoncancel){
+          try{                                                                                     
+            if (caid != 0) {                             
+              cadatahandler.receiveResponse(caid, file);   
+              caactivated = true;
+            }           
+          }catch(Exception e){                       
+            errorrecievingfile = true; 
+          }  
+        }
+      }
+      if( action.equals(ACTION_PROCESSREQUEST)){       
+       if(!buttoncancel){
+         try{           
+           BufferedReader bufRdr = new BufferedReader(new InputStreamReader(file));
+           while (bufRdr.ready()) {
+            ByteArrayOutputStream ostr = new ByteArrayOutputStream();
+            PrintStream opstr = new PrintStream(ostr);
+            String temp;
+            while ((temp = bufRdr.readLine()) != null){            
+              opstr.print(temp + "\n");                
+            }  
+            opstr.close();                
+                                         
+            PKCS10RequestMessage certreq = se.anatom.ejbca.apply.RequestHelper.genPKCS10RequestMessageFromPEM(ostr.toByteArray());
+            
+             if (certreq != null) {               
+               cabean.savePKCS10RequestData(certreq.getCertificationRequest());                                
+               processedsubjectdn = certreq.getCertificationRequest().getCertificationRequestInfo().getSubject().toString();
+               processrequest = true;
+               includefile="editcapage.jspf";
+             }
+           }
+         }catch(Exception e){                      
+           errorrecievingfile = true; 
+         } 
+       }else{
+         cabean.savePKCS10RequestData((ExtendedPKCS10CertificationRequest) null);  
+       }
+      }
+      if( action.equals(ACTION_PROCESSREQUEST2)){        
+        if(request.getParameter(BUTTON_CANCEL) == null){
+         // Create and process CA                          
+         caname = request.getParameter(HIDDEN_CANAME);
+          
+         catype  = Integer.parseInt(request.getParameter(HIDDEN_CATYPE));
+         String subjectdn = request.getParameter(TEXTFIELD_SUBJECTDN);
+         try{
+           X509Name dummy = new X509Name(subjectdn);
+         }catch(Exception e){
+           illegaldnoraltname = true;
+         }
+         
+         int certprofileid = 0;
+         if(request.getParameter(SELECT_CERTIFICATEPROFILE) != null)
+           certprofileid = Integer.parseInt(request.getParameter(SELECT_CERTIFICATEPROFILE));
+         int signedby = 0;
+         if(request.getParameter(SELECT_SIGNEDBY) != null)
+            signedby = Integer.parseInt(request.getParameter(SELECT_SIGNEDBY));
+         String description = request.getParameter(TEXTFIELD_DESCRIPTION);        
+         if(description == null)
+           description = "";
+         
+         int validity = 0;
+         if(request.getParameter(TEXTFIELD_VALIDITY) != null)
+           validity = Integer.parseInt(request.getParameter(TEXTFIELD_VALIDITY));         
+
+         if(catype != 0 && subjectdn != null && caname != null && 
+            certprofileid != 0 && signedby != 0 && validity !=0 ){
+           if(catype == CAInfo.CATYPE_X509){
+              // Create a X509 CA
+              String subjectaltname = request.getParameter(TEXTFIELD_SUBJECTALTNAME);             
+              if(subjectaltname == null)
+                subjectaltname = ""; 
+              else{
+                if(!subjectaltname.trim().equals("")){
+                   se.anatom.ejbca.ra.raadmin.DNFieldExtractor subtest = 
+                     new se.anatom.ejbca.ra.raadmin.DNFieldExtractor(subjectaltname,se.anatom.ejbca.ra.raadmin.DNFieldExtractor.TYPE_SUBJECTALTNAME);                   
+                   if(subtest.isIllegal() || subtest.existsOther()){
+                     illegaldnoraltname = true;
+                   }
+                }
+              }
+
+              String policyid = request.getParameter(TEXTFIELD_POLICYID);
+              if(policyid == null || policyid.trim().equals(""))
+                 policyid = null; 
+
+              int crlperiod = 0;
+
+              boolean useauthoritykeyidentifier = false;
+              boolean authoritykeyidentifiercritical = false;              
+
+              boolean usecrlnumber = false;
+              boolean crlnumbercritical = false;                            
+              
+              boolean finishuser = false;
+              ArrayList crlpublishers = new ArrayList(); 
+              
+             if(!illegaldnoraltname){
+               if(request.getParameter(BUTTON_PROCESSREQUEST) != null){
+                 X509CAInfo x509cainfo = new X509CAInfo(subjectdn, caname, 0, subjectaltname,
+                                                        certprofileid, validity, 
+                                                        null, catype, signedby,
+                                                        null, null, description, -1, null,
+                                                        policyid, crlperiod, crlpublishers, 
+                                                        useauthoritykeyidentifier, 
+                                                        authoritykeyidentifiercritical,
+                                                        usecrlnumber, 
+                                                        crlnumbercritical, 
+                                                        finishuser, 
+                                                        new ArrayList());
+                 try{
+                   ExtendedPKCS10CertificationRequest req = cabean.getPKCS10RequestData(); 
+                   java.security.cert.Certificate result = cadatahandler.processRequest(x509cainfo, new PKCS10RequestMessage(req));
+                   cabean.saveProcessedCertificate(result);
+                   filemode = CERTGENMODE;   
+                   includefile="displayresult.jspf";
+                 }catch(CAExistsException caee){
+                    caexists = true;
+                 }                  
+               }
+             }
+           }
+         }
+        } 
+      }
+
+      if( action.equals(ACTION_RENEWCA_MAKEREQUEST)){
+        if(!buttoncancel){
+          try{
+           Collection certchain = CertTools.getCertsFromPEM(file);                       
+           ExtendedPKCS10CertificationRequest certreq = cadatahandler.makeRequest(caid, certchain, false);
+           cabean.savePKCS10RequestData(certreq);   
+               
+           filemode = CERTREQGENMODE;
+           includefile = "displayresult.jspf";
+          }catch(Exception e){
+           errorrecievingfile = true; 
+           includefile="choosecapage.jspf"; 
+          } 
+        }else{
+          cabean.saveRequestInfo((CAInfo) null); 
+        }      
+      }
+      if( action.equals(ACTION_RENEWCA_RECIEVERESPONSE)){
+        if(!buttoncancel){
+          try{                                                                                     
+            if (caid != 0) {                             
+              cadatahandler.receiveResponse(caid, file);   
+              carenewed = true;
+            }           
+          }catch(Exception e){                       
+            errorrecievingfile = true; 
+          }  
+        }        
+      }
+      if( action.equals(ACTION_CHOOSE_CATYPE)){
+        // Currently not need        
+      }
+      if( action.equals(ACTION_CHOOSE_CATOKENTYPE)){
+        
+        catokenpath = request.getParameter(SELECT_CATOKEN);   
+        caname = request.getParameter(HIDDEN_CANAME);   
+        if(catokenpath.equals("NONE")){
+          catokentype = CATokenInfo.CATOKENTYPE_P12;
+        }else{
+          catokentype = CATokenInfo.CATOKENTYPE_HSM;
+        }
+        editca = false;
+        includefile="editcapage.jspf";              
+      }
+
+    }
+  }catch(CATokenOfflineException ctoe){
+    catokenoffline = true;
+    includefile="choosecapage.jspf";
+  }   
+
+
+ // Include page
+  if( includefile.equals("editcapage.jspf")){ 
+%>
+   <%@ include file="editcapage.jspf" %>
+<%}
+  if( includefile.equals("choosecapage.jspf")){ %>
+   <%@ include file="choosecapage.jspf" %> 
+<%}  
+  if( includefile.equals("recievefile.jspf")){ %>
+   <%@ include file="recievefile.jspf" %> 
+<%} 
+  if( includefile.equals("displayresult.jspf")){ %>
+   <%@ include file="displayresult.jspf" %> 
+<%}
+  if( includefile.equals("renewexternal.jspf")){ %>
+   <%@ include file="renewexternal.jspf" %> 
+<%}
+
+
+   // Include Footer 
+   String footurl =   globalconfiguration.getFootBanner(); %>
+   
+  <jsp:include page="<%= footurl %>" />
+
+</body>
+</html>
+
diff -urN ../../312/ejbca/src/adminweb/ca/editcertificateprofiles/certificateprofilepage.jspf ./src/adminweb/ca/editcertificateprofiles/certificateprofilepage.jspf
--- ../../312/ejbca/src/adminweb/ca/editcertificateprofiles/certificateprofilepage.jspf	Tue Jun 28 15:01:32 2005
+++ ./src/adminweb/ca/editcertificateprofiles/certificateprofilepage.jspf	Thu Nov 24 22:16:37 2005
@@ -20,6 +20,26 @@
   TreeMap authorizedpublishers = ejbcawebbean.getInformationMemory().getAuthorizedPublisherNames();
   HashMap publisheridtonamemap = ejbcawebbean.getInformationMemory().getPublisherIdToNameMap();
 
+  int[] usefieldsindn =  {DNFieldExtractor.CN, DNFieldExtractor.UID, DNFieldExtractor.SN, 
+          DNFieldExtractor.GIVENNAME, DNFieldExtractor.SURNAME, DNFieldExtractor.T, 
+          DNFieldExtractor.L, DNFieldExtractor.INITIALS, DNFieldExtractor.E, 
+          DNFieldExtractor.ST, DNFieldExtractor.C, DNFieldExtractor.O, DNFieldExtractor.OU,
+          DNFieldExtractor.UNSTRUCTUREDADDRESS, DNFieldExtractor.UNSTRUCTUREDNAME };
+
+  String[] usefieldsindntexts = {"MATCHCOMMONNAME","MATCHUID","MATCHDNSERIALNUMBER",
+               "MATCHGIVENNAME", "MATCHSURNAME","MATCHTITLE",
+               "MATCHLOCALE","MATCHINITIALS","OLDEMAILDN1", "MATCHSTATE",
+               "MATCHCOUNTRY", "MATCHORGANIZATION", "MATCHORGANIZATIONUNIT",
+               "UNSTRUCTUREDADDRESS","UNSTRUCTUREDNAME"}; 
+  
+  int[] usefieldsinaltname =  {DNFieldExtractor.RFC822NAME, DNFieldExtractor.DNSNAME, DNFieldExtractor.IPADDRESS, 
+           DNFieldExtractor.URI, DNFieldExtractor.UPN, DNFieldExtractor.GUID};
+
+  
+  String[] usefieldsinaltnametexts = {"RFC822NAME","DNSNAME","IPADDRESS",
+               "UNIFORMRESOURCEID", "UPN","GUID"}; 
+  
+  
   int row = 0;
 %>
 <SCRIPT language="JavaScript">
@@ -81,22 +101,70 @@
   }
 }
 
+function checkusesubjectdnsubsetfield(){
+  if(document.editcertificateprofile.<%=CHECKBOX_USESUBJECTDNSUBSET %>.checked){    
+    document.editcertificateprofile.<%= SELECT_SUBJECTDNSUBSET %>.disabled = false;    
+  }
+  else{
+    document.editcertificateprofile.<%= SELECT_SUBJECTDNSUBSET %>.disabled = true;
+  }
+}
+
+function checkusesubjectaltnamesubsetfield(){
+  if(document.editcertificateprofile.<%=CHECKBOX_USESUBJECTALTNAMESUBSET %>.checked){    
+    document.editcertificateprofile.<%=SELECT_SUBJECTALTNAMESUBSET%>.disabled = false;    
+  }
+  else{
+    document.editcertificateprofile.<%=SELECT_SUBJECTALTNAMESUBSET%>.disabled = true;
+  }
+}
+
 function typechanged(){
   var seltype = document.editcertificateprofile.<%=SELECT_TYPE %>.options.selectedIndex;
   var type = document.editcertificateprofile.<%=SELECT_TYPE %>.options[seltype].value; 
 
   if(type == <%= CertificateDataBean.CERTTYPE_ENDENTITY %>){
     document.editcertificateprofile.<%=SELECT_AVAILABLEPUBLISHERS %>.disabled=false;
+    document.editcertificateprofile.<%=CHECKBOX_USEPATHLENGTHCONSTRAINT %>.disabled=true;
+    document.editcertificateprofile.<%=CHECKBOX_USEPATHLENGTHCONSTRAINT %>.checked=false;
+    document.editcertificateprofile.<%=TEXTFIELD_PATHLENGTHCONSTRAINT %>.disabled=true;
+    document.editcertificateprofile.<%=TEXTFIELD_PATHLENGTHCONSTRAINT %>.value="";
   }else{
     document.editcertificateprofile.<%=SELECT_AVAILABLEPUBLISHERS %>.disabled=true;
+    if(document.editcertificateprofile.<%=CHECKBOX_BASICCONSTRAINTS %>.checked){    
+      document.editcertificateprofile.<%=CHECKBOX_USEPATHLENGTHCONSTRAINT %>.disabled=false;
+    }  
   } 
+  
+  
+  
+}
+
+function checkusebasicconstraintfield(){
+  if(document.editcertificateprofile.<%=CHECKBOX_BASICCONSTRAINTS %>.checked){
+    document.editcertificateprofile.<%= CHECKBOX_BASICCONSTRAINTSCRITICAL %>.disabled = false;
+    
+    var seltype = document.editcertificateprofile.<%=SELECT_TYPE %>.options.selectedIndex;
+    var type = document.editcertificateprofile.<%=SELECT_TYPE %>.options[seltype].value; 
+    if(type == <%= CertificateDataBean.CERTTYPE_SUBCA %> || type == <%= CertificateDataBean.CERTTYPE_ROOTCA %>){
+      document.editcertificateprofile.<%=CHECKBOX_USEPATHLENGTHCONSTRAINT %>.disabled=false;
+    }          
+  }
+  else{
+    document.editcertificateprofile.<%= CHECKBOX_BASICCONSTRAINTSCRITICAL %>.disabled = true;
+    document.editcertificateprofile.<%= CHECKBOX_BASICCONSTRAINTSCRITICAL %>.checked = false;
+    document.editcertificateprofile.<%= CHECKBOX_USEPATHLENGTHCONSTRAINT %>.disabled = true;
+    document.editcertificateprofile.<%= CHECKBOX_USEPATHLENGTHCONSTRAINT %>.checked = false;
+    document.editcertificateprofile.<%= TEXTFIELD_PATHLENGTHCONSTRAINT %>.disabled=true;
+    document.editcertificateprofile.<%= TEXTFIELD_PATHLENGTHCONSTRAINT %>.value="";
+  }
 }
 
 function checkusecertificatepoliciesfield(){
   if(document.editcertificateprofile.<%=CHECKBOX_USECERTIFICATEPOLICIES %>.checked){
     document.editcertificateprofile.<%= CHECKBOX_CERTIFICATEPOLICIESCRITICAL %>.disabled = false;
     document.editcertificateprofile.<%= TEXTFIELD_CERTIFICATEPOLICYID %>.disabled = false;
-    document.editcertificateprofile.<%= TEXTFIELD_CERTIFICATEPOLICYID %>.value = "";
+
   }
   else{
     document.editcertificateprofile.<%= CHECKBOX_CERTIFICATEPOLICIESCRITICAL %>.disabled = true;
@@ -106,6 +174,18 @@
   }
 }
 
+function checkusepathlengtconstraintfield(){
+  if(document.editcertificateprofile.<%=CHECKBOX_USEPATHLENGTHCONSTRAINT %>.checked){  
+    document.editcertificateprofile.<%= TEXTFIELD_PATHLENGTHCONSTRAINT %>.disabled = false;
+    document.editcertificateprofile.<%= TEXTFIELD_PATHLENGTHCONSTRAINT %>.value = "1";
+  }
+  else{
+    document.editcertificateprofile.<%= TEXTFIELD_PATHLENGTHCONSTRAINT %>.disabled = true;
+    document.editcertificateprofile.<%= TEXTFIELD_PATHLENGTHCONSTRAINT %>.value = "";
+  }
+}
+
+
 function checkuseextendedkeyusagefield(){
   if(document.editcertificateprofile.<%=CHECKBOX_USEEXTENDEDKEYUSAGE %>.checked){
     document.editcertificateprofile.<%= SELECT_EXTENDEDKEYUSAGE %>.disabled = false;
@@ -132,6 +212,16 @@
         selected++; 
     }
 
+    if(!document.editcertificateprofile.<%=TEXTFIELD_PATHLENGTHCONSTRAINT%>.disabled){
+      if(!checkfieldfordecimalnumbers("document.editcertificateprofile.<%=TEXTFIELD_PATHLENGTHCONSTRAINT%>","<%= ejbcawebbean.getText("ONLYDECNUMBERSINPATHLEN") %>")){
+         illegalfields++;
+      }    
+      if(document.editcertificateprofile.<%=TEXTFIELD_PATHLENGTHCONSTRAINT%>.value==""){
+         alert("<%= ejbcawebbean.getText("PATHLENCANNOTBEEMPTY") %>");
+         illegalfields++;
+      }
+    }
+
     if(selected == 0){
       alert("<%=  ejbcawebbean.getText("ONEAVAILABLEBITLENGTH") %>");
       illegalfields++; 
@@ -178,11 +268,11 @@
 
       </td>
       <td width="50%">
-           <input type="checkbox" name="<%=CHECKBOX_BASICCONSTRAINTS %>"   onClick="checkusefield('<%=CHECKBOX_BASICCONSTRAINTS %>', '<%=CHECKBOX_BASICCONSTRAINTSCRITICAL %>')" value="<%=CHECKBOX_VALUE %>" 
+           <input type="checkbox" name="<%=CHECKBOX_BASICCONSTRAINTS%>"   onClick="checkusebasicconstraintfield()" value="<%=CHECKBOX_VALUE %>"
            <% if(certificateprofiledata.getUseBasicConstraints()) 
                  out.write("CHECKED");
            %>> <br> 
-          <input type="checkbox" name="<%=CHECKBOX_BASICCONSTRAINTSCRITICAL %>" value="<%=CHECKBOX_VALUE %>" 
+          <input type="checkbox" name="<%=CHECKBOX_BASICCONSTRAINTSCRITICAL%>" value="<%=CHECKBOX_VALUE %>" 
            <%
                if(!certificateprofiledata.getUseBasicConstraints())
                  out.write(" disabled ");  
@@ -191,6 +281,25 @@
                  out.write("CHECKED");
            %>> 
       </td>
+    </tr>  
+    <tr  id="Row<%=row++%2%>"> 
+      <td width="50%"  align="right"> 
+        <%= ejbcawebbean.getText("USEPATHLENGTHCONSTRAINT") %> <br> <%= ejbcawebbean.getText("PATHLENGTHCONSTRAINT") %>
+      </td>
+      <td width="50%">
+           <% boolean enablepathlenconstraint = certificateprofiledata.getUseBasicConstraints() && (certificateprofiledata.getType() == CertificateDataBean.CERTTYPE_SUBCA ||certificateprofiledata.getType() == CertificateDataBean.CERTTYPE_ROOTCA); %>
+           <input type="checkbox" name="<%=CHECKBOX_USEPATHLENGTHCONSTRAINT %>"   onClick="checkusepathlengtconstraintfield()" value="<%=CHECKBOX_VALUE %>" <% if(!enablepathlenconstraint) out.write(" disabled "); %>
+           <% if(certificateprofiledata.getUsePathLengthConstraint() && enablepathlenconstraint) 
+                 out.write(" CHECKED ");
+           %>> <br> 
+           <input type="text" name="<%=TEXTFIELD_PATHLENGTHCONSTRAINT%>" size="2" maxlength="2" 
+           <%      if(!certificateprofiledata.getUsePathLengthConstraint() || !enablepathlenconstraint) 
+                       out.write(" disabled ");
+                    else                       
+                       out.write(" value=\"" + certificateprofiledata.getPathLengthConstraint() + "\""); 
+                      %>>
+      </td>
+    </tr>  
     <tr  id="Row<%=row++%2%>"> 
       <td width="50%"  align="right"> 
         <%= ejbcawebbean.getText("USEKEYUSAGE") %> <br>  <%= ejbcawebbean.getText("KEYUSAGECRITICAL") %>
@@ -465,6 +574,62 @@
                       out.write(" value=\"" + certificateprofiledata.getCNPostfix() + "\""); %> >
       </td>
     </tr>
+    <tr  id="Row<%=row++%2%>"> 
+      <td width="50%"  align="right"> 
+        <%= ejbcawebbean.getText("USESUBJECTDNSUBSET") %> 
+      </td>
+      <td width="50%">
+           <input type="checkbox" name="<%=CHECKBOX_USESUBJECTDNSUBSET  %>"  onclick="checkusesubjectdnsubsetfield()" value="<%=CHECKBOX_VALUE %>" 
+           <% if(certificateprofiledata.getUseSubjectDNSubSet())
+                 out.write("CHECKED");
+           %>>
+      </td>
+    </tr>        
+    <tr id="Row<%=row++%2%>"> 
+      <td width="50%" valign="top"> 
+        <div align="right"> 
+          <%= ejbcawebbean.getText("SUBSETOFSUBJECTDN") %><br>
+        </div>
+      </td>
+      <td width="50%" valign="top">   
+        <select name="<%=SELECT_SUBJECTDNSUBSET%>" size="15" multiple <%if(!certificateprofiledata.getUseSubjectDNSubSet()){out.write(" disabled ");} %>>       
+            <% HashSet currentfields = new HashSet(certificateprofiledata.getSubjectDNSubSet());
+               for(int i=0;i < usefieldsindn.length; i++){ %>                                  
+              <option value="<%=usefieldsindn[i]%>" <% if(currentfields.contains(new Integer(usefieldsindn[i]))) out.write(" selected "); %>> 
+                  <%= ejbcawebbean.getText(usefieldsindntexts[i]) %>
+               </option>
+            <%}%>
+          </select>         
+      </td>
+    </tr>
+     <tr  id="Row<%=row++%2%>"> 
+      <td width="50%"  align="right"> 
+        <%= ejbcawebbean.getText("USESUBJECTALTNAMESUBSET") %> 
+      </td>
+      <td width="50%">
+           <input type="checkbox" name="<%=CHECKBOX_USESUBJECTALTNAMESUBSET  %>"  onclick="checkusesubjectaltnamesubsetfield()" value="<%=CHECKBOX_VALUE %>" 
+           <% if(certificateprofiledata.getUseSubjectAltNameSubSet())
+                 out.write("CHECKED");
+           %>>
+      </td>
+    </tr>        
+    <tr id="Row<%=row++%2%>"> 
+      <td width="50%" valign="top"> 
+        <div align="right"> 
+          <%= ejbcawebbean.getText("SUBSETOFSUBJECTALTNAME") %><br>
+        </div>
+      </td>
+      <td width="50%" valign="top">   
+        <select name="<%=SELECT_SUBJECTALTNAMESUBSET%>" size="6" multiple <%if(!certificateprofiledata.getUseSubjectAltNameSubSet()){out.write(" disabled ");} %>>       
+            <% currentfields = new HashSet(certificateprofiledata.getSubjectAltNameSubSet());
+               for(int i=0;i < usefieldsinaltname.length; i++){ %>                                  
+              <option value="<%=usefieldsinaltname[i]%>" <% if(currentfields.contains(new Integer(usefieldsinaltname[i]))) out.write(" selected "); %>> 
+                  <%= ejbcawebbean.getText(usefieldsinaltnametexts[i]) %>
+               </option>
+            <%}%>
+          </select>         
+      </td>
+    </tr>   
     <tr  id="Row<%=row++%2%>"> 
       <td width="50%" align="right"> 
         <%= ejbcawebbean.getText("AVAILABLEBITLENGTHS") %> <br>&nbsp;
diff -urN ../../312/ejbca/src/adminweb/ca/editcertificateprofiles/editcertificateprofiles.jsp ./src/adminweb/ca/editcertificateprofiles/editcertificateprofiles.jsp
--- ../../312/ejbca/src/adminweb/ca/editcertificateprofiles/editcertificateprofiles.jsp	Mon May  2 14:58:02 2005
+++ ./src/adminweb/ca/editcertificateprofiles/editcertificateprofiles.jsp	Thu Nov 24 22:16:37 2005
@@ -1,7 +1,7 @@
 <%@ page pageEncoding="ISO-8859-1"%>
 <%@page errorPage="/errorpage.jsp" import="java.util.*, se.anatom.ejbca.webdist.webconfiguration.EjbcaWebBean,se.anatom.ejbca.ra.raadmin.GlobalConfiguration, se.anatom.ejbca.SecConst, se.anatom.ejbca.authorization.AuthorizationDeniedException,
                se.anatom.ejbca.webdist.cainterface.CAInterfaceBean, se.anatom.ejbca.ca.store.certificateprofiles.CertificateProfile, se.anatom.ejbca.webdist.cainterface.CertificateProfileDataHandler, 
-               se.anatom.ejbca.ca.exception.CertificateProfileExistsException, se.anatom.ejbca.webdist.rainterface.CertificateView"%>
+               se.anatom.ejbca.ca.exception.CertificateProfileExistsException, se.anatom.ejbca.webdist.rainterface.CertificateView, se.anatom.ejbca.ra.raadmin.DNFieldExtractor"%>
 
 <html>
 <jsp:useBean id="ejbcawebbean" scope="session" class="se.anatom.ejbca.webdist.webconfiguration.EjbcaWebBean" />
@@ -29,12 +29,13 @@
   static final String BUTTON_SAVE              = "buttonsave";
   static final String BUTTON_CANCEL            = "buttoncancel";
  
-  static final String TEXTFIELD_VALIDITY              = "textfieldvalidity";
-  static final String TEXTFIELD_CRLDISTURI            = "textfieldcrldisturi";
-  static final String TEXTFIELD_CERTIFICATEPOLICYID   = "textfieldcertificatepolicyid";
-  static final String TEXTFIELD_OCSPSERVICELOCATOR    = "textfieldocspservicelocatoruri";
-  static final String TEXTFIELD_CNPOSTFIX             = "textfieldcnpostfix";
-
+  static final String TEXTFIELD_VALIDITY               = "textfieldvalidity";
+  static final String TEXTFIELD_CRLDISTURI             = "textfieldcrldisturi";
+  static final String TEXTFIELD_CERTIFICATEPOLICYID    = "textfieldcertificatepolicyid";
+  static final String TEXTFIELD_OCSPSERVICELOCATOR     = "textfieldocspservicelocatoruri";
+  static final String TEXTFIELD_CNPOSTFIX              = "textfieldcnpostfix";
+  static final String TEXTFIELD_PATHLENGTHCONSTRAINT   = "textfieldpathlengthconstraint";
+  
   static final String CHECKBOX_BASICCONSTRAINTS                   = "checkboxbasicconstraints";
   static final String CHECKBOX_BASICCONSTRAINTSCRITICAL           = "checkboxbasicconstraintscritical";
   static final String CHECKBOX_KEYUSAGE                           = "checkboxkeyusage";
@@ -55,6 +56,9 @@
   static final String CHECKBOX_USEOCSPSERVICELOCATOR              = "checkuseocspservicelocator";
   static final String CHECKBOX_USEMSTEMPLATE                      = "checkusemstemplate";
   static final String CHECKBOX_USECNPOSTFIX                       = "checkusecnpostfix";
+  static final String CHECKBOX_USESUBJECTDNSUBSET                 = "checkusesubjectdnsubset";
+  static final String CHECKBOX_USESUBJECTALTNAMESUBSET            = "checkusesubjectaltnamesubset";
+  static final String CHECKBOX_USEPATHLENGTHCONSTRAINT            = "checkusepathlengthconstraint";
 
   static final String SELECT_AVAILABLEBITLENGTHS                  = "selectavailablebitlengths";
   static final String SELECT_KEYUSAGE                             = "selectkeyusage";
@@ -63,6 +67,8 @@
   static final String SELECT_AVAILABLECAS                         = "selectavailablecas";
   static final String SELECT_AVAILABLEPUBLISHERS                  = "selectavailablepublishers";
   static final String SELECT_MSTEMPLATE                           = "selectmstemplate";
+  static final String SELECT_SUBJECTDNSUBSET                      = "selectsubjectdnsubset";
+  static final String SELECT_SUBJECTALTNAMESUBSET                 = "selectsubjectaltnamesubset";
 
   // Declare Language file.
 
@@ -226,6 +232,21 @@
                  certificateprofiledata.setUseBasicConstraints(false);
                  certificateprofiledata.setBasicConstraintsCritical(false); 
              }      
+             
+             use = false;
+             value = request.getParameter(CHECKBOX_USEPATHLENGTHCONSTRAINT);
+             if(value != null){
+                 use = value.equals(CHECKBOX_VALUE);
+                 certificateprofiledata.setUsePathLengthConstraint(use);
+                 value = request.getParameter(TEXTFIELD_PATHLENGTHCONSTRAINT); 
+                 if(value != null){
+                   certificateprofiledata.setPathLengthConstraint(Integer.parseInt(value));
+                 } 
+             }
+             else{
+                 certificateprofiledata.setUsePathLengthConstraint(false);
+                 certificateprofiledata.setPathLengthConstraint(0); 
+             }             
        
              use = false;
              value = request.getParameter(CHECKBOX_KEYUSAGE);
@@ -468,7 +489,47 @@
                  certificateprofiledata.setUseCNPostfix(false);                 
                  certificateprofiledata.setCNPostfix("");
              }
+             
+             use = false;
+             value = request.getParameter(CHECKBOX_USESUBJECTDNSUBSET);
+             if(value != null){
+                 use = value.equals(CHECKBOX_VALUE);
+                 certificateprofiledata.setUseSubjectDNSubSet(use);
+
+                 values = request.getParameterValues(SELECT_SUBJECTDNSUBSET);
+                 if(values != null){
+                     ArrayList usefields = new ArrayList();
+                     for(int i=0;i< values.length;i++){
+                         usefields.add(new Integer(values[i]));	
+                     }                     
+                     certificateprofiledata.setSubjectDNSubSet(usefields);
+                 }
+             }
+             else{
+                 certificateprofiledata.setUseSubjectDNSubSet(false);                 
+                 certificateprofiledata.setSubjectDNSubSet(new ArrayList());
+             }
+             
+             use = false;
+             value = request.getParameter(CHECKBOX_USESUBJECTALTNAMESUBSET);
+             if(value != null){
+                 use = value.equals(CHECKBOX_VALUE);
+                 certificateprofiledata.setUseSubjectAltNameSubSet(use);
 
+                 values = request.getParameterValues(SELECT_SUBJECTALTNAMESUBSET);
+                 if(values != null){
+                     ArrayList usefields = new ArrayList();
+                     for(int i=0;i< values.length;i++){
+                         usefields.add(new Integer(values[i]));	
+                     }                     
+                     certificateprofiledata.setSubjectAltNameSubSet(usefields);
+                 }
+             }
+             else{
+                 certificateprofiledata.setUseSubjectAltNameSubSet(false);                 
+                 certificateprofiledata.setSubjectAltNameSubSet(new ArrayList());
+             }
+             
               cabean.changeCertificateProfile(certprofile,certificateprofiledata);
            }
            if(request.getParameter(BUTTON_CANCEL) != null){
diff -urN ../../312/ejbca/src/adminweb/ca/viewcainfo.jsp ./src/adminweb/ca/viewcainfo.jsp
--- ../../312/ejbca/src/adminweb/ca/viewcainfo.jsp	Tue May 24 11:32:09 2005
+++ ./src/adminweb/ca/viewcainfo.jsp	Sat Oct 22 09:27:08 2005
@@ -2,7 +2,7 @@
 <%@page errorPage="/errorpage.jsp"  import="se.anatom.ejbca.webdist.webconfiguration.EjbcaWebBean, se.anatom.ejbca.ra.raadmin.GlobalConfiguration, 
                  se.anatom.ejbca.webdist.cainterface.CAInfoView, se.anatom.ejbca.util.CertTools, se.anatom.ejbca.webdist.cainterface.CAInterfaceBean, se.anatom.ejbca.SecConst,
                  se.anatom.ejbca.authorization.AuthorizationDeniedException,
-                 javax.ejb.CreateException, java.rmi.RemoteException" %>
+                 javax.ejb.CreateException, java.rmi.RemoteException, java.security.cert.X509Certificate" %>
 
 <html>
 <jsp:useBean id="ejbcawebbean" scope="session" class="se.anatom.ejbca.webdist.webconfiguration.EjbcaWebBean" />
@@ -31,8 +31,17 @@
 </head>
 <SCRIPT language="JavaScript">
 <!--
-function viewocspcert(){        
-    var link = "<%= VIEWCERT_LINK %>?<%= viewcainfohelper.CERTSERNO_PARAMETER %>=<%=java.net.URLEncoder.encode(viewcainfohelper.ocspcert.getSerialNumber().toString(16) + "," + CertTools.getIssuerDN(viewcainfohelper.ocspcert),"UTF-8")%>";
+function viewocspcert(){
+	<%
+	X509Certificate ocspcert = viewcainfohelper.ocspcert;
+	String ocspdn = "N/A";
+	String ocspserno = "N/A";
+	if (ocspcert != null) {
+		ocspdn = CertTools.getIssuerDN(viewcainfohelper.ocspcert);
+		ocspserno = viewcainfohelper.ocspcert.getSerialNumber().toString(16);
+	}
+	%>
+    var link = "<%= VIEWCERT_LINK %>?<%= viewcainfohelper.CERTSERNO_PARAMETER %>=<%=java.net.URLEncoder.encode(ocspserno + "," + ocspdn,"UTF-8")%>";
     link = encodeURI(link);
     win_popup = window.open(link, 'view_cert','height=600,width=500,scrollbars=yes,toolbar=no,resizable=1');
     win_popup.focus();
diff -urN ../../312/ejbca/src/adminweb/ejbcajslib.js ./src/adminweb/ejbcajslib.js
--- ../../312/ejbca/src/adminweb/ejbcajslib.js	Wed Aug 17 08:59:39 2005
+++ ./src/adminweb/ejbcajslib.js	Thu Nov 17 21:37:46 2005
@@ -3,6 +3,8 @@
      Written by Philip Vendil 
      27 mars 2002 */
 
+
+
 function checkAll(checkboxlist,size) {
   for (var i = 0; i < size; i++) {
     box = eval(checkboxlist + i  ); 
@@ -51,7 +53,9 @@
 function checkfieldforlegalchars(thetextfield , alerttext){
   field = eval(thetextfield);
   var text = new String(field.value);
-  re = /[^a-öA-ÖüÜ_ 0-9\-.]/g;
+  
+  re = /[^\u0041-\u005a\u0061-\u007a\u00aa\u00b5\u00ba\u00c0-\u00d6\u00d8-\u00f6\u00f8-\u01ba\u01bc-\u01bf\u01c4-\u02ad\u0386\u0388-\u0481\u048c-\u0556\u0561-\u0587\u10a0-\u10c5\u1e00-\u1fbc\u1fbe\u1fc2-\u1fcc\u1fd0-\u1fdb\u1fe0-\u1fec\u1ff2-\u1ffc\u207f\u2102\u2107\u210a-\u2113\u2115\u2119-\u211d\u2124\u2126\u2128\u212a-\u212d\u212f-\u2131\u2133\u2134\u2139\ufb00-\ufb17\uff21-\uff3a\uff41-\uff5a_ 0-9\-]/g; 
+
   if(re.exec(text)){
     alert(alerttext);
     return false;
@@ -64,7 +68,7 @@
 function checkfieldforlegalcharswithchangeable(thetextfield , alerttext){
   field = eval(thetextfield);
   var text = new String(field.value);
-  re = /[^a-öA-ÖüÜ_ 0-9\-;]/g;
+  re = /[^\u0041-\u005a\u0061-\u007a\u00aa\u00b5\u00ba\u00c0-\u00d6\u00d8-\u00f6\u00f8-\u01ba\u01bc-\u01bf\u01c4-\u02ad\u0386\u0388-\u0481\u048c-\u0556\u0561-\u0587\u10a0-\u10c5\u1e00-\u1fbc\u1fbe\u1fc2-\u1fcc\u1fd0-\u1fdb\u1fe0-\u1fec\u1ff2-\u1ffc\u207f\u2102\u2107\u210a-\u2113\u2115\u2119-\u211d\u2124\u2126\u2128\u212a-\u212d\u212f-\u2131\u2133\u2134\u2139\ufb00-\ufb17\uff21-\uff3a\uff41-\uff5a_ 0-9\-;]/g;
   if(re.exec(text)){
     alert(alerttext);
     return false;
@@ -77,7 +81,7 @@
 function checkfieldforlegaldnchars(thetextfield , alerttext){
   field = eval(thetextfield);
   var text = new String(field.value);
-  re = /[^a-öA-ÖüÜ_ 0-9@\.\,\-:\/\?\'\=\(\)]/g;
+  re = /[^\u0041-\u005a\u0061-\u007a\u00aa\u00b5\u00ba\u00c0-\u00d6\u00d8-\u00f6\u00f8-\u01ba\u01bc-\u01bf\u01c4-\u02ad\u0386\u0388-\u0481\u048c-\u0556\u0561-\u0587\u10a0-\u10c5\u1e00-\u1fbc\u1fbe\u1fc2-\u1fcc\u1fd0-\u1fdb\u1fe0-\u1fec\u1ff2-\u1ffc\u207f\u2102\u2107\u210a-\u2113\u2115\u2119-\u211d\u2124\u2126\u2128\u212a-\u212d\u212f-\u2131\u2133\u2134\u2139\ufb00-\ufb17\uff21-\uff3a\uff41-\uff5a_ 0-9@\.\*\,\-:\/\?\'\=\(\)]/g;
   if(re.exec(text)){
     alert(alerttext);
     return false;
@@ -90,7 +94,7 @@
 function checkfieldforcompletednchars(thetextfield , alerttext){
   field = eval(thetextfield);
   var text = new String(field.value);
-  re = /[^a-öA-ÖüÜ_ 0-9@\,\=\.\-:\/\?\'\(\)]/g;
+  re = /[^\u0041-\u005a\u0061-\u007a\u00aa\u00b5\u00ba\u00c0-\u00d6\u00d8-\u00f6\u00f8-\u01ba\u01bc-\u01bf\u01c4-\u02ad\u0386\u0388-\u0481\u048c-\u0556\u0561-\u0587\u10a0-\u10c5\u1e00-\u1fbc\u1fbe\u1fc2-\u1fcc\u1fd0-\u1fdb\u1fe0-\u1fec\u1ff2-\u1ffc\u207f\u2102\u2107\u210a-\u2113\u2115\u2119-\u211d\u2124\u2126\u2128\u212a-\u212d\u212f-\u2131\u2133\u2134\u2139\ufb00-\ufb17\uff21-\uff3a\uff41-\uff5a_ 0-9@\,\=\.\*\-:\/\?\'\(\)]/g;
   if(re.exec(text)){
     alert(alerttext);
     return false;
@@ -103,7 +107,7 @@
 function checkfieldforlegaldncharswithchangeable(thetextfield , alerttext){
   field = eval(thetextfield);
   var text = new String(field.value);
-  re = /[^a-öA-ÖüÜ_ 0-9@.,\-:\/;\'\?\+\=\(\)\"]/g;
+  re = /[^\u0041-\u005a\u0061-\u007a\u00aa\u00b5\u00ba\u00c0-\u00d6\u00d8-\u00f6\u00f8-\u01ba\u01bc-\u01bf\u01c4-\u02ad\u0386\u0388-\u0481\u048c-\u0556\u0561-\u0587\u10a0-\u10c5\u1e00-\u1fbc\u1fbe\u1fc2-\u1fcc\u1fd0-\u1fdb\u1fe0-\u1fec\u1ff2-\u1ffc\u207f\u2102\u2107\u210a-\u2113\u2115\u2119-\u211d\u2124\u2126\u2128\u212a-\u212d\u212f-\u2131\u2133\u2134\u2139\ufb00-\ufb17\uff21-\uff3a\uff41-\uff5a_ 0-9@\.\,\*\-:\/;\'\?\+\=\(\)\"]/g;
   if(re.exec(text)){
     alert(alerttext);
     return false;
@@ -129,7 +133,7 @@
 function checkfieldforlegalemailchars(thetextfield , alerttext){
   field = eval(thetextfield);
   var text = new String(field.value);
-  re = /[^a-öA-ÖüÜ_0-9@\.\-]/g;
+  re = /[^\u0041-\u005a\u0061-\u007a\u00aa\u00b5\u00ba\u00c0-\u00d6\u00d8-\u00f6\u00f8-\u01ba\u01bc-\u01bf\u01c4-\u02ad\u0386\u0388-\u0481\u048c-\u0556\u0561-\u0587\u10a0-\u10c5\u1e00-\u1fbc\u1fbe\u1fc2-\u1fcc\u1fd0-\u1fdb\u1fe0-\u1fec\u1ff2-\u1ffc\u207f\u2102\u2107\u210a-\u2113\u2115\u2119-\u211d\u2124\u2126\u2128\u212a-\u212d\u212f-\u2131\u2133\u2134\u2139\ufb00-\ufb17\uff21-\uff3a\uff41-\uff5a_0-9@\.\-]/g;
   if(re.exec(text)){
     alert(alerttext);
     return false;
@@ -142,7 +146,7 @@
 function checkfieldforlegalemailcharswithchangeable(thetextfield , alerttext){
   field = eval(thetextfield);
   var text = new String(field.value);
-  re = /[^a-öA-ÖüÜ_0-9@\.\-;]/g;
+  re = /[^\u0041-\u005a\u0061-\u007a\u00aa\u00b5\u00ba\u00c0-\u00d6\u00d8-\u00f6\u00f8-\u01ba\u01bc-\u01bf\u01c4-\u02ad\u0386\u0388-\u0481\u048c-\u0556\u0561-\u0587\u10a0-\u10c5\u1e00-\u1fbc\u1fbe\u1fc2-\u1fcc\u1fd0-\u1fdb\u1fe0-\u1fec\u1ff2-\u1ffc\u207f\u2102\u2107\u210a-\u2113\u2115\u2119-\u211d\u2124\u2126\u2128\u212a-\u212d\u212f-\u2131\u2133\u2134\u2139\ufb00-\ufb17\uff21-\uff3a\uff41-\uff5a_0-9@\.\-;]/g;
   if(re.exec(text)){
     alert(alerttext);
     return false;
@@ -155,7 +159,7 @@
 function checkfieldforlegalemailcharswithoutat(thetextfield , alerttext){
   field = eval(thetextfield);
   var text = new String(field.value);
-  re = /[^a-öA-ÖüÜ_0-9\.\-]/g;
+  re = /[^\u0041-\u005a\u0061-\u007a\u00aa\u00b5\u00ba\u00c0-\u00d6\u00d8-\u00f6\u00f8-\u01ba\u01bc-\u01bf\u01c4-\u02ad\u0386\u0388-\u0481\u048c-\u0556\u0561-\u0587\u10a0-\u10c5\u1e00-\u1fbc\u1fbe\u1fc2-\u1fcc\u1fd0-\u1fdb\u1fe0-\u1fec\u1ff2-\u1ffc\u207f\u2102\u2107\u210a-\u2113\u2115\u2119-\u211d\u2124\u2126\u2128\u212a-\u212d\u212f-\u2131\u2133\u2134\u2139\ufb00-\ufb17\uff21-\uff3a\uff41-\uff5a_0-9\.\-]/g;
   if(re.exec(text)){
     alert(alerttext);
     return false;
@@ -168,7 +172,7 @@
 function checkfieldforlegalemailcharswithoutatwithchangeable(thetextfield , alerttext){
   field = eval(thetextfield);
   var text = new String(field.value);
-  re = /[^a-öA-ÖüÜ_0-9\.\-;]/g;
+  re = /[^\u0041-\u005a\u0061-\u007a\u00aa\u00b5\u00ba\u00c0-\u00d6\u00d8-\u00f6\u00f8-\u01ba\u01bc-\u01bf\u01c4-\u02ad\u0386\u0388-\u0481\u048c-\u0556\u0561-\u0587\u10a0-\u10c5\u1e00-\u1fbc\u1fbe\u1fc2-\u1fcc\u1fd0-\u1fdb\u1fe0-\u1fec\u1ff2-\u1ffc\u207f\u2102\u2107\u210a-\u2113\u2115\u2119-\u211d\u2124\u2126\u2128\u212a-\u212d\u212f-\u2131\u2133\u2134\u2139\ufb00-\ufb17\uff21-\uff3a\uff41-\uff5a_0-9\.\-;]/g;
   if(re.exec(text)){
     alert(alerttext);
     return false;
@@ -209,7 +213,7 @@
 function checkfieldforlegalresourcechars(thetextfield , alerttext){
   field = eval(thetextfield);
   var text = new String(field.value);
-  re = /[^a-öA-ÖüÜ_ 0-9\/]/g;
+  re = /[^\u0041-\u005a\u0061-\u007a\u00aa\u00b5\u00ba\u00c0-\u00d6\u00d8-\u00f6\u00f8-\u01ba\u01bc-\u01bf\u01c4-\u02ad\u0386\u0388-\u0481\u048c-\u0556\u0561-\u0587\u10a0-\u10c5\u1e00-\u1fbc\u1fbe\u1fc2-\u1fcc\u1fd0-\u1fdb\u1fe0-\u1fec\u1ff2-\u1ffc\u207f\u2102\u2107\u210a-\u2113\u2115\u2119-\u211d\u2124\u2126\u2128\u212a-\u212d\u212f-\u2131\u2133\u2134\u2139\ufb00-\ufb17\uff21-\uff3a\uff41-\uff5a_ 0-9\/]/g;
   if(re.exec(text)){
     alert(alerttext);
     return false;
diff -urN ../../312/ejbca/src/adminweb/hardtoken/edithardtokenprofiles/hardtokenprofilespage.jspf ./src/adminweb/hardtoken/edithardtokenprofiles/hardtokenprofilespage.jspf
--- ../../312/ejbca/src/adminweb/hardtoken/edithardtokenprofiles/hardtokenprofilespage.jspf	Mon Nov  8 13:59:33 2004
+++ ./src/adminweb/hardtoken/edithardtokenprofiles/hardtokenprofilespage.jspf	Thu Nov 17 21:43:56 2005
@@ -21,6 +21,14 @@
         <td width="35%"></td>
       </tr>
     <% } %>
+    <% if(helper.profilemalformed){ 
+          helper.profilemalformed= false;%> 
+      <tr> 
+        <td width="5%"></td>
+        <td width="60%"><H4 id="alert"><%= ejbcawebbean.getText("HARDTOKENPROFILEMALFORMED") %></H4></td>
+        <td width="35%"></td>
+      </tr>
+    <% } %>
     <% if(helper.hardtokenprofiledeletefailed){
           helper.hardtokenprofiledeletefailed = false; 
           %> 
diff -urN ../../312/ejbca/src/adminweb/hardtoken/viewtoken.jsp ./src/adminweb/hardtoken/viewtoken.jsp
--- ../../312/ejbca/src/adminweb/hardtoken/viewtoken.jsp	Tue May 24 11:32:09 2005
+++ ./src/adminweb/hardtoken/viewtoken.jsp	Thu Nov 17 21:43:56 2005
@@ -200,8 +200,8 @@
 <body >
   <h2 align="center"><%= ejbcawebbean.getText("VIEWHARDTOKEN") %></h2>
  <!-- <div align="right"><A  onclick='displayHelpWindow("<%= ejbcawebbean.getHelpfileInfix("hardtoken_help.html")  + "#viewhardtoken"%>")'>
-    <u><%= ejbcawebbean.getText("HELP") %></u> </A> -->
-  </div> 
+    <u><%= ejbcawebbean.getText("HELP") %></u> </A>
+  </div>  -->
   <%if(noparameter){%>
   <div align="center"><h4 id="alert"><%=ejbcawebbean.getText("YOUMUSTSPECIFYPARAMETER") %></h4></div> 
   <% } 
diff -urN ../../312/ejbca/src/adminweb/languages/languagefile.en.properties ./src/adminweb/languages/languagefile.en.properties
--- ../../312/ejbca/src/adminweb/languages/languagefile.en.properties	Wed Aug 17 08:45:19 2005
+++ ./src/adminweb/languages/languagefile.en.properties	Thu Nov 24 22:16:37 2005
@@ -5,7 +5,7 @@
 
 ACCEPT                    = Accept
 
-ACTIVE                    = Actice
+ACTIVE                    = Active
 
 ADDSELECTED               = Add Selected :
 
@@ -348,8 +348,6 @@
 
 ACTIVATE                  = Activate
 
-ACTIVE                    = Active 
-
 ACTIVEDIRECTORYPUBLISHER  = Active Directory Publisher
 
 ACCOUNTDISABLED           = Disabled Account
@@ -426,8 +424,12 @@
 
 CANAME                    = CA Name
 
+CANOLIMIT                 = CA, No Path Length Constraint
+
 CAOBJECTCLASS             = CA Object Class
 
+CAPATHLENGTH              = CA, Path Length Constraint
+
 CAPUBLISHED               = CA Certificates Published Successfully
 
 CARENEWED                 = CA Renewed Successfully
@@ -646,6 +648,8 @@
 
 ONLYDECNUMBERSINCRLPERIOD = Only decimal numbers are allowed in CRL period field.
 
+ONLYDECNUMBERSINPATHLEN   = Only decimal numbers are allowed in Path Length Constraint field.
+
 ONLYDECNUMBERSINVALIDITY  = Only decimal numbers are allowed in validity field.
 
 ONLYTHEPUBLICKEY          = Only the public key is used from the certificate request
@@ -654,6 +658,10 @@
 
 OTHERDATA                 = Other Data
 
+PATHLENCANNOTBEEMPTY      = Path Length Constraint field cannot be empty.
+
+PATHLENGTHCONSTRAINT      = Path Length Constraint
+
 POLICYID                  = Policy Id
 
 PORT                      = Port
@@ -722,6 +730,10 @@
 
 SUBORDINATECA             = Subordinate CA, level
 
+SUBSETOFSUBJECTDN         = Subset of SubjectDN
+ 
+SUBSETOFSUBJECTALTNAME    = Subset of Subject Alt. Name
+
 TIMESTAMPING              = Time Stamping
 
 TYPE                      = Type
@@ -740,6 +752,8 @@
 
 USEKEYUSAGE               = Use Key Usage  
 
+USEPATHLENGTHCONSTRAINT   = Use Path Length Constraint
+
 USERACCOUNTCONTROL        = User Account Control
 
 USERCERTIFICATEATTR       = User Certificate Attribute
@@ -748,6 +762,10 @@
 
 USEMSTEMPLATE             = Use MS Template Value
 
+USESUBJECTALTNAMESUBSET   = Use a Subset of Subject Alt. Name
+
+USESUBJECTDNSUBSET        = Use a Subset of Subject DN
+
 USEROBJECTCLASS           = User Object Class
 
 USESSL                    = Use SSL
@@ -804,7 +822,7 @@
 
 # Mostly Hard Token Module
 
-ASCIINUMERIC              = ASCHII Numeric
+ASCIINUMERIC              = ASCII Numeric
 
 ISO95641                  = ISO9564-1
 
@@ -822,7 +840,7 @@
 
 AVAILABLEHARDTOKENPROFILES= Available Hard Token Profiles
 
-ATLEASTONETOKENPROFILE    = At least on available hard token profile must be selected
+ATLEASTONETOKENPROFILE    = At least one available hard token profile must be selected
 
 AUTHCERTIFICATE           = Authentication Certificate
 
@@ -908,6 +926,8 @@
 
 HARDTOKENPROFILEALREADY   = Hard Token Profile Already Exists
 
+HARDTOKENPROFILEMALFORMED = Hard Token Profile contained bad SVG data, not saved.
+
 HARDTOKENSN               = Hard Token SN
 
 HARDTOKENSNMUSTBESIX      = Hard Token Serial Number Prefix field must have six digits.
@@ -1315,6 +1335,8 @@
 
 CAMUST                    = A CA must be selected.  
 
+CANNOTVIEWUSERPROFREM     = Cannot view user data, the end entity profile have been removed.
+
 CERTIFICATEDOESNTEXIST    = Certificate specified doesn't exist in database, it may not have been generated. 
 
 CERTIFICATEHOLD           = Certificate hold
@@ -1350,6 +1372,8 @@
 CRLSIGN                   = CRL sign
 
 CURRENTENDENTITYPROFILES  = Current End Entity Profiles
+
+CURRENTUSERDATA           = Current Certificate Request Data
    
 DATAENCIPHERMENT          = Data encipherment
 
@@ -1421,6 +1445,8 @@
 
 HAVEYOUREVOKEDTHEENDENTITIES = Are the selected end entities revoked?
 
+HISTORICALUSERDATA        = Historical Certification Request Data 
+
 INITIALS                  = Initials, Initials
 
 INVALIDQUERY              = Invalid query.
@@ -1563,7 +1589,7 @@
 
 ORLISTEXPIRING            = Or list end entities with certificates expiring within
 
-ORTOKENSERIAL             = Or find end entity with Hard Token SN (begins with) :
+ORTOKENSERIALPATTERN      = Or find end entity with Hard Token SN (match) :
 
 ORWITHSTATUS              = Or with status
 
@@ -1732,6 +1758,10 @@
 VIEWHISTORY               = View_History
 
 VIEWNEXT                  = View Next
+
+VIEWNEWER                 = View Newer
+
+VIEWOLDER                 = View Older
 
 VIEWPREVIOUS              = View Previous 
 
diff -urN ../../312/ejbca/src/adminweb/log/viewlog.jsp ./src/adminweb/log/viewlog.jsp
--- ../../312/ejbca/src/adminweb/log/viewlog.jsp	Wed Dec 22 10:00:43 2004
+++ ./src/adminweb/log/viewlog.jsp	Thu Nov 17 21:43:20 2005
@@ -3,7 +3,7 @@
                  se.anatom.ejbca.webdist.rainterface.SortBy,se.anatom.ejbca.webdist.loginterface.LogEntryView,
                  se.anatom.ejbca.webdist.loginterface.LogInterfaceBean, se.anatom.ejbca.log.LogEntry, se.anatom.ejbca.log.Admin, se.anatom.ejbca.ra.raadmin.AdminPreference,
                  javax.ejb.CreateException, java.rmi.RemoteException, se.anatom.ejbca.util.query.*, java.util.Calendar, java.util.Date, java.text.DateFormat, java.util.Locale,
-                 java.util.HashMap, java.util.Collection, java.util.Iterator, java.util.TreeMap" %>
+                 java.util.HashMap, java.util.Collection, java.util.Iterator, java.util.TreeMap, se.anatom.ejbca.webdist.rainterface.ViewEndEntityHelper" %>
 <html>
 <jsp:useBean id="ejbcawebbean" scope="session" class="se.anatom.ejbca.webdist.webconfiguration.EjbcaWebBean" />
 <jsp:useBean id="logbean" scope="session" class="se.anatom.ejbca.webdist.loginterface.LogInterfaceBean" />
@@ -107,11 +107,13 @@
   static final String HIDDEN_USERNAME           = "hiddenusername";
   static final String HIDDEN_CERTSERNO          = "hiddencertserno";
   static final String HIDDEN_ADMINSERNO         = "hiddenadminserno";
+  static final String HIDDEN_TIMESTAMP          = "hiddentimestamp";
 
   static final String VALUE_NONE                = "-1";
   static final String ALL_STATUS                = "-1";
 
   static final String USER_PARAMETER            = "username";
+  static final String TIMESTAMP_PARAMETER       = ViewEndEntityHelper.TIMESTAMP_PARAMETER;
   static final String CERTSERNO_PARAMETER       = "certsernoparameter";
 
   static final String[] VIEWLASTTIMESTEXTS      = {"15MIN", "1HOUR", "6HOURS", "1DAY", "7DAYS"};
diff -urN ../../312/ejbca/src/adminweb/log/viewloghtml.jspf ./src/adminweb/log/viewloghtml.jspf
--- ../../312/ejbca/src/adminweb/log/viewloghtml.jspf	Tue May 24 11:32:09 2005
+++ ./src/adminweb/log/viewloghtml.jspf	Thu Nov 17 21:43:20 2005
@@ -9,7 +9,8 @@
 function viewuser(row){
     var hiddenusernamefield = eval("document.form.<%= HIDDEN_USERNAME %>" + row);
     var username = hiddenusernamefield.value;
-    var link = "<%= VIEWUSER_LINK %>?<%= USER_PARAMETER %>="+username;
+    var timestamp = eval("document.form.<%= HIDDEN_TIMESTAMP %>" + row).value;
+    var link = "<%= VIEWUSER_LINK %>?<%= USER_PARAMETER %>="+username+"&<%= TIMESTAMP_PARAMETER %>="+timestamp ;
     link = encodeURI(link);
     win_popup = window.open(link, 'view_user','height=600,width=500,scrollbars=yes,toolbar=no,resizable=1');
     win_popup.focus();
@@ -289,6 +290,7 @@
        <input type="hidden" name='<%= HIDDEN_USERNAME + i %>' value='<% if(logentries[i].getValue(LogEntryView.USERNAME) != null) out.print(java.net.URLEncoder.encode(logentries[i].getValue(LogEntryView.USERNAME),"UTF-8")); %>'>
        <input type="hidden" name='<%= HIDDEN_CERTSERNO + i %>' value='<% if(logentries[i].getValue(LogEntryView.CERTIFICATESERNO) != null) out.print(java.net.URLEncoder.encode(logentries[i].getValue(LogEntryView.CERTIFICATESERNO),"UTF-8")); %>'>
        <input type="hidden" name='<%= HIDDEN_ADMINSERNO + i %>' value='<% if(logentries[i].getValue(LogEntryView.ADMINCERTSERNO) != null) out.print(java.net.URLEncoder.encode(logentries[i].getValue(LogEntryView.ADMINCERTSERNO),"UTF-8")); %>'>
+       <input type="hidden" name='<%= HIDDEN_TIMESTAMP + i %>' value='<%=logentries[i].getTime().getTime() %>'>
     <td width="9%"><%= logentries[i].getValue(LogEntryView.TIME) %></td>
     <td width="7%"><%= ejbcawebbean.getText(ADMINTYPES[Integer.parseInt(logentries[i].getValue(LogEntryView.ADMINTYPE))]) %></td>
     <td width="17%">
diff -urN ../../312/ejbca/src/adminweb/ra/basicfiltermodehtml.jspf ./src/adminweb/ra/basicfiltermodehtml.jspf
--- ../../312/ejbca/src/adminweb/ra/basicfiltermodehtml.jspf	Mon Nov  8 13:59:34 2004
+++ ./src/adminweb/ra/basicfiltermodehtml.jspf	Thu Nov 17 21:40:46 2005
@@ -15,7 +15,7 @@
            onclick='return checkfieldforhexadecimalnumbers("document.form.<%=TEXTFIELD_SERIALNUMBER %>","<%= ejbcawebbean.getText("ONLYHEXNUMBERS") %>")'>
   </p>
   <% if(globalconfiguration.getIssueHardwareTokens()){ %>
-  <p><%= ejbcawebbean.getText("ORTOKENSERIAL") %>
+  <p><%= ejbcawebbean.getText("ORTOKENSERIALPATTERN") %>
     <input type="text" name="<%=TEXTFIELD_TOKENSERIALNUMBER %>" size="33" maxlength="255" 
      <% if(oldaction != null && oldactionvalue!= null && oldaction.equals(OLD_ACTION_FINDTOKEN))
           out.write("value='"+oldactionvalue+"'"); %>
diff -urN ../../312/ejbca/src/adminweb/ra/viewendentity.jsp ./src/adminweb/ra/viewendentity.jsp
--- ../../312/ejbca/src/adminweb/ra/viewendentity.jsp	Wed Feb  9 15:35:55 2005
+++ ./src/adminweb/ra/viewendentity.jsp	Thu Nov 17 21:43:20 2005
@@ -3,88 +3,31 @@
                  se.anatom.ejbca.webdist.rainterface.UserView, se.anatom.ejbca.webdist.rainterface.RAInterfaceBean, se.anatom.ejbca.SecConst,
                  se.anatom.ejbca.ra.raadmin.EndEntityProfile,se.anatom.ejbca.authorization.AuthorizationDeniedException,  se.anatom.ejbca.ra.UserDataConstants,
                  javax.ejb.CreateException, java.rmi.RemoteException, se.anatom.ejbca.webdist.hardtokeninterface.HardTokenInterfaceBean, 
-                 se.anatom.ejbca.hardtoken.HardTokenIssuer, se.anatom.ejbca.hardtoken.HardTokenIssuerData" %>
+                 se.anatom.ejbca.hardtoken.HardTokenIssuer, se.anatom.ejbca.hardtoken.HardTokenIssuerData, se.anatom.ejbca.webdist.rainterface.ViewEndEntityHelper" %>
 <html>
 <jsp:useBean id="ejbcawebbean" scope="session" class="se.anatom.ejbca.webdist.webconfiguration.EjbcaWebBean" />
 <jsp:useBean id="rabean" scope="session" class="se.anatom.ejbca.webdist.rainterface.RAInterfaceBean" />
+<jsp:useBean id="cabean" scope="session" class="se.anatom.ejbca.webdist.cainterface.CAInterfaceBean" />
 <jsp:useBean id="tokenbean" scope="session" class="se.anatom.ejbca.webdist.hardtokeninterface.HardTokenInterfaceBean" />
+<jsp:useBean id="helper" scope="session" class="se.anatom.ejbca.webdist.rainterface.ViewEndEntityHelper" />
 <%! // Declarations
  
-  static final String USER_PARAMETER           = "username";
 
-  static final String BUTTON_CLOSE             = "buttonclose"; 
-
-  static final String CHECKBOX_CLEARTEXTPASSWORD          = "checkboxcleartextpassword";
-  static final String CHECKBOX_ADMINISTRATOR              = "checkboxadministrator";
-  static final String CHECKBOX_KEYRECOVERABLE             = "checkboxkeyrecoverable";
-  static final String CHECKBOX_SENDNOTIFICATION           = "checkboxsendnotification";
-
-  static final String CHECKBOX_VALUE             = "true";
 
 
 %><%
   // Initialize environment.
   GlobalConfiguration globalconfiguration = ejbcawebbean.initialize(request, "/ra_functionality/view_end_entity"); 
                                             rabean.initialize(request, ejbcawebbean);
+                                            cabean.initialize(request, ejbcawebbean);
                                             if(globalconfiguration.getIssueHardwareTokens())
                                               tokenbean.initialize(request, ejbcawebbean);
   String THIS_FILENAME                    = globalconfiguration.getRaPath()  + "/viewendentity.jsp";
 
-  boolean nouserparameter          = true;
-  boolean notauthorized            = false;
-
-  String[] subjectfieldtexts = {"","","", "OLDEMAILDN2", "UID", "COMMONNAME", "SERIALNUMBER1", 
-                                "GIVENNAME2", "INITIALS", "SURNAME","TITLE","ORGANIZATIONUNIT","ORGANIZATION",
-                                "LOCALE","STATE","DOMAINCOMPONENT","COUNTRY",
-                                "RFC822NAME", "DNSNAME", "IPADDRESS", "OTHERNAME", "UNIFORMRESOURCEID", "X400ADDRESS", "DIRECTORYNAME",
-                                "EDIPARTNAME", "REGISTEREDID","","","","","","","","","","","UPN", "", "", "UNSTRUCTUREDADDRESS", "UNSTRUCTUREDNAME","GUID"};
-   
-   int[] statusids            = {UserDataConstants.STATUS_NEW ,UserDataConstants.STATUS_FAILED, UserDataConstants.STATUS_INITIALIZED, UserDataConstants.STATUS_INPROCESS
-                                , UserDataConstants.STATUS_GENERATED, UserDataConstants.STATUS_REVOKED , UserDataConstants.STATUS_HISTORICAL, UserDataConstants.STATUS_KEYRECOVERY};
-   String[] statustexts         = {"STATUSNEW", "STATUSFAILED", "STATUSINITIALIZED", "STATUSINPROCESS", "STATUSGENERATED", "STATUSREVOKED", "STATUSHISTORICAL", "STATUSKEYRECOVERY"};
-
-  UserView userdata = null;
-  String   username = null;
-  EndEntityProfile  profile  = null;
-  int[]  fielddata  = null;
-  String fieldvalue = null;
-
-   String[] tokentexts = RAInterfaceBean.tokentexts;
-   int[] tokenids = RAInterfaceBean.tokenids;
-
-   if(globalconfiguration.getIssueHardwareTokens()){
-      TreeMap hardtokenprofiles = ejbcawebbean.getInformationMemory().getHardTokenProfiles();
-
-      tokentexts = new String[RAInterfaceBean.tokentexts.length + hardtokenprofiles.keySet().size()];
-      tokenids   = new int[tokentexts.length];
-      for(int i=0; i < RAInterfaceBean.tokentexts.length; i++){
-        tokentexts[i]= RAInterfaceBean.tokentexts[i];
-        tokenids[i] = RAInterfaceBean.tokenids[i];
-      }
-      Iterator iter = hardtokenprofiles.keySet().iterator();
-      int index=0;
-      while(iter.hasNext()){       
-        String name = (String) iter.next();
-        tokentexts[index+RAInterfaceBean.tokentexts.length]= name;
-        tokenids[index+RAInterfaceBean.tokentexts.length] = ((Integer) hardtokenprofiles.get(name)).intValue();
-        index++;
-      }
-   }
+  helper.initialize(ejbcawebbean,rabean,cabean);
+  
+  helper.parseRequest(request);
 
-  if( request.getParameter(USER_PARAMETER) != null ){
-    username = java.net.URLDecoder.decode(request.getParameter(USER_PARAMETER),"UTF-8");
-    try{
-      userdata = rabean.findUser(username);
-    } catch(AuthorizationDeniedException e){
-       notauthorized = true;
-    }
-    nouserparameter = false;
-    if(userdata!=null)
-      profile = rabean.getEndEntityProfile(userdata.getEndEntityProfileId());
-  }  
-
-  int row = 0; 
-  int columnwidth = 200;
 %>
 <head>
   <title><%= globalconfiguration.getEjbcaTitle() %></title>
@@ -94,215 +37,229 @@
 </head>
 <body >
   <h2 align="center"><%= ejbcawebbean.getText("VIEWENDENTITY2") %></h2>
-  <!-- <div align="right"><A  onclick='displayHelpWindow("<%= ejbcawebbean.getHelpfileInfix("ra_help.html")  + "#viewendentity"%>")'>
-    <u><%= ejbcawebbean.getText("HELP") %></u> </A> -->
-  </div>
-  <%if(nouserparameter){%>
+  <%if(helper.nouserparameter){%>
   <div align="center"><h4 id="alert"><%=ejbcawebbean.getText("YOUMUSTSPECIFYUSERNAME") %></h4></div> 
-  <% } 
-     else{
-       if(userdata == null){%>
+  <% }else{
+       if(helper.userdata == null){%>
   <div align="center"><h4 id="alert"><%=ejbcawebbean.getText("ENDENTITYDOESNTEXIST") %></h4></div> 
-    <% }
-       else{ 
-         if(notauthorized){ %>
-  <div align="center"><h4 id="alert"><%=ejbcawebbean.getText("NOTAUTHORIZEDTOVIEW") %></h4></div> 
-     <%  }else{%>
-
-  <form name="adduser" action="<%= THIS_FILENAME %>" method="post">
-     <input type="hidden" name='<%= USER_PARAMETER %>' value='<%=username %>'>
+    <% }else{ 
+         if(helper.notauthorized){ %>
+  <div align="center"><h4 id="alert"><%=ejbcawebbean.getText("NOTAUTHORIZEDTOVIEW") %></h4></div>   
+     <%  }else{
+           if(helper.profilenotfound){ %>
+         <div align="center"><h4 id="alert"><%=ejbcawebbean.getText("CANNOTVIEWUSERPROFREM") %></h4></div>   
+        <%  }else{    
+         if(helper.currentuserindex == 0){ %>
+        	   <div align="center"><h4><%=ejbcawebbean.getText("CURRENTUSERDATA") %></h4></div> 
+       <%}else{ %>
+               <div align="center"><h4><%=ejbcawebbean.getText("HISTORICALUSERDATA") %></h4></div> 
+       <% } %>
+   
+  <form name="pageuser" action="<%= THIS_FILENAME %>" method="post">
+       <input type="hidden" name='<%= ViewEndEntityHelper.ACTION %>' value='<%= ViewEndEntityHelper.ACTION_PAGE%>'>
+     <input type="hidden" name='<%= ViewEndEntityHelper.USER_PARAMETER %>' value='<%= java.net.URLEncoder.encode(helper.username,"UTF-8")%>'>
      <table border="0" cellpadding="0" cellspacing="2" width="400">
-      <tr id="Row<%=(row++)%2%>">
-	<td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText("USERNAME") %></td>
-	<td><% if(userdata.getUsername() != null) out.write(userdata.getUsername()); %>
+      <tr id="Row<%=(helper.row++)%2%>">
+	<td align="right" width="<%=ViewEndEntityHelper.columnwidth%>"><%= ejbcawebbean.getText("USERNAME") %></td>
+	<td><% if(helper.userdata.getUsername() != null) out.write(helper.userdata.getUsername()); %>
         </td>
       </tr>
-      <tr id="Row<%=(row++)%2%>">
-	<td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText("ENDENTITYPROFILE") %></td>
-	<td><% if(userdata.getEndEntityProfileId() != 0)
-                    out.write(rabean.getEndEntityProfileName(userdata.getEndEntityProfileId()));
+      <tr id="Row<%=(helper.row++)%2%>">
+	<td align="right" width="<%=ViewEndEntityHelper.columnwidth%>"><%= ejbcawebbean.getText("ENDENTITYPROFILE") %></td>
+	<td><% if(helper.userdata.getEndEntityProfileId() != 0)
+                    out.write(rabean.getEndEntityProfileName(helper.userdata.getEndEntityProfileId()));
                  else out.write(ejbcawebbean.getText("NOENDENTITYPROFILEDEFINED"));%>
         </td>
       </tr>
-      <% if(profile.getUse(EndEntityProfile.CLEARTEXTPASSWORD,0)){ %>
-      <tr id="Row<%=(row++)%2%>">
-	<td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText("USEINBATCH") %></td>
-	<td><input type="checkbox" name="<%= CHECKBOX_CLEARTEXTPASSWORD %>" value="<%= CHECKBOX_VALUE %>" disabled="true"
-            <%if(userdata.getClearTextPassword())
+      <% if(helper.profile.getUse(EndEntityProfile.CLEARTEXTPASSWORD,0)){ %>
+      <tr id="Row<%=(helper.row++)%2%>">
+	<td align="right" width="<%=ViewEndEntityHelper.columnwidth%>"><%= ejbcawebbean.getText("USEINBATCH") %></td>
+	<td><input type="checkbox" name="<%= ViewEndEntityHelper.CHECKBOX_CLEARTEXTPASSWORD %>" value="<%= ViewEndEntityHelper.CHECKBOX_VALUE %>" disabled="true"
+            <% if(helper.userdata.getClearTextPassword())
                    out.write("CHECKED");%>>
         </td>
       </tr>
       <% } %>
-      <tr id="Row<%=(row++)%2%>">
+      <tr id="Row<%=(helper.row++)%2%>">
+      <td>&nbsp;</td>
       <td>&nbsp;</td>
-      <td>&nbsp</td>
       </tr> 
-       <tr id="Row<%=(row++)%2%>">
-	 <td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText("SUBJECTDNFIELDS") %></td>
+       <tr id="Row<%=(helper.row++)%2%>">
+	 <td align="right" width="<%=ViewEndEntityHelper.columnwidth%>"><%= ejbcawebbean.getText("SUBJECTDNFIELDS") %></td>
 	 <td>
          </td>
        </tr>
-      <% int subjectfieldsize = profile.getSubjectDNFieldOrderLength();
+      <% int subjectfieldsize = helper.profile.getSubjectDNFieldOrderLength();
          for(int i = 0; i < subjectfieldsize; i++){
-            fielddata = profile.getSubjectDNFieldsInOrder(i);
-            fieldvalue = userdata.getSubjectDNField(profile.profileFieldIdToUserFieldIdMapper(fielddata[EndEntityProfile.FIELDTYPE]),fielddata[EndEntityProfile.NUMBER]);
+        	 helper.fielddata = helper.profile.getSubjectDNFieldsInOrder(i);
+        	 helper.fieldvalue = helper.userdata.getSubjectDNField(EndEntityProfile.profileFieldIdToUserFieldIdMapper(helper.fielddata[EndEntityProfile.FIELDTYPE]),helper.fielddata[EndEntityProfile.NUMBER]);
          %>
-       <tr id="Row<%=(row++)%2%>">
-	 <td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText(subjectfieldtexts[fielddata[EndEntityProfile.FIELDTYPE]]) %></td>
-	 <td><% if(fieldvalue != null) out.write(fieldvalue); %> 
+       <tr id="Row<%=(helper.row++)%2%>">
+	 <td align="right" width="<%=ViewEndEntityHelper.columnwidth%>"><%= ejbcawebbean.getText(ViewEndEntityHelper.subjectfieldtexts[helper.fielddata[EndEntityProfile.FIELDTYPE]]) %></td>
+	 <td><% if(helper.fieldvalue != null) out.write(helper.fieldvalue); %> 
          </td>
        </tr>
        <% } 
-          subjectfieldsize = profile.getSubjectAltNameFieldOrderLength();
+          subjectfieldsize = helper.profile.getSubjectAltNameFieldOrderLength();
           if(subjectfieldsize > 0){
        %> 
-       <tr id="Row<%=(row++)%2%>">
+       <tr id="Row<%=(helper.row++)%2%>">
+         <td>&nbsp;</td>
          <td>&nbsp;</td>
-         <td>&nbsp</td>
        </tr>
-       <tr id="Row<%=(row++)%2%>">
-	 <td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText("SUBJECTALTNAMEFIELDS") %></td>
+       <tr id="Row<%=(helper.row++)%2%>">
+	 <td align="right" width="<%=ViewEndEntityHelper.columnwidth%>"><%= ejbcawebbean.getText("SUBJECTALTNAMEFIELDS") %></td>
 	 <td>
          </td>
        </tr>
       <% }
          for(int i = 0; i < subjectfieldsize; i++){
-            fielddata = profile.getSubjectAltNameFieldsInOrder(i);
-            int fieldtype = fielddata[EndEntityProfile.FIELDTYPE];
+        	 helper.fielddata = helper.profile.getSubjectAltNameFieldsInOrder(i);
+            int fieldtype = helper.fielddata[EndEntityProfile.FIELDTYPE];
             if(fieldtype != EndEntityProfile.OTHERNAME && fieldtype != EndEntityProfile.X400ADDRESS && fieldtype != EndEntityProfile.DIRECTORYNAME && 
                fieldtype != EndEntityProfile.EDIPARTNAME && fieldtype != EndEntityProfile.REGISTEREDID ){ // Not implemented yet.
-            fieldvalue = userdata.getSubjectAltNameField(profile.profileFieldIdToUserFieldIdMapper(fielddata[EndEntityProfile.FIELDTYPE]),fielddata[EndEntityProfile.NUMBER]);
+            	helper.fieldvalue = helper.userdata.getSubjectAltNameField(EndEntityProfile.profileFieldIdToUserFieldIdMapper(helper.fielddata[EndEntityProfile.FIELDTYPE]),helper.fielddata[EndEntityProfile.NUMBER]);
          %>
-       <tr id="Row<%=(row++)%2%>">
-	 <td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText(subjectfieldtexts[fielddata[EndEntityProfile.FIELDTYPE]]) %></td>
-	 <td><% if(fieldvalue != null) out.write(fieldvalue); %> 
+       <tr id="Row<%=(helper.row++)%2%>">
+	 <td align="right" width="<%=ViewEndEntityHelper.columnwidth%>"><%= ejbcawebbean.getText(ViewEndEntityHelper.subjectfieldtexts[helper.fielddata[EndEntityProfile.FIELDTYPE]]) %></td>
+	 <td><% if(helper.fieldvalue != null) out.write(helper.fieldvalue); %> 
          </td>
        </tr>
        <%   }
           }%>  
-       <tr id="Row<%=(row++)%2%>">
+       <tr id="Row<%=(helper.row++)%2%>">
 	 <td>&nbsp;</td>
 	 <td>&nbsp;</td>
        </tr>
-      <% if(profile.getUse(EndEntityProfile.EMAIL,0)){ %>
-       <tr id="Row<%=(row++)%2%>">
-	 <td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText("EMAIL") %></td>
-	 <td><% if(userdata.getEmail() != null) out.write(userdata.getEmail()); %>
+      <% if(helper.profile.getUse(EndEntityProfile.EMAIL,0)){ %>
+       <tr id="Row<%=(helper.row++)%2%>">
+	 <td align="right" width="<%=ViewEndEntityHelper.columnwidth%>"><%= ejbcawebbean.getText("EMAIL") %></td>
+	 <td><% if(helper.userdata.getEmail() != null) out.write(helper.userdata.getEmail()); %>
          </td>
        </tr>
        <% } %>
-       <tr id="Row<%=(row++)%2%>">
-	 <td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText("CERTIFICATEPROFILE") %></td>
-	 <td><% if(userdata.getCertificateProfileId() != 0)
-                  out.write(rabean.getCertificateProfileName(userdata.getCertificateProfileId())); 
+       <tr id="Row<%=(helper.row++)%2%>">
+	 <td align="right" width="<%=ViewEndEntityHelper.columnwidth%>"><%= ejbcawebbean.getText("CERTIFICATEPROFILE") %></td>
+	 <td><% if(helper.userdata.getCertificateProfileId() != 0)
+                  out.write(rabean.getCertificateProfileName(helper.userdata.getCertificateProfileId())); 
                 else out.write(ejbcawebbean.getText("NOCERTIFICATEPROFILEDEFINED")); %>
          </td>
        </tr>
-       <tr id="Row<%=(row++)%2%>">
-	 <td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText("CA") %></td>
-	 <td><%= userdata.getCAName()  %>
+       <tr id="Row<%=(helper.row++)%2%>">
+	 <td align="right" width="<%=ViewEndEntityHelper.columnwidth%>"><%= ejbcawebbean.getText("CA") %></td>
+	 <td><%= helper.userdata.getCAName()  %>
          </td>
        </tr>
-       <tr id="Row<%=(row++)%2%>">
-	 <td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText("TOKEN") %></td>
+       <tr id="Row<%=(helper.row++)%2%>">
+	 <td align="right" width="<%=ViewEndEntityHelper.columnwidth%>"><%= ejbcawebbean.getText("TOKEN") %></td>
          <td>   
-            <% for(int i=0; i < tokentexts.length;i++){
-                if(tokenids[i] == userdata.getTokenType())
-                   if( tokenids[i] > SecConst.TOKEN_SOFT)
-                     out.write(tokentexts[i]);
+            <% for(int i=0; i < helper.tokentexts.length;i++){
+                if(helper.tokenids[i] == helper.userdata.getTokenType())
+                   if( helper.tokenids[i] > SecConst.TOKEN_SOFT)
+                     out.write(helper.tokentexts[i]);
                    else
-                     out.write(ejbcawebbean.getText(tokentexts[i]));
+                     out.write(ejbcawebbean.getText(helper.tokentexts[i]));
               } %>
          </td> 
        </tr>
        <% if(globalconfiguration.getIssueHardwareTokens()){ %>
-       <tr id="Row<%=(row++)%2%>">
-	 <td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText("HARDTOKENISSUER") %></td>
+       <tr id="Row<%=(helper.row++)%2%>">
+	 <td align="right" width="<%=ViewEndEntityHelper.columnwidth%>"><%= ejbcawebbean.getText("HARDTOKENISSUER") %></td>
          <td>   
-            <% if(userdata.getHardTokenIssuerId() == SecConst.NO_HARDTOKENISSUER)
+            <% if(helper.userdata.getHardTokenIssuerId() == SecConst.NO_HARDTOKENISSUER)
                  out.write(ejbcawebbean.getText("NONE"));
                else
-                 out.write(tokenbean.getHardTokenIssuerAlias(userdata.getHardTokenIssuerId()));
+                 out.write(tokenbean.getHardTokenIssuerAlias(helper.userdata.getHardTokenIssuerId()));
             %>
          </td> 
        </tr>
        <% } 
-       if( profile.getUse(EndEntityProfile.ADMINISTRATOR,0) || profile.getUse(EndEntityProfile.KEYRECOVERABLE,0) && globalconfiguration.getEnableKeyRecovery()){
+       if( helper.profile.getUse(EndEntityProfile.ADMINISTRATOR,0) || helper.profile.getUse(EndEntityProfile.KEYRECOVERABLE,0) && globalconfiguration.getEnableKeyRecovery()){
         %>
-       <tr id="Row<%=(row++)%2%>">
-	 <td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText("TYPES") %></td>
+       <tr id="Row<%=(helper.row++)%2%>">
+	 <td align="right" width="<%=ViewEndEntityHelper.columnwidth%>"><%= ejbcawebbean.getText("TYPES") %></td>
 	 <td>
          </td>
        </tr>
-      <% } if(profile.getUse(EndEntityProfile.ADMINISTRATOR,0)){ %>
-    <tr  id="Row<%=(row++)%2%>"> 
-      <td  align="right" width="<%=columnwidth%>"> 
+      <% } if(helper.profile.getUse(EndEntityProfile.ADMINISTRATOR,0)){ %>
+    <tr  id="Row<%=(helper.row++)%2%>"> 
+      <td  align="right" width="<%=ViewEndEntityHelper.columnwidth%>"> 
         <%= ejbcawebbean.getText("ADMINISTRATOR") %> <br>
       </td>
       <td > 
-        <input type="checkbox" name="<%=CHECKBOX_ADMINISTRATOR%>" value="<%=CHECKBOX_VALUE %>" tabindex="12"
-                <%if(userdata.getAdministrator())
+        <input type="checkbox" name="<%=ViewEndEntityHelper.CHECKBOX_ADMINISTRATOR%>" value="<%=ViewEndEntityHelper.CHECKBOX_VALUE %>" tabindex="12"
+                <%if(helper.userdata.getAdministrator())
                    out.write("CHECKED");%> disabled="true"> 
       </td>
     </tr>
-      <% } if(profile.getUse(EndEntityProfile.KEYRECOVERABLE,0) && globalconfiguration.getEnableKeyRecovery()){ %>
-    <tr  id="Row<%=(row++)%2%>"> 
-      <td  align="right" width="<%=columnwidth%>"> 
+      <% } if(helper.profile.getUse(EndEntityProfile.KEYRECOVERABLE,0) && globalconfiguration.getEnableKeyRecovery()){ %>
+    <tr  id="Row<%=(helper.row++)%2%>"> 
+      <td  align="right" width="<%=helper.columnwidth%>"> 
         <%= ejbcawebbean.getText("KEYRECOVERABLE") %> 
       </td>
       <td> 
-        <input type="checkbox" name="<%=CHECKBOX_KEYRECOVERABLE%>" value="<%=CHECKBOX_VALUE %>" tabindex="13"
-                <%if(userdata.getKeyRecoverable())
+        <input type="checkbox" name="<%=ViewEndEntityHelper.CHECKBOX_KEYRECOVERABLE%>" value="<%=ViewEndEntityHelper.CHECKBOX_VALUE %>" tabindex="13"
+                <%if(helper.userdata.getKeyRecoverable())
                    out.write("CHECKED");%> disabled="true"> 
       </td>
     </tr>
-      <% } if(profile.getUse(EndEntityProfile.SENDNOTIFICATION,0)){ %>
-    <tr  id="Row<%=(row++)%2%>"> 
-      <td  align="right" width="<%=columnwidth%>"> 
+      <% } if(helper.profile.getUse(EndEntityProfile.SENDNOTIFICATION,0)){ %>
+    <tr  id="Row<%=(helper.row++)%2%>"> 
+      <td  align="right" width="<%=ViewEndEntityHelper.columnwidth%>"> 
         <%= ejbcawebbean.getText("SENDNOTIFICATION") %> <br>
       </td>
       <td > 
-        <input type="checkbox" name="<%=CHECKBOX_SENDNOTIFICATION%>" value="<%=CHECKBOX_VALUE %>" tabindex="12"
-                <%if(userdata.getSendNotification())
+        <input type="checkbox" name="<%=ViewEndEntityHelper.CHECKBOX_SENDNOTIFICATION%>" value="<%=ViewEndEntityHelper.CHECKBOX_VALUE %>" tabindex="12"
+                <%if(helper.userdata.getSendNotification())
                    out.write("CHECKED");%> disabled="true"> 
       </td>
     </tr>
       <% } %>
-    <tr id="Row<%=(row++)%2%>">
+    <tr id="Row<%=(helper.row++)%2%>">
+      <td>&nbsp;</td>
       <td>&nbsp;</td>
-      <td>&nbsp</td>
     </tr> 
     <tr id="Row0">
-      <td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText("CREATED") %></td>
+      <td align="right" width="<%=ViewEndEntityHelper.columnwidth%>"><%= ejbcawebbean.getText("CREATED") %></td>
       <td>
-         <%= ejbcawebbean.printDateTime(userdata.getTimeCreated()) %>
+         <%= ejbcawebbean.printDateTime(helper.userdata.getTimeCreated()) %>
        </td>
     </tr> 
-    <tr id="Row<%=(row++)%2%>">
-      <td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText("MODIFIED") %></td>
+    <tr id="Row<%=(helper.row++)%2%>">
+      <td align="right" width="<%=ViewEndEntityHelper.columnwidth%>"><%= ejbcawebbean.getText("MODIFIED") %></td>
       <td>
-         <%= ejbcawebbean.printDateTime(userdata.getTimeModified()) %>
+         <%= ejbcawebbean.printDateTime(helper.userdata.getTimeModified()) %>
        </td>
      </tr> 
-    <tr id="Row<%=(row++)%2%>">
-      <td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText("STATUS") %></td>
+     <% if(helper.currentuserindex == 0){ %>
+    <tr id="Row<%=(helper.row++)%2%>">
+      <td align="right" width="<%=ViewEndEntityHelper.columnwidth%>"><%= ejbcawebbean.getText("STATUS") %></td>
       <td>
-        <% for(int i=0; i < statusids.length; i++)
-             if(userdata.getStatus()==statusids[i])
-               out.write(ejbcawebbean.getText(statustexts[i])); %>
+        <% for(int i=0; i < ViewEndEntityHelper.statusids.length; i++)
+             if(helper.userdata.getStatus()==ViewEndEntityHelper.statusids[i])
+               out.write(ejbcawebbean.getText(ViewEndEntityHelper.statustexts[i])); %>
        </td>
      </tr> 
-       <tr id="Row<%=(row++)%2%>">
-	 <td width="<%=columnwidth%>"></td>
+     <% } %> 
+       <tr id="Row<%=(helper.row++)%2%>">
+	 <td width="<%=ViewEndEntityHelper.columnwidth%>">
+          <% if(helper.currentuserindex > 0 ){ %>
+           <input type="submit" name="<%= ViewEndEntityHelper.BUTTON_PREVIOUS %>" value="<%= ejbcawebbean.getText("VIEWNEWER") %>" tabindex="1">&nbsp;&nbsp;&nbsp;
+          <% } %>	 
+	 </td>
 	 <td>
-             <input type="reset" name="<%= BUTTON_CLOSE %>" value="<%= ejbcawebbean.getText("CLOSE") %>" tabindex="20"
+             <input type="reset" name="<%= ViewEndEntityHelper.BUTTON_CLOSE %>" value="<%= ejbcawebbean.getText("CLOSE") %>" tabindex="20"
                     onClick='self.close()'>
+                     <% if((helper.currentuserindex+1) < helper.userdatas.length){ %>
+          &nbsp;&nbsp;&nbsp;<input type="submit" name="<%= ViewEndEntityHelper.BUTTON_NEXT %>" value="<%= ejbcawebbean.getText("VIEWOLDER") %>" tabindex="3">
+          <% } %>
        </td>
        </tr> 
      </table> 
    </form>
    <p></p>
    <% }
+     }
     }
    }%>
 
diff -urN ../../312/ejbca/src/adminweb/viewcertificate.jsp ./src/adminweb/viewcertificate.jsp
--- ../../312/ejbca/src/adminweb/viewcertificate.jsp	Thu May 12 20:27:55 2005
+++ ./src/adminweb/viewcertificate.jsp	Thu Nov 24 22:16:37 2005
@@ -346,11 +346,7 @@
        </tr>
        <tr id="Row<%=(row++)%2%>">
 	 <td align="right" width="<%=columnwidth%>"><%= ejbcawebbean.getText("BASICCONSTRAINTS") %></td>
-	 <td><% if(Integer.parseInt(certificatedata.getBasicConstraints()) == -1)
-                     out.write(ejbcawebbean.getText("ENDENTITY"));
-                else
-                     out.write(ejbcawebbean.getText("CA"));
-                   %>
+	 <td><%=  certificatedata.getBasicConstraints(ejbcawebbean)  %>
          </td>
        </tr>
        <tr id="Row<%=(row++)%2%>">
diff -urN ../../312/ejbca/src/appserver/jboss/ejbca-ds.xml ./src/appserver/jboss/ejbca-ds.xml
--- ../../312/ejbca/src/appserver/jboss/ejbca-ds.xml	Thu Jun 24 14:35:02 2004
+++ ./src/appserver/jboss/ejbca-ds.xml	Tue Aug 30 08:07:27 2005
@@ -7,7 +7,7 @@
 
 Customize at will as this is mainly for development.
 
-$Id: ejbca-ds.xml,v 1.1 2004/06/24 12:35:02 sbailliez Exp $
+$Id: ejbca-ds.xml,v 1.1.2.1 2005/08/30 06:07:27 anatom Exp $
 
  -->
 
@@ -41,8 +41,8 @@
 
       <!-- The time before an unused connection is destroyed -->
       <!-- NOTE: This is the check period. It will be destroyed somewhere between 1x and 2x this timeout after last use -->
-      <!-- TEMPORARY FIX! - Disable idle connection removal, HSQLDB has a problem with not reaping threads on closed connections -->
-      <idle-timeout-minutes>0</idle-timeout-minutes>
+      <!-- Note for HSQLDB! - If you have problems, set to 0 to disable idle connection removal, HSQLDB has a problem with not reaping threads on closed connections -->
+      <idle-timeout-minutes>5</idle-timeout-minutes>
 
       <!-- sql to call when connection is created
         <new-connection-sql>some arbitrary sql</new-connection-sql>
diff -urN ../../312/ejbca/src/appserver/jboss/ejbca-mail-service.xml ./src/appserver/jboss/ejbca-mail-service.xml
--- ../../312/ejbca/src/appserver/jboss/ejbca-mail-service.xml	Sun Mar 13 16:16:12 2005
+++ ./src/appserver/jboss/ejbca-mail-service.xml	Thu Oct  6 21:52:29 2005
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version="1.0" encoding="UTF-8"?>
 
 <!--
 
@@ -7,7 +7,7 @@
 
 Customize at will as this is mainly for development.
 
-$Id: ejbca-mail-service.xml,v 1.2 2005/03/13 15:16:12 anatom Exp $
+$Id: ejbca-mail-service.xml,v 1.2.2.3 2005/10/06 19:52:29 anatom Exp $
 
  -->
 
@@ -39,6 +39,8 @@
 
           <!-- Change to the SMTP gateway server -->
           <property name="mail.smtp.host" value="${mail.smtp.host}"/>
+          <!-- Set to true to enable authentication on the SMTP server -->
+          <property name="mail.smtp.auth" value="${mail.smtp.auth}"/>
 
           <!-- Change to the address mail will be from  -->
           <property name="mail.from" value="${mail.from}"/>
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/admin/BaseCaAdminCommand.java ./src/java/se/anatom/ejbca/admin/BaseCaAdminCommand.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/admin/BaseCaAdminCommand.java	Sat Jun 11 14:49:57 2005
+++ ./src/java/se/anatom/ejbca/admin/BaseCaAdminCommand.java	Thu Nov 24 22:16:37 2005
@@ -27,12 +27,12 @@
 import javax.naming.Context;
 
 import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.jce.PKCS10CertificationRequest;
 
 import se.anatom.ejbca.ca.caadmin.CAInfo;
 import se.anatom.ejbca.ca.crl.ICreateCRLSessionHome;
 import se.anatom.ejbca.ca.store.ICertificateStoreSessionHome;
 import se.anatom.ejbca.ca.store.ICertificateStoreSessionRemote;
+import se.anatom.ejbca.common.ExtendedPKCS10CertificationRequest;
 import se.anatom.ejbca.log.Admin;
 import se.anatom.ejbca.util.Base64;
 import se.anatom.ejbca.util.CertTools;
@@ -41,7 +41,7 @@
 /**
  * Base for CA commands, contains comom functions for CA operations
  *
- * @version $Id: BaseCaAdminCommand.java,v 1.22 2005/06/11 12:49:57 anatom Exp $
+ * @version $Id: BaseCaAdminCommand.java,v 1.22.2.1 2005/11/24 21:16:37 herrvendil Exp $
  */
 public abstract class BaseCaAdminCommand extends BaseAdminCommand {
     /** Private key alias in PKCS12 keystores */
@@ -84,7 +84,7 @@
             SignatureException {
         debug(">makeCertRequest: dn='" + dn + "', reqfile='" + reqfile + "'.");
 
-        PKCS10CertificationRequest req = new PKCS10CertificationRequest("SHA1WithRSA",
+        ExtendedPKCS10CertificationRequest req = new ExtendedPKCS10CertificationRequest("SHA1WithRSA",
                 CertTools.stringToBcX509Name(dn), rsaKeys.getPublic(), null, rsaKeys.getPrivate());
 
         /* We don't use these uneccesary attributes
@@ -100,7 +100,7 @@
         dOut.writeObject(req);
         dOut.close();
 
-        PKCS10CertificationRequest req2 = new PKCS10CertificationRequest(bOut.toByteArray());
+        ExtendedPKCS10CertificationRequest req2 = new ExtendedPKCS10CertificationRequest(bOut.toByteArray());
         boolean verify = req2.verify();
         System.out.println("Verify returned " + verify);
 
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/apply/ServletDebug.java ./src/java/se/anatom/ejbca/apply/ServletDebug.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/apply/ServletDebug.java	Fri Apr 16 09:38:59 2004
+++ ./src/java/se/anatom/ejbca/apply/ServletDebug.java	Thu Nov 24 22:15:17 2005
@@ -29,27 +29,27 @@
     private final HttpServletRequest request;
     private final HttpServletResponse response;
 
-    ServletDebug(HttpServletRequest request, HttpServletResponse response) {
+    public ServletDebug(HttpServletRequest request, HttpServletResponse response) {
         buffer = new ByteArrayOutputStream();
         printer = new PrintStream(buffer);
         this.request = request;
         this.response = response;
     }
 
-    void printDebugInfo() throws IOException, ServletException {
+    public void printDebugInfo() throws IOException, ServletException {
         request.setAttribute("ErrorMessage", new String(buffer.toByteArray()));
         request.getRequestDispatcher("error.jsp").forward(request, response);
     }
 
-    void print(Object o) {
+    public void print(Object o) {
         printer.println(o);
     }
 
-    void printMessage(String msg) {
+    public void printMessage(String msg) {
         print("<p>" + msg);
     }
 
-    void printInsertLineBreaks(byte[] bA) throws Exception {
+    public void printInsertLineBreaks(byte[] bA) throws Exception {
         BufferedReader br = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(bA)));
 
         while (true) {
@@ -63,7 +63,7 @@
         }
     }
 
-    void takeCareOfException(Throwable t) {
+    public void takeCareOfException(Throwable t) {
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
         t.printStackTrace(new PrintStream(baos));
         print("<h4>Exception:</h4>");
@@ -77,7 +77,7 @@
         request.setAttribute("Exception", "true");
     }
 
-    void ieCertFix(byte[] bA) throws Exception {
+    public void ieCertFix(byte[] bA) throws Exception {
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
         PrintStream tmpPrinter = new PrintStream(baos);
         RequestHelper.ieCertFormat(bA, tmpPrinter);
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/CAAdminSessionBean.java ./src/java/se/anatom/ejbca/ca/caadmin/CAAdminSessionBean.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/CAAdminSessionBean.java	Fri Jul  1 12:04:19 2005
+++ ./src/java/se/anatom/ejbca/ca/caadmin/CAAdminSessionBean.java	Thu Nov 24 22:16:37 2005
@@ -40,7 +40,6 @@
 import javax.ejb.EJBException;
 
 import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.jce.PKCS10CertificationRequest;
 
 import se.anatom.ejbca.BaseSessionBean;
 import se.anatom.ejbca.SecConst;
@@ -66,6 +65,7 @@
 import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocal;
 import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocalHome;
 import se.anatom.ejbca.ca.store.certificateprofiles.CertificateProfile;
+import se.anatom.ejbca.common.ExtendedPKCS10CertificationRequest;
 import se.anatom.ejbca.common.UserDataVO;
 import se.anatom.ejbca.exception.EjbcaException;
 import se.anatom.ejbca.log.Admin;
@@ -82,7 +82,7 @@
 /**
  * Administrates and manages CAs in EJBCA system.
  *
- * @version $Id: CAAdminSessionBean.java,v 1.42.2.1 2005/07/01 10:04:19 anatom Exp $
+ * @version $Id: CAAdminSessionBean.java,v 1.42.2.3 2005/11/24 21:16:37 herrvendil Exp $
  *
  * @ejb.bean description="Session bean handling core CA function,signing certificates"
  *   display-name="CAAdminSB"
@@ -713,7 +713,7 @@
                      req.setAttributes(kName);
                      */
                     
-                    PKCS10CertificationRequest req = new PKCS10CertificationRequest("SHA1WithRSA",
+                    ExtendedPKCS10CertificationRequest req = new ExtendedPKCS10CertificationRequest("SHA1WithRSA",
                             CertTools.stringToBcX509Name(ca.getSubjectDN()), ca.getCAToken().getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN), attributes, ca.getCAToken().getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN));
                     
                     // create PKCS10RequestMessage
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/CATokenInfo.java ./src/java/se/anatom/ejbca/ca/caadmin/CATokenInfo.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/CATokenInfo.java	Tue Mar 22 14:51:07 2005
+++ ./src/java/se/anatom/ejbca/ca/caadmin/CATokenInfo.java	Thu Nov 24 22:16:37 2005
@@ -18,13 +18,13 @@
 /**
  * Holds nonsensitive information about a CAToken.
  *
- * @version $Id: CATokenInfo.java,v 1.5 2005/03/22 13:51:07 anatom Exp $
+ * @version $Id: CATokenInfo.java,v 1.5.2.1 2005/11/24 21:16:37 herrvendil Exp $
  */
 public abstract class CATokenInfo implements Serializable {
 
     public static final String SIGALG_SHA1_WITH_RSA = "SHA1WithRSA";
     public static final String SIGALG_SHA256_WITH_RSA = "SHA256WithRSA";
-    
+   
     public static final String[] AVAILABLE_SIGALGS = {SIGALG_SHA1_WITH_RSA, SIGALG_SHA256_WITH_RSA};
     
     public static final int CATOKENTYPE_P12          = 1;
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/CATokenInfo.java.15 ./src/java/se/anatom/ejbca/ca/caadmin/CATokenInfo.java.15
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/CATokenInfo.java.15	Thu Jan  1 01:00:00 1970
+++ ./src/java/se/anatom/ejbca/ca/caadmin/CATokenInfo.java.15	Thu Nov 24 22:16:37 2005
@@ -0,0 +1,45 @@
+/*************************************************************************
+ *                                                                       *
+ *  EJBCA: The OpenSource Certificate Authority                          *
+ *                                                                       *
+ *  This software is free software; you can redistribute it and/or       *
+ *  modify it under the terms of the GNU Lesser General Public           *
+ *  License as published by the Free Software Foundation; either         *
+ *  version 2.1 of the License, or any later version.                    *
+ *                                                                       *
+ *  See terms of license at gnu.org.                                     *
+ *                                                                       *
+ *************************************************************************/
+ 
+package se.anatom.ejbca.ca.caadmin;
+
+import java.io.Serializable;
+
+/**
+ * Holds nonsensitive information about a CAToken.
+ *
+ * @version $Id: CATokenInfo.java.15,v 1.1.2.1 2005/11/24 21:16:37 herrvendil Exp $
+ */
+public abstract class CATokenInfo implements Serializable {
+
+    public static final String SIGALG_SHA1_WITH_RSA = "SHA1WithRSA";
+    public static final String SIGALG_SHA256_WITH_RSA = "SHA256WithRSA";
+    public static final String SIGALG_SHA256_WITH_RSA_AND_MGF1      = "SHA256WithRSAAndMGF1";
+    
+    public static final String[] AVAILABLE_SIGALGS = {SIGALG_SHA1_WITH_RSA, SIGALG_SHA256_WITH_RSA, SIGALG_SHA256_WITH_RSA_AND_MGF1};
+    
+    public static final int CATOKENTYPE_P12          = 1;
+    public static final int CATOKENTYPE_HSM          = 2;
+	public static final int CATOKENTYPE_NULL         = 3;
+	
+    private String signaturealgoritm = null;
+    
+    public CATokenInfo(){}
+    
+    /**
+     * Method to retrieve which algoritm that should be used for signing of certificates and CRLs.
+     */
+    public String getSignatureAlgorithm(){ return signaturealgoritm; }
+    public void setSignatureAlgorithm(String signaturealgoritm){ this.signaturealgoritm=signaturealgoritm;}
+    
+}
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedJCERSAPublicKey.java ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedJCERSAPublicKey.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedJCERSAPublicKey.java	Thu Jan  1 01:00:00 1970
+++ ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedJCERSAPublicKey.java	Thu Nov 24 22:16:37 2005
@@ -0,0 +1,140 @@
+package se.anatom.ejbca.ca.caadmin;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.RSAPublicKeySpec;
+
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERNull;
+import org.bouncycastle.asn1.DEROutputStream;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.RSAPublicKeyStructure;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.crypto.params.RSAKeyParameters;
+
+public class ExtendedJCERSAPublicKey
+    implements RSAPublicKey
+{
+    private BigInteger modulus;
+    private BigInteger publicExponent;
+
+    ExtendedJCERSAPublicKey(
+        RSAKeyParameters key)
+    {
+        this.modulus = key.getModulus();
+        this.publicExponent = key.getExponent();
+    }
+
+    ExtendedJCERSAPublicKey(
+        RSAPublicKeySpec spec)
+    {
+        this.modulus = spec.getModulus();
+        this.publicExponent = spec.getPublicExponent();
+    }
+
+    ExtendedJCERSAPublicKey(
+        RSAPublicKey key)
+    {
+        this.modulus = key.getModulus();
+        this.publicExponent = key.getPublicExponent();
+    }
+
+    ExtendedJCERSAPublicKey(
+        SubjectPublicKeyInfo    info)
+    {
+        try
+        {
+            RSAPublicKeyStructure   pubKey = new RSAPublicKeyStructure((ASN1Sequence)info.getPublicKey());
+
+            this.modulus = pubKey.getModulus();
+            this.publicExponent = pubKey.getPublicExponent();
+        }
+        catch (IOException e)
+        {
+            throw new IllegalArgumentException("invalid info structure in RSA public key");
+        }
+    }
+
+    /**
+     * return the modulus.
+     *
+     * @return the modulus.
+     */
+    public BigInteger getModulus()
+    {
+        return modulus;
+    }
+
+    /**
+     * return the public exponent.
+     *
+     * @return the public exponent.
+     */
+    public BigInteger getPublicExponent()
+    {
+        return publicExponent;
+    }
+
+    public String getAlgorithm()
+    {
+        return "RSA";
+    }
+
+    public String getFormat()
+    {
+        return "X.509";
+    }
+
+    public byte[] getEncoded()
+    {
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+        DEROutputStream         dOut = new DEROutputStream(bOut);
+        SubjectPublicKeyInfo    info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPublicKeyStructure(getModulus(), getPublicExponent()).getDERObject());
+
+        try
+        {
+            dOut.writeObject(info);
+            dOut.close();
+        }
+        catch (IOException e)
+        {
+            throw new RuntimeException("Error encoding RSA public key");
+        }
+
+        return bOut.toByteArray();
+
+    }
+
+    public boolean equals(Object o)
+    {
+        if ( !(o instanceof RSAPublicKey) )
+        {
+            return false;
+        }
+
+        if ( o == this )
+        {
+            return true;
+        }
+
+        RSAPublicKey key = (RSAPublicKey)o;
+
+        return getModulus().equals(key.getModulus())
+            && getPublicExponent().equals(key.getPublicExponent());
+    }
+
+    public String toString()
+    {
+        StringBuffer    buf = new StringBuffer();
+        String          nl = System.getProperty("line.separator");
+
+        buf.append("RSA Public Key" + nl);
+        buf.append("            modulus: " + this.getModulus().toString(16) + nl);
+        buf.append("    public exponent: " + this.getPublicExponent().toString(16) + nl);
+
+        return buf.toString();
+    }
+}
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CRLObject.java ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CRLObject.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CRLObject.java	Thu Jan  1 01:00:00 1970
+++ ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CRLObject.java	Thu Nov 24 22:16:37 2005
@@ -0,0 +1,391 @@
+package se.anatom.ejbca.ca.caadmin;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Principal;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.cert.CRLException;
+import java.security.cert.Certificate;
+import java.security.cert.X509CRL;
+import java.security.cert.X509CRLEntry;
+import java.security.cert.X509Certificate;
+import java.security.spec.InvalidParameterSpecException;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.ASN1OutputStream;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DEROutputStream;
+import org.bouncycastle.asn1.x509.CertificateList;
+import org.bouncycastle.asn1.x509.TBSCertList;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.provider.X509CRLEntryObject;
+
+/**
+ * The following extensions are listed in RFC 2459 as relevant to CRLs
+ *
+ * Authority Key Identifier
+ * Issuer Alternative Name
+ * CRL Number
+ * Delta CRL Indicator (critical)
+ * Issuing Distribution Point (critical)
+ */
+public class ExtendedX509CRLObject
+    extends X509CRL
+{
+    private CertificateList c;
+
+    public ExtendedX509CRLObject(
+        CertificateList c)
+    {
+        this.c = c;
+    }
+
+    /**
+     * Will return true if any extensions are present and marked
+     * as critical as we currently dont handle any extensions!
+     */
+    public boolean hasUnsupportedCriticalExtension()
+    {
+        Set extns = getCriticalExtensionOIDs();
+        if ( extns != null && !extns.isEmpty() )
+        {
+            return true;
+        }
+
+        return false;
+    }
+
+    private Set getExtensionOIDs(boolean critical)
+    {
+        if (this.getVersion() == 2)
+        {
+            HashSet         set = new HashSet();
+            X509Extensions  extensions = c.getTBSCertList().getExtensions();
+            Enumeration     e = extensions.oids();
+
+            while (e.hasMoreElements())
+            {
+                DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                X509Extension       ext = extensions.getExtension(oid);
+
+                if (critical == ext.isCritical())
+                {
+                    set.add(oid.getId());
+                }
+            }
+
+            return set;
+        }
+
+        return null;
+    }
+
+    public Set getCriticalExtensionOIDs()
+    {
+        return getExtensionOIDs(true);
+    }
+
+    public Set getNonCriticalExtensionOIDs()
+    {
+        return getExtensionOIDs(false);
+    }
+
+    public byte[] getExtensionValue(String oid)
+    {
+        X509Extensions exts = c.getTBSCertList().getExtensions();
+
+        if (exts != null)
+        {
+            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
+
+            if (ext != null)
+            {
+                ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+                DEROutputStream dOut = new DEROutputStream(bOut);
+
+                try
+                {
+                    dOut.writeObject(ext.getValue());
+
+                    return bOut.toByteArray();
+                }
+                catch (Exception e)
+                {
+                    throw new RuntimeException("error encoding " + e.toString());
+                }
+            }
+        }
+
+        return null;
+    }
+
+    public byte[] getEncoded()
+        throws CRLException
+    {
+        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+        DEROutputStream            dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c);
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw new CRLException(e.toString());
+        }
+    }
+
+    public void verify(PublicKey key)
+        throws CRLException,  NoSuchAlgorithmException,
+        InvalidKeyException, NoSuchProviderException,
+        SignatureException
+    {
+        verify(key, "BC");
+    }
+
+    public void verify(PublicKey key, String sigProvider)
+        throws CRLException, NoSuchAlgorithmException,
+        InvalidKeyException, NoSuchProviderException,
+        SignatureException
+    {
+        if ( !c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()) )
+        {
+            throw new CRLException("Signature algorithm on CertifcateList does not match TBSCertList.");
+        }
+
+        Signature sig;
+        try {
+            sig = ExtendedX509V3CertificateGenerator.getSignature( c.getSignatureAlgorithm(),
+                                                                   sigProvider );
+        } catch (InvalidParameterSpecException e) {
+            throw new NoSuchAlgorithmException(e.getMessage());
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new NoSuchAlgorithmException(e.getMessage());
+        } catch (IOException e) {
+            throw new NoSuchAlgorithmException(e.getMessage());
+        }
+        sig.initVerify(key);
+        sig.update(this.getTBSCertList());
+        if ( !sig.verify(this.getSignature()) )
+        {
+            throw new SignatureException("CRL does not verify with supplied public key.");
+        }
+    }
+
+    public int getVersion()
+    {
+        return c.getVersion();
+    }
+
+    public Principal getIssuerDN()
+    {
+        return new X509Principal(c.getIssuer());
+    }
+
+    public X500Principal getIssuerX500Principal()
+    {
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+
+            aOut.writeObject(c.getIssuer());
+
+            return new X500Principal(bOut.toByteArray());
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("can't encode issuer DN");
+        }
+    }
+
+    public Date getThisUpdate()
+    {
+        return c.getThisUpdate().getDate();
+    }
+
+    public Date getNextUpdate()
+    {
+        if (c.getNextUpdate() != null)
+        {
+            return c.getNextUpdate().getDate();
+        }
+
+        return null;
+    }
+
+    public X509CRLEntry getRevokedCertificate(BigInteger serialNumber)
+    {
+        TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+
+        if ( certs != null )
+        {
+            for ( int i = 0; i < certs.length; i++ )
+            {
+                if ( certs[i].getUserCertificate().getValue().equals(serialNumber) ) {
+                    return new X509CRLEntryObject(certs[i]);
+                }
+            }
+        }
+
+        return null;
+    }
+  
+    public Set getRevokedCertificates()
+    {
+        TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+
+        if ( certs != null )
+        {
+            HashSet set = new HashSet();
+            for ( int i = 0; i < certs.length; i++ )
+            {
+                set.add(new X509CRLEntryObject(certs[i]));
+
+            }
+
+            return set;
+        }
+
+        return null;
+    }
+  
+    public byte[] getTBSCertList()
+        throws CRLException
+    {
+        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+        DEROutputStream            dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c.getTBSCertList());
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw new CRLException(e.toString());
+        }
+    }
+
+    public byte[] getSignature()
+    {
+        return c.getSignature().getBytes();
+    }
+
+    public String getSigAlgName()
+    {
+        Provider    prov = Security.getProvider("BC");
+        String        algName = prov.getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
+
+        if ( algName != null )
+        {
+            return algName;
+        }
+
+        Provider[] provs = Security.getProviders();
+
+        //
+        // search every provider looking for a real algorithm
+        //
+        for (int i = 0; i != provs.length; i++)
+        {
+            algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
+            if ( algName != null )
+            {
+                return algName;
+            }
+        }
+
+        return this.getSigAlgOID();
+    }
+
+    public String getSigAlgOID()
+    {
+        return c.getSignatureAlgorithm().getObjectId().getId();
+    }
+
+    public byte[] getSigAlgParams()
+    {
+        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+
+        if ( c.getSignatureAlgorithm().getParameters() != null )
+        {
+            try
+            {
+                DEROutputStream    dOut = new DEROutputStream(bOut);
+
+                dOut.writeObject(c.getSignatureAlgorithm().getParameters());
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("exception getting sig parameters " + e);
+            }
+
+            return bOut.toByteArray();
+        }
+
+        return null;
+    }
+
+    /**
+     * Returns a string representation of this CRL.
+     *
+     * @return a string representation of this CRL.
+     */
+    public String toString()
+    {
+        return "X.509 CRL";
+    }
+
+    /**
+     * Checks whether the given certificate is on this CRL.
+     *
+     * @param cert the certificate to check for.
+     * @return true if the given certificate is on this CRL,
+     * false otherwise.
+     */
+    public boolean isRevoked(Certificate cert)
+    {
+        if ( !cert.getType().equals("X.509") )
+        {
+            throw new RuntimeException("X.509 CRL used with non X.509 Cert");
+        }
+
+        TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+
+        if ( certs != null )
+        {
+            BigInteger serial = ((X509Certificate)cert).getSerialNumber();
+
+            for ( int i = 0; i < certs.length; i++ )
+            {
+                if ( certs[i].getUserCertificate().getValue().equals(serial) )
+                {
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+}
+
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CRLObject.java.15 ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CRLObject.java.15
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CRLObject.java.15	Thu Jan  1 01:00:00 1970
+++ ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CRLObject.java.15	Thu Nov 24 22:16:37 2005
@@ -0,0 +1,391 @@
+package se.anatom.ejbca.ca.caadmin;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Principal;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.cert.CRLException;
+import java.security.cert.Certificate;
+import java.security.cert.X509CRL;
+import java.security.cert.X509CRLEntry;
+import java.security.cert.X509Certificate;
+import java.security.spec.InvalidParameterSpecException;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.ASN1OutputStream;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DEROutputStream;
+import org.bouncycastle.asn1.x509.CertificateList;
+import org.bouncycastle.asn1.x509.TBSCertList;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.provider.X509CRLEntryObject;
+
+/**
+ * The following extensions are listed in RFC 2459 as relevant to CRLs
+ *
+ * Authority Key Identifier
+ * Issuer Alternative Name
+ * CRL Number
+ * Delta CRL Indicator (critical)
+ * Issuing Distribution Point (critical)
+ */
+public class ExtendedX509CRLObject
+    extends X509CRL
+{
+    private CertificateList c;
+
+    public ExtendedX509CRLObject(
+        CertificateList c)
+    {
+        this.c = c;
+    }
+
+    /**
+     * Will return true if any extensions are present and marked
+     * as critical as we currently dont handle any extensions!
+     */
+    public boolean hasUnsupportedCriticalExtension()
+    {
+        Set extns = getCriticalExtensionOIDs();
+        if ( extns != null && !extns.isEmpty() )
+        {
+            return true;
+        }
+
+        return false;
+    }
+
+    private Set getExtensionOIDs(boolean critical)
+    {
+        if (this.getVersion() == 2)
+        {
+            HashSet         set = new HashSet();
+            X509Extensions  extensions = c.getTBSCertList().getExtensions();
+            Enumeration     e = extensions.oids();
+
+            while (e.hasMoreElements())
+            {
+                DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                X509Extension       ext = extensions.getExtension(oid);
+
+                if (critical == ext.isCritical())
+                {
+                    set.add(oid.getId());
+                }
+            }
+
+            return set;
+        }
+
+        return null;
+    }
+
+    public Set getCriticalExtensionOIDs()
+    {
+        return getExtensionOIDs(true);
+    }
+
+    public Set getNonCriticalExtensionOIDs()
+    {
+        return getExtensionOIDs(false);
+    }
+
+    public byte[] getExtensionValue(String oid)
+    {
+        X509Extensions exts = c.getTBSCertList().getExtensions();
+
+        if (exts != null)
+        {
+            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
+
+            if (ext != null)
+            {
+                ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+                DEROutputStream dOut = new DEROutputStream(bOut);
+
+                try
+                {
+                    dOut.writeObject(ext.getValue());
+
+                    return bOut.toByteArray();
+                }
+                catch (Exception e)
+                {
+                    throw new RuntimeException("error encoding " + e.toString());
+                }
+            }
+        }
+
+        return null;
+    }
+
+    public byte[] getEncoded()
+        throws CRLException
+    {
+        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+        DEROutputStream            dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c);
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw new CRLException(e.toString());
+        }
+    }
+
+    public void verify(PublicKey key)
+        throws CRLException,  NoSuchAlgorithmException,
+        InvalidKeyException, NoSuchProviderException,
+        SignatureException
+    {
+        verify(key, "BC");
+    }
+
+    public void verify(PublicKey key, String sigProvider)
+        throws CRLException, NoSuchAlgorithmException,
+        InvalidKeyException, NoSuchProviderException,
+        SignatureException
+    {
+        if ( !c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()) )
+        {
+            throw new CRLException("Signature algorithm on CertifcateList does not match TBSCertList.");
+        }
+
+        Signature sig;
+        try {
+            sig = ExtendedX509V3CertificateGenerator.getSignature( c.getSignatureAlgorithm(),
+                                                                   sigProvider );
+        } catch (InvalidParameterSpecException e) {
+            throw new NoSuchAlgorithmException(e);
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new NoSuchAlgorithmException(e);
+        } catch (IOException e) {
+            throw new NoSuchAlgorithmException(e);
+        }
+        sig.initVerify(key);
+        sig.update(this.getTBSCertList());
+        if ( !sig.verify(this.getSignature()) )
+        {
+            throw new SignatureException("CRL does not verify with supplied public key.");
+        }
+    }
+
+    public int getVersion()
+    {
+        return c.getVersion();
+    }
+
+    public Principal getIssuerDN()
+    {
+        return new X509Principal(c.getIssuer());
+    }
+
+    public X500Principal getIssuerX500Principal()
+    {
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+
+            aOut.writeObject(c.getIssuer());
+
+            return new X500Principal(bOut.toByteArray());
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("can't encode issuer DN");
+        }
+    }
+
+    public Date getThisUpdate()
+    {
+        return c.getThisUpdate().getDate();
+    }
+
+    public Date getNextUpdate()
+    {
+        if (c.getNextUpdate() != null)
+        {
+            return c.getNextUpdate().getDate();
+        }
+
+        return null;
+    }
+
+    public X509CRLEntry getRevokedCertificate(BigInteger serialNumber)
+    {
+        TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+
+        if ( certs != null )
+        {
+            for ( int i = 0; i < certs.length; i++ )
+            {
+                if ( certs[i].getUserCertificate().getValue().equals(serialNumber) ) {
+                    return new X509CRLEntryObject(certs[i]);
+                }
+            }
+        }
+
+        return null;
+    }
+  
+    public Set getRevokedCertificates()
+    {
+        TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+
+        if ( certs != null )
+        {
+            HashSet set = new HashSet();
+            for ( int i = 0; i < certs.length; i++ )
+            {
+                set.add(new X509CRLEntryObject(certs[i]));
+
+            }
+
+            return set;
+        }
+
+        return null;
+    }
+  
+    public byte[] getTBSCertList()
+        throws CRLException
+    {
+        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+        DEROutputStream            dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c.getTBSCertList());
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw new CRLException(e.toString());
+        }
+    }
+
+    public byte[] getSignature()
+    {
+        return c.getSignature().getBytes();
+    }
+
+    public String getSigAlgName()
+    {
+        Provider    prov = Security.getProvider("BC");
+        String        algName = prov.getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
+
+        if ( algName != null )
+        {
+            return algName;
+        }
+
+        Provider[] provs = Security.getProviders();
+
+        //
+        // search every provider looking for a real algorithm
+        //
+        for (int i = 0; i != provs.length; i++)
+        {
+            algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
+            if ( algName != null )
+            {
+                return algName;
+            }
+        }
+
+        return this.getSigAlgOID();
+    }
+
+    public String getSigAlgOID()
+    {
+        return c.getSignatureAlgorithm().getObjectId().getId();
+    }
+
+    public byte[] getSigAlgParams()
+    {
+        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+
+        if ( c.getSignatureAlgorithm().getParameters() != null )
+        {
+            try
+            {
+                DEROutputStream    dOut = new DEROutputStream(bOut);
+
+                dOut.writeObject(c.getSignatureAlgorithm().getParameters());
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("exception getting sig parameters " + e);
+            }
+
+            return bOut.toByteArray();
+        }
+
+        return null;
+    }
+
+    /**
+     * Returns a string representation of this CRL.
+     *
+     * @return a string representation of this CRL.
+     */
+    public String toString()
+    {
+        return "X.509 CRL";
+    }
+
+    /**
+     * Checks whether the given certificate is on this CRL.
+     *
+     * @param cert the certificate to check for.
+     * @return true if the given certificate is on this CRL,
+     * false otherwise.
+     */
+    public boolean isRevoked(Certificate cert)
+    {
+        if ( !cert.getType().equals("X.509") )
+        {
+            throw new RuntimeException("X.509 CRL used with non X.509 Cert");
+        }
+
+        TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+
+        if ( certs != null )
+        {
+            BigInteger serial = ((X509Certificate)cert).getSerialNumber();
+
+            for ( int i = 0; i < certs.length; i++ )
+            {
+                if ( certs[i].getUserCertificate().getValue().equals(serial) )
+                {
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+}
+
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CertificateObject.java ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CertificateObject.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CertificateObject.java	Thu Jan  1 01:00:00 1970
+++ ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CertificateObject.java	Fri Nov 25 09:38:07 2005
@@ -0,0 +1,748 @@
+package se.anatom.ejbca.ca.caadmin;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Principal;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.CertificateParsingException;
+import java.security.cert.X509Certificate;
+import java.security.spec.InvalidParameterSpecException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Hashtable;
+import java.util.List;
+import java.util.Set;
+import java.util.Vector;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.*;
+import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
+import org.bouncycastle.asn1.misc.NetscapeCertType;
+import org.bouncycastle.asn1.misc.NetscapeRevocationURL;
+import org.bouncycastle.asn1.misc.VerisignCzagExtension;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.util.ASN1Dump;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.BasicConstraints;
+import org.bouncycastle.asn1.x509.KeyUsage;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x509.X509CertificateStructure;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
+import org.bouncycastle.util.encoders.Hex;
+
+/** Class copied from BouncyCastle and extended to supoprt RSA-DSS signatures
+ * 
+ * @version $Id: ExtendedX509CertificateObject.java,v 1.1.2.2 2005/11/25 08:38:07 anatom Exp $
+ *
+ */ 
+public class ExtendedX509CertificateObject
+    extends X509Certificate
+    implements PKCS12BagAttributeCarrier
+{
+    private X509CertificateStructure    c;
+    private Hashtable                   pkcs12Attributes = new Hashtable();
+    private Vector                      pkcs12Ordering = new Vector();
+
+    public ExtendedX509CertificateObject(
+        X509CertificateStructure    c)
+    {
+        this.c = c;
+    }
+
+    public void checkValidity()
+        throws CertificateExpiredException, CertificateNotYetValidException
+    {
+        this.checkValidity(new Date());
+    }
+
+    public void checkValidity(
+        Date    date)
+        throws CertificateExpiredException, CertificateNotYetValidException
+    {
+        if (date.after(this.getNotAfter()))
+        {
+            throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime());
+        }
+
+        if (date.before(this.getNotBefore()))
+        {
+            throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime());
+        }
+    }
+
+    public int getVersion()
+    {
+        return c.getVersion();
+    }
+
+    public BigInteger getSerialNumber()
+    {
+        return c.getSerialNumber().getValue();
+    }
+
+    public Principal getIssuerDN()
+    {
+        return new X509Principal(c.getIssuer());
+    }
+
+    public X500Principal getIssuerX500Principal()
+    {
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+
+            aOut.writeObject(c.getIssuer());
+
+            return new X500Principal(bOut.toByteArray());
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("can't encode issuer DN");
+        }
+    }
+
+    public Principal getSubjectDN()
+    {
+        return new X509Principal(c.getSubject());
+    }
+
+    public X500Principal getSubjectX500Principal()
+    {
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+
+            aOut.writeObject(c.getSubject());
+
+            return new X500Principal(bOut.toByteArray());
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("can't encode issuer DN");
+        }
+    }
+
+    public Date getNotBefore()
+    {
+        return c.getStartDate().getDate();
+    }
+
+    public Date getNotAfter()
+    {
+        return c.getEndDate().getDate();
+    }
+
+    public byte[] getTBSCertificate()
+        throws CertificateEncodingException
+    {
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+        DEROutputStream         dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c.getTBSCertificate());
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw new CertificateEncodingException(e.toString());
+        }
+    }
+
+    public byte[] getSignature()
+    {
+        return c.getSignature().getBytes();
+    }
+
+    /**
+     * return a more "meaningful" representation for the signature algorithm used in
+     * the certficate.
+     */
+    public String getSigAlgName()
+    {
+        Provider    prov = Security.getProvider("BC");
+        String      algName = prov.getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
+
+        if (algName != null)
+        {
+            return algName;
+        }
+
+        Provider[] provs = Security.getProviders();
+
+        //
+        // search every provider looking for a real algorithm
+        //
+        for (int i = 0; i != provs.length; i++)
+        {
+            algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
+            if (algName != null)
+            {
+                return algName;
+            }
+        }
+
+        return this.getSigAlgOID();
+    }
+
+    /**
+     * return the object identifier for the signature.
+     */
+    public String getSigAlgOID()
+    {
+        return c.getSignatureAlgorithm().getObjectId().getId();
+    }
+
+    /**
+     * return the signature parameters, or null if there aren't any.
+     */
+    public byte[] getSigAlgParams()
+    {
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+
+        if (c.getSignatureAlgorithm().getParameters() != null)
+        {
+            try
+            {
+                DEROutputStream         dOut = new DEROutputStream(bOut);
+
+                dOut.writeObject(c.getSignatureAlgorithm().getParameters());
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("exception getting sig parameters " + e);
+            }
+
+            return bOut.toByteArray();
+        }
+        return null;
+    }
+
+    public boolean[] getIssuerUniqueID()
+    {
+        DERBitString    id = c.getTBSCertificate().getIssuerUniqueId();
+
+        if (id != null)
+        {
+            byte[]          bytes = id.getBytes();
+            boolean[]       boolId = new boolean[bytes.length * 8 - id.getPadBits()];
+
+            for (int i = 0; i != boolId.length; i++)
+            {
+                boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
+            }
+
+            return boolId;
+        }
+            
+        return null;
+    }
+
+    public boolean[] getSubjectUniqueID()
+    {
+        DERBitString    id = c.getTBSCertificate().getSubjectUniqueId();
+
+        if (id != null)
+        {
+            byte[]          bytes = id.getBytes();
+            boolean[]       boolId = new boolean[bytes.length * 8 - id.getPadBits()];
+
+            for (int i = 0; i != boolId.length; i++)
+            {
+                boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
+            }
+
+            return boolId;
+        }
+            
+        return null;
+    }
+
+    public boolean[] getKeyUsage()
+    {
+        byte[]  bytes = this.getExtensionBytes("2.5.29.15");
+        int     length = 0;
+
+        if (bytes != null)
+        {
+            try
+            {
+                ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
+                DERBitString    bits = (DERBitString)dIn.readObject();
+
+                bytes = bits.getBytes();
+                length = (bytes.length * 8) - bits.getPadBits();
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("error processing key usage extension");
+            }
+
+            boolean[]       keyUsage = new boolean[(length < 9) ? 9 : length];
+
+            for (int i = 0; i != length; i++)
+            {
+                keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
+            }
+
+            return keyUsage;
+        }
+
+        return null;
+    }
+
+    public List getExtendedKeyUsage() 
+        throws CertificateParsingException
+    {
+        byte[]  bytes = this.getExtensionBytes("2.5.29.37");
+
+        if (bytes != null)
+        {
+            try
+            {
+                ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
+                ASN1Sequence    seq = (ASN1Sequence)dIn.readObject();
+                ArrayList       list = new ArrayList();
+
+                for (int i = 0; i != seq.size(); i++)
+                {
+                    list.add(((DERObjectIdentifier)seq.getObjectAt(i)).getId());
+                }
+                
+                return Collections.unmodifiableList(list);
+            }
+            catch (Exception e)
+            {
+                throw new CertificateParsingException("error processing extended key usage extension");
+            }
+        }
+
+        return null;
+    }
+    
+    public int getBasicConstraints()
+    {
+        byte[]  bytes = this.getExtensionBytes("2.5.29.19");
+
+        if (bytes != null)
+        {
+            try
+            {
+                ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
+                ASN1Sequence    seq = (ASN1Sequence)dIn.readObject();
+
+                if (seq.size() == 2)
+                {
+                    if (((DERBoolean)seq.getObjectAt(0)).isTrue())
+                    {
+                        return ((DERInteger)seq.getObjectAt(1)).getValue().intValue();
+                    }
+                    return -1;
+                }
+                else if (seq.size() == 1)
+                {
+                    if (seq.getObjectAt(0) instanceof DERBoolean)
+                    {
+                        if (((DERBoolean)seq.getObjectAt(0)).isTrue())
+                        {
+                            return Integer.MAX_VALUE;
+                        }
+                        return -1;
+                    }
+                    return -1;
+                }
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("error processing key usage extension");
+            }
+        }
+
+        return -1;
+    }
+
+    public Set getCriticalExtensionOIDs() 
+    {
+        if (this.getVersion() == 3)
+        {
+            HashSet         set = new HashSet();
+            X509Extensions  extensions = c.getTBSCertificate().getExtensions();
+
+            if (extensions != null)
+            {
+                Enumeration     e = extensions.oids();
+
+                while (e.hasMoreElements())
+                {
+                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                    X509Extension       ext = extensions.getExtension(oid);
+
+                    if (ext.isCritical())
+                    {
+                        set.add(oid.getId());
+                    }
+                }
+
+                return set;
+            }
+        }
+
+        return null;
+    }
+
+    private byte[] getExtensionBytes(String oid)
+    {
+        X509Extensions exts = c.getTBSCertificate().getExtensions();
+
+        if (exts != null)
+        {
+            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
+            if (ext != null)
+            {
+                return ext.getValue().getOctets();
+            }
+        }
+
+        return null;
+    }
+
+    public byte[] getExtensionValue(String oid) 
+    {
+        X509Extensions exts = c.getTBSCertificate().getExtensions();
+
+        if (exts != null)
+        {
+            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
+
+            if (ext != null)
+            {
+                ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+                DEROutputStream            dOut = new DEROutputStream(bOut);
+                
+                try
+                {
+                    dOut.writeObject(ext.getValue());
+
+                    return bOut.toByteArray();
+                }
+                catch (Exception e)
+                {
+                    throw new RuntimeException("error encoding " + e.toString());
+                }
+            }
+        }
+
+        return null;
+    }
+
+    public Set getNonCriticalExtensionOIDs() 
+    {
+        if (this.getVersion() == 3)
+        {
+            HashSet         set = new HashSet();
+            X509Extensions  extensions = c.getTBSCertificate().getExtensions();
+
+            if (extensions != null)
+            {
+                Enumeration     e = extensions.oids();
+
+                while (e.hasMoreElements())
+                {
+                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                    X509Extension       ext = extensions.getExtension(oid);
+
+                    if (!ext.isCritical())
+                    {
+                        set.add(oid.getId());
+                    }
+                }
+
+                return set;
+            }
+        }
+
+        return null;
+    }
+
+    public boolean hasUnsupportedCriticalExtension()
+    {
+        if (this.getVersion() == 3)
+        {
+            X509Extensions  extensions = c.getTBSCertificate().getExtensions();
+
+            if (extensions != null)
+            {
+                Enumeration     e = extensions.oids();
+
+                while (e.hasMoreElements())
+                {
+                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                    if (oid.getId().equals("2.5.29.15")
+                       || oid.getId().equals("2.5.29.19"))
+                    {
+                        continue;
+                    }
+
+                    X509Extension       ext = extensions.getExtension(oid);
+
+                    if (ext.isCritical())
+                    {
+                        return true;
+                    }
+                }
+            }
+        }
+
+        return false;
+    }
+
+    static PublicKey createPublicKeyFromPublicKeyInfo(
+            SubjectPublicKeyInfo         info)
+    {
+        AlgorithmIdentifier     algId = info.getAlgorithmId();
+        
+        if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption)
+                || algId.getObjectId().equals(X509ObjectIdentifiers.id_ea_rsa))
+        {
+            return new ExtendedJCERSAPublicKey(info);
+        }
+        throw new RuntimeException("algorithm identifier in key not recognised");
+    }
+    
+    public PublicKey getPublicKey()
+    {
+        return createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo());
+    }
+
+    public byte[] getEncoded()
+        throws CertificateEncodingException
+    {
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+        DEROutputStream         dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c);
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw new CertificateEncodingException(e.toString());
+        }
+    }
+
+    public void setBagAttribute(
+        DERObjectIdentifier oid,
+        DEREncodable        attribute)
+    {
+        pkcs12Attributes.put(oid, attribute);
+        pkcs12Ordering.addElement(oid);
+    }
+
+    public DEREncodable getBagAttribute(
+        DERObjectIdentifier oid)
+    {
+        return (DEREncodable)pkcs12Attributes.get(oid);
+    }
+
+    public Enumeration getBagAttributeKeys()
+    {
+        return pkcs12Ordering.elements();
+    }
+
+    public String toString()
+    {
+        StringBuffer    buf = new StringBuffer();
+        String          nl = System.getProperty("line.separator");
+
+        buf.append("  [0]         Version: " + this.getVersion() + nl);
+        buf.append("         SerialNumber: " + this.getSerialNumber() + nl);
+        buf.append("             IssuerDN: " + this.getIssuerDN() + nl);
+        buf.append("           Start Date: " + this.getNotBefore() + nl);
+        buf.append("           Final Date: " + this.getNotAfter() + nl);
+        buf.append("            SubjectDN: " + this.getSubjectDN() + nl);
+        buf.append("           Public Key: " + this.getPublicKey() + nl);
+        buf.append("  Signature Algorithm: " + this.getSigAlgName() + nl);
+
+        byte[]  sig = this.getSignature();
+
+        buf.append("            Signature: " + new String(Hex.encode(sig, 0, 20)) + nl);
+        for (int i = 20; i < sig.length; i += 20)
+        {
+            if (i < sig.length - 20)
+            {
+                buf.append("                       " + new String(Hex.encode(sig, i, 20)) + nl);
+            }
+            else
+            {
+                buf.append("                       " + new String(Hex.encode(sig, i, sig.length - i)) + nl);
+            }
+        }
+
+        X509Extensions  extensions = c.getTBSCertificate().getExtensions();
+
+        if (extensions != null)
+        {
+            Enumeration     e = extensions.oids();
+
+            if (e.hasMoreElements())
+            {
+                buf.append("       Extensions: \n");
+            }
+
+            while (e.hasMoreElements())
+            {
+                DERObjectIdentifier     oid = (DERObjectIdentifier)e.nextElement();
+                X509Extension           ext = extensions.getExtension(oid);
+
+                if (ext.getValue() != null)
+                {
+                    byte[]                  octs = ext.getValue().getOctets();
+                    ByteArrayInputStream    bIn = new ByteArrayInputStream(octs);
+                    ASN1InputStream         dIn = new ASN1InputStream(bIn);
+                    buf.append("                       critical(" + ext.isCritical() + ") ");
+                    try
+                    {
+                        if (oid.equals(X509Extensions.BasicConstraints))
+                        {
+                            buf.append(new BasicConstraints((ASN1Sequence)dIn.readObject()) + nl);
+                        }
+                        else if (oid.equals(X509Extensions.KeyUsage))
+                        {
+                            buf.append(new KeyUsage((DERBitString)dIn.readObject()) + nl);
+                        }
+                        else if (oid.equals(MiscObjectIdentifiers.netscapeCertType))
+                        {
+                            buf.append(new NetscapeCertType((DERBitString)dIn.readObject()) + nl);
+                        }
+                        else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL))
+                        {
+                            buf.append(new NetscapeRevocationURL((DERIA5String)dIn.readObject()) + nl);
+                        }
+                        else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension))
+                        {
+                            buf.append(new VerisignCzagExtension((DERIA5String)dIn.readObject()) + nl);
+                        }
+                        else 
+                        {
+                            buf.append(oid.getId());
+                            buf.append(" value = " + ASN1Dump.dumpAsString(dIn.readObject()) + nl);
+                            //buf.append(" value = " + "*****" + nl);
+                        }
+                    }
+                    catch (Exception ex)
+                    {
+                        buf.append(oid.getId());
+                   //     buf.append(" value = " + new String(Hex.encode(ext.getValue().getOctets())) + nl);
+                        buf.append(" value = " + "*****" + nl);
+                    }
+                }
+                else
+                {
+                    buf.append(nl);
+                }
+            }
+        }
+
+        return buf.toString();
+    }
+
+    public final void verify(
+        PublicKey   key)
+        throws CertificateException, NoSuchAlgorithmException,
+        InvalidKeyException, NoSuchProviderException, SignatureException
+    {
+        Signature   signature = null;
+
+        if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature()))
+        {
+            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
+        }
+
+        try
+        {
+            signature = ExtendedX509V3CertificateGenerator.getSignature( c.getSignatureAlgorithm(),
+                                                                         "BC" );
+        }
+        catch (Exception e2)
+        {
+            try {
+                signature = ExtendedX509V3CertificateGenerator.getSignature( c.getSignatureAlgorithm(),
+                                                                             null );
+            } catch (InvalidParameterSpecException e) {
+                throw new NoSuchAlgorithmException(e.getMessage());
+            } catch (InvalidAlgorithmParameterException e) {
+                throw new NoSuchAlgorithmException(e.getMessage());
+            } catch (IOException e) {
+                throw new NoSuchAlgorithmException(e.getMessage());
+            }
+        }
+
+        signature.initVerify(key);
+
+        signature.update(this.getTBSCertificate());
+
+        if (!signature.verify(this.getSignature()))
+        {
+            throw new InvalidKeyException("Public key presented not for certificate signature");
+        }
+    }
+
+    public final void verify(
+        PublicKey   key,
+        String      sigProvider)
+        throws CertificateException, NoSuchAlgorithmException,
+        InvalidKeyException, NoSuchProviderException, SignatureException
+    {
+        Signature signature;
+        try {
+            signature = ExtendedX509V3CertificateGenerator.getSignature( c.getSignatureAlgorithm(),
+                                                                         sigProvider );
+        } catch (InvalidParameterSpecException e) {
+            throw new NoSuchAlgorithmException(e.getMessage());
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new NoSuchAlgorithmException(e.getMessage());
+        } catch (IOException e) {
+            throw new NoSuchAlgorithmException(e.getMessage());
+        }
+        if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature()))
+        {
+            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
+        }
+        
+        signature.initVerify(key);
+
+        signature.update(this.getTBSCertificate());
+
+        if (!signature.verify(this.getSignature()))
+        {
+            throw new InvalidKeyException("Public key presented not for certificate signature");
+        }
+    }
+}
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CertificateObject.java.15 ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CertificateObject.java.15
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CertificateObject.java.15	Thu Jan  1 01:00:00 1970
+++ ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509CertificateObject.java.15	Thu Nov 24 22:16:37 2005
@@ -0,0 +1,758 @@
+package se.anatom.ejbca.ca.caadmin;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Principal;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.CertificateParsingException;
+import java.security.cert.X509Certificate;
+import java.security.spec.InvalidParameterSpecException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Hashtable;
+import java.util.List;
+import java.util.Set;
+import java.util.Vector;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.*;
+import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
+import org.bouncycastle.asn1.misc.NetscapeCertType;
+import org.bouncycastle.asn1.misc.NetscapeRevocationURL;
+import org.bouncycastle.asn1.misc.VerisignCzagExtension;
+ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.util.ASN1Dump;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.BasicConstraints;
+import org.bouncycastle.asn1.x509.KeyUsage;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x509.X509CertificateStructure;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
+import org.bouncycastle.util.encoders.Hex;
+
+public class ExtendedX509CertificateObject
+    extends X509Certificate
+    implements PKCS12BagAttributeCarrier
+{
+    private X509CertificateStructure    c;
+    private Hashtable                   pkcs12Attributes = new Hashtable();
+    private Vector                      pkcs12Ordering = new Vector();
+
+    public ExtendedX509CertificateObject(
+        X509CertificateStructure    c)
+    {
+        this.c = c;
+    }
+
+    public void checkValidity()
+        throws CertificateExpiredException, CertificateNotYetValidException
+    {
+        this.checkValidity(new Date());
+    }
+
+    public void checkValidity(
+        Date    date)
+        throws CertificateExpiredException, CertificateNotYetValidException
+    {
+        if (date.after(this.getNotAfter()))
+        {
+            throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime());
+        }
+
+        if (date.before(this.getNotBefore()))
+        {
+            throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime());
+        }
+    }
+
+    public int getVersion()
+    {
+        return c.getVersion();
+    }
+
+    public BigInteger getSerialNumber()
+    {
+        return c.getSerialNumber().getValue();
+    }
+
+    public Principal getIssuerDN()
+    {
+        return new X509Principal(c.getIssuer());
+    }
+
+    public X500Principal getIssuerX500Principal()
+    {
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+
+            aOut.writeObject(c.getIssuer());
+
+            return new X500Principal(bOut.toByteArray());
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("can't encode issuer DN");
+        }
+    }
+
+    public Principal getSubjectDN()
+    {
+        return new X509Principal(c.getSubject());
+    }
+
+    public X500Principal getSubjectX500Principal()
+    {
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+
+            aOut.writeObject(c.getSubject());
+
+            return new X500Principal(bOut.toByteArray());
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("can't encode issuer DN");
+        }
+    }
+
+    public Date getNotBefore()
+    {
+        return c.getStartDate().getDate();
+    }
+
+    public Date getNotAfter()
+    {
+        return c.getEndDate().getDate();
+    }
+
+    public byte[] getTBSCertificate()
+        throws CertificateEncodingException
+    {
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+        DEROutputStream         dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c.getTBSCertificate());
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw new CertificateEncodingException(e.toString());
+        }
+    }
+
+    public byte[] getSignature()
+    {
+        return c.getSignature().getBytes();
+    }
+
+    /**
+     * return a more "meaningful" representation for the signature algorithm used in
+     * the certficate.
+     */
+    public String getSigAlgName()
+    {
+        Provider    prov = Security.getProvider("BC");
+        String      algName = prov.getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
+
+        if (algName != null)
+        {
+            return algName;
+        }
+
+        Provider[] provs = Security.getProviders();
+
+        //
+        // search every provider looking for a real algorithm
+        //
+        for (int i = 0; i != provs.length; i++)
+        {
+            algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
+            if (algName != null)
+            {
+                return algName;
+            }
+        }
+
+        return this.getSigAlgOID();
+    }
+
+    /**
+     * return the object identifier for the signature.
+     */
+    public String getSigAlgOID()
+    {
+        return c.getSignatureAlgorithm().getObjectId().getId();
+    }
+
+    /**
+     * return the signature parameters, or null if there aren't any.
+     */
+    public byte[] getSigAlgParams()
+    {
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+
+        if (c.getSignatureAlgorithm().getParameters() != null)
+        {
+            try
+            {
+                DEROutputStream         dOut = new DEROutputStream(bOut);
+
+                dOut.writeObject(c.getSignatureAlgorithm().getParameters());
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("exception getting sig parameters " + e);
+            }
+
+            return bOut.toByteArray();
+        }
+        else
+        {
+            return null;
+        }
+    }
+
+    public boolean[] getIssuerUniqueID()
+    {
+        DERBitString    id = c.getTBSCertificate().getIssuerUniqueId();
+
+        if (id != null)
+        {
+            byte[]          bytes = id.getBytes();
+            boolean[]       boolId = new boolean[bytes.length * 8 - id.getPadBits()];
+
+            for (int i = 0; i != boolId.length; i++)
+            {
+                boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
+            }
+
+            return boolId;
+        }
+            
+        return null;
+    }
+
+    public boolean[] getSubjectUniqueID()
+    {
+        DERBitString    id = c.getTBSCertificate().getSubjectUniqueId();
+
+        if (id != null)
+        {
+            byte[]          bytes = id.getBytes();
+            boolean[]       boolId = new boolean[bytes.length * 8 - id.getPadBits()];
+
+            for (int i = 0; i != boolId.length; i++)
+            {
+                boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
+            }
+
+            return boolId;
+        }
+            
+        return null;
+    }
+
+    public boolean[] getKeyUsage()
+    {
+        byte[]  bytes = this.getExtensionBytes("2.5.29.15");
+        int     length = 0;
+
+        if (bytes != null)
+        {
+            try
+            {
+                ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
+                DERBitString    bits = (DERBitString)dIn.readObject();
+
+                bytes = bits.getBytes();
+                length = (bytes.length * 8) - bits.getPadBits();
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("error processing key usage extension");
+            }
+
+            boolean[]       keyUsage = new boolean[(length < 9) ? 9 : length];
+
+            for (int i = 0; i != length; i++)
+            {
+                keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
+            }
+
+            return keyUsage;
+        }
+
+        return null;
+    }
+
+    public List getExtendedKeyUsage() 
+        throws CertificateParsingException
+    {
+        byte[]  bytes = this.getExtensionBytes("2.5.29.37");
+        int     length = 0;
+
+        if (bytes != null)
+        {
+            try
+            {
+                ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
+                ASN1Sequence    seq = (ASN1Sequence)dIn.readObject();
+                ArrayList       list = new ArrayList();
+
+                for (int i = 0; i != seq.size(); i++)
+                {
+                    list.add(((DERObjectIdentifier)seq.getObjectAt(i)).getId());
+                }
+                
+                return Collections.unmodifiableList(list);
+            }
+            catch (Exception e)
+            {
+                throw new CertificateParsingException("error processing extended key usage extension");
+            }
+        }
+
+        return null;
+    }
+    
+    public int getBasicConstraints()
+    {
+        byte[]  bytes = this.getExtensionBytes("2.5.29.19");
+
+        if (bytes != null)
+        {
+            try
+            {
+                ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
+                ASN1Sequence    seq = (ASN1Sequence)dIn.readObject();
+
+                if (seq.size() == 2)
+                {
+                    if (((DERBoolean)seq.getObjectAt(0)).isTrue())
+                    {
+                        return ((DERInteger)seq.getObjectAt(1)).getValue().intValue();
+                    }
+                    else
+                    {
+                        return -1;
+                    }
+                }
+                else if (seq.size() == 1)
+                {
+                    if (seq.getObjectAt(0) instanceof DERBoolean)
+                    {
+                        if (((DERBoolean)seq.getObjectAt(0)).isTrue())
+                        {
+                            return Integer.MAX_VALUE;
+                        }
+                        else
+                        {
+                            return -1;
+                        }
+                    }
+                    else
+                    {
+                        return -1;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("error processing key usage extension");
+            }
+        }
+
+        return -1;
+    }
+
+    public Set getCriticalExtensionOIDs() 
+    {
+        if (this.getVersion() == 3)
+        {
+            HashSet         set = new HashSet();
+            X509Extensions  extensions = c.getTBSCertificate().getExtensions();
+
+            if (extensions != null)
+            {
+                Enumeration     e = extensions.oids();
+
+                while (e.hasMoreElements())
+                {
+                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                    X509Extension       ext = extensions.getExtension(oid);
+
+                    if (ext.isCritical())
+                    {
+                        set.add(oid.getId());
+                    }
+                }
+
+                return set;
+            }
+        }
+
+        return null;
+    }
+
+    private byte[] getExtensionBytes(String oid)
+    {
+        X509Extensions exts = c.getTBSCertificate().getExtensions();
+
+        if (exts != null)
+        {
+            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
+            if (ext != null)
+            {
+                return ext.getValue().getOctets();
+            }
+        }
+
+        return null;
+    }
+
+    public byte[] getExtensionValue(String oid) 
+    {
+        X509Extensions exts = c.getTBSCertificate().getExtensions();
+
+        if (exts != null)
+        {
+            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
+
+            if (ext != null)
+            {
+                ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+                DEROutputStream            dOut = new DEROutputStream(bOut);
+                
+                try
+                {
+                    dOut.writeObject(ext.getValue());
+
+                    return bOut.toByteArray();
+                }
+                catch (Exception e)
+                {
+                    throw new RuntimeException("error encoding " + e.toString());
+                }
+            }
+        }
+
+        return null;
+    }
+
+    public Set getNonCriticalExtensionOIDs() 
+    {
+        if (this.getVersion() == 3)
+        {
+            HashSet         set = new HashSet();
+            X509Extensions  extensions = c.getTBSCertificate().getExtensions();
+
+            if (extensions != null)
+            {
+                Enumeration     e = extensions.oids();
+
+                while (e.hasMoreElements())
+                {
+                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                    X509Extension       ext = extensions.getExtension(oid);
+
+                    if (!ext.isCritical())
+                    {
+                        set.add(oid.getId());
+                    }
+                }
+
+                return set;
+            }
+        }
+
+        return null;
+    }
+
+    public boolean hasUnsupportedCriticalExtension()
+    {
+        if (this.getVersion() == 3)
+        {
+            X509Extensions  extensions = c.getTBSCertificate().getExtensions();
+
+            if (extensions != null)
+            {
+                Enumeration     e = extensions.oids();
+
+                while (e.hasMoreElements())
+                {
+                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                    if (oid.getId().equals("2.5.29.15")
+                       || oid.getId().equals("2.5.29.19"))
+                    {
+                        continue;
+                    }
+
+                    X509Extension       ext = extensions.getExtension(oid);
+
+                    if (ext.isCritical())
+                    {
+                        return true;
+                    }
+                }
+            }
+        }
+
+        return false;
+    }
+
+    static PublicKey createPublicKeyFromPublicKeyInfo(
+                                                      SubjectPublicKeyInfo         info)
+                                                  {
+                                                      AlgorithmIdentifier     algId = info.getAlgorithmId();
+                                                      
+                                                      if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption)
+                                                          || algId.getObjectId().equals(X509ObjectIdentifiers.id_ea_rsa))
+                                                      {
+                                                            return new ExtendedJCERSAPublicKey(info);
+                                                      }
+                                                      else
+                                                      {
+                                                          throw new RuntimeException("algorithm identifier in key not recognised");
+                                                      }
+                                                  }
+    public PublicKey getPublicKey()
+    {
+        return createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo());
+    }
+
+    public byte[] getEncoded()
+        throws CertificateEncodingException
+    {
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+        DEROutputStream         dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c);
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw new CertificateEncodingException(e.toString());
+        }
+    }
+
+    public void setBagAttribute(
+        DERObjectIdentifier oid,
+        DEREncodable        attribute)
+    {
+        pkcs12Attributes.put(oid, attribute);
+        pkcs12Ordering.addElement(oid);
+    }
+
+    public DEREncodable getBagAttribute(
+        DERObjectIdentifier oid)
+    {
+        return (DEREncodable)pkcs12Attributes.get(oid);
+    }
+
+    public Enumeration getBagAttributeKeys()
+    {
+        return pkcs12Ordering.elements();
+    }
+
+    public String toString()
+    {
+        StringBuffer    buf = new StringBuffer();
+        String          nl = System.getProperty("line.separator");
+
+        buf.append("  [0]         Version: " + this.getVersion() + nl);
+        buf.append("         SerialNumber: " + this.getSerialNumber() + nl);
+        buf.append("             IssuerDN: " + this.getIssuerDN() + nl);
+        buf.append("           Start Date: " + this.getNotBefore() + nl);
+        buf.append("           Final Date: " + this.getNotAfter() + nl);
+        buf.append("            SubjectDN: " + this.getSubjectDN() + nl);
+        buf.append("           Public Key: " + this.getPublicKey() + nl);
+        buf.append("  Signature Algorithm: " + this.getSigAlgName() + nl);
+
+        byte[]  sig = this.getSignature();
+
+        buf.append("            Signature: " + new String(Hex.encode(sig, 0, 20)) + nl);
+        for (int i = 20; i < sig.length; i += 20)
+        {
+            if (i < sig.length - 20)
+            {
+                buf.append("                       " + new String(Hex.encode(sig, i, 20)) + nl);
+            }
+            else
+            {
+                buf.append("                       " + new String(Hex.encode(sig, i, sig.length - i)) + nl);
+            }
+        }
+
+        X509Extensions  extensions = c.getTBSCertificate().getExtensions();
+
+        if (extensions != null)
+        {
+            Enumeration     e = extensions.oids();
+
+            if (e.hasMoreElements())
+            {
+                buf.append("       Extensions: \n");
+            }
+
+            while (e.hasMoreElements())
+            {
+                DERObjectIdentifier     oid = (DERObjectIdentifier)e.nextElement();
+                X509Extension           ext = extensions.getExtension(oid);
+
+                if (ext.getValue() != null)
+                {
+                    byte[]                  octs = ext.getValue().getOctets();
+                    ByteArrayInputStream    bIn = new ByteArrayInputStream(octs);
+                    ASN1InputStream         dIn = new ASN1InputStream(bIn);
+                    buf.append("                       critical(" + ext.isCritical() + ") ");
+                    try
+                    {
+                        if (oid.equals(X509Extensions.BasicConstraints))
+                        {
+                            buf.append(new BasicConstraints((ASN1Sequence)dIn.readObject()) + nl);
+                        }
+                        else if (oid.equals(X509Extensions.KeyUsage))
+                        {
+                            buf.append(new KeyUsage((DERBitString)dIn.readObject()) + nl);
+                        }
+                        else if (oid.equals(MiscObjectIdentifiers.netscapeCertType))
+                        {
+                            buf.append(new NetscapeCertType((DERBitString)dIn.readObject()) + nl);
+                        }
+                        else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL))
+                        {
+                            buf.append(new NetscapeRevocationURL((DERIA5String)dIn.readObject()) + nl);
+                        }
+                        else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension))
+                        {
+                            buf.append(new VerisignCzagExtension((DERIA5String)dIn.readObject()) + nl);
+                        }
+                        else 
+                        {
+                            buf.append(oid.getId());
+                            buf.append(" value = " + ASN1Dump.dumpAsString(dIn.readObject()) + nl);
+                            //buf.append(" value = " + "*****" + nl);
+                        }
+                    }
+                    catch (Exception ex)
+                    {
+                        buf.append(oid.getId());
+                   //     buf.append(" value = " + new String(Hex.encode(ext.getValue().getOctets())) + nl);
+                        buf.append(" value = " + "*****" + nl);
+                    }
+                }
+                else
+                {
+                    buf.append(nl);
+                }
+            }
+        }
+
+        return buf.toString();
+    }
+
+    public final void verify(
+        PublicKey   key)
+        throws CertificateException, NoSuchAlgorithmException,
+        InvalidKeyException, NoSuchProviderException, SignatureException
+    {
+        Signature   signature = null;
+
+        if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature()))
+        {
+            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
+        }
+
+        try
+        {
+            signature = ExtendedX509V3CertificateGenerator.getSignature( c.getSignatureAlgorithm(),
+                                                                         "BC" );
+        }
+        catch (Exception e2)
+        {
+            try {
+                signature = ExtendedX509V3CertificateGenerator.getSignature( c.getSignatureAlgorithm(),
+                                                                             null );
+            } catch (InvalidParameterSpecException e) {
+                throw new NoSuchAlgorithmException(e);
+            } catch (InvalidAlgorithmParameterException e) {
+                throw new NoSuchAlgorithmException(e);
+            } catch (IOException e) {
+                throw new NoSuchAlgorithmException(e);
+            }
+        }
+
+        signature.initVerify(key);
+
+        signature.update(this.getTBSCertificate());
+
+        if (!signature.verify(this.getSignature()))
+        {
+            throw new InvalidKeyException("Public key presented not for certificate signature");
+        }
+    }
+
+    public final void verify(
+        PublicKey   key,
+        String      sigProvider)
+        throws CertificateException, NoSuchAlgorithmException,
+        InvalidKeyException, NoSuchProviderException, SignatureException
+    {
+        Signature signature;
+        try {
+            signature = ExtendedX509V3CertificateGenerator.getSignature( c.getSignatureAlgorithm(),
+                                                                         sigProvider );
+        } catch (InvalidParameterSpecException e) {
+            throw new NoSuchAlgorithmException(e);
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new NoSuchAlgorithmException(e);
+        } catch (IOException e) {
+            throw new NoSuchAlgorithmException(e);
+        }
+        if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature()))
+        {
+            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
+        }
+        
+        signature.initVerify(key);
+
+        signature.update(this.getTBSCertificate());
+
+        if (!signature.verify(this.getSignature()))
+        {
+            throw new InvalidKeyException("Public key presented not for certificate signature");
+        }
+    }
+}
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509Util.java ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509Util.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509Util.java	Thu Jan  1 01:00:00 1970
+++ ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509Util.java	Thu Nov 24 22:16:37 2005
@@ -0,0 +1,121 @@
+/*
+ * Created on 2005-jul-14
+ *
+ * TODO To change the template for this generated file go to
+ * Window - Preferences - Java - Code Style - Code Templates
+ */
+package se.anatom.ejbca.ca.caadmin;
+
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.Hashtable;
+import java.util.Iterator;
+
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERNull;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+
+class ExtendedX509Util
+{
+    private static Hashtable algorithms = new Hashtable();
+    private static Hashtable algorithmParameters = new Hashtable();
+    
+    static
+    {   
+        algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
+        algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
+        algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
+        algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
+        algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
+        algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
+        algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
+        algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
+        algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
+        algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption);
+        algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
+        algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
+        algorithms.put("RIPEMD160WITHRSAENCRYPTION", new DERObjectIdentifier("1.3.36.3.3.1.2"));
+        algorithms.put("RIPEMD160WITHRSA", new DERObjectIdentifier("1.3.36.3.3.1.2"));
+        algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3"));
+        algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3"));
+        algorithms.put("SHA1WITHECDSA", new DERObjectIdentifier("1.2.840.10045.4.1"));
+        algorithms.put("ECDSAWITHSHA1", new DERObjectIdentifier("1.2.840.10045.4.1"));
+        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        algorithms.put("SHA256WITHRSAANDMGF1", new DERObjectIdentifier("1.2.840.113549.1.1.10"));        
+        
+        algorithmParameters.put("MD2WITHRSAENCRYPTION", new DERNull());
+        algorithmParameters.put("MD2WITHRSA", new DERNull());
+        algorithmParameters.put("MD5WITHRSAENCRYPTION", new DERNull());
+        algorithmParameters.put("MD5WITHRSA", new DERNull());
+        algorithmParameters.put("SHA1WITHRSAENCRYPTION", new DERNull());
+        algorithmParameters.put("SHA1WITHRSA", new DERNull());
+        algorithmParameters.put("SHA224WITHRSAENCRYPTION", new DERNull());
+        algorithmParameters.put("SHA224WITHRSA", new DERNull());
+        algorithmParameters.put("SHA256WITHRSAENCRYPTION", new DERNull());
+        algorithmParameters.put("SHA256WITHRSA", new DERNull());
+        algorithmParameters.put("SHA384WITHRSAENCRYPTION", new DERNull());
+        algorithmParameters.put("SHA384WITHRSA", new DERNull());
+        algorithmParameters.put("SHA512WITHRSAENCRYPTION", new DERNull());
+        algorithmParameters.put("SHA512WITHRSA", new DERNull());
+        algorithmParameters.put("RIPEMD160WITHRSAENCRYPTION", new DERNull());
+        algorithmParameters.put("RIPEMD160WITHRSA", new DERNull());
+        algorithmParameters.put("SHA1WITHDSA", new DERNull());
+        algorithmParameters.put("DSAWITHSHA1", new DERNull());
+        algorithmParameters.put("SHA1WITHECDSA", new DERNull());
+        algorithmParameters.put("ECDSAWITHSHA1", new DERNull());
+        algorithmParameters.put("GOST3411WITHGOST3410", new DERNull());
+        algorithmParameters.put("SHA256WITHRSAANDMGF1", new RSASSAPSSparams( new AlgorithmIdentifier(new DERObjectIdentifier("2.16.840.1.101.3.4.2.1"), new DERNull()), 
+                                                                             new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, new AlgorithmIdentifier(new DERObjectIdentifier("2.16.840.1.101.3.4.2.1"), new DERNull())),  
+                                                                             new DERInteger(32), new DERInteger(1)
+                                                                             ).getDERObject());
+        
+        
+    }
+    
+    static DERObjectIdentifier getAlgorithmOID(
+        String algorithmName)
+    {
+        algorithmName = algorithmName.toUpperCase();
+        
+        if (algorithms.containsKey(algorithmName))
+        {
+            return (DERObjectIdentifier)algorithms.get(algorithmName);
+        }
+        
+        return new DERObjectIdentifier(algorithmName);
+    }
+    
+    static DERObject getAlgorithmParameters(
+            String algorithmName)
+        {
+            algorithmName = algorithmName.toUpperCase();
+            
+            if (algorithmParameters.containsKey(algorithmName))
+            {
+                return (DERObject)algorithmParameters.get(algorithmName);
+            }
+            
+            return new DERNull();
+        }
+    
+    static Iterator getAlgNames()
+    {
+        Enumeration e = algorithms.keys();
+        ArrayList   l = new ArrayList();
+        
+        while (e.hasMoreElements())
+        {
+            l.add(e.nextElement());
+        }
+        
+        return l.iterator();
+    }
+}
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509Util.java.15 ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509Util.java.15
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509Util.java.15	Thu Jan  1 01:00:00 1970
+++ ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509Util.java.15	Wed Nov 30 09:49:46 2005
@@ -0,0 +1,121 @@
+/*
+ * Created on 2005-jul-14
+ *
+ * TODO To change the template for this generated file go to
+ * Window - Preferences - Java - Code Style - Code Templates
+ */
+package se.anatom.ejbca.ca.caadmin;
+
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.Hashtable;
+import java.util.Iterator;
+
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERNull;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+
+class ExtendedX509Util
+{
+    private static Hashtable algorithms = new Hashtable();
+    private static Hashtable algorithmParameters = new Hashtable();
+    
+    static
+    {   
+        algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
+        algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
+        algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
+        algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
+        algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
+        algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
+        algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
+        algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
+        algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
+        algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption);
+        algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
+        algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
+        algorithms.put("RIPEMD160WITHRSAENCRYPTION", new DERObjectIdentifier("1.3.36.3.3.1.2"));
+        algorithms.put("RIPEMD160WITHRSA", new DERObjectIdentifier("1.3.36.3.3.1.2"));
+        algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3"));
+        algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3"));
+        algorithms.put("SHA1WITHECDSA", new DERObjectIdentifier("1.2.840.10045.4.1"));
+        algorithms.put("ECDSAWITHSHA1", new DERObjectIdentifier("1.2.840.10045.4.1"));
+        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        algorithms.put("SHA256WITHRSAANDMGF1", new DERObjectIdentifier("1.2.840.113549.1.1.10"));        
+        
+        algorithmParameters.put("MD2WITHRSAENCRYPTION", new DERNull());
+        algorithmParameters.put("MD2WITHRSA", new DERNull());
+        algorithmParameters.put("MD5WITHRSAENCRYPTION", new DERNull());
+        algorithmParameters.put("MD5WITHRSA", new DERNull());
+        algorithmParameters.put("SHA1WITHRSAENCRYPTION", new DERNull());
+        algorithmParameters.put("SHA1WITHRSA", new DERNull());
+        algorithmParameters.put("SHA224WITHRSAENCRYPTION", new DERNull());
+        algorithmParameters.put("SHA224WITHRSA", new DERNull());
+        algorithmParameters.put("SHA256WITHRSAENCRYPTION", new DERNull());
+        algorithmParameters.put("SHA256WITHRSA", new DERNull());
+        algorithmParameters.put("SHA384WITHRSAENCRYPTION", new DERNull());
+        algorithmParameters.put("SHA384WITHRSA", new DERNull());
+        algorithmParameters.put("SHA512WITHRSAENCRYPTION", new DERNull());
+        algorithmParameters.put("SHA512WITHRSA", new DERNull());
+        algorithmParameters.put("RIPEMD160WITHRSAENCRYPTION", new DERNull());
+        algorithmParameters.put("RIPEMD160WITHRSA", new DERNull());
+        algorithmParameters.put("SHA1WITHDSA", new DERNull());
+        algorithmParameters.put("DSAWITHSHA1", new DERNull());
+        algorithmParameters.put("SHA1WITHECDSA", new DERNull());
+        algorithmParameters.put("ECDSAWITHSHA1", new DERNull());
+        algorithmParameters.put("GOST3411WITHGOST3410", new DERNull());
+        algorithmParameters.put("SHA256WITHRSAANDMGF1", new RSASSAPSSparams( new AlgorithmIdentifier(new DERObjectIdentifier("2.16.840.1.101.3.4.2.1"), new DERNull()), 
+                                                                             new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, new AlgorithmIdentifier(new DERObjectIdentifier("2.16.840.1.101.3.4.2.1"), new DERNull())),  
+                                                                             new DERInteger(20), new DERInteger(1)
+                                                                             ).getDERObject());
+        
+        
+    }
+    
+    static DERObjectIdentifier getAlgorithmOID(
+        String algorithmName)
+    {
+        algorithmName = algorithmName.toUpperCase();
+        
+        if (algorithms.containsKey(algorithmName))
+        {
+            return (DERObjectIdentifier)algorithms.get(algorithmName);
+        }
+        
+        return new DERObjectIdentifier(algorithmName);
+    }
+    
+    static DERObject getAlgorithmParameters(
+            String algorithmName)
+        {
+            algorithmName = algorithmName.toUpperCase();
+            
+            if (algorithmParameters.containsKey(algorithmName))
+            {
+                return (DERObject)algorithmParameters.get(algorithmName);
+            }
+            
+            return new DERNull();
+        }
+    
+    static Iterator getAlgNames()
+    {
+        Enumeration e = algorithms.keys();
+        ArrayList   l = new ArrayList();
+        
+        while (e.hasMoreElements())
+        {
+            l.add(e.nextElement());
+        }
+        
+        return l.iterator();
+    }
+}
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509V2CRLGenerator.java ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509V2CRLGenerator.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509V2CRLGenerator.java	Thu Jan  1 01:00:00 1970
+++ ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509V2CRLGenerator.java	Thu Nov 24 22:16:37 2005
@@ -0,0 +1,351 @@
+package se.anatom.ejbca.ca.caadmin;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.SecureRandom;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.cert.X509CRL;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.SimpleTimeZone;
+import java.util.Vector;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERGeneralizedTime;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DEROutputStream;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.CertificateList;
+import org.bouncycastle.asn1.x509.TBSCertList;
+import org.bouncycastle.asn1.x509.Time;
+import org.bouncycastle.asn1.x509.V2TBSCertListGenerator;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.jce.X509Principal;
+
+
+/**
+ * class to produce an X.509 Version 2 CRL extended with support for the RSASSA-PSS signature algorithm, this shouldonly be used for proof of concept and
+ * not for production usage.
+ */
+public class ExtendedX509V2CRLGenerator
+{
+    private SimpleDateFormat            dateF = new SimpleDateFormat("yyMMddHHmmss");
+    private SimpleTimeZone              tz = new SimpleTimeZone(0, "Z");
+    private V2TBSCertListGenerator      tbsGen;
+    private AlgorithmIdentifier         sigAlgId;
+    private String                      signatureAlgorithm;
+    private Hashtable                   extensions = null;
+    private Vector                      extOrdering = null;
+
+    public ExtendedX509V2CRLGenerator()
+    {
+        dateF.setTimeZone(tz);
+
+        tbsGen = new V2TBSCertListGenerator();
+    }
+
+    /**
+     * reset the generator
+     */
+    public void reset()
+    {
+        tbsGen = new V2TBSCertListGenerator();
+    }
+
+    /**
+     * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
+     * certificate.
+     */
+    public void setIssuerDN(
+        X500Principal   issuer)
+    {
+        try
+        {
+            tbsGen.setIssuer(new X509Principal(issuer.getEncoded()));
+        }
+        catch (IOException e)
+        {
+            throw new IllegalArgumentException("can't process principal: " + e);
+        }
+    }
+
+    /**
+     * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
+     * certificate.
+     */
+    public void setIssuerDN(
+        X509Name   issuer)
+    {
+        tbsGen.setIssuer(issuer);
+    }
+
+    public void setThisUpdate(
+        Date    date)
+    {
+        tbsGen.setThisUpdate(new Time(date));
+    }
+
+    public void setNextUpdate(
+        Date    date)
+    {
+        tbsGen.setNextUpdate(new Time(date));
+    }
+
+    /**
+     * Reason being as indicated by ReasonFlags, i.e. ReasonFlags.keyCompromise
+     * or 0 if ReasonFlags are not to be used
+     **/
+    public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason)
+    {
+        tbsGen.addCRLEntry(new DERInteger(userCertificate), new Time(revocationDate), reason);
+    }
+
+    /**
+     * Add a CRL entry with an Invalidity Date extension as well as a CRLReason extension.
+     * Reason being as indicated by ReasonFlags, i.e. ReasonFlags.keyCompromise
+     * or 0 if ReasonFlags are not to be used
+     **/
+    public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason, Date invalidityDate)
+    {
+        tbsGen.addCRLEntry(new DERInteger(userCertificate), new Time(revocationDate), reason, new DERGeneralizedTime(invalidityDate));
+    }
+    
+    /**
+     * Set the signature algorithm. This can be either a name or an OID, names
+     * are treated as case insensitive.
+     * 
+     * @param signatureAlgorithm string representation of the algorithm name.
+     */
+    public void setSignatureAlgorithm(
+        String  signatureAlgorithm)
+    {
+        this.signatureAlgorithm = signatureAlgorithm;
+
+        try
+        {
+            sigAlgId = new AlgorithmIdentifier( ExtendedX509Util.getAlgorithmOID(signatureAlgorithm),
+                                                ExtendedX509Util.getAlgorithmParameters(signatureAlgorithm));
+        }
+        catch (Exception e)
+        {
+            throw new IllegalArgumentException("Unknown signature type requested");
+        }
+
+        tbsGen.setSignature(sigAlgId);
+    }
+
+    /**
+     * add a given extension field for the standard extensions tag (tag 3)
+     */
+    public void addExtension(
+        String          OID,
+        boolean         critical,
+        DEREncodable    value)
+    {
+        this.addExtension(new DERObjectIdentifier(OID), critical, value);
+    }
+
+    /**
+     * add a given extension field for the standard extensions tag (tag 0)
+     */
+    public void addExtension(
+        DERObjectIdentifier OID,
+        boolean             critical,
+        DEREncodable        value)
+    {
+        if (extensions == null)
+        {
+            extensions = new Hashtable();
+            extOrdering = new Vector();
+        }
+
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+        DEROutputStream         dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(value);
+        }
+        catch (IOException e)
+        {
+            throw new IllegalArgumentException("error encoding value: " + e);
+        }
+
+        this.addExtension(OID, critical, bOut.toByteArray());
+    }
+
+    /**
+     * add a given extension field for the standard extensions tag (tag 0)
+     */
+    public void addExtension(
+        String          OID,
+        boolean         critical,
+        byte[]          value)
+    {
+        this.addExtension(new DERObjectIdentifier(OID), critical, value);
+    }
+
+    /**
+     * add a given extension field for the standard extensions tag (tag 0)
+     */
+    public void addExtension(
+        DERObjectIdentifier OID,
+        boolean             critical,
+        byte[]              value)
+    {
+        if (extensions == null)
+        {
+            extensions = new Hashtable();
+            extOrdering = new Vector();
+        }
+
+        extensions.put(OID, new X509Extension(critical, new DEROctetString(value)));
+        extOrdering.addElement(OID);
+    }
+
+    /**
+     * generate an X509 CRL, based on the current issuer and subject
+     * using the default provider "BC".
+     */
+    public X509CRL generateX509CRL(
+        PrivateKey      key)
+        throws SecurityException, SignatureException, InvalidKeyException
+    {
+        try
+        {
+            return generateX509CRL(key, "BC", null);
+        }
+        catch (NoSuchProviderException e)
+        {
+            throw new SecurityException("BC provider not installed!");
+        }
+    }
+
+    /**
+     * generate an X509 CRL, based on the current issuer and subject
+     * using the default provider "BC" and an user defined SecureRandom object as
+     * source of randomness.
+     */
+    public X509CRL generateX509CRL(
+        PrivateKey      key,
+        SecureRandom    random)
+        throws SecurityException, SignatureException, InvalidKeyException
+    {
+        try
+        {
+            return generateX509CRL(key, "BC", random);
+        }
+        catch (NoSuchProviderException e)
+        {
+            throw new SecurityException("BC provider not installed!");
+        }
+    }
+
+    /**
+     * generate an X509 certificate, based on the current issuer and subject
+     * using the passed in provider for the signing.
+     */
+    public X509CRL generateX509CRL(
+        PrivateKey      key,
+        String          provider)
+        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
+    {
+        return generateX509CRL(key, provider, null);
+    }
+
+    /**
+     * generate an X509 CRL, based on the current issuer and subject,
+     * using the passed in provider for the signing.
+     */
+    public X509CRL generateX509CRL(
+        PrivateKey      key,
+        String          provider,
+        SecureRandom    random)
+        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
+    {
+        Signature sig = null;
+
+        try
+        {
+            sig = ExtendedX509V3CertificateGenerator.getSignature( sigAlgId, provider );
+        }
+        catch (Exception ex)
+        {
+            try
+            {
+                sig = Signature.getInstance(signatureAlgorithm, provider);
+            }
+            catch (NoSuchAlgorithmException e)
+            {
+                throw new SecurityException("exception creating signature: " + e.toString());
+            }
+        }
+
+        if (random != null)
+        {
+            sig.initSign(key, random);
+        }
+        else
+        {
+            sig.initSign(key);
+        }
+
+        if (extensions != null)
+        {
+            tbsGen.setExtensions(new X509Extensions(extOrdering, extensions));
+        }
+
+        TBSCertList tbsCrl = tbsGen.generateTBSCertList();
+
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            DEROutputStream         dOut = new DEROutputStream(bOut);
+
+            dOut.writeObject(tbsCrl);
+
+            sig.update(bOut.toByteArray());
+        }
+        catch (Exception e)
+        {
+            throw new SecurityException("exception encoding TBS cert - " + e);
+        }
+
+        // Construct the CRL
+        ASN1EncodableVector  v = new ASN1EncodableVector();
+
+        v.add(tbsCrl);
+        v.add(sigAlgId);
+        v.add(new DERBitString(sig.sign()));
+
+        return new ExtendedX509CRLObject(new CertificateList(new DERSequence(v)));
+    }
+    
+    
+    /**
+     * Return an iterator of the signature names supported by the generator.
+     * 
+     * @return an iterator containing recognised names.
+     */
+    public Iterator getSignatureAlgNames()
+    {
+        return ExtendedX509Util.getAlgNames();
+    }
+}
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509V3CertificateGenerator.java ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509V3CertificateGenerator.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509V3CertificateGenerator.java	Thu Jan  1 01:00:00 1970
+++ ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509V3CertificateGenerator.java	Fri Nov 25 09:38:07 2005
@@ -0,0 +1,403 @@
+package se.anatom.ejbca.ca.caadmin;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.cert.X509Certificate;
+import java.security.spec.InvalidParameterSpecException;
+import java.util.Date;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.Vector;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DEROutputStream;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x509.TBSCertificateStructure;
+import org.bouncycastle.asn1.x509.Time;
+import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
+import org.bouncycastle.asn1.x509.X509CertificateStructure;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.jce.X509Principal;
+
+
+/**
+ * class to produce an X.509 Version 3 certificate, this is a copy of the bc class X509V3CertificateGenerator but can also issue certificates
+ * using the RSASSA-PSS algorithm.This class should only be used for proof of concept
+ * 
+ * @version $Id: ExtendedX509V3CertificateGenerator.java,v 1.1.2.2 2005/11/25 08:38:07 anatom Exp $
+ */
+public class ExtendedX509V3CertificateGenerator
+{
+    private V3TBSCertificateGenerator   tbsGen;
+    private AlgorithmIdentifier         sigAlgId;
+    private String                      signatureAlgorithm;
+    private Hashtable                   extensions = null;
+    private Vector                      extOrdering = null;
+
+    public ExtendedX509V3CertificateGenerator()
+    {
+        tbsGen = new V3TBSCertificateGenerator();
+    }
+
+    /**
+     * reset the generator
+     */
+    public void reset()
+    {
+        tbsGen = new V3TBSCertificateGenerator();
+        extensions = null;
+        extOrdering = null;
+    }
+
+    /**
+     * set the serial number for the certificate.
+     */
+    public void setSerialNumber(
+        BigInteger      serialNumber)
+    {
+        tbsGen.setSerialNumber(new DERInteger(serialNumber));
+    }
+
+    /**
+     * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
+     * certificate.
+     */
+    public void setIssuerDN(
+        X500Principal   issuer)
+    {
+        try
+        {
+            tbsGen.setIssuer(new X509Principal(issuer.getEncoded()));
+        }
+        catch (IOException e)
+        {
+            throw new IllegalArgumentException("can't process principal: " + e);
+        }
+    }
+    
+    /**
+     * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
+     * certificate.
+     */
+    public void setIssuerDN(
+        X509Name   issuer)
+    {
+        tbsGen.setIssuer(issuer);
+    }
+
+    public void setNotBefore(
+        Date    date)
+    {
+        tbsGen.setStartDate(new Time(date));
+    }
+
+    public void setNotAfter(
+        Date    date)
+    {
+        tbsGen.setEndDate(new Time(date));
+    }
+
+    /**
+     * Set the subject distinguished name. The subject describes the entity associated with the public key.
+     */
+    public void setSubjectDN(
+        X500Principal   subject)
+    {
+        try
+        {
+            tbsGen.setSubject(new X509Principal(subject.getEncoded()));
+        }
+        catch (IOException e)
+        {
+            throw new IllegalArgumentException("can't process principal: " + e);
+        }
+    }
+    
+    /**
+     * Set the subject distinguished name. The subject describes the entity associated with the public key.
+     */
+    public void setSubjectDN(
+        X509Name   subject)
+    {
+        tbsGen.setSubject(subject);
+    }
+
+    public void setPublicKey(
+        PublicKey       key)
+    {
+        try
+        {
+            tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(
+                                new ByteArrayInputStream(key.getEncoded())).readObject()));
+        }
+        catch (Exception e)
+        {
+            throw new IllegalArgumentException("unable to process key - " + e.toString());
+        }
+    }
+
+    /**
+     * Set the signature algorithm. This can be either a name or an OID, names
+     * are treated as case insensitive.
+     * 
+     * @param signatureAlgorithm string representation of the algorithm name.
+     */
+    public void setSignatureAlgorithm(
+        String  signatureAlgorithm)
+    {
+        this.signatureAlgorithm = signatureAlgorithm;
+
+        try
+        {
+            sigAlgId = new AlgorithmIdentifier(ExtendedX509Util.getAlgorithmOID(signatureAlgorithm),
+                                               ExtendedX509Util.getAlgorithmParameters(signatureAlgorithm));
+        }
+        catch (Exception e)
+        {
+            throw new IllegalArgumentException("Unknown signature type requested");
+        }
+
+        tbsGen.setSignature(sigAlgId);
+    }
+
+    /**
+     * add a given extension field for the standard extensions tag (tag 3)
+     */
+    public void addExtension(
+        String          OID,
+        boolean         critical,
+        DEREncodable    value)
+    {
+        this.addExtension(new DERObjectIdentifier(OID), critical, value);
+    }
+
+    /**
+     * add a given extension field for the standard extensions tag (tag 3)
+     */
+    public void addExtension(
+        DERObjectIdentifier OID,
+        boolean             critical,
+        DEREncodable        value)
+    {
+        if (extensions == null)
+        {
+            extensions = new Hashtable();
+            extOrdering = new Vector();
+        }
+
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+        DEROutputStream         dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(value);
+        }
+        catch (IOException e)
+        {
+            throw new IllegalArgumentException("error encoding value: " + e);
+        }
+
+        this.addExtension(OID, critical, bOut.toByteArray());
+    }
+
+    /**
+     * add a given extension field for the standard extensions tag (tag 3)
+     * The value parameter becomes the contents of the octet string associated
+     * with the extension.
+     */
+    public void addExtension(
+        String          OID,
+        boolean         critical,
+        byte[]          value)
+    {
+        this.addExtension(new DERObjectIdentifier(OID), critical, value);
+    }
+
+    /**
+     * add a given extension field for the standard extensions tag (tag 3)
+     */
+    public void addExtension(
+        DERObjectIdentifier OID,
+        boolean             critical,
+        byte[]              value)
+    {
+        if (extensions == null)
+        {
+            extensions = new Hashtable();
+            extOrdering = new Vector();
+        }
+
+        extensions.put(OID, new X509Extension(critical, new DEROctetString(value)));
+        extOrdering.addElement(OID);
+    }
+
+    /**
+     * generate an X509 certificate, based on the current issuer and subject
+     * using the default provider "BC".
+     */
+    public X509Certificate generateX509Certificate(
+        PrivateKey      key)
+        throws SecurityException, SignatureException, InvalidKeyException
+    {
+        try
+        {
+            return generateX509Certificate(key, "BC", null);
+        }
+        catch (NoSuchProviderException e)
+        {
+            throw new SecurityException("BC provider not installed!");
+        }
+    }
+
+    /**
+     * generate an X509 certificate, based on the current issuer and subject
+     * using the default provider "BC", and the passed in source of randomness
+     * (if required).
+     */
+    public X509Certificate generateX509Certificate(
+        PrivateKey      key,
+        SecureRandom    random)
+        throws SecurityException, SignatureException, InvalidKeyException
+    {
+        try
+        {
+            return generateX509Certificate(key, "BC", random);
+        }
+        catch (NoSuchProviderException e)
+        {
+            throw new SecurityException("BC provider not installed!");
+        }
+    }
+
+    /**
+     * generate an X509 certificate, based on the current issuer and subject,
+     * using the passed in provider for the signing.
+     */
+    public X509Certificate generateX509Certificate(
+        PrivateKey      key,
+        String          provider)
+        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
+    {
+        return generateX509Certificate(key, provider, null);
+    }
+    static Signature getSignature( AlgorithmIdentifier algId,
+                                   String provider) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, InvalidParameterSpecException, InvalidAlgorithmParameterException {
+        final DERObjectIdentifier objId = algId.getObjectId();
+        final Signature sig;
+        if (provider!=null)
+            sig = Signature.getInstance(objId.getId(), provider);
+        else
+            sig = Signature.getInstance(objId.getId());
+        if ( objId.equals(PKCSObjectIdentifiers.id_RSASSA_PSS) ) {
+           throw new NoSuchProviderException("RSASSA-PSS Signing Algorithm isn't supported in jdk 1.4");
+        }
+        return sig;
+    }
+    /**
+     * generate an X509 certificate, based on the current issuer and subject,
+     * using the passed in provider for the signing and the supplied source
+     * of randomness, if required.
+     */
+    public X509Certificate generateX509Certificate(
+        PrivateKey      key,
+        String          provider,
+        SecureRandom    random)
+        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
+    {
+        Signature sig = null;
+
+        if (sigAlgId.getObjectId().getId() == null)
+        {
+            throw new IllegalStateException("no signature algorithm specified");
+        }
+
+        try
+        {
+            sig = getSignature(sigAlgId, provider);
+        }
+        catch (Exception ex)
+        {
+            try
+            {
+                sig = Signature.getInstance(signatureAlgorithm, provider);
+            }
+            catch (NoSuchAlgorithmException e)
+            {
+                throw new SecurityException("exception creating signature: " + e.toString());
+            }
+        }
+
+        if (random != null)
+        {
+            sig.initSign(key, random);
+        }
+        else
+        {
+            sig.initSign(key);
+        }
+
+        if (extensions != null)
+        {
+            tbsGen.setExtensions(new X509Extensions(extOrdering, extensions));
+        }
+
+        TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();
+
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            DEROutputStream         dOut = new DEROutputStream(bOut);
+
+            dOut.writeObject(tbsCert);
+
+            sig.update(bOut.toByteArray());
+        }
+        catch (Exception e)
+        {
+            throw new SecurityException("exception encoding TBS cert - " + e);
+        }
+
+        ASN1EncodableVector  v = new ASN1EncodableVector();
+
+        v.add(tbsCert);
+        v.add(sigAlgId);
+        v.add(new DERBitString(sig.sign()));
+
+        return new ExtendedX509CertificateObject(new X509CertificateStructure(new DERSequence(v)));
+    }
+    
+    /**
+     * Return an iterator of the signature names supported by the generator.
+     * 
+     * @return an iterator containing recognised names.
+     */
+    public Iterator getSignatureAlgNames()
+    {
+        return ExtendedX509Util.getAlgNames();
+    }
+}
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509V3CertificateGenerator.java.15 ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509V3CertificateGenerator.java.15
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509V3CertificateGenerator.java.15	Thu Jan  1 01:00:00 1970
+++ ./src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509V3CertificateGenerator.java.15	Thu Nov 24 22:16:37 2005
@@ -0,0 +1,426 @@
+package se.anatom.ejbca.ca.caadmin;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.StringWriter;
+import java.math.BigInteger;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.cert.X509Certificate;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
+import java.security.spec.MGF1ParameterSpec;
+import java.security.spec.PSSParameterSpec;
+import java.util.Date;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.Vector;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.apache.log4j.Logger;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DEROutputStream;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x509.TBSCertificateStructure;
+import org.bouncycastle.asn1.x509.Time;
+import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
+import org.bouncycastle.asn1.x509.X509CertificateStructure;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.jce.X509Principal;
+
+
+/**
+ * class to produce an X.509 Version 3 certificate, this is a copy of the bc class X509V3CertificateGenerator but can also issue certificates
+ * using the RSASSA-PSS algorithm.This class should only be used for proof of concept
+ */
+public class ExtendedX509V3CertificateGenerator
+{
+    private V3TBSCertificateGenerator   tbsGen;
+    private AlgorithmIdentifier         sigAlgId;
+    private String                      signatureAlgorithm;
+    private Hashtable                   extensions = null;
+    private Vector                      extOrdering = null;
+
+    private static Logger log = Logger.getLogger(ExtendedX509V3CertificateGenerator.class);
+
+    public ExtendedX509V3CertificateGenerator()
+    {
+        tbsGen = new V3TBSCertificateGenerator();
+    }
+
+    /**
+     * reset the generator
+     */
+    public void reset()
+    {
+        tbsGen = new V3TBSCertificateGenerator();
+        extensions = null;
+        extOrdering = null;
+    }
+
+    /**
+     * set the serial number for the certificate.
+     */
+    public void setSerialNumber(
+        BigInteger      serialNumber)
+    {
+        tbsGen.setSerialNumber(new DERInteger(serialNumber));
+    }
+
+    /**
+     * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
+     * certificate.
+     */
+    public void setIssuerDN(
+        X500Principal   issuer)
+    {
+        try
+        {
+            tbsGen.setIssuer(new X509Principal(issuer.getEncoded()));
+        }
+        catch (IOException e)
+        {
+            throw new IllegalArgumentException("can't process principal: " + e);
+        }
+    }
+    
+    /**
+     * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
+     * certificate.
+     */
+    public void setIssuerDN(
+        X509Name   issuer)
+    {
+        tbsGen.setIssuer(issuer);
+    }
+
+    public void setNotBefore(
+        Date    date)
+    {
+        tbsGen.setStartDate(new Time(date));
+    }
+
+    public void setNotAfter(
+        Date    date)
+    {
+        tbsGen.setEndDate(new Time(date));
+    }
+
+    /**
+     * Set the subject distinguished name. The subject describes the entity associated with the public key.
+     */
+    public void setSubjectDN(
+        X500Principal   subject)
+    {
+        try
+        {
+            tbsGen.setSubject(new X509Principal(subject.getEncoded()));
+        }
+        catch (IOException e)
+        {
+            throw new IllegalArgumentException("can't process principal: " + e);
+        }
+    }
+    
+    /**
+     * Set the subject distinguished name. The subject describes the entity associated with the public key.
+     */
+    public void setSubjectDN(
+        X509Name   subject)
+    {
+        tbsGen.setSubject(subject);
+    }
+
+    public void setPublicKey(
+        PublicKey       key)
+    {
+        try
+        {
+            tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(
+                                new ByteArrayInputStream(key.getEncoded())).readObject()));
+        }
+        catch (Exception e)
+        {
+            throw new IllegalArgumentException("unable to process key - " + e.toString());
+        }
+    }
+
+    /**
+     * Set the signature algorithm. This can be either a name or an OID, names
+     * are treated as case insensitive.
+     * 
+     * @param signatureAlgorithm string representation of the algorithm name.
+     */
+    public void setSignatureAlgorithm(
+        String  signatureAlgorithm)
+    {
+        this.signatureAlgorithm = signatureAlgorithm;
+
+        try
+        {
+            sigAlgId = new AlgorithmIdentifier(ExtendedX509Util.getAlgorithmOID(signatureAlgorithm),
+                                               ExtendedX509Util.getAlgorithmParameters(signatureAlgorithm));
+        }
+        catch (Exception e)
+        {
+            throw new IllegalArgumentException("Unknown signature type requested");
+        }
+
+        tbsGen.setSignature(sigAlgId);
+    }
+
+    /**
+     * add a given extension field for the standard extensions tag (tag 3)
+     */
+    public void addExtension(
+        String          OID,
+        boolean         critical,
+        DEREncodable    value)
+    {
+        this.addExtension(new DERObjectIdentifier(OID), critical, value);
+    }
+
+    /**
+     * add a given extension field for the standard extensions tag (tag 3)
+     */
+    public void addExtension(
+        DERObjectIdentifier OID,
+        boolean             critical,
+        DEREncodable        value)
+    {
+        if (extensions == null)
+        {
+            extensions = new Hashtable();
+            extOrdering = new Vector();
+        }
+
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+        DEROutputStream         dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(value);
+        }
+        catch (IOException e)
+        {
+            throw new IllegalArgumentException("error encoding value: " + e);
+        }
+
+        this.addExtension(OID, critical, bOut.toByteArray());
+    }
+
+    /**
+     * add a given extension field for the standard extensions tag (tag 3)
+     * The value parameter becomes the contents of the octet string associated
+     * with the extension.
+     */
+    public void addExtension(
+        String          OID,
+        boolean         critical,
+        byte[]          value)
+    {
+        this.addExtension(new DERObjectIdentifier(OID), critical, value);
+    }
+
+    /**
+     * add a given extension field for the standard extensions tag (tag 3)
+     */
+    public void addExtension(
+        DERObjectIdentifier OID,
+        boolean             critical,
+        byte[]              value)
+    {
+        if (extensions == null)
+        {
+            extensions = new Hashtable();
+            extOrdering = new Vector();
+        }
+
+        extensions.put(OID, new X509Extension(critical, new DEROctetString(value)));
+        extOrdering.addElement(OID);
+    }
+
+    /**
+     * generate an X509 certificate, based on the current issuer and subject
+     * using the default provider "BC".
+     */
+    public X509Certificate generateX509Certificate(
+        PrivateKey      key)
+        throws SecurityException, SignatureException, InvalidKeyException
+    {
+        try
+        {
+            return generateX509Certificate(key, "BC", null);
+        }
+        catch (NoSuchProviderException e)
+        {
+            throw new SecurityException("BC provider not installed!");
+        }
+    }
+
+    /**
+     * generate an X509 certificate, based on the current issuer and subject
+     * using the default provider "BC", and the passed in source of randomness
+     * (if required).
+     */
+    public X509Certificate generateX509Certificate(
+        PrivateKey      key,
+        SecureRandom    random)
+        throws SecurityException, SignatureException, InvalidKeyException
+    {
+        try
+        {
+            return generateX509Certificate(key, "BC", random);
+        }
+        catch (NoSuchProviderException e)
+        {
+            throw new SecurityException("BC provider not installed!");
+        }
+    }
+
+    /**
+     * generate an X509 certificate, based on the current issuer and subject,
+     * using the passed in provider for the signing.
+     */
+    public X509Certificate generateX509Certificate(
+        PrivateKey      key,
+        String          provider)
+        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
+    {
+        return generateX509Certificate(key, provider, null);
+    }
+    static Signature getSignature( AlgorithmIdentifier algId,
+                                   String provider) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, InvalidParameterSpecException, InvalidAlgorithmParameterException {
+        final DERObjectIdentifier objId = algId.getObjectId();
+        final Signature sig;
+        if (provider!=null)
+            sig = Signature.getInstance(objId.getId(), provider);
+        else
+            sig = Signature.getInstance(objId.getId());
+        if ( objId.equals(PKCSObjectIdentifiers.id_RSASSA_PSS) ) {
+            final AlgorithmParameters algParams =AlgorithmParameters.getInstance(PKCSObjectIdentifiers.id_RSASSA_PSS.getId(),
+                                                                                 "BC");
+            algParams.init(algId.getParameters().getDERObject().getEncoded());
+            PSSParameterSpec pssSpec = (PSSParameterSpec)algParams.getParameterSpec(PSSParameterSpec.class);
+            StringWriter sw = new StringWriter();
+            sw.write("Digest name: "+pssSpec.getDigestAlgorithm());
+            sw.write(", MGF name: "+pssSpec.getMGFAlgorithm());
+            AlgorithmParameterSpec mgfSpec = pssSpec.getMGFParameters();
+            sw.write(", MGF digest: ");
+            if ( mgfSpec instanceof MGF1ParameterSpec )
+                sw.write(((MGF1ParameterSpec)mgfSpec).getDigestAlgorithm());
+            else
+                sw.write("not specified in MGF1ParameterSpec");
+            sw.write(", salt length: "+pssSpec.getSaltLength());
+            sw.write(", trailer field: "+ pssSpec.getTrailerField());
+            sw.write('.');
+            log.debug(sw.toString());
+            sig.setParameter(pssSpec);
+        }
+        return sig;
+    }
+    /**
+     * generate an X509 certificate, based on the current issuer and subject,
+     * using the passed in provider for the signing and the supplied source
+     * of randomness, if required.
+     */
+    public X509Certificate generateX509Certificate(
+        PrivateKey      key,
+        String          provider,
+        SecureRandom    random)
+        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
+    {
+        Signature sig = null;
+
+        if (sigAlgId.getObjectId().getId() == null)
+        {
+            throw new IllegalStateException("no signature algorithm specified");
+        }
+
+        try
+        {
+            sig = getSignature(sigAlgId, provider);
+        }
+        catch (Exception ex)
+        {
+            try
+            {
+                sig = Signature.getInstance(signatureAlgorithm, provider);
+            }
+            catch (NoSuchAlgorithmException e)
+            {
+                throw new SecurityException("exception creating signature: " + e.toString());
+            }
+        }
+
+        if (random != null)
+        {
+            sig.initSign(key, random);
+        }
+        else
+        {
+            sig.initSign(key);
+        }
+
+        if (extensions != null)
+        {
+            tbsGen.setExtensions(new X509Extensions(extOrdering, extensions));
+        }
+
+        TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();
+
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            DEROutputStream         dOut = new DEROutputStream(bOut);
+
+            dOut.writeObject(tbsCert);
+
+            sig.update(bOut.toByteArray());
+        }
+        catch (Exception e)
+        {
+            throw new SecurityException("exception encoding TBS cert - " + e);
+        }
+
+        ASN1EncodableVector  v = new ASN1EncodableVector();
+
+        v.add(tbsCert);
+        v.add(sigAlgId);
+        v.add(new DERBitString(sig.sign()));
+
+        return new ExtendedX509CertificateObject(new X509CertificateStructure(new DERSequence(v)));
+    }
+    
+    /**
+     * Return an iterator of the signature names supported by the generator.
+     * 
+     * @return an iterator containing recognised names.
+     */
+    public Iterator getSignatureAlgNames()
+    {
+        return ExtendedX509Util.getAlgNames();
+    }
+}
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/HardCATokenContainer.java ./src/java/se/anatom/ejbca/ca/caadmin/HardCATokenContainer.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/HardCATokenContainer.java	Wed Jun  8 19:30:38 2005
+++ ./src/java/se/anatom/ejbca/ca/caadmin/HardCATokenContainer.java	Thu Nov 17 21:44:46 2005
@@ -30,7 +30,7 @@
  * HardCATokenContainer is a class managing the persistent storage of a hardcatoken publisher.
  * 
  *
- * @version $Id: HardCATokenContainer.java,v 1.4 2005/06/08 17:30:38 herrvendil Exp $
+ * @version $Id: HardCATokenContainer.java,v 1.4.2.1 2005/11/17 20:44:46 herrvendil Exp $
  */
 public class HardCATokenContainer extends CAToken{
 	private IHardCAToken hardcatoken = null; 
@@ -87,9 +87,10 @@
 		if(getSignatureAlgorithm() == null)
 		  this.setSignatureAlgorithm(catokeninfo.getSignatureAlgorithm());
 		
-		this.setPropertyData(((HardCATokenInfo)catokeninfo).getProperties());
-
-		this.hardcatoken = null;
+		if(!this.getPropertyData().equals(((HardCATokenInfo)catokeninfo).getProperties())){
+		  this.setPropertyData(((HardCATokenInfo)catokeninfo).getProperties());				
+		  this.hardcatoken = null;
+		}  
 	}
 
 	/**
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/X509CA.java ./src/java/se/anatom/ejbca/ca/caadmin/X509CA.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/X509CA.java	Tue Aug  2 13:38:10 2005
+++ ./src/java/se/anatom/ejbca/ca/caadmin/X509CA.java	Thu Nov 24 22:16:37 2005
@@ -80,8 +80,6 @@
 import org.bouncycastle.ocsp.BasicOCSPRespGenerator;
 import org.bouncycastle.ocsp.OCSPException;
 import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.x509.X509V2CRLGenerator;
-import org.bouncycastle.x509.X509V3CertificateGenerator;
 
 import se.anatom.ejbca.SecConst;
 import se.anatom.ejbca.ca.caadmin.extendedcaservices.ExtendedCAServiceNotActiveException;
@@ -105,7 +103,7 @@
  * X509CA is a implementation of a CA and holds data specific for Certificate and CRL generation 
  * according to the X509 standard. 
  *
- * @version $Id: X509CA.java,v 1.41.2.1 2005/08/02 11:38:10 anatom Exp $
+ * @version $Id: X509CA.java,v 1.41.2.4 2005/11/24 21:16:37 herrvendil Exp $
  */
 public class X509CA extends CA implements Serializable {
 
@@ -255,7 +253,7 @@
           val = certProfile.getValidity();
         
         lastDate.setTime(lastDate.getTime() + ( val * 24 * 60 * 60 * 1000));
-        X509V3CertificateGenerator certgen = new X509V3CertificateGenerator();
+        ExtendedX509V3CertificateGenerator certgen = new ExtendedX509V3CertificateGenerator();
         // Serialnumber is random bits, where random generator is initialized by the
         // serno generator.
         BigInteger serno = SernoGenerator.instance().getSerno();
@@ -265,12 +263,22 @@
         certgen.setSignatureAlgorithm(sigAlg);
         // Make DNs
         String dn = subject.getDN(); 
+        
+        if(certProfile.getUseSubjectDNSubSet()){
+          dn= certProfile.createSubjectDNSubSet(dn);	
+        }
+        
         if(certProfile.getUseCNPostfix()){
           dn = CertTools.insertCNPostfix(dn,certProfile.getCNPostfix());	
         }
         
+        
         String altName = subject.getSubjectAltName(); 
       
+        if(certProfile.getUseSubjectAltNameSubSet()){
+        	altName = certProfile.createSubjectAltNameSubSet(altName);
+        }
+        
         certgen.setSubjectDN(CertTools.stringToBcX509Name(dn));
         X509Name caname = getSubjectDNAsX509Name();
         certgen.setIssuerDN(caname);
@@ -278,11 +286,16 @@
 
         // Basic constranits, all subcerts are NOT CAs
         if (certProfile.getUseBasicConstraints() == true) {
-            boolean isCA = false;
+        	BasicConstraints bc = new BasicConstraints(false);
             if ((certProfile.getType() == CertificateProfile.TYPE_SUBCA)
-                || (certProfile.getType() == CertificateProfile.TYPE_ROOTCA))
-                isCA = true;
-            BasicConstraints bc = new BasicConstraints(isCA);
+                || (certProfile.getType() == CertificateProfile.TYPE_ROOTCA)){            	
+            	if(certProfile.getUsePathLengthConstraint()){
+            		bc = new BasicConstraints(certProfile.getPathLengthConstraint());
+            	}else{
+            		bc =  new BasicConstraints(true);
+            	}            	
+            }
+                            
             certgen.addExtension(
                 X509Extensions.BasicConstraints.getId(),
                 certProfile.getBasicConstraintsCritical(),
@@ -500,7 +513,7 @@
 
         // crlperiod is hours = crlperiod*60*60*1000 milliseconds
         nextUpdate.setTime(nextUpdate.getTime() + (getCRLPeriod() * (long)(60 * 60 * 1000)));
-        X509V2CRLGenerator crlgen = new X509V2CRLGenerator();
+        ExtendedX509V2CRLGenerator crlgen = new ExtendedX509V2CRLGenerator();
         crlgen.setThisUpdate(thisUpdate);
         crlgen.setNextUpdate(nextUpdate);
         crlgen.setSignatureAlgorithm(sigAlg);
@@ -581,7 +594,7 @@
                       log.debug("<extendedService(super)");
                       return super.extendedService(request);                      
                   }
-                  BasicOCSPResp ocspresp = ocsprespgen.generate(sigAlg, pk, chain, new Date(), "BC" );
+                  BasicOCSPResp ocspresp = ocsprespgen.generate(sigAlg, pk, chain, new Date(), getCAToken().getProvider() );
                   returnval = new OCSPCAServiceResponse(ocspresp, chain == null ? null : Arrays.asList(chain));              
               } catch (IllegalKeyStoreException ike) {
                   throw new ExtendedCAServiceRequestException(ike);
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/hardcatokens/HardCATokenManager.java ./src/java/se/anatom/ejbca/ca/caadmin/hardcatokens/HardCATokenManager.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/hardcatokens/HardCATokenManager.java	Fri Jun 10 10:12:53 2005
+++ ./src/java/se/anatom/ejbca/ca/caadmin/hardcatokens/HardCATokenManager.java	Fri Nov 11 09:55:02 2005
@@ -26,7 +26,7 @@
  * Each HardCaToken plug-in should register itself by using the method register.
  * The CA keeps a registry of CA tokens created here.
  * 
- * @version $Id: HardCATokenManager.java,v 1.13 2005/06/10 08:12:53 anatom Exp $
+ * @version $Id: HardCATokenManager.java,v 1.13.2.1 2005/11/11 08:55:02 anatom Exp $
  * 
  */
 public class HardCATokenManager {
@@ -115,7 +115,8 @@
 	            retval = true;
 	            log.debug("Registered " + classpath + "Successfully.");                       
 	        } else {
-	            log.error("Error registering " + classpath + " couldn't find classpath");
+                // Normally not an error, since these classes are provided by HSM vendor
+	            log.info("Can not register " + classpath + ". This is normally not an error.");
 	        }
 	    }
 	    return retval;
@@ -132,7 +133,7 @@
             log.info("Class not found: "+classpath); 
             return false;
         } catch (InstantiationException e) {
-            log.error("InstantiationException: "+classpath);
+            log.info("Can not instantiate "+classpath+". "+e.getMessage());
             return false;
         } catch (IllegalAccessException e) {
             log.error("IllegalAccessException: "+classpath);
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/hardcatokens/NFastCAToken.java ./src/java/se/anatom/ejbca/ca/caadmin/hardcatokens/NFastCAToken.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/caadmin/hardcatokens/NFastCAToken.java	Mon Jun 20 09:48:54 2005
+++ ./src/java/se/anatom/ejbca/ca/caadmin/hardcatokens/NFastCAToken.java	Fri Nov 11 09:55:02 2005
@@ -37,7 +37,7 @@
  * and the development was sponsored by Linagora (www.linagora.com).
  * 
  * @author Lars Silvén
- * @version $Id: NFastCAToken.java,v 1.3 2005/06/20 07:48:54 anatom Exp $
+ * @version $Id: NFastCAToken.java,v 1.3.2.1 2005/11/11 08:55:02 anatom Exp $
  */
 public class NFastCAToken implements IHardCAToken {
 
@@ -48,10 +48,14 @@
     static final private String PROVIDER_NAME = "nCipherKM";
     static final private String PROVIDER_CLASS = "com.ncipher.provider.km.nCipherKM"; 
 
-    public NFastCAToken() throws InstantiationException, IllegalAccessException, ClassNotFoundException {
+    public NFastCAToken() throws InstantiationException, IllegalAccessException {
         log.info("Creating NFastCAToken");
-        Provider prov = (Provider)Class.forName(PROVIDER_CLASS).newInstance();        
-        Security.addProvider( prov );
+        try {
+            Provider prov = (Provider)Class.forName(PROVIDER_CLASS).newInstance();        
+            Security.addProvider( prov );            
+        } catch (ClassNotFoundException e) {
+            throw new InstantiationException("Class not found: "+PROVIDER_CLASS);
+        }
     }
 
     private KeyStrings keyStrings;
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/sign/RSASignSessionBean.java ./src/java/se/anatom/ejbca/ca/sign/RSASignSessionBean.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/sign/RSASignSessionBean.java	Wed Aug 10 15:05:05 2005
+++ ./src/java/se/anatom/ejbca/ca/sign/RSASignSessionBean.java	Tue Nov  8 20:36:56 2005
@@ -734,7 +734,7 @@
             // See if we need some key material to decrypt request
             if (req.requireKeyInfo()) {
                 // You go figure...scep encrypts message with the public CA-cert
-                req.setKeyInfo((X509Certificate)ca.getCACertificate(), catoken.getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN));
+                req.setKeyInfo((X509Certificate)ca.getCACertificate(), catoken.getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN), catoken.getProvider());
             }
             // Verify the request
             if (req.verify() == false) {
@@ -875,7 +875,7 @@
             // See if we need some key material to decrypt request
             if (req.requireKeyInfo()) {
                 // You go figure...scep encrypts message with the public CA-cert
-                req.setKeyInfo((X509Certificate)ca.getCACertificate(), catoken.getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN));
+                req.setKeyInfo((X509Certificate)ca.getCACertificate(), catoken.getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN), catoken.getProvider());
             }
             //Create the response message with all nonces and checks etc
             ret = createResponseMessage(responseClass, req, ca, catoken);
@@ -931,10 +931,10 @@
     		return null;
     	}
     	if (ret.requireSignKeyInfo()) {
-    		ret.setSignKeyInfo((X509Certificate) ca.getCACertificate(), catoken.getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN));
+    		ret.setSignKeyInfo((X509Certificate) ca.getCACertificate(), catoken.getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN), catoken.getProvider());
     	}
     	if (ret.requireEncKeyInfo()) {
-    		ret.setEncKeyInfo((X509Certificate) ca.getCACertificate(), catoken.getPrivateKey(SecConst.CAKEYPURPOSE_KEYENCRYPT));
+    		ret.setEncKeyInfo((X509Certificate) ca.getCACertificate(), catoken.getPrivateKey(SecConst.CAKEYPURPOSE_KEYENCRYPT), catoken.getProvider());
     	}
     	if (req.getSenderNonce() != null) {
     		ret.setRecipientNonce(req.getSenderNonce());
@@ -950,6 +950,10 @@
     	if (req.getRequestKeyInfo() != null) {
     		ret.setRecipientKeyInfo(req.getRequestKeyInfo());
     	}
+    	// Which digest algorithm to use to create the response, if applicable
+    	ret.setPreferredDigestAlg(req.getPreferredDigestAlg());
+    	// Include the CA cert or not in the response, if applicable for the response type
+    	ret.setIncludeCACert(req.includeCACert());
     	return ret;
     }
     /**
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/store/CertReqHistory.java ./src/java/se/anatom/ejbca/ca/store/CertReqHistory.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/store/CertReqHistory.java	Mon May  2 18:19:05 2005
+++ ./src/java/se/anatom/ejbca/ca/store/CertReqHistory.java	Thu Nov 17 21:39:28 2005
@@ -22,7 +22,7 @@
  * CertReqHistory Entity Bean. See constructor for details of its fields.
  * 
  * @author Philip Vendil
- * @version $Id: CertReqHistory.java,v 1.4 2005/05/02 16:19:05 anatom Exp $
+ * @version $Id: CertReqHistory.java,v 1.4.2.1 2005/11/17 20:39:28 herrvendil Exp $
  * @see se.anatom.ejbca.ca.store.CertReqHistoryDataBean  
  */
 
@@ -89,4 +89,6 @@
     public String getUsername() {
         return username;
     }
+    
+
 }
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/store/LocalCertificateStoreSessionBean.java ./src/java/se/anatom/ejbca/ca/store/LocalCertificateStoreSessionBean.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/store/LocalCertificateStoreSessionBean.java	Mon May  2 18:19:04 2005
+++ ./src/java/se/anatom/ejbca/ca/store/LocalCertificateStoreSessionBean.java	Thu Nov 17 21:39:28 2005
@@ -26,6 +26,7 @@
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
+import java.util.List;
 import java.util.Random;
 
 import javax.ejb.CreateException;
@@ -65,7 +66,7 @@
  * Stores certificate and CRL in the local database using Certificate and CRL Entity Beans.
  * Uses JNDI name for datasource as defined in env 'Datasource' in ejb-jar.xml.
  *
- * @version $Id: LocalCertificateStoreSessionBean.java,v 1.84 2005/05/02 16:19:04 anatom Exp $
+ * @version $Id: LocalCertificateStoreSessionBean.java,v 1.84.2.1 2005/11/17 20:39:28 herrvendil Exp $
  * @ejb.bean display-name="CertificateStoreSB"
  * name="CertificateStoreSession"
  * view-type="both"
@@ -1401,7 +1402,7 @@
      * @return a collection of CertReqHistory
      * @ejb.interface-method
      */
-    public Collection getCertReqHistory(Admin admin, String username){
+    public List getCertReqHistory(Admin admin, String username){
     	ArrayList retval = new ArrayList();
     	
     	try{
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ca/store/certificateprofiles/CertificateProfile.java ./src/java/se/anatom/ejbca/ca/store/certificateprofiles/CertificateProfile.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ca/store/certificateprofiles/CertificateProfile.java	Mon May  2 15:03:04 2005
+++ ./src/java/se/anatom/ejbca/ca/store/certificateprofiles/CertificateProfile.java	Thu Nov 24 22:16:37 2005
@@ -16,24 +16,28 @@
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Iterator;
+import java.util.List;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 
 import se.anatom.ejbca.ca.store.CertificateDataBean;
+import se.anatom.ejbca.ra.raadmin.DNFieldExtractor;
 import se.anatom.ejbca.util.UpgradeableDataHashMap;
 
 /**
  * CertificateProfile is a basic class used to customize a certificate
  * configuration or be inherited by fixed certificate profiles.
  *
- * @version $Id: CertificateProfile.java,v 1.29 2005/05/02 13:03:04 herrvendil Exp $
+ * @version $Id: CertificateProfile.java,v 1.29.2.2 2005/11/24 21:16:37 herrvendil Exp $
  */
 public class CertificateProfile extends UpgradeableDataHashMap implements Serializable, Cloneable {
     private static final Logger log = Logger.getLogger(CertificateProfile.class);
     // Default Values
-    public static final float LATEST_VERSION = (float) 10.0;
+    public static final float LATEST_VERSION = (float) 12.0;
 
     /** KeyUsage constants */
     public static final int DIGITALSIGNATURE = 0;
@@ -119,7 +123,13 @@
 	protected static final String USEMICROSOFTTEMPLATE           = "usemicrosofttemplate";
 	protected static final String MICROSOFTTEMPLATE              = "microsofttemplate";
 	protected static final String USECNPOSTFIX                   = "usecnpostfix";
-	protected static final String CNPOSTFIX                      = "cnpostfix"; 
+	protected static final String CNPOSTFIX                      = "cnpostfix";	
+	protected static final String USESUBJECTDNSUBSET             = "usesubjectdnsubset";
+	protected static final String SUBJECTDNSUBSET                = "subjectdnsubset";
+	protected static final String USESUBJECTALTNAMESUBSET        = "usesubjectaltnamesubset";
+	protected static final String SUBJECTALTNAMESUBSET           = "subjectaltnamesubset";
+	protected static final String USEPATHLENGTHCONSTRAINT        = "usepathlengthconstraint";
+	protected static final String PATHLENGTHCONSTRAINT           = "pathlengthconstraint";
      
     // Public Methods
 
@@ -178,7 +188,15 @@
 	  
 	  setUseCNPostfix(false);
 	  setCNPostfix("");
-
+	  
+	  setUseSubjectDNSubSet(false);
+	  setSubjectDNSubSet(new ArrayList());
+	  setUseSubjectAltNameSubSet(false);
+	  setSubjectAltNameSubSet(new ArrayList());
+	  
+	  setUsePathLengthConstraint(false);
+	  setPathLengthConstraint(0);
+	  
     }
 
 
@@ -386,6 +404,135 @@
 		
 	}
 	
+    public boolean getUseSubjectDNSubSet(){
+    	return ((Boolean) data.get(USESUBJECTDNSUBSET)).booleanValue();	
+    }
+    
+    public void setUseSubjectDNSubSet(boolean use) {
+		data.put(USESUBJECTDNSUBSET, Boolean.valueOf(use));			
+	}
+    
+    /**
+     * Returns a collection of Integer (DNFieldExtractor constants) indicating
+     * which subject dn fields that should be used in certificate.
+     * 
+     */
+    public Collection getSubjectDNSubSet(){
+    	return (Collection) data.get(SUBJECTDNSUBSET);	
+    }
+
+    /**
+     * Should contain a collection of Integer (DNFieldExtractor constants) indicating
+     * which subject dn fields that should be used in certificate.
+     * 
+     */
+    public void setSubjectDNSubSet(Collection subjectdns) {
+		data.put(SUBJECTDNSUBSET, subjectdns);	
+		
+	}
+
+    /**
+     * Method taking a full user dn and returns a DN only containing the 
+     * DN fields specified in the subjectdn sub set array.
+     * 
+     * @param dn
+     * @return a subset of original DN
+     */
+    
+    public String createSubjectDNSubSet(String dn){
+    	DNFieldExtractor extractor = new DNFieldExtractor(dn,DNFieldExtractor.TYPE_SUBJECTDN);    	
+    	return constructUserData(extractor, getSubjectDNSubSet(), true);
+    }
+    
+    public boolean getUseSubjectAltNameSubSet(){
+    	return ((Boolean) data.get(USESUBJECTALTNAMESUBSET)).booleanValue();	
+    }
+    
+    public void setUseSubjectAltNameSubSet(boolean use) {
+		data.put(USESUBJECTALTNAMESUBSET, Boolean.valueOf(use));			
+	}
+
+    /**
+     * Returns a collection of Integer (DNFieldExtractor constants) indicating
+     * which subject altnames fields that should be used in certificate.
+     * 
+     */
+    public Collection getSubjectAltNameSubSet(){
+    	return (Collection) data.get(SUBJECTALTNAMESUBSET);	
+    }
+    
+    /**
+     * Returns a collection of Integer (DNFieldExtractor constants) indicating
+     * which subject altnames fields that should be used in certificate.
+     * 
+     */
+    public void setSubjectAltNameSubSet(Collection subjectaltnames) {
+		data.put(SUBJECTALTNAMESUBSET, subjectaltnames);	
+		
+	}
+
+    
+    /**
+     * Method taking a full user dn and returns a AltName only containing the 
+     * AltName fields specified in the subjectaltname sub set array.
+     * 
+     * @param dn
+     * @return a subset of original DN
+     */
+    public String createSubjectAltNameSubSet(String subjectaltname){
+    	DNFieldExtractor extractor = new DNFieldExtractor(subjectaltname,DNFieldExtractor.TYPE_SUBJECTALTNAME);    	
+    	return constructUserData(extractor, getSubjectAltNameSubSet(), false);
+    }
+    
+    /**
+     * Help method converting a full DN or Subject Alt Name to one usng only specified fields
+     * @param extractor 
+     * @param usefields
+     * @return
+     */
+    protected String constructUserData(DNFieldExtractor extractor, Collection usefields, boolean subjectdn){
+        String retval = "";
+                       
+        if(usefields instanceof List){
+          Collections.sort((List) usefields);
+        }
+        Iterator iter = usefields.iterator(); 
+        String dnField = null;
+        while(iter.hasNext()){
+        	Integer next = (Integer) iter.next();
+        	dnField = getDNField(extractor, next.intValue(), subjectdn);
+        	if (StringUtils.isNotEmpty(dnField)) {
+            	if(retval.length() == 0)
+              	  retval += dnField; // first item, don't start with a comma
+              	else
+              	  retval += "," + dnField;      	    
+        	}
+        }
+        
+              
+        log.debug("CertificateProfile: constructed DN or AltName: " + retval );
+        return retval;	
+      }
+      
+      protected String getDNField(DNFieldExtractor extractor, int field, boolean subjectdn){
+        String retval = "";
+        String[] fieldnames =  DNFieldExtractor.SUBJECTDNFIELDS;
+        int f = field;
+        if(!subjectdn){
+        	fieldnames =  DNFieldExtractor.SUBJECTALTNAME;
+        	f = field - DNFieldExtractor.SUBJECTALTERNATIVENAMEBOUNDRARY;
+        }
+        
+        int num = extractor.getNumberOfFields(field);
+        for(int i=0;i<num;i++){
+        	if(retval.length() == 0)
+        	  retval += fieldnames[f] + extractor.getField(field,i);
+        	else
+        	  retval += "," + fieldnames[f] + extractor.getField(field,i);	
+        }    
+        return retval;      	
+      }
+    
     
     /**
      * Returns an ArrayList of OID.strings defined in constant EXTENDEDKEYUSAGEOIDSTRINGS.
@@ -445,6 +592,32 @@
       data.put(USEDPUBLISHERS, publisher);   
     }   
     	
+    /**
+     * Method indicating that Path Length Constain should be used in the BasicConstaint
+     * 
+     */
+    public boolean getUsePathLengthConstraint(){
+    	return ((Boolean) data.get(USEPATHLENGTHCONSTRAINT)).booleanValue();	
+    }
+    
+    /**
+     * Method indicating that Path Length Constain should be used in the BasicConstaint
+     * 
+     */
+    public void setUsePathLengthConstraint(boolean use) {
+		data.put(USEPATHLENGTHCONSTRAINT, Boolean.valueOf(use));			
+	}
+    
+    public int getPathLengthConstraint(){
+    	return ((Integer) data.get(PATHLENGTHCONSTRAINT)).intValue();	
+    }
+    
+  
+    public void setPathLengthConstraint(int pathlength) {
+		data.put(PATHLENGTHCONSTRAINT, new Integer(pathlength));			
+	}   
+    
+    
 	public boolean getUseOCSPServiceLocator(){ return ((Boolean) data.get(USEOCSPSERVICELOCATOR)).booleanValue(); }
 	public void setUseOCSPServiceLocator(boolean useocspservicelocator) { data.put(USEOCSPSERVICELOCATOR, Boolean.valueOf(useocspservicelocator));}
 
@@ -514,6 +687,18 @@
           	  setUseCNPostfix(false);
         	  setCNPostfix("");
             } 
+            
+            if(data.get(USESUBJECTDNSUBSET) == null){
+          	  setUseSubjectDNSubSet(false);
+        	  setSubjectDNSubSet(new ArrayList());
+        	  setUseSubjectAltNameSubSet(false);
+        	  setSubjectAltNameSubSet(new ArrayList());
+            }
+            
+            if(data.get(USEPATHLENGTHCONSTRAINT) == null){
+            	setUsePathLengthConstraint(false);
+            	setPathLengthConstraint(0);
+            }
             
         }
         log.debug("<upgrade");
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/common/ExtendedPKCS10CertificationRequest.java ./src/java/se/anatom/ejbca/common/ExtendedPKCS10CertificationRequest.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/common/ExtendedPKCS10CertificationRequest.java	Thu Jan  1 01:00:00 1970
+++ ./src/java/se/anatom/ejbca/common/ExtendedPKCS10CertificationRequest.java	Fri Nov 25 09:38:07 2005
@@ -0,0 +1,369 @@
+package se.anatom.ejbca.common;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Hashtable;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ASN1Set;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DEROutputStream;
+import org.bouncycastle.asn1.pkcs.CertificationRequest;
+import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.jce.X509Principal;
+
+/**
+ * Class copied from BC where RSASSA-PSS support is added.
+ * 
+ * @version $Id: ExtendedPKCS10CertificationRequest.java,v 1.1.2.2 2005/11/25 08:38:07 anatom Exp $
+ */
+public class ExtendedPKCS10CertificationRequest
+    extends CertificationRequest
+{
+    private static Hashtable            algorithms = new Hashtable();
+    private static Hashtable            oids = new Hashtable();
+    
+    private static final String OID_RSASSA_PSS = "1.2.840.113549.1.1.10";
+
+    static
+    {
+        algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
+        algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
+        algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
+        algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
+        algorithms.put("RSAWITHMD5", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
+        algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
+        algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
+        algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
+        algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
+        algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
+        algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption);
+        algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
+        algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
+        algorithms.put("RSAWITHSHA1", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
+        algorithms.put("RIPEMD160WITHRSAENCRYPTION", new DERObjectIdentifier("1.3.36.3.3.1.2"));
+        algorithms.put("RIPEMD160WITHRSA", new DERObjectIdentifier("1.3.36.3.3.1.2"));
+        algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3"));
+        algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3"));
+        algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
+        algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
+
+        //
+        // reverse mappings
+        //
+        oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
+        oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
+        oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
+        oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
+        oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
+
+        oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
+        oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
+        oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "DSAWITHSHA1");
+        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "DSAWITHSHA1");
+        
+    }
+
+    private static ASN1Sequence toDERSequence(
+        byte[]  bytes)
+    {
+        try
+        {
+            ByteArrayInputStream    bIn = new ByteArrayInputStream(bytes);
+            ASN1InputStream         dIn = new ASN1InputStream(bIn);
+
+            return (ASN1Sequence)dIn.readObject();
+        }
+        catch (Exception e)
+        {
+            throw new IllegalArgumentException("badly encoded request");
+        }
+    }
+
+    /**
+     * construct a PKCS10 certification request from a DER encoded
+     * byte stream.
+     */
+    public ExtendedPKCS10CertificationRequest(
+        byte[]  bytes)
+    {
+        super(toDERSequence(bytes));
+    }
+
+    public ExtendedPKCS10CertificationRequest(
+        ASN1Sequence  sequence)
+    {
+        super(sequence);
+    }
+
+    /**
+     * create a PKCS10 certfication request using the BC provider.
+     */
+    public ExtendedPKCS10CertificationRequest(
+        String              signatureAlgorithm,
+        X509Name            subject,
+        PublicKey           key,
+        ASN1Set             attributes,
+        PrivateKey          signingKey)
+        throws NoSuchAlgorithmException, NoSuchProviderException,
+                InvalidKeyException, SignatureException
+    {
+        this(signatureAlgorithm, subject, key, attributes, signingKey, "BC");
+    }
+
+    private static X509Name convertName(
+        X500Principal	name)
+    {
+        try
+        {
+            return new X509Principal(name.getEncoded());
+        }
+        catch (IOException e)
+        {
+            throw new IllegalArgumentException("can't convert name");
+        }
+    }
+    
+    /**
+     * create a PKCS10 certfication request using the BC provider.
+     */
+    public ExtendedPKCS10CertificationRequest(
+        String              signatureAlgorithm,
+        X500Principal       subject,
+        PublicKey           key,
+        ASN1Set             attributes,
+        PrivateKey          signingKey)
+        throws NoSuchAlgorithmException, NoSuchProviderException,
+                InvalidKeyException, SignatureException
+    {
+        this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, "BC");
+    }
+    
+    /**
+     * create a PKCS10 certfication request using the named provider.
+     */
+    public ExtendedPKCS10CertificationRequest(
+        String              signatureAlgorithm,
+        X500Principal       subject,
+        PublicKey           key,
+        ASN1Set             attributes,
+        PrivateKey          signingKey,
+        String              provider)
+        throws NoSuchAlgorithmException, NoSuchProviderException,
+                InvalidKeyException, SignatureException
+    {
+        this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, provider);
+    }
+    
+    /**
+     * create a PKCS10 certfication request using the named provider.
+     */
+    public ExtendedPKCS10CertificationRequest(
+        String              signatureAlgorithm,
+        X509Name            subject,
+        PublicKey           key,
+        ASN1Set             attributes,
+        PrivateKey          signingKey,
+        String              provider)
+        throws NoSuchAlgorithmException, NoSuchProviderException,
+                InvalidKeyException, SignatureException
+    {
+        DERObjectIdentifier sigOID = (DERObjectIdentifier)algorithms.get(signatureAlgorithm.toUpperCase());
+
+        if (sigOID == null)
+        {
+            throw new IllegalArgumentException("Unknown signature type requested");
+        }
+
+        if (subject == null)
+        {
+            throw new IllegalArgumentException("subject must not be null");
+        }
+
+        if (key == null)
+        {
+            throw new IllegalArgumentException("public key must not be null");
+        }
+
+        this.sigAlgId = new AlgorithmIdentifier(sigOID, null);
+
+        byte[]                  bytes = key.getEncoded();
+        ByteArrayInputStream    bIn = new ByteArrayInputStream(bytes);
+        ASN1InputStream         dIn = new ASN1InputStream(bIn);
+
+        try
+        {
+            this.reqInfo = new CertificationRequestInfo(subject, new SubjectPublicKeyInfo((ASN1Sequence)dIn.readObject()), attributes);
+        }
+        catch (IOException e)
+        {
+            throw new IllegalArgumentException("can't encode public key");
+        }
+
+        Signature sig = null;
+        
+        try
+        {
+        	sig = Signature.getInstance(sigAlgId.getObjectId().getId(), provider);
+        }
+        catch (NoSuchAlgorithmException e)
+        {
+            sig = Signature.getInstance(signatureAlgorithm, provider);
+        }
+
+        sig.initSign(signingKey);
+
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            DEROutputStream         dOut = new DEROutputStream(bOut);
+
+            dOut.writeObject(reqInfo);
+
+            sig.update(bOut.toByteArray());
+        }
+        catch (Exception e)
+        {
+            throw new SecurityException("exception encoding TBS cert request - " + e);
+        }
+
+        this.sigBits = new DERBitString(sig.sign());
+    }
+
+    /**
+     * return the public key associated with the certification request -
+     * the public key is created using the BC provider.
+     */
+    public PublicKey getPublicKey()
+        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
+    {
+        return getPublicKey("BC");
+    }
+
+    public PublicKey getPublicKey(
+        String  provider)
+        throws NoSuchAlgorithmException, NoSuchProviderException,
+                InvalidKeyException
+    {
+        SubjectPublicKeyInfo    subjectPKInfo = reqInfo.getSubjectPublicKeyInfo();
+
+        try
+        {
+            X509EncodedKeySpec      xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes());
+            AlgorithmIdentifier     keyAlg = subjectPKInfo.getAlgorithmId ();
+
+            return KeyFactory.getInstance(keyAlg.getObjectId().getId (), provider).generatePublic(xspec);
+        }
+        catch (InvalidKeySpecException e)
+        {
+            throw new InvalidKeyException("error decoding public key");
+        }
+    }
+
+    /**
+     * verify the request using the BC provider.
+     */
+    public boolean verify()
+        throws NoSuchAlgorithmException, NoSuchProviderException,
+                InvalidKeyException, SignatureException
+    {
+        return verify("BC");
+    }
+
+    public boolean verify(
+        String provider)
+        throws NoSuchAlgorithmException, NoSuchProviderException,
+                InvalidKeyException, SignatureException
+    {
+        Signature   sig = null;
+
+        try
+        {
+        	System.out.println("First signature test"); 
+        	if(sigAlgId.getObjectId().getId().equals(OID_RSASSA_PSS)){        		
+        			sig = Signature.getInstance("SHA256withRSAandMGF1",provider);        		
+        	}else{
+              sig = Signature.getInstance(sigAlgId.getObjectId().getId(), provider);
+        	}  
+            
+        	System.out.println("Result " + sig.getAlgorithm()); 
+        }
+        catch (NoSuchAlgorithmException e)
+        {
+            //
+            // try an alternate
+            //
+            if (oids.get(sigAlgId.getObjectId().getId()) != null)
+            {
+            	System.out.println("No such algorithm next try"); 
+                String  signatureAlgorithm = (String)oids.get(sigAlgId.getObjectId().getId());
+            	System.out.println("Foung algorithm" +signatureAlgorithm);
+                sig = Signature.getInstance(signatureAlgorithm, provider);
+            	System.out.println("Found following " + sig.getAlgorithm());
+            }
+        }
+
+        
+        sig.initVerify(this.getPublicKey(provider));
+
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            DEROutputStream         dOut = new DEROutputStream(bOut);
+
+            dOut.writeObject(reqInfo);
+
+            sig.update(bOut.toByteArray());
+        }
+        catch (Exception e)
+        {
+            throw new SecurityException("exception encoding TBS cert request - " + e);
+        }
+         
+        
+		
+        return sig.verify(sigBits.getBytes());
+    }
+
+    /**
+     * return a DER encoded byte array representing this object
+     */
+    public byte[] getEncoded()
+    {
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+        DEROutputStream         dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(this);
+        }
+        catch (IOException e)
+        {
+            throw new RuntimeException(e.toString());
+        }
+
+        return bOut.toByteArray();
+    }
+}
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/hardtoken/HardTokenProfileDataBean.java ./src/java/se/anatom/ejbca/hardtoken/HardTokenProfileDataBean.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/hardtoken/HardTokenProfileDataBean.java	Wed Feb 23 17:07:37 2005
+++ ./src/java/se/anatom/ejbca/hardtoken/HardTokenProfileDataBean.java	Thu Nov 17 21:43:56 2005
@@ -141,7 +141,7 @@
      * Method that returns the hard token profile data and updates it if nessesary.
      * @ejb.interface-method view-type="local"
      */
-    public HardTokenProfile getHardTokenProfile(){
+    public HardTokenProfile getHardTokenProfile() throws ArrayIndexOutOfBoundsException{
 
   	  if(profile == null){
 	    java.beans.XMLDecoder decoder;
@@ -152,7 +152,10 @@
 		} catch (UnsupportedEncodingException e) {
 		  throw new EJBException(e);
 		}
+		
+		
 		HashMap data = (HashMap) decoder.readObject();
+		
 		decoder.close();
 
 		switch (((Integer) (data.get(HardTokenProfile.TYPE))).intValue()) {
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/hardtoken/LocalHardTokenSessionBean.java ./src/java/se/anatom/ejbca/hardtoken/LocalHardTokenSessionBean.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/hardtoken/LocalHardTokenSessionBean.java	Thu May 19 08:15:43 2005
+++ ./src/java/se/anatom/ejbca/hardtoken/LocalHardTokenSessionBean.java	Thu Nov 17 21:40:45 2005
@@ -1201,7 +1201,7 @@
     	try{
     		// Construct SQL query.
     		con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE);
-    		ps = con.prepareStatement("select distinct username from HardTokenData where  tokenSN LIKE '" + searchpattern + "%'");
+    		ps = con.prepareStatement("select distinct username from HardTokenData where  tokenSN LIKE '%" + searchpattern + "%'");
     		// Execute query.
     		rs = ps.executeQuery();
     		// Assemble result.
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/hardtoken/hardtokenprofiles/EIDProfile.java ./src/java/se/anatom/ejbca/hardtoken/hardtokenprofiles/EIDProfile.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/hardtoken/hardtokenprofiles/EIDProfile.java	Tue Jun 28 15:00:49 2005
+++ ./src/java/se/anatom/ejbca/hardtoken/hardtokenprofiles/EIDProfile.java	Thu Nov 17 21:41:41 2005
@@ -13,11 +13,16 @@
  
 package se.anatom.ejbca.hardtoken.hardtokenprofiles;
 
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 
+import javax.ejb.EJBException;
+
 import se.anatom.ejbca.SecConst;
 import se.anatom.ejbca.ca.caadmin.CAInfo;
 
@@ -28,7 +33,7 @@
  * of eidprofiles in the system.
  *  
  *
- * @version $Id: EIDProfile.java,v 1.6.2.1 2005/06/28 13:00:49 herrvendil Exp $
+ * @version $Id: EIDProfile.java,v 1.6.2.2 2005/11/17 20:41:41 herrvendil Exp $
  */
 public abstract class EIDProfile extends HardTokenProfileWithAdressLabel {
 	
@@ -221,6 +226,27 @@
       }
     	    	
       return returnval;	 
+    }
+    
+    /**
+     * Help Method that should be used 
+     * @param emptyclone
+     */
+    
+    protected void clone(EIDProfile emptyclone){
+		java.io.ByteArrayOutputStream baos = new java.io.ByteArrayOutputStream();
+
+		try{
+			ObjectOutputStream oos = new ObjectOutputStream(baos);	
+			oos.writeObject(this.saveData());
+			oos.close();
+			ObjectInputStream ois = new ObjectInputStream(new java.io.ByteArrayInputStream(baos.toByteArray()));
+			HashMap cloneddata = (HashMap) ois.readObject();		
+			ois.close();
+			emptyclone.loadData(cloneddata);
+		}catch(Exception e){
+			throw new EJBException(e);
+		}   	    
     }
 
 
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/hardtoken/hardtokenprofiles/EnhancedEIDProfile.java ./src/java/se/anatom/ejbca/hardtoken/hardtokenprofiles/EnhancedEIDProfile.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/hardtoken/hardtokenprofiles/EnhancedEIDProfile.java	Tue May 24 11:33:39 2005
+++ ./src/java/se/anatom/ejbca/hardtoken/hardtokenprofiles/EnhancedEIDProfile.java	Fri Nov 18 13:15:41 2005
@@ -15,8 +15,6 @@
 
 
 import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
 
 import se.anatom.ejbca.SecConst;
 
@@ -24,7 +22,7 @@
 /**
  * EnhancedEIDProfile with three certificates and key recovery functionallity
  * 
- * @version $Id: EnhancedEIDProfile.java,v 1.9 2005/05/24 09:33:39 herrvendil Exp $
+ * @version $Id: EnhancedEIDProfile.java,v 1.9.2.2 2005/11/18 12:15:41 anatom Exp $
  */
 public class EnhancedEIDProfile extends EIDProfile {
 						
@@ -129,14 +127,8 @@
 	 */
 	public Object clone() throws CloneNotSupportedException {
 	    EnhancedEIDProfile clone = new EnhancedEIDProfile();
-	    HashMap clonedata = (HashMap) clone.saveData();
-	    Iterator i = (data.keySet()).iterator();
-	    while(i.hasNext()){
-		  Object key = i.next();
-		  clonedata.put(key, data.get(key));
-	    }
-
-	    clone.loadData(clonedata);
+	    
+	    super.clone(clone);
 
 	    return clone;
     }
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/hardtoken/hardtokenprofiles/SVGImageManipulator.java ./src/java/se/anatom/ejbca/hardtoken/hardtokenprofiles/SVGImageManipulator.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/hardtoken/hardtokenprofiles/SVGImageManipulator.java	Tue Jun 28 15:04:02 2005
+++ ./src/java/se/anatom/ejbca/hardtoken/hardtokenprofiles/SVGImageManipulator.java	Fri Oct 28 22:10:34 2005
@@ -59,7 +59,7 @@
  * It replaces all occurrenses of specified variables in the images 
  * with the corresponding userdata.
  *
- * @version $Id: SVGImageManipulator.java,v 1.12.2.1 2005/06/28 13:04:02 herrvendil Exp $
+ * @version $Id: SVGImageManipulator.java,v 1.12.2.3 2005/10/28 20:10:34 primelars Exp $
  */
 public class SVGImageManipulator {
 	/**
@@ -71,7 +71,8 @@
      * Availabe vairables used to replace text in a printlayout
      * Variable text are case-insensitive.
      */
-    private static final Pattern USERNAME = Pattern.compile("\\$USERNAME", Pattern.CASE_INSENSITIVE);    
+    private static final Pattern USERNAME = Pattern.compile("\\$USERNAME", Pattern.CASE_INSENSITIVE);
+    private static final Pattern UID      = Pattern.compile("\\$UID", Pattern.CASE_INSENSITIVE);
     private static final Pattern CN       = Pattern.compile("\\$CN", Pattern.CASE_INSENSITIVE);
     private static final Pattern SN       = Pattern.compile("\\$SN", Pattern.CASE_INSENSITIVE);    
     private static final Pattern GIVENNAME= Pattern.compile("\\$GIVENNAME", Pattern.CASE_INSENSITIVE);
@@ -176,43 +177,14 @@
       Node originaldokument = svgdoc.cloneNode(true);
       
       // Get Text rows
-      Collection texts = new ArrayList();
-	  NodeList list = svgdoc.getDocumentElement().getElementsByTagName("text");	  
-	  int numberofelements = list.getLength();	  
-	  for(int i=0; i<numberofelements; i++){
-		Node node = list.item(i);		  
-		if(node instanceof SVGTextElement){	
-		  NodeList list2 = ((SVGTextElement) node).getChildNodes();
-		  int numberofelements2 = list2.getLength();
-		  for(int j=0;j<numberofelements2;j++){		  	  
-			  Node node2 = list2.item(j);			  
-			  if(node2 instanceof GenericText)
-			  	texts.add(node2);			    
-			  if(node2 instanceof SVGOMTSpanElement){
-			  	 SVGOMTSpanElement tspan = (SVGOMTSpanElement) node2;
-			  	 NodeList list3 = tspan.getChildNodes();
-			  	 int numberofelements3 = list3.getLength();
-			  	 for(int k=0;k<numberofelements3;k++){
-			  	 	Node node3 = list3.item(k);
-			  	 	if(node3 instanceof GenericText)
-			  	 		texts.add(node3);			    
-			  	 }
-			  }		  
-		  }
-		}		  
-	  }
-	  
-	  Iterator iter = texts.iterator();
-	  String data = "";
-	  while(iter.hasNext()){
-	  	GenericText text = (GenericText) iter.next(); 
-	  	data = text.getData();
-	  	data = processString(data, userdata, dnfields, pincodes, pukcodes,
+      process( "text", userdata, dnfields, pincodes, pukcodes,
+	  			hardtokensn, hardtokensnwithoutprefix,
+				copyoftokensn, copyoftokensnwithoutprefix,
+				startdate, enddate);			  
+      process( "svg:text", userdata, dnfields, pincodes, pukcodes,
 	  			hardtokensn, hardtokensnwithoutprefix,
 				copyoftokensn, copyoftokensnwithoutprefix,
 				startdate, enddate);			  
-	  	text.setData(data);
-	  }
                        
       // Add Image
       /**
@@ -242,6 +214,48 @@
       return t;
     }
 
+    private void process(String tagName, UserDataVO userdata,
+    		DNFieldExtractor dnfields, String[] pincodes, String[] pukcodes,
+    		String hardtokensn, String hardtokensnwithoutprefix,
+    		String copyoftokensn, String copyoftokensnwithoutprefix,
+    		String startdate, String enddate){
+    	Collection texts = new ArrayList();
+    	NodeList list = svgdoc.getDocumentElement().getElementsByTagName(tagName);	  
+    	int numberofelements = list.getLength();	  
+    	for(int i=0; i<numberofelements; i++){
+    		Node node = list.item(i);		  
+    		if(node instanceof SVGTextElement){	
+    			NodeList list2 = ((SVGTextElement) node).getChildNodes();
+    			int numberofelements2 = list2.getLength();
+    			for(int j=0;j<numberofelements2;j++){		  	  
+    				Node node2 = list2.item(j);			  
+    				if(node2 instanceof GenericText)
+    					texts.add(node2);			    
+    				if(node2 instanceof SVGOMTSpanElement){
+    					SVGOMTSpanElement tspan = (SVGOMTSpanElement) node2;
+    					NodeList list3 = tspan.getChildNodes();
+    					int numberofelements3 = list3.getLength();
+    					for(int k=0;k<numberofelements3;k++){
+    						Node node3 = list3.item(k);
+    						if(node3 instanceof GenericText)
+    							texts.add(node3);			    
+    					}
+    				}		  
+    			}
+    		}
+    	}
+  	  Iterator iter = texts.iterator();
+	  String data = "";
+	  while(iter.hasNext()){
+	  	GenericText text = (GenericText) iter.next(); 
+	  	data = text.getData();
+	  	data = processString(data, userdata, dnfields, pincodes, pukcodes,
+	  			hardtokensn, hardtokensnwithoutprefix,
+				copyoftokensn, copyoftokensnwithoutprefix,
+				startdate, enddate);			  
+	  	text.setData(data);
+	  }
+    }
     
 
     private String processString(String text, UserDataVO userdata, DNFieldExtractor dnfields,
@@ -252,6 +266,7 @@
  
  
   	  text = USERNAME.matcher(text).replaceAll(userdata.getUsername());	  
+  	  text = UID.matcher(text).replaceAll(dnfields.getField(DNFieldExtractor.UID, 0));
       text = CN.matcher(text).replaceAll(dnfields.getField(DNFieldExtractor.CN, 0));
 	  text = OU.matcher(text).replaceAll(dnfields.getField(DNFieldExtractor.OU, 0));
 	  text = O.matcher(text).replaceAll(dnfields.getField(DNFieldExtractor.O, 0));
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/hardtoken/hardtokenprofiles/SwedishEIDProfile.java ./src/java/se/anatom/ejbca/hardtoken/hardtokenprofiles/SwedishEIDProfile.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/hardtoken/hardtokenprofiles/SwedishEIDProfile.java	Tue May 24 11:33:39 2005
+++ ./src/java/se/anatom/ejbca/hardtoken/hardtokenprofiles/SwedishEIDProfile.java	Fri Nov 18 13:15:41 2005
@@ -15,8 +15,6 @@
 
 
 import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
 
 import se.anatom.ejbca.SecConst;
 
@@ -24,7 +22,7 @@
 /**
  * Hard token profile with a goal to fulfill Swedish EID standard.
  * 
- * @version $Id: SwedishEIDProfile.java,v 1.7 2005/05/24 09:33:39 herrvendil Exp $
+ * @version $Id: SwedishEIDProfile.java,v 1.7.2.2 2005/11/18 12:15:41 anatom Exp $
  */
 public class SwedishEIDProfile extends EIDProfile {
 		
@@ -124,14 +122,7 @@
 	 */
 	public Object clone() throws CloneNotSupportedException {
 	    SwedishEIDProfile clone = new SwedishEIDProfile();
-	    HashMap clonedata = (HashMap) clone.saveData();
-	    Iterator i = (data.keySet()).iterator();
-	    while(i.hasNext()){
-		  Object key = i.next();
-		  clonedata.put(key, data.get(key));
-	    }
-
-	    clone.loadData(clonedata);
+	    super.clone(clone);
 
 	    return clone;
     }
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/log/LocalLogSessionBean.java ./src/java/se/anatom/ejbca/log/LocalLogSessionBean.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/log/LocalLogSessionBean.java	Mon May  2 18:18:39 2005
+++ ./src/java/se/anatom/ejbca/log/LocalLogSessionBean.java	Mon Sep 19 15:08:31 2005
@@ -126,7 +126,12 @@
     private ArrayList logdevices;
 
     /** Columns in the database used in select */
-    private final String LOGENTRYDATA_COL = "adminType, adminData, caid, module, time, username, certificateSNR, event, comment";
+    private final String LOGENTRYDATA_TABLE = "LogEntryData";
+    private final String LOGENTRYDATA_COL = "adminType, adminData, caid, module, time, username, certificateSNR, event";
+    // Different column names is an unforturnalte workaround because of Orcale, you cannot have a column named 'comment' in Oracle.
+    // The workaround 'comment_' was spread in the wild in 2005, so we have to use it so far.
+    private final String LOGENTRYDATA_COL_COMMENT_OLD = "comment";
+    private final String LOGENTRYDATA_COL_COMMENT_ORA = "comment_";
 
     /**
      * Default create for SessionBean without any creation Arguments.
@@ -294,7 +299,14 @@
         try {
             // Construct SQL query.
             con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE);
-            String sql = "select "+LOGENTRYDATA_COL+" from LogEntryData where ( "
+            // Different column names is an unforturnalte workaround because of Orcale, you cannot have a column named 'comment' in Oracle.
+            // The workaround 'comment_' was spread in the wild in 2005, so we have to use it so far.
+            String commentCol = LOGENTRYDATA_COL_COMMENT_OLD;
+            if (!JDBCUtil.columnExists(con, LOGENTRYDATA_TABLE, LOGENTRYDATA_COL_COMMENT_OLD)) {
+                log.debug("Using oracle column name 'comment_' in LogEntryData.");
+                commentCol = LOGENTRYDATA_COL_COMMENT_ORA;
+            }
+            String sql = "select "+LOGENTRYDATA_COL+", "+commentCol+" from "+LOGENTRYDATA_TABLE+" where ( "
                     + query.getQueryString() + ") and (" + capriviledges + ")";
             if (StringUtils.isNotEmpty(viewlogprivileges)) {
                 sql += " and (" + viewlogprivileges + ")";
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/protocol/IRequestMessage.java ./src/java/se/anatom/ejbca/protocol/IRequestMessage.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/protocol/IRequestMessage.java	Tue Apr  5 09:24:40 2005
+++ ./src/java/se/anatom/ejbca/protocol/IRequestMessage.java	Tue Nov  8 20:03:29 2005
@@ -26,7 +26,7 @@
  * Base interface for request messages sent to the CA. Implementors of this interface must also
  * implement Serializable if they are to be sent to any EJB bussiness methods.
  *
- * @version $Id: IRequestMessage.java,v 1.15 2005/04/05 07:24:40 anatom Exp $
+ * @version $Id: IRequestMessage.java,v 1.15.2.3 2005/11/08 19:03:29 anatom Exp $
  */
 public interface IRequestMessage {
     /**
@@ -111,10 +111,11 @@
      *
      * @param cert certificate containing the public key.
      * @param key private key.
+     * @param provider the provider to use, if the private key is on a HSM you must use a special provider. If null is given, the default BC provider is used.
      *
      * @see #requireKeyInfo()
      */
-    public void setKeyInfo(X509Certificate cert, PrivateKey key);
+    public void setKeyInfo(X509Certificate cert, PrivateKey key, String provider);
 
     /**
      * Returns an error number after an error has occured processing the request
@@ -150,4 +151,22 @@
      * @return request key info
      */
     public byte[] getRequestKeyInfo();
+    
+    /**
+     * Returns the name of the preferred Digest algorithm to be used in the response if applicable.
+     * Defaults to CMSSignedDataGenerator.SHA1 for normal messages, but to MD5 for SCEP messages. If SCEP request is 
+     * digested with SHA1 it is set to SHA1 though.
+     *  
+     * @return oid of digest algorithm ex CMSSignedDataGenerator.MD5, SHA1, SHA256 etc
+     */
+    public String getPreferredDigestAlg(); 
+    
+    
+    /** If the CA certificate should be included in the reponse or not, default to true = yes.
+     * Not applicable for all request/response types.
+     * 
+     * @return true or false
+     */
+    public boolean includeCACert();
+
 }
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/protocol/IResponseMessage.java ./src/java/se/anatom/ejbca/protocol/IResponseMessage.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/protocol/IResponseMessage.java	Sat Nov 20 23:54:28 2004
+++ ./src/java/se/anatom/ejbca/protocol/IResponseMessage.java	Tue Nov  8 20:36:56 2005
@@ -39,7 +39,7 @@
  * byte[] responseMessage = resp.getResponseMessage(); 
  * </code>
  *
- * @version $Id: IResponseMessage.java,v 1.14 2004/11/20 22:54:28 sbailliez Exp $
+ * @version $Id: IResponseMessage.java,v 1.14.2.3 2005/11/08 19:36:56 anatom Exp $
  */
 public interface IResponseMessage {
 
@@ -56,6 +56,14 @@
      * @param crl crl in the response message.
      */
     public void setCrl(CRL crl);
+    
+    /** 
+     * Determines if the CA certificate should be included in the response message, if
+     * applicable for the response message type.
+     * 
+     * @param includeCACert true or false
+     */
+    public void setIncludeCACert(boolean incCACert);
 
     /**
      * Gets the response message in the default encoding format.
@@ -134,10 +142,11 @@
      *
      * @param cert certificate containing the public key.
      * @param key private key.
+     * @param provider the provider to use, if the private key is on a HSM you must use a special provider. If null is given, the default BC provider is used.
      *
      * @see #requireSignKeyInfo()
      */
-    public void setSignKeyInfo(X509Certificate cert, PrivateKey key);
+    public void setSignKeyInfo(X509Certificate cert, PrivateKey key, String provider);
 
     /**
      * Sets the public and private key needed to encrypt the message. Must be set if
@@ -145,10 +154,11 @@
      *
      * @param cert certificate containing the public key.
      * @param key private key.
+     * @param provider the provider to use, if the private key is on a HSM you must use a special provider. If null is given, the default BC provider is used.
      *
      * @see #requireEncKeyInfo()
      */
-    public void setEncKeyInfo(X509Certificate cert, PrivateKey key);
+    public void setEncKeyInfo(X509Certificate cert, PrivateKey key, String provider);
 
     /**
      * Sets a senderNonce if it should be present in the response
@@ -177,4 +187,12 @@
      * @param recipientKeyInfo key info
      */
     public void setRecipientKeyInfo(byte[] recipientKeyInfo);
+    
+    /**
+     * Sets preferred digest algorithm for the response message, if applicable. 
+     * If this is not called, a default is used.
+     * 
+     * @param String oid of digest algorithm ex CMSSignedDataGenerator.MD5, SHA1, SHA256 etc
+     */
+    public void setPreferredDigestAlg(String digest);
 }
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/protocol/PKCS10RequestMessage.java ./src/java/se/anatom/ejbca/protocol/PKCS10RequestMessage.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/protocol/PKCS10RequestMessage.java	Fri Aug 12 12:07:47 2005
+++ ./src/java/se/anatom/ejbca/protocol/PKCS10RequestMessage.java	Thu Nov 24 22:17:17 2005
@@ -26,7 +26,9 @@
 import org.bouncycastle.asn1.x509.X509Extension;
 import org.bouncycastle.asn1.x509.X509Extensions;
 import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.jce.PKCS10CertificationRequest;
+import org.bouncycastle.cms.CMSSignedDataGenerator;
+
+import se.anatom.ejbca.common.ExtendedPKCS10CertificationRequest;
 import se.anatom.ejbca.util.CertTools;
 
 import java.io.Serializable;
@@ -43,7 +45,7 @@
 /**
  * Class to handle PKCS10 request messages sent to the CA.
  *
- * @version $Id: PKCS10RequestMessage.java,v 1.28.2.3 2005/08/12 10:07:47 anatom Exp $
+ * @version $Id: PKCS10RequestMessage.java,v 1.28.2.7 2005/11/24 21:17:17 herrvendil Exp $
  */
 public class PKCS10RequestMessage implements IRequestMessage, Serializable {
     static final long serialVersionUID = 3597275157018205136L;
@@ -58,9 +60,15 @@
 
     /** manually set username */
     protected String username = null;
+    
+    /** If the CA certificate should be included in the reponse or not, default to true = yes */
+    protected boolean includeCACert = true;
+
+    /** preferred digest algorithm to use in replies, if applicable */
+    private transient String preferredDigestAlg = CMSSignedDataGenerator.DIGEST_SHA1;
 
     /** The pkcs10 request message, not serialized. */
-    protected transient PKCS10CertificationRequest pkcs10 = null;
+    protected transient ExtendedPKCS10CertificationRequest pkcs10 = null;
 
     /** Type of error */
     private int error = 0;
@@ -74,6 +82,7 @@
      * @throws IOException if the request can not be parsed.
      */
     public PKCS10RequestMessage() {
+    	// No constructor
     }
 
     /**
@@ -95,15 +104,15 @@
      *
      * @param p10 the PKCS#10 request
      */
-    public PKCS10RequestMessage(PKCS10CertificationRequest p10) {
-        log.debug(">PKCS10RequestMessage(PKCS10CertificationRequest)");
+    public PKCS10RequestMessage(ExtendedPKCS10CertificationRequest p10) {
+        log.debug(">PKCS10RequestMessage(ExtendedPKCS10CertificationRequest)");
         p10msg = p10.getEncoded();
         pkcs10 = p10;
-        log.debug("<PKCS10RequestMessage(PKCS10CertificationRequest)");
+        log.debug("<PKCS10RequestMessage(ExtendedPKCS10CertificationRequest)");
     }
 
     private void init() {
-        pkcs10 = new PKCS10CertificationRequest(p10msg);
+        pkcs10 = new ExtendedPKCS10CertificationRequest(p10msg);
     }
 
     /**
@@ -237,7 +246,13 @@
             int index = name.indexOf(' ');
             if (index > 0) {
                 ret = name.substring(0, index);
-            }            
+            } else {
+                // Perhaps there is no space, only +
+                index = name.indexOf('+');
+                if (index > 0) {
+                    ret = name.substring(0, index);
+                }            	
+            }
         }
         log.debug("UserName='" + ret + "'");
         return ret;
@@ -303,7 +318,7 @@
      *
      * @return the request object
      */
-    public PKCS10CertificationRequest getCertificationRequest() {
+    public ExtendedPKCS10CertificationRequest getCertificationRequest() {
         try {
             if (pkcs10 == null) {
                 init();
@@ -368,10 +383,11 @@
      *
      * @param cert certificate containing the public key.
      * @param key private key.
+     * @param provider the provider to use, if the private key is on a HSM you must use a special provider. If null is given, the default BC provider is used.
      *
      * @see #requireKeyInfo()
      */
-    public void setKeyInfo(X509Certificate cert, PrivateKey key) {
+    public void setKeyInfo(X509Certificate cert, PrivateKey key, String Provider) {
     }
 
     /**
@@ -418,6 +434,18 @@
     public byte[] getRequestKeyInfo() {
         return null;
     }
+    
+    /** @see se.anatom.ejbca.protocol.IRequestMessage
+     */
+    public String getPreferredDigestAlg() {
+    	return preferredDigestAlg;
+    }
+    /** @see se.anatom.ejbca.protocol.IRequestMessage
+     */
+    public boolean includeCACert() {
+    	return includeCACert;
+    }
+    
 }
 
 // PKCS10RequestMessage
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/protocol/ScepPkiOpHelper.java ./src/java/se/anatom/ejbca/protocol/ScepPkiOpHelper.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/protocol/ScepPkiOpHelper.java	Fri May 27 16:52:27 2005
+++ ./src/java/se/anatom/ejbca/protocol/ScepPkiOpHelper.java	Tue Nov  8 20:03:29 2005
@@ -33,7 +33,7 @@
 /**
  * Helper class to handle SCEP (draft-nourse-scep-06.txt) requests.
  *
- * @version  $Id: ScepPkiOpHelper.java,v 1.29 2005/05/27 14:52:27 anatom Exp $
+ * @version  $Id: ScepPkiOpHelper.java,v 1.29.2.1 2005/11/08 19:03:29 anatom Exp $
  */
 public class ScepPkiOpHelper {
     private static Logger log = Logger.getLogger(ScepPkiOpHelper.class);
@@ -61,7 +61,7 @@
      *
      * @return byte[] containing response to be sent to client.
      */
-    public byte[] scepCertRequest(byte[] msg)
+    public byte[] scepCertRequest(byte[] msg, boolean includeCACert)
             throws ObjectNotFoundException, AuthLoginException,
             SignRequestException, AuthStatusException, IllegalKeyException,
             SignRequestSignatureException, CADoesntExistsException {
@@ -69,7 +69,7 @@
         log.debug(">getRequestMessage(" + msg.length + " bytes)");
 
         try {
-            reqmsg = new ScepRequestMessage(msg);
+            reqmsg = new ScepRequestMessage(msg, includeCACert);
 
             if (reqmsg.getErrorNo() != 0) {
                 log.error("Error '" + reqmsg.getErrorNo() + "' receiving Scep request message.");
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/protocol/ScepRequestMessage.java ./src/java/se/anatom/ejbca/protocol/ScepRequestMessage.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/protocol/ScepRequestMessage.java	Fri Aug 12 12:07:47 2005
+++ ./src/java/se/anatom/ejbca/protocol/ScepRequestMessage.java	Thu Nov 24 22:17:17 2005
@@ -49,10 +49,14 @@
 import org.bouncycastle.asn1.cms.SignerInfo;
 import org.bouncycastle.cms.CMSEnvelopedData;
 import org.bouncycastle.cms.CMSException;
+import org.bouncycastle.cms.CMSSignedData;
+import org.bouncycastle.cms.CMSSignedDataGenerator;
 import org.bouncycastle.cms.RecipientInformation;
 import org.bouncycastle.cms.RecipientInformationStore;
-import org.bouncycastle.jce.PKCS10CertificationRequest;
+import org.bouncycastle.cms.SignerInformation;
+import org.bouncycastle.cms.SignerInformationStore;
 
+import se.anatom.ejbca.common.ExtendedPKCS10CertificationRequest;
 import se.anatom.ejbca.util.Base64;
 import se.anatom.ejbca.util.CertTools;
 
@@ -60,7 +64,7 @@
  * Class to handle SCEP request messages sent to the CA. 
  * TODO: don't forget extensions, e.g. KeyUsage requested by end entity 
  *
- * @version $Id: ScepRequestMessage.java,v 1.40.2.1 2005/08/12 10:07:47 anatom Exp $
+ * @version $Id: ScepRequestMessage.java,v 1.40.2.5 2005/11/24 21:17:17 herrvendil Exp $
  */
 public class ScepRequestMessage extends PKCS10RequestMessage implements IRequestMessage, Serializable {
     static final long serialVersionUID = -235623330828902051L;
@@ -113,7 +117,7 @@
 
     /** Error text */
     private String errorText = null;
-
+    
     /** Issuer DN the message is sent to (CAs DN), contained in the 
      * request as recipientInfo.issuerAndSerialNumber in EnvelopeData part */
     private transient String issuerDN = null;
@@ -129,20 +133,27 @@
 
     /** Private key used for decryption. */
     private transient PrivateKey privateKey = null;
+    /** JCE Provider used when decrypting with private key. Default provider is BC. */
+    private transient String jceProvider = "BC";
 
     /** IssuerAndSerialNUmber for CRL request */
     private transient IssuerAndSerialNumber issuerAndSerno = null;
 
+    /** preferred digest algorithm to use in replies, if applicable */
+    private transient String preferredDigestAlg = CMSSignedDataGenerator.DIGEST_MD5;
+
     /**
-     * Constucts a new SCEP/PKCS7 message handler object.
+     * Constructs a new SCEP/PKCS7 message handler object.
      *
      * @param msg The DER encoded PKCS7 request.
+     * @param incCACert if the CA certificate should be included in the response or not
      *
      * @throws IOException if the request can not be parsed.
      */
-    public ScepRequestMessage(byte[] msg) throws IOException {
+    public ScepRequestMessage(byte[] msg, boolean incCACert) throws IOException {
         log.debug(">ScepRequestMessage");
         this.scepmsg = msg;
+        this.includeCACert = incCACert;
         init();
         log.debug("<ScepRequestMessage");
     }
@@ -150,6 +161,20 @@
     private void init() throws IOException {
         log.debug(">init");
 
+        try {
+            CMSSignedData csd = new CMSSignedData(scepmsg);
+            SignerInformationStore infoStore = csd.getSignerInfos();
+            Collection signers = infoStore.getSigners();
+            Iterator iter = signers.iterator();
+            if (iter.hasNext()) {
+            	SignerInformation si = (SignerInformation)iter.next();
+            	preferredDigestAlg = si.getDigestAlgOID();
+            	log.debug("Set "+ preferredDigestAlg+" as preferred digest algorithm for SCEP");
+            }        	
+        } catch (CMSException e) {
+        	// ignore, use default digest algo
+        	log.error("CMSException trying to get preferred digest algorithm: ", e);
+        }
         // Parse and verify the entegrity of the PKIOperation message PKCS#7
         /* If this would have been done using the newer CMS it would have made me so much happier... */
         ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(scepmsg)).readObject();
@@ -161,7 +186,7 @@
             //  pkcsGetCertInitialSigned, pkcsGetCertSigned, pkcsGetCRLSigned
             // (could also be pkcsRepSigned or certOnly, but we don't receive them on the server side
             // Try to find out what kind of message this is
-            sd = new SignedData((ASN1Sequence) ci.getContent());
+            sd = new SignedData((ASN1Sequence) ci.getContent());	
 
             // Get self signed cert to identify the senders public key
             ASN1Set certs = sd.getCertificates();
@@ -289,14 +314,14 @@
 
         while (it.hasNext()) {
             RecipientInformation recipient = (RecipientInformation) it.next();
-            decBytes = recipient.getContent(privateKey, "BC");
+            decBytes = recipient.getContent(privateKey, jceProvider);
             break;
         }
 
         DERObject derobj = new ASN1InputStream(new ByteArrayInputStream(decBytes)).readObject();
         if (messageType == ScepRequestMessage.SCEP_TYPE_PKCSREQ) {
             ASN1Sequence seq = (ASN1Sequence) derobj;
-            pkcs10 = new PKCS10CertificationRequest(seq);
+            pkcs10 = new ExtendedPKCS10CertificationRequest(seq);
             log.debug("Successfully extracted PKCS10.");
             //log.debug("Successfully extracted PKCS10:"+new String(Base64.encode(pkcs10.getEncoded())));
         }
@@ -417,6 +442,12 @@
                 ret = name; 
                 if (index > 0) {
                     ret = name.substring(0,index);        
+                } else {
+                    // Perhaps there is no space, only +
+                    index = name.indexOf('+');
+                    if (index > 0) {
+                        ret = name.substring(0, index);
+                    }            	
                 }
             }
         } catch (IOException e) {
@@ -541,13 +572,19 @@
      *
      * @param cert certificate containing the public key.
      * @param key private key.
+     * @param provider the provider to use, if the private key is on a HSM you must use a special provider. If null is given, the default BC provider is used.
      *
      * @see #requireKeyInfo()
      */
-    public void setKeyInfo(X509Certificate cert, PrivateKey key) {
+    public void setKeyInfo(X509Certificate cert, PrivateKey key, String provider) {
         // We don't need the public key 
         // this.cert = cert;
         this.privateKey = key;
+        if (provider == null) {
+        	this.jceProvider = "BC";
+        } else {
+            this.jceProvider = provider;        	
+        }
     }
 
     /**
@@ -603,6 +640,14 @@
         return messageType;
 
     }
+
+    /** @see se.anatom.ejbca.protocol.IRequestMessage
+     */
+    public String getPreferredDigestAlg() {
+    	return preferredDigestAlg;
+    }
+    
+    
 
     //
     // Private helper methods
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/protocol/ScepResponseMessage.java ./src/java/se/anatom/ejbca/protocol/ScepResponseMessage.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/protocol/ScepResponseMessage.java	Thu Aug 11 11:05:14 2005
+++ ./src/java/se/anatom/ejbca/protocol/ScepResponseMessage.java	Tue Nov  8 20:36:56 2005
@@ -52,7 +52,7 @@
 /**
  * A response message for scep (pkcs7).
  *
- * @version $Id: ScepResponseMessage.java,v 1.23.2.2 2005/08/11 09:05:14 anatom Exp $
+ * @version $Id: ScepResponseMessage.java,v 1.23.2.6 2005/11/08 19:36:56 anatom Exp $
  */
 public class ScepResponseMessage implements IResponseMessage, Serializable {
     static final long serialVersionUID = 2016710353393853878L;
@@ -89,9 +89,17 @@
     /** Certificate to be in response message, not serialized */
     private transient Certificate cert = null;
     private transient CRL crl = null;
+    /** Certificate for the signer of the response message (CA) */
     private transient X509Certificate signCert = null;
+    /** Private key used to sign the response message */
     private transient PrivateKey signKey = null;
+    /** The default provider is BC, if nothing else is specified when setting SignKeyInfo */
+    private transient String provider = "BC";
+    /** If the CA certificate should be included in the reponse or not, default to true = yes */
+    private transient boolean includeCACert = true;
 
+    /** Default digest algorithm for SCEP response message, can be overridden */
+    private transient String digestAlg = CMSSignedDataGenerator.DIGEST_MD5;
     /**
      * Sets the complete certificate in the response message.
      *
@@ -110,6 +118,13 @@
         this.crl = crl;
     }
 
+    /** @see se.anatom.ejbca.protocol.IResponseMessage#setIncludeCACert
+     * 
+     */
+    public void setIncludeCACert(boolean incCACert) {
+    	this.includeCACert = incCACert;
+    }
+
     /**
      * Gets the response message in the default encoding format.
      *
@@ -200,17 +215,18 @@
                     log.debug("Adding certificates to response message");
                     certList.add(cert);
                     // Add the CA cert, it's optional but Cisco VPN client complains if it isn't there
-                    certList.add(signCert);
+                    if (includeCACert) {
+                        certList.add(signCert);                    	
+                    }
                 }
                 CertStore certs = CertStore.getInstance("Collection",
                         new CollectionCertStoreParameters(certList), "BC");
 
                 // Create the signed CMS message to be contained inside the envelope
-                msg = new CMSProcessableByteArray("PrimeKey".getBytes());
+                // this message does not contain any message, and no signerInfo
                 CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-                gen.addSigner(signKey, signCert, CMSSignedDataGenerator.DIGEST_SHA1);
                 gen.addCertificatesAndCRLs(certs);
-                s = gen.generate(msg, true, "BC");
+                s = gen.generate(null, false, "BC");
 
                 // Envelope the CMS message
                 if (recipientKeyInfo != null) {
@@ -313,9 +329,9 @@
             }
 
             // Add our signer info and sign the message
-            gen1.addSigner(signKey, signCert, CMSSignedDataGenerator.DIGEST_SHA1,
+            gen1.addSigner(signKey, signCert, digestAlg,
                     new AttributeTable(attributes), null);
-            signedData = gen1.generate(msg, true, "BC");
+            signedData = gen1.generate(msg, true, provider);
             responseMessage = signedData.getEncoded();
             if (responseMessage != null) {
                 ret = true;
@@ -357,12 +373,16 @@
      *
      * @param cert certificate containing the public key.
      * @param key private key.
+     * @param provider the provider to use, if the private key is on a HSM you must use a special provider. If null is given, the default BC provider is used.
      *
      * @see #requireSignKeyInfo()
      */
-    public void setSignKeyInfo(X509Certificate cert, PrivateKey key) {
-        signCert = cert;
-        signKey = key;
+    public void setSignKeyInfo(X509Certificate cert, PrivateKey key, String prov) {
+        this.signCert = cert;
+        this.signKey = key;
+        if (prov != null) {
+        	this.provider = prov;
+        }
     }
 
     /**
@@ -371,10 +391,11 @@
      *
      * @param cert certificate containing the public key.
      * @param key private key.
+     * @param provider the provider to use, if the private key is on a HSM you must use a special provider. If null is given, the default BC provider is used.
      *
      * @see #requireEncKeyInfo()
      */
-    public void setEncKeyInfo(X509Certificate cert, PrivateKey key) {
+    public void setEncKeyInfo(X509Certificate cert, PrivateKey key, String provider) {
         // We don't need these.
     }
 
@@ -412,6 +433,12 @@
      */
     public void setRecipientKeyInfo(byte[] recipientKeyInfo) {
         this.recipientKeyInfo = recipientKeyInfo;
+    }
+
+    /** @see se.anatom.ejca.protocol.IResponseMessage
+     */
+    public void setPreferredDigestAlg(String digest) {
+    	this.digestAlg = digest;
     }
 
 }
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/protocol/ScepServlet.java ./src/java/se/anatom/ejbca/protocol/ScepServlet.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/protocol/ScepServlet.java	Thu Aug 11 11:06:05 2005
+++ ./src/java/se/anatom/ejbca/protocol/ScepServlet.java	Tue Nov  8 20:03:29 2005
@@ -28,6 +28,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 
 import se.anatom.ejbca.apply.RequestHelper;
@@ -63,7 +64,7 @@
  * 7. output the result as a der encoded block on stdout 
  * -----
  *
- * @version $Id: ScepServlet.java,v 1.34.2.1 2005/08/11 09:06:05 anatom Exp $
+ * @version $Id: ScepServlet.java,v 1.34.2.2 2005/11/08 19:03:29 anatom Exp $
  */
 public class ScepServlet extends HttpServlet {
     private static Logger log = Logger.getLogger(ScepServlet.class);
@@ -178,7 +179,11 @@
                 ScepPkiOpHelper helper = new ScepPkiOpHelper(administrator, signsession);
                 
                 // Read the message end get the cert, this also checksauthorization
-                byte[] reply = helper.scepCertRequest(scepmsg);
+                boolean includeCACert = true;
+                if (StringUtils.equals("0", getInitParameter("includeCACert"))) {
+                	includeCACert = false;
+                }
+                byte[] reply = helper.scepCertRequest(scepmsg, includeCACert);
                 if (reply == null) {
                     // This is probably a getCert message?
                     response.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED,
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/protocol/X509ResponseMessage.java ./src/java/se/anatom/ejbca/protocol/X509ResponseMessage.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/protocol/X509ResponseMessage.java	Mon May  2 18:18:55 2005
+++ ./src/java/se/anatom/ejbca/protocol/X509ResponseMessage.java	Tue Nov  8 20:36:56 2005
@@ -31,7 +31,7 @@
 /**
  * A response message consisting of a single X509 Certificate.
  *
- * @version $Id: X509ResponseMessage.java,v 1.18 2005/05/02 16:18:55 anatom Exp $
+ * @version $Id: X509ResponseMessage.java,v 1.18.2.3 2005/11/08 19:36:56 anatom Exp $
  */
 public class X509ResponseMessage implements IResponseMessage, Serializable {
     static final long serialVersionUID = -2157072605987735912L;
@@ -63,6 +63,13 @@
         // This message type does not contain a CRL
     }
 
+    /** @see se.anatom.ejbca.protocol.IResponseMessage#setIncludeCACert
+     * 
+     */
+    public void setIncludeCACert(boolean incCACert) {
+    	// Do nothing, not applicable
+    }
+
     /**
      * Gets the complete certificate in the response message.
      *
@@ -166,10 +173,11 @@
      *
      * @param cert certificate containing the public key.
      * @param key private key.
+     * @param provider the provider to use, if the private key is on a HSM you must use a special provider. If null is given, the default BC provider is used.
      *
      * @see #requireSignKeyInfo()
      */
-    public void setSignKeyInfo(X509Certificate cert, PrivateKey key) {
+    public void setSignKeyInfo(X509Certificate cert, PrivateKey key, String provider) {
     }
 
     /**
@@ -178,10 +186,11 @@
      *
      * @param cert certificate containing the public key.
      * @param key private key.
+     * @param provider the provider to use, if the private key is on a HSM you must use a special provider. If null is given, the default BC provider is used.
      *
      * @see #requireEncKeyInfo()
      */
-    public void setEncKeyInfo(X509Certificate cert, PrivateKey key) {
+    public void setEncKeyInfo(X509Certificate cert, PrivateKey key, String provider) {
     }
 
     /**
@@ -215,5 +224,10 @@
      * @param recipientKeyInfo key info
      */
     public void setRecipientKeyInfo(byte[] recipientKeyInfo) {
+    }
+    
+    /** @see se.anatom.ejca.protocol.IResponseMessage
+     */
+    public void setPreferredDigestAlg(String digest) {
     }
 }
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ra/LocalUserAdminSessionBean.java ./src/java/se/anatom/ejbca/ra/LocalUserAdminSessionBean.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ra/LocalUserAdminSessionBean.java	Tue May 10 13:51:26 2005
+++ ./src/java/se/anatom/ejbca/ra/LocalUserAdminSessionBean.java	Sat Sep 17 16:36:40 2005
@@ -72,7 +72,7 @@
  * Administrates users in the database using UserData Entity Bean.
  * Uses JNDI name for datasource as defined in env 'Datasource' in ejb-jar.xml.
  *
- * @version $Id: LocalUserAdminSessionBean.java,v 1.100 2005/05/10 11:51:26 herrvendil Exp $
+ * @version $Id: LocalUserAdminSessionBean.java,v 1.100.2.1 2005/09/17 14:36:40 anatom Exp $
  * @ejb.bean
  *   display-name="UserAdminSB"
  *   name="UserAdminSession"
@@ -432,7 +432,7 @@
                         tokentype, hardwaretokenissuerid, caid);
             } catch (UserDoesntFullfillEndEntityProfile udfp) {
                 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, "Userdata didn'nt fullfill end entity profile. + " + udfp.getMessage());
-                throw new UserDoesntFullfillEndEntityProfile(udfp.getMessage());
+                throw udfp;
             }
             // Check if administrator is authorized to edit user.
             if (!authorizedToEndEntityProfile(admin, endentityprofileid, AvailableAccessRules.EDIT_RIGHTS)) {
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ra/raadmin/DNFieldExtractor.java ./src/java/se/anatom/ejbca/ra/raadmin/DNFieldExtractor.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ra/raadmin/DNFieldExtractor.java	Mon May  9 21:51:19 2005
+++ ./src/java/se/anatom/ejbca/ra/raadmin/DNFieldExtractor.java	Sat Sep 17 16:36:40 2005
@@ -25,7 +25,7 @@
  * strings.
  *
  * @author Philip Vendil
- * @version $Id: DNFieldExtractor.java,v 1.21 2005/05/09 19:51:19 anatom Exp $
+ * @version $Id: DNFieldExtractor.java,v 1.21.2.1 2005/09/17 14:36:40 anatom Exp $
  */
 public class DNFieldExtractor implements java.io.Serializable {
     private static Logger log = Logger.getLogger(DNFieldExtractor.class);
@@ -67,7 +67,7 @@
     public static final int NUMBEROFFIELDS = 27;
     public static final String[] SUBJECTDNFIELDS = {
         "E=", "UID=", "CN=", "SN=", "GIVENNAME=", "INITIALS=", "SURNAME=", "T=", "OU=", "O=", "L=",
-        "ST=", "DC=", "C=", "1.2.840.113549.1.9.8=", "1.2.840.113549.1.9.2="
+        "ST=", "DC=", "C=", "UNSTRUCTUREDADDRESS=", "UNSTRUCTUREDNAME="
     };
     
     public static final String[] SUBJECTALTNAME = {
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/ra/raadmin/EndEntityProfile.java ./src/java/se/anatom/ejbca/ra/raadmin/EndEntityProfile.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/ra/raadmin/EndEntityProfile.java	Fri Jul 22 11:19:43 2005
+++ ./src/java/se/anatom/ejbca/ra/raadmin/EndEntityProfile.java	Thu Nov 17 21:44:24 2005
@@ -13,11 +13,11 @@
  
 package se.anatom.ejbca.ra.raadmin;
 
-import java.util.HashMap;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collections;
 import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.Iterator;
 
 import org.apache.log4j.Logger;
@@ -31,7 +31,7 @@
  * of ejbca web interface.
  *
  * @author  Philip Vendil
- * @version $Id: EndEntityProfile.java,v 1.31.2.1 2005/07/22 09:19:43 anatom Exp $
+ * @version $Id: EndEntityProfile.java,v 1.31.2.2 2005/11/17 20:44:24 herrvendil Exp $
  */
 public class EndEntityProfile extends UpgradeableDataHashMap implements java.io.Serializable, Cloneable {
 
@@ -247,7 +247,7 @@
         }
 
         // Remove from order list.
-        if(parameter >= OLDDNE && parameter <= COUNTRY){
+        if((parameter >= OLDDNE && parameter <= COUNTRY) || parameter == UNSTRUCTUREDADDRESS || parameter == UNSTRUCTUREDNAME){
           ArrayList fieldorder = (ArrayList) data.get(SUBJECTDNFIELDORDER);
           int value = (NUMBERBOUNDRARY*parameter) + number;
           for(int i=0; i < fieldorder.size(); i++){
@@ -258,7 +258,7 @@
           }
         }
 
-        if((parameter >= RFC822NAME && parameter <= REGISTEREDID) || parameter == UPN || parameter == UNSTRUCTUREDADDRESS || parameter == UNSTRUCTUREDNAME || parameter == GUID){
+        if((parameter >= RFC822NAME && parameter <= REGISTEREDID) || parameter == UPN || parameter == GUID){
           ArrayList fieldorder = (ArrayList) data.get(SUBJECTALTNAMEFIELDORDER);
           int value = (NUMBERBOUNDRARY*parameter) + number;
           for(int i=0; i < fieldorder.size(); i++){
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/samples/HttpGetCert.java ./src/java/se/anatom/ejbca/samples/HttpGetCert.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/samples/HttpGetCert.java	Thu May 12 15:17:49 2005
+++ ./src/java/se/anatom/ejbca/samples/HttpGetCert.java	Thu Nov 24 22:24:39 2005
@@ -26,8 +26,8 @@
 import org.apache.log4j.BasicConfigurator;
 import org.apache.log4j.Logger;
 import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.jce.PKCS10CertificationRequest;
 
+import se.anatom.ejbca.common.ExtendedPKCS10CertificationRequest;
 import se.anatom.ejbca.util.Base64;
 import se.anatom.ejbca.util.CertTools;
 import se.anatom.ejbca.util.KeyTools;
@@ -58,7 +58,7 @@
  * </li>
  * </ul>
  *
- * @version $Id: HttpGetCert.java,v 1.18 2005/05/12 13:17:49 anatom Exp $
+ * @version $Id: HttpGetCert.java,v 1.18.2.1 2005/11/24 21:24:39 herrvendil Exp $
  */
 public class HttpGetCert {
     private static Logger log = Logger.getLogger(HttpGetCert.class);
@@ -253,7 +253,7 @@
         System.out.println("Keys generated.");
 
         // Generate PKCS10 certificate request
-        PKCS10CertificationRequest req = new PKCS10CertificationRequest("SHA1WithRSA",
+        ExtendedPKCS10CertificationRequest req = new ExtendedPKCS10CertificationRequest("SHA1WithRSA",
                 CertTools.stringToBcX509Name("C=SE,O=AnaTom,CN=HttpTest"), rsaKeys.getPublic(),
                 null, rsaKeys.getPrivate());
         ByteArrayOutputStream bOut = new ByteArrayOutputStream();
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/util/CertTools.java ./src/java/se/anatom/ejbca/util/CertTools.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/util/CertTools.java	Tue Aug  2 13:38:10 2005
+++ ./src/java/se/anatom/ejbca/util/CertTools.java	Thu Nov 17 21:42:01 2005
@@ -74,7 +74,7 @@
 /**
  * Tools to handle common certificate operations.
  *
- * @version $Id: CertTools.java,v 1.76.2.2 2005/08/02 11:38:10 anatom Exp $
+ * @version $Id: CertTools.java,v 1.76.2.4 2005/11/17 20:42:01 herrvendil Exp $
  */
 public class CertTools {
     private static Logger log = Logger.getLogger(CertTools.class);
@@ -252,6 +252,32 @@
     }
 
     /**
+     * Search for e-mail address, first in SubjectAltName (as in PKIX
+     * recomandation) then in subject DN.
+     * Marco Ferrante, (c) 2005 CSITA - University of Genoa (Italy)
+     * 
+     * @param certificate
+     * @return subject email or null if not present in certificate
+     * @throws java.lang.Exception
+     */
+    public static String getEMailAddress(X509Certificate certificate) throws Exception {
+        log.debug("Searching for EMail Address in SubjectAltName");
+        if (certificate.getSubjectAlternativeNames() != null) {
+            java.util.Collection altNames = certificate.getSubjectAlternativeNames();
+            Iterator iter = altNames.iterator();
+            while (iter.hasNext()) {
+                java.util.List item = (java.util.List)iter.next();
+                Integer type = (Integer)item.get(0);
+                if (type.intValue() == 1) {
+                    return (String)item.get(1);
+                }
+            }
+        }
+        log.debug("Searching for EMail Address in Subject DN");
+        return CertTools.getEmailFromDN(certificate.getSubjectDN().getName());
+    }
+    
+    /**
      * Convenience method for getting an email address from a DN. Uses {@link
      * getPartFromDN(String,String)} internally, and searches for {@link EMAIL}, {@link EMAIL1},
      * {@link EMAIL2}, {@link EMAIL3} and returns the first one found.
@@ -966,31 +992,6 @@
     }
 
 	/**
-	 * Search for e-mail address, first in SubjectAltName (as in PKIX
-	 * recomandation) then in subject DN.
-	 * Marco Ferrante, (c) 2005 CSITA - University of Genoa (Italy)
-	 * 
-	 * @param certificate
-	 * @return subject email or null if not present in certificate
-	 * @throws java.lang.Exception
-	 */
-	public static String getEMailAddress(X509Certificate certificate) throws Exception {
-		log.debug("Searching for EMail Address in SubjectAltName");
-		if (certificate.getSubjectAlternativeNames() != null) {
-			java.util.Collection altNames = certificate.getSubjectAlternativeNames();
-			for (java.util.Iterator i = altNames.iterator(); i.hasNext(); ) {
-				java.util.List item = (java.util.List)altNames.iterator().next();
-				Integer type = (Integer)item.get(0);
-				if (type.intValue() == 1) {
-					return (String)item.get(1);
-				}
-			}
-		}
-		log.debug("Searching for EMail Address in Subject DN");
-		return CertTools.getEmailFromDN(certificate.getSubjectDN().getName());
-	}
-	
-	/**
 	 * Check the certificate with CA certificate.
 	 *
 	 * @param certificate cert to verify
@@ -1223,14 +1224,27 @@
      * @return the new DN
      */
     public static String insertCNPostfix(String dn, String cnpostfix){
-      String newdn = dn;
+      String newdn = null;
       
-      String cn = CertTools.getPartFromDN(dn,"cn");
-      if(cn != null){
-      	String newcn = cn + cnpostfix;
-      	newdn = dn.replaceFirst(cn,newcn);
+      if ((dn != null) && (cnpostfix != null)) {
+          String o;          
+          X509NameTokenizer xt = new X509NameTokenizer(dn);
+          boolean alreadyreplaced = false;
+          while (xt.hasMoreTokens()) {
+              o = xt.nextToken();             
+              if (!alreadyreplaced && (o.length() > 3) &&
+                      o.substring(0, 3).equalsIgnoreCase("cn=")) {
+                  o += cnpostfix;     
+                  alreadyreplaced = true;
+              }
+              if(newdn==null){
+            	  newdn=o;
+              }else{	  
+                newdn += "," + o;
+              }  
+          }
       }
-      
+ 
       return newdn;
     }
     
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/util/JDBCUtil.java ./src/java/se/anatom/ejbca/util/JDBCUtil.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/util/JDBCUtil.java	Fri Apr 29 12:33:55 2005
+++ ./src/java/se/anatom/ejbca/util/JDBCUtil.java	Mon Sep 19 15:08:31 2005
@@ -30,7 +30,7 @@
  * stress conditions, or simply exhaust database resources, so it is better to have some
  * warning than nothing at all.
  *
- * @version $Id: JDBCUtil.java,v 1.5 2005/04/29 10:33:55 anatom Exp $
+ * @version $Id: JDBCUtil.java,v 1.5.2.1 2005/09/19 13:08:31 anatom Exp $
  */
 public class JDBCUtil {
 
@@ -117,9 +117,27 @@
      * @param rs  the result set to close (can be null)
      */
     public static void close(Connection con, PreparedStatement ps, ResultSet rs) {
-        close(con);
-        close(ps);
         close(rs);
+        close(ps);
+        close(con);
+    }
+    /**
+     * Check if a certain column exists in the database.
+     * @param con the connection to use, not closed by this method
+     * @param table the table where the column perhaps exists
+     * @param col the name of the column to check for
+     * @return true if the column exists, falst if not (the database throws an SQLException)
+     */
+    public static boolean columnExists(Connection con, String table, String col) {
+        PreparedStatement st = null;
+        try {
+            st = con.prepareStatement("select "+col+" from "+table+" where 1=0");
+            st.executeQuery();
+            return true;
+        } catch (SQLException e) {
+            return false;
+        } finally {
+            JDBCUtil.close(st);
+        }
     }
-
 }
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/webdist/cainterface/CACertReqServlet.java ./src/java/se/anatom/ejbca/webdist/cainterface/CACertReqServlet.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/webdist/cainterface/CACertReqServlet.java	Fri May 13 08:51:42 2005
+++ ./src/java/se/anatom/ejbca/webdist/cainterface/CACertReqServlet.java	Thu Nov 24 22:17:17 2005
@@ -26,11 +26,11 @@
 
 import org.apache.log4j.Logger;
 import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.jce.PKCS10CertificationRequest;
 
 import se.anatom.ejbca.apply.RequestHelper;
 import se.anatom.ejbca.ca.sign.ISignSessionLocal;
 import se.anatom.ejbca.ca.sign.ISignSessionLocalHome;
+import se.anatom.ejbca.common.ExtendedPKCS10CertificationRequest;
 import se.anatom.ejbca.util.ServiceLocator;
 import se.anatom.ejbca.webdist.ServletUtils;
 import se.anatom.ejbca.webdist.webconfiguration.EjbcaWebBean;
@@ -44,7 +44,7 @@
  * <ul>
  * <li>crl - gets the latest CRL.
  *
- * @version $Id: CACertReqServlet.java,v 1.10 2005/05/13 06:51:42 anatom Exp $
+ * @version $Id: CACertReqServlet.java,v 1.10.2.1 2005/11/24 21:17:17 herrvendil Exp $
  * 
  * @web.servlet name = "CACertReq"
  *              display-name = "CACertReqServlet"
@@ -149,7 +149,7 @@
         if (command.equalsIgnoreCase(COMMAND_CERTREQ)) {
             try {
                 
-                PKCS10CertificationRequest pkcs10request = cabean.getPKCS10RequestData();
+            	ExtendedPKCS10CertificationRequest pkcs10request = cabean.getPKCS10RequestData();
 				ByteArrayOutputStream bOut = new ByteArrayOutputStream();
 				DEROutputStream dOut = new DEROutputStream(bOut);
 				dOut.writeObject(pkcs10request);
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/webdist/cainterface/CADataHandler.java ./src/java/se/anatom/ejbca/webdist/cainterface/CADataHandler.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/webdist/cainterface/CADataHandler.java	Fri Apr 29 12:34:01 2005
+++ ./src/java/se/anatom/ejbca/webdist/cainterface/CADataHandler.java	Thu Nov 24 22:17:17 2005
@@ -22,8 +22,6 @@
 import java.util.HashMap;
 import java.util.Iterator;
 
-import org.bouncycastle.jce.PKCS10CertificationRequest;
-
 import se.anatom.ejbca.authorization.AuthorizationDeniedException;
 import se.anatom.ejbca.authorization.IAuthorizationSessionLocal;
 import se.anatom.ejbca.ca.caadmin.CAInfo;
@@ -39,6 +37,7 @@
 import se.anatom.ejbca.ca.store.CertificateDataBean;
 import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocal;
 import se.anatom.ejbca.ca.store.certificateprofiles.CertificateProfile;
+import se.anatom.ejbca.common.ExtendedPKCS10CertificationRequest;
 import se.anatom.ejbca.exception.EjbcaException;
 import se.anatom.ejbca.log.Admin;
 import se.anatom.ejbca.protocol.IRequestMessage;
@@ -157,7 +156,7 @@
   /**
    *  @see se.anatom.ejbca.ca.caadmin.ICAAdminSessionLocal
    */  
-  public PKCS10CertificationRequest  makeRequest(int caid, Collection cachain, boolean setstatustowaiting) throws CADoesntExistsException, AuthorizationDeniedException, CertPathValidatorException, CATokenOfflineException{
+  public ExtendedPKCS10CertificationRequest  makeRequest(int caid, Collection cachain, boolean setstatustowaiting) throws CADoesntExistsException, AuthorizationDeniedException, CertPathValidatorException, CATokenOfflineException{
   	
 	  PKCS10RequestMessage result = (PKCS10RequestMessage) caadminsession.makeRequest(administrator, caid,cachain,setstatustowaiting);
 	  return result.getCertificationRequest();    
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/webdist/cainterface/CAInterfaceBean.java ./src/java/se/anatom/ejbca/webdist/cainterface/CAInterfaceBean.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/webdist/cainterface/CAInterfaceBean.java	Mon May  9 17:34:28 2005
+++ ./src/java/se/anatom/ejbca/webdist/cainterface/CAInterfaceBean.java	Thu Nov 24 22:17:17 2005
@@ -18,8 +18,11 @@
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.Collection;
+import java.util.Collections;
+import java.util.Comparator;
 import java.util.HashMap;
 import java.util.Iterator;
+import java.util.List;
 import java.util.TreeMap;
 
 import javax.ejb.CreateException;
@@ -28,15 +31,14 @@
 import javax.servlet.http.HttpServletRequest;
 
 import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.jce.PKCS10CertificationRequest;
 
-import se.anatom.ejbca.ca.crl.ICreateCRLSessionHome;
 import se.anatom.ejbca.apply.RequestHelper;
 import se.anatom.ejbca.authorization.IAuthorizationSessionLocal;
 import se.anatom.ejbca.authorization.IAuthorizationSessionLocalHome;
 import se.anatom.ejbca.ca.caadmin.CAInfo;
 import se.anatom.ejbca.ca.caadmin.ICAAdminSessionLocal;
 import se.anatom.ejbca.ca.caadmin.ICAAdminSessionLocalHome;
+import se.anatom.ejbca.ca.crl.ICreateCRLSessionHome;
 import se.anatom.ejbca.ca.crl.RevokedCertInfo;
 import se.anatom.ejbca.ca.publisher.IPublisherSessionLocal;
 import se.anatom.ejbca.ca.publisher.IPublisherSessionLocalHome;
@@ -48,6 +50,7 @@
 import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocal;
 import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocalHome;
 import se.anatom.ejbca.ca.store.certificateprofiles.CertificateProfile;
+import se.anatom.ejbca.common.ExtendedPKCS10CertificationRequest;
 import se.anatom.ejbca.hardtoken.IHardTokenSessionLocal;
 import se.anatom.ejbca.hardtoken.IHardTokenSessionLocalHome;
 import se.anatom.ejbca.log.Admin;
@@ -68,7 +71,7 @@
  * A class used as an interface between CA jsp pages and CA ejbca functions.
  *
  * @author  Philip Vendil
- * @version $Id: CAInterfaceBean.java,v 1.30 2005/05/09 15:34:28 anatom Exp $
+ * @version $Id: CAInterfaceBean.java,v 1.30.2.3 2005/11/24 21:17:17 herrvendil Exp $
  */
 public class CAInterfaceBean implements java.io.Serializable {
 
@@ -276,11 +279,11 @@
     	return this.cainfo;
     }
     
-	public void savePKCS10RequestData(PKCS10CertificationRequest request){
+	public void savePKCS10RequestData(ExtendedPKCS10CertificationRequest request){
 		this.request = request;
 	}
     
-	public PKCS10CertificationRequest getPKCS10RequestData(){
+	public ExtendedPKCS10CertificationRequest getPKCS10RequestData(){
 		return this.request;
 	}    
 	
@@ -341,8 +344,31 @@
 	  	returnval = "CERTPROFILENOTFOUND";
 	  }	  
 	}
-	return returnval;
-}
+	return returnval; 
+   }
+   
+   /** Class used to sort CertReq History by users modfifytime, with latest first*/
+   private class CertReqUserCreateComparator implements Comparator{
+
+	public int compare(Object arg0, Object arg1) {		
+		return 0 - (((CertReqHistory) arg0).getUserDataVO().getTimeModified().compareTo(
+				      ((CertReqHistory) arg1).getUserDataVO().getTimeModified()));
+	}
+	   
+   }
+   
+   /**
+    * Returns a List of CertReqHistUserData from the certreqhist database in an collection sorted by timestamp.
+    * 
+    */
+   public List getCertReqUserDatas(String username){
+	   List history = this.certificatesession.getCertReqHistory(administrator, username);
+	   
+	   // Sort it by timestamp, newest first;
+	   Collections.sort(history, new CertReqUserCreateComparator());
+	   	   
+	   return history;
+   }
     
     // Private methods
 
@@ -362,7 +388,7 @@
     private Admin                              administrator;
     private InformationMemory                  informationmemory;
     private CAInfo                                      cainfo;
-    private PKCS10CertificationRequest       request;
+    private ExtendedPKCS10CertificationRequest       request;
     private Certificate	                             processedcert;
     
 }
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/webdist/hardtokeninterface/EditHardTokenProfileJSPHelper.java ./src/java/se/anatom/ejbca/webdist/hardtokeninterface/EditHardTokenProfileJSPHelper.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/webdist/hardtokeninterface/EditHardTokenProfileJSPHelper.java	Tue May 24 11:33:59 2005
+++ ./src/java/se/anatom/ejbca/webdist/hardtokeninterface/EditHardTokenProfileJSPHelper.java	Thu Nov 17 21:43:56 2005
@@ -41,7 +41,7 @@
  * Contains help methods used to parse a hard token profile jsp page requests.
  *
  * @author  Philip Vendil
- * @version $Id: EditHardTokenProfileJSPHelper.java,v 1.10 2005/05/24 09:33:59 herrvendil Exp $
+ * @version $Id: EditHardTokenProfileJSPHelper.java,v 1.10.2.1 2005/11/17 20:43:56 herrvendil Exp $
  */
 public class EditHardTokenProfileJSPHelper implements java.io.Serializable {
 	
@@ -238,7 +238,9 @@
 			 if(profile != null){
 			   if(!profile.trim().equals("")){          
 				 try{
-				   handler.addHardTokenProfile(profile.trim(), new SwedishEIDProfile());
+				   if(!handler.addHardTokenProfile(profile.trim(), new SwedishEIDProfile())){
+					  profilemalformed = true;  
+				   }
 				 }catch( HardTokenProfileExistsException e){
 				   hardtokenprofileexists=true;
 				 }             
@@ -448,7 +450,9 @@
 
              				 				 
 				 if(request.getParameter(BUTTON_SAVE) != null){
-				   handler.changeHardTokenProfile(profile,profiledata);					
+				   if(!handler.changeHardTokenProfile(profile,profiledata)){
+					   profilemalformed = true;					
+				   }
 				   includefile=PAGE_HARDTOKENPROFILES;
 				 }				 
 				 if(request.getParameter(BUTTON_UPLOADENVELOPETEMP) != null){
@@ -601,6 +605,7 @@
     private HardTokenInterfaceBean hardtokenbean;
     private boolean initialized=false;
 	public boolean  hardtokenprofileexists       = false;
+	public boolean  profilemalformed       = false;
 	public boolean  hardtokenprofiledeletefailed = false;
     public boolean  issuperadministrator = false;
     public boolean  fileuploadsuccess = false;
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/webdist/hardtokeninterface/HardTokenProfileDataHandler.java ./src/java/se/anatom/ejbca/webdist/hardtokeninterface/HardTokenProfileDataHandler.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/webdist/hardtokeninterface/HardTokenProfileDataHandler.java	Thu May 19 08:16:07 2005
+++ ./src/java/se/anatom/ejbca/webdist/hardtokeninterface/HardTokenProfileDataHandler.java	Fri Nov 18 13:15:41 2005
@@ -31,6 +31,7 @@
  * A class handling the hardtoken profile data.
  *
  * @author  TomSelleck
+ * @version $Id: HardTokenProfileDataHandler.java,v 1.8.2.2 2005/11/18 12:15:41 anatom Exp $
  */
 public class HardTokenProfileDataHandler implements Serializable {
 
@@ -47,22 +48,43 @@
        this.info = info;       
     }
     
-       /** Method to add a hard token profile. Throws HardTokenProfileExitsException if profile already exists  */
-    public void addHardTokenProfile(String name, HardTokenProfile profile) throws HardTokenProfileExistsException, AuthorizationDeniedException {
+       /** Method to add a hard token profile. 
+        * 
+        * @return false, if the profile have a bad XML encoding.
+        * @throws HardTokenProfileExitsException if profile already exists  */
+    public boolean addHardTokenProfile(String name, HardTokenProfile profile) throws HardTokenProfileExistsException, AuthorizationDeniedException {
+      boolean success = false;
       if(authorizedToProfile(profile, true)){
-        hardtokensession.addHardTokenProfile(administrator, name, profile);
-        this.info.hardTokenDataEdited();
+    	if(checkXMLEncoding(profile)){
+          hardtokensession.addHardTokenProfile(administrator, name, profile);
+          this.info.hardTokenDataEdited();
+          success=true;
+    	}  
+         
       }else
-        throw new AuthorizationDeniedException("Not authorized to add hard token profile");  
+        throw new AuthorizationDeniedException("Not authorized to add hard token profile");
+      
+      return success;
     }    
 
-       /** Method to change a hard token profile. */     
-    public void changeHardTokenProfile(String name, HardTokenProfile profile) throws AuthorizationDeniedException{
-      if(authorizedToProfile(profile, true)){ 
-        hardtokensession.changeHardTokenProfile(administrator, name,profile);   
-		this.info.hardTokenDataEdited();
+
+
+	/** Method to change a hard token profile. 
+        * 
+        * @return false, if the profile have a bad XML encoding.
+        * */     
+    public boolean changeHardTokenProfile(String name, HardTokenProfile profile) throws AuthorizationDeniedException{
+        boolean success = false;
+      if(authorizedToProfile(profile, true)){
+    	  if(checkXMLEncoding(profile)){   	  
+    		  hardtokensession.changeHardTokenProfile(administrator, name,profile);   
+    		  this.info.hardTokenDataEdited();
+    		  success=true;
+    	  } 
       }else
-        throw new AuthorizationDeniedException("Not authorized to edit hard token profile");      
+        throw new AuthorizationDeniedException("Not authorized to edit hard token profile");
+      
+      return success;
     }
     
     /** Method to remove a hard token profile, returns true if deletion failed.*/ 
@@ -174,6 +196,35 @@
       return returnval;  
     }    
    
+    /**
+     * Method that test to XML encode and decode a profile.
+     * @param profile 
+     * @return false if something went wrong in the encoding process.
+     */
+    private boolean checkXMLEncoding(HardTokenProfile profile) {
+        boolean success = false;
+        try{
+    	
+		  java.io.ByteArrayOutputStream baos = new java.io.ByteArrayOutputStream();
+
+		  java.beans.XMLEncoder encoder = new java.beans.XMLEncoder(baos);
+		  encoder.writeObject(profile.saveData());
+		  encoder.close();
+          String data = baos.toString("UTF8");
+		  java.beans.XMLDecoder decoder =
+				new java.beans.XMLDecoder(
+						new java.io.ByteArrayInputStream(data.getBytes("UTF8")));
+		  decoder.readObject();
+		  decoder.close();
+		  
+		  success = true;
+		} catch (Exception e) {
+          success = false;  
+		}
+
+		return success;
+	}
+    
     private IHardTokenSessionLocal         hardtokensession; 
     private Admin                          administrator;
     private IAuthorizationSessionLocal     authorizationsession;
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/webdist/rainterface/CertificateView.java ./src/java/se/anatom/ejbca/webdist/rainterface/CertificateView.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/webdist/rainterface/CertificateView.java	Mon May  9 17:34:35 2005
+++ ./src/java/se/anatom/ejbca/webdist/rainterface/CertificateView.java	Thu Nov 24 22:18:00 2005
@@ -27,11 +27,11 @@
 import java.util.Iterator;
 import java.util.List;
 
-
 import se.anatom.ejbca.ca.store.certificateprofiles.CertificateProfile;
 import se.anatom.ejbca.ra.raadmin.DNFieldExtractor;
 import se.anatom.ejbca.util.CertTools;
 import se.anatom.ejbca.util.Hex;
+import se.anatom.ejbca.webdist.webconfiguration.EjbcaWebBean;
 
 
 /**
@@ -39,7 +39,7 @@
  * by JSP pages.
  *
  * @author  Philip Vendil
- * @version $Id: CertificateView.java,v 1.19 2005/05/09 15:34:35 anatom Exp $
+ * @version $Id: CertificateView.java,v 1.19.2.1 2005/11/24 21:18:00 herrvendil Exp $
  */
 public class CertificateView implements java.io.Serializable {
 
@@ -208,8 +208,17 @@
       return returnval; 
     }
 
-    public String getBasicConstraints() {
-      return Integer.toString(certificate.getBasicConstraints());
+    public String getBasicConstraints(EjbcaWebBean ejbcawebbean) {
+    	String retval = ejbcawebbean.getText("ENDENTITY");
+    	if(certificate.getBasicConstraints() != -1){                	
+       	    if(certificate.getBasicConstraints() == Integer.MAX_VALUE){
+                retval = ejbcawebbean.getText("CANOLIMIT");
+       	    }else{
+               retval = ejbcawebbean.getText("CAPATHLENGTH") + " : " + certificate.getBasicConstraints();                    	 
+            }
+       }
+    	
+      return retval;
     }
 
     public String getSignature() {
diff -urN ../../312/ejbca/src/java/se/anatom/ejbca/webdist/rainterface/ViewEndEntityHelper.java ./src/java/se/anatom/ejbca/webdist/rainterface/ViewEndEntityHelper.java
--- ../../312/ejbca/src/java/se/anatom/ejbca/webdist/rainterface/ViewEndEntityHelper.java	Thu Jan  1 01:00:00 1970
+++ ./src/java/se/anatom/ejbca/webdist/rainterface/ViewEndEntityHelper.java	Fri Nov 18 13:17:20 2005
@@ -0,0 +1,249 @@
+/*************************************************************************
+ *                                                                       *
+ *  EJBCA: The OpenSource Certificate Authority                          *
+ *                                                                       *
+ *  This software is free software; you can redistribute it and/or       *
+ *  modify it under the terms of the GNU Lesser General Public           *
+ *  License as published by the Free Software Foundation; either         *
+ *  version 2.1 of the License, or any later version.                    *
+ *                                                                       *
+ *  See terms of license at gnu.org.                                     *
+ *                                                                       *
+ *************************************************************************/
+
+package se.anatom.ejbca.webdist.rainterface;
+
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.TreeMap;
+
+import javax.servlet.http.HttpServletRequest;
+
+import se.anatom.ejbca.authorization.AuthorizationDeniedException;
+import se.anatom.ejbca.ca.store.CertReqHistory;
+import se.anatom.ejbca.ra.UserDataConstants;
+import se.anatom.ejbca.ra.raadmin.EndEntityProfile;
+import se.anatom.ejbca.webdist.cainterface.CAInterfaceBean;
+import se.anatom.ejbca.webdist.webconfiguration.EjbcaWebBean;
+
+
+/**
+ * Helper class for the View End Entity Page, parses the request and performs apporiate actions.
+ * 
+ * @author Philip Vendil
+ * @version $Id: ViewEndEntityHelper.java,v 1.1.2.4 2005/11/18 12:17:20 anatom Exp $
+ */
+
+public class ViewEndEntityHelper implements java.io.Serializable{
+
+	
+	public static final String USER_PARAMETER                = "username";
+	public static final String TIMESTAMP_PARAMETER           = "timestamp";
+	
+	public static final String BUTTON_CLOSE                  = "buttonclose";
+	public static final String BUTTON_PREVIOUS               = "buttonprevious";
+	public static final String BUTTON_NEXT                   = "buttonnext";
+	
+	public static final String ACTION                        = "action";
+	public static final String ACTION_PAGE                   = "actionpage";
+	
+	public static final String HIDDEN_USERNAME               = "hiddenusername";
+	public static final String HIDDEN_INDEX                  = "hiddenindex";
+	
+	public static final String CHECKBOX_CLEARTEXTPASSWORD          = "checkboxcleartextpassword";
+	public static final String CHECKBOX_ADMINISTRATOR              = "checkboxadministrator";
+	public static final String CHECKBOX_KEYRECOVERABLE             = "checkboxkeyrecoverable";
+	public static final String CHECKBOX_SENDNOTIFICATION           = "checkboxsendnotification";
+	
+	public static final String CHECKBOX_VALUE             = "true";
+
+	public static final  String[] subjectfieldtexts = {"","","", "OLDEMAILDN2", "UID", "COMMONNAME", "SERIALNUMBER1", 
+        "GIVENNAME2", "INITIALS", "SURNAME","TITLE","ORGANIZATIONUNIT","ORGANIZATION",
+        "LOCALE","STATE","DOMAINCOMPONENT","COUNTRY",
+        "RFC822NAME", "DNSNAME", "IPADDRESS", "OTHERNAME", "UNIFORMRESOURCEID", "X400ADDRESS", "DIRECTORYNAME",
+        "EDIPARTNAME", "REGISTEREDID","","","","","","","","","","","UPN", "", "", "UNSTRUCTUREDADDRESS", "UNSTRUCTUREDNAME","GUID"};
+	
+	public static final   int[] statusids            = {UserDataConstants.STATUS_NEW ,UserDataConstants.STATUS_FAILED, UserDataConstants.STATUS_INITIALIZED, UserDataConstants.STATUS_INPROCESS
+        , UserDataConstants.STATUS_GENERATED, UserDataConstants.STATUS_REVOKED , UserDataConstants.STATUS_HISTORICAL, UserDataConstants.STATUS_KEYRECOVERY};
+	
+	public static final   String[] statustexts         = {"STATUSNEW", "STATUSFAILED", "STATUSINITIALIZED", "STATUSINPROCESS", "STATUSGENERATED", "STATUSREVOKED", "STATUSHISTORICAL", "STATUSKEYRECOVERY"};
+	
+	public static final int columnwidth = 200;
+	
+	public boolean nouserparameter          = true;
+	public boolean notauthorized            = false;	
+	public boolean profilenotfound          = true;
+
+	public UserView   userdata = null;
+	public UserView[] userdatas = null;
+	public String   username = null;
+	public EndEntityProfile  profile  = null;
+	public int[]  fielddata  = null;
+	public String fieldvalue = null;
+	
+	public int row = 0;
+	
+	public int currentuserindex = 0;
+	
+	public String[] tokentexts = RAInterfaceBean.tokentexts;
+	public int[] tokenids = RAInterfaceBean.tokenids;
+	   
+	private boolean initialized;
+
+	private RAInterfaceBean rabean;
+	private EjbcaWebBean ejbcawebbean;
+	private CAInterfaceBean cabean;
+	private String currentusername=null;
+	
+	
+	   // Public methods.
+    /**
+     * Method that initialized the bean.
+     *
+     * @param request is a reference to the http request.
+     */
+    public void initialize(EjbcaWebBean ejbcawebbean,  
+    		               RAInterfaceBean rabean, CAInterfaceBean cabean) throws  Exception{
+
+      if(!initialized){
+
+        this.rabean = rabean;
+        this.ejbcawebbean = ejbcawebbean;
+        this.cabean = cabean;
+        initialized = true;
+        
+        if(ejbcawebbean.getGlobalConfiguration().getIssueHardwareTokens()){
+            TreeMap hardtokenprofiles = ejbcawebbean.getInformationMemory().getHardTokenProfiles();
+
+            tokentexts = new String[RAInterfaceBean.tokentexts.length + hardtokenprofiles.keySet().size()];
+            tokenids   = new int[tokentexts.length];
+            for(int i=0; i < RAInterfaceBean.tokentexts.length; i++){
+              tokentexts[i]= RAInterfaceBean.tokentexts[i];
+              tokenids[i] = RAInterfaceBean.tokenids[i];
+            }
+            Iterator iter = hardtokenprofiles.keySet().iterator();
+            int index=0;
+            while(iter.hasNext()){       
+              String name = (String) iter.next();
+              tokentexts[index+RAInterfaceBean.tokentexts.length]= name;
+              tokenids[index+RAInterfaceBean.tokentexts.length] = ((Integer) hardtokenprofiles.get(name)).intValue();
+              index++;
+            }
+         }
+		
+      }
+    }
+    
+    public void parseRequest(HttpServletRequest request) throws AuthorizationDeniedException, Exception{
+    	  nouserparameter=true;
+    	  notauthorized = false;
+    	  profilenotfound = true;
+    	  
+    	  String action = request.getParameter(ACTION);
+    	  if( action == null  && request.getParameter(TIMESTAMP_PARAMETER) != null &&  request.getParameter(USER_PARAMETER) != null){    		  
+    		  username = java.net.URLDecoder.decode(request.getParameter(USER_PARAMETER),"UTF-8");
+    		  Date timestamp = new Date(Long.parseLong(request.getParameter(TIMESTAMP_PARAMETER)));
+    		      		      		  
+    	      notauthorized = !getUserDatas(username);    			    	      
+    	      currentuserindex = this.getTimeStampIndex(timestamp);
+    	      
+    		  nouserparameter = false;
+    		  if(userdata!=null)
+    			  profile = rabean.getEndEntityProfile(userdata.getEndEntityProfileId());
+    	  }else{ 
+    		  if(action  == null && request.getParameter(USER_PARAMETER) != null){    		  
+    			  username = java.net.URLDecoder.decode(request.getParameter(USER_PARAMETER),"UTF-8");
+    			
+    			  notauthorized = !getUserDatas(username);
+    			  userdata = userdatas[0];
+    			  currentuserindex = 0;
+
+    			  nouserparameter = false;
+    			  if(userdata!=null)
+    				  profile = rabean.getEndEntityProfile(userdata.getEndEntityProfileId());
+    		  }else{
+				  
+    			  if( action != null && request.getParameter(USER_PARAMETER)!=null){
+        			  username = java.net.URLDecoder.decode(request.getParameter(USER_PARAMETER),"UTF-8");
+    				  if(request.getParameter(BUTTON_PREVIOUS)!=null){
+    					  if(currentuserindex>0){
+    						  currentuserindex--;
+    					  }	  
+    				  }
+    				  if(request.getParameter(BUTTON_NEXT)!=null){
+    					  if(currentuserindex +1<userdatas.length){
+    						  currentuserindex++;
+    					  }	  
+    				  }
+    				  
+    				  notauthorized  = !getUserDatas(username);
+    				  userdata = userdatas[currentuserindex];
+    				  
+        			  nouserparameter = false;
+        			  if(userdata!=null)
+        				  profile = rabean.getEndEntityProfile(userdata.getEndEntityProfileId());
+    			  }
+    		  }
+    	  }
+    	  
+    	  if(profile!=null){
+    		  profilenotfound=false;
+    	  }
+    }
+
+    
+    /* returns false if the admin isn't authorized to view user
+     * Sets the vaiable userdatas of current and previous values
+     */
+    
+    private boolean getUserDatas(String username) throws Exception{
+      boolean authorized = false;	
+    
+      try{
+    	  if(currentusername == null || !currentusername.equals(username)){
+    		  // fetch userdata and certreqdatas and order them by timestamp, newest first.
+    		  int currentexists = 0;
+    		  UserView currentuser = rabean.findUser(username);
+    		  if(currentuser != null){
+    			  currentexists = 1;  
+    		  }
+    		  List hist = cabean.getCertReqUserDatas(username);
+    		  
+    		  userdatas = new UserView[hist.size() +currentexists];
+    		  
+    		  if(currentuser != null){
+    		    userdatas[0] = currentuser;    		  
+    		  }
+    		  for(int i=0; i< hist.size();i++){
+    			  CertReqHistory next = ((CertReqHistory) hist.get(i));
+    			  userdatas[i+currentexists] = new UserView(next.getUserDataVO(),ejbcawebbean.getInformationMemory().getCAIdToNameMap());
+    		  }
+			  
+    	  }
+    	  authorized=true;
+	  } catch(AuthorizationDeniedException e){ }            
+      return authorized;
+    }
+    
+    /**
+     * Returns an Index to the user that related to a certain timestamp.
+     * 
+     * @param timestamp parameter sent from view log page
+     * @return index in user datas that should be shown.
+     */
+    private int getTimeStampIndex(Date timestamp){
+    	int i;
+    	
+    	for(i=0;i< userdatas.length;i++){
+    			if(timestamp.after(userdatas[i].getTimeModified())||
+    					timestamp.equals(userdatas[i].getTimeModified())){
+    				break;	
+    			}
+    	}
+    	
+    	return i;
+    }
+    
+    
+}
diff -urN ../../312/ejbca/src/publicweb/apply/WEB-INF/web.xml ./src/publicweb/apply/WEB-INF/web.xml
--- ../../312/ejbca/src/publicweb/apply/WEB-INF/web.xml	Thu Jun 16 15:53:36 2005
+++ ./src/publicweb/apply/WEB-INF/web.xml	Tue Nov  8 20:03:29 2005
@@ -16,6 +16,19 @@
         <servlet-name>ScepServlet</servlet-name>
         <display-name>ScepServlet</display-name>
         <servlet-class>se.anatom.ejbca.protocol.ScepServlet</servlet-class>
+        <init-param>
+            <param-name>includeCACert</param-name>
+            <param-value>1</param-value>
+        </init-param>
+    </servlet>
+    <servlet>
+        <servlet-name>ScepServletNoCACert</servlet-name>
+        <display-name>ScepServletNoCACert</display-name>
+        <servlet-class>se.anatom.ejbca.protocol.ScepServlet</servlet-class>
+        <init-param>
+            <param-name>includeCACert</param-name>
+            <param-value>0</param-value>
+        </init-param>
     </servlet>
 
 <!--
@@ -31,12 +44,16 @@
 -->
 
     <servlet-mapping>
-	<servlet-name>CertReqServlet</servlet-name>
-	<url-pattern>/certreq</url-pattern>
+      <servlet-name>CertReqServlet</servlet-name>
+      <url-pattern>/certreq</url-pattern>
+    </servlet-mapping>
+    <servlet-mapping>
+      <servlet-name>ScepServlet</servlet-name>
+      <url-pattern>/scep/pkiclient.exe</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
-	<servlet-name>ScepServlet</servlet-name>
-	<url-pattern>/scep/pkiclient.exe</url-pattern>
+      <servlet-name>ScepServletNoCACert</servlet-name>
+      <url-pattern>/scep/noca/pkiclient.exe</url-pattern>
     </servlet-mapping>
 
 <!--
diff -urN ../../312/ejbca/src/test/se/anatom/ejbca/ca/sign/TestSignSession.java ./src/test/se/anatom/ejbca/ca/sign/TestSignSession.java
--- ../../312/ejbca/src/test/se/anatom/ejbca/ca/sign/TestSignSession.java	Tue Aug  2 13:38:10 2005
+++ ./src/test/se/anatom/ejbca/ca/sign/TestSignSession.java	Thu Nov 24 22:18:00 2005
@@ -32,12 +32,12 @@
 
 import org.apache.log4j.Logger;
 import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.jce.PKCS10CertificationRequest;
 
 import se.anatom.ejbca.SecConst;
 import se.anatom.ejbca.ca.caadmin.ICAAdminSessionHome;
 import se.anatom.ejbca.ca.caadmin.ICAAdminSessionRemote;
 import se.anatom.ejbca.ca.exception.IllegalKeyException;
+import se.anatom.ejbca.common.ExtendedPKCS10CertificationRequest;
 import se.anatom.ejbca.log.Admin;
 import se.anatom.ejbca.protocol.IResponseMessage;
 import se.anatom.ejbca.protocol.PKCS10RequestMessage;
@@ -54,7 +54,7 @@
 /**
  * Tests signing session.
  *
- * @version $Id: TestSignSession.java,v 1.6.2.1 2005/08/02 11:38:10 anatom Exp $
+ * @version $Id: TestSignSession.java,v 1.6.2.2 2005/11/24 21:18:00 herrvendil Exp $
  */
 public class TestSignSession extends TestCase {
     static byte[] keytoolp10 = Base64.decode(("MIIBbDCB1gIBADAtMQ0wCwYDVQQDEwRUZXN0MQ8wDQYDVQQKEwZBbmFUb20xCzAJBgNVBAYTAlNF" +
@@ -266,7 +266,7 @@
         usersession.setUserStatus(admin,"foo",UserDataConstants.STATUS_NEW);
         log.debug("Reset status of 'foo' to NEW");
         // Create certificate request
-        PKCS10CertificationRequest req = new PKCS10CertificationRequest("SHA1WithRSA",
+        ExtendedPKCS10CertificationRequest req = new ExtendedPKCS10CertificationRequest("SHA1WithRSA",
                 CertTools.stringToBcX509Name("C=SE, O=AnaTom, CN=foo"), keys.getPublic(), null,
                 keys.getPrivate());
         ByteArrayOutputStream bOut = new ByteArrayOutputStream();
@@ -274,7 +274,7 @@
         dOut.writeObject(req);
         dOut.close();
 
-        PKCS10CertificationRequest req2 = new PKCS10CertificationRequest(bOut.toByteArray());
+        ExtendedPKCS10CertificationRequest req2 = new ExtendedPKCS10CertificationRequest(bOut.toByteArray());
         boolean verify = req2.verify();
         log.debug("Verify returned " + verify);
         if (verify == false) {
diff -urN ../../312/ejbca/src/test/se/anatom/ejbca/ca/store/TestCertificateProfile.java ./src/test/se/anatom/ejbca/ca/store/TestCertificateProfile.java
--- ../../312/ejbca/src/test/se/anatom/ejbca/ca/store/TestCertificateProfile.java	Fri Jul 23 12:24:42 2004
+++ ./src/test/se/anatom/ejbca/ca/store/TestCertificateProfile.java	Thu Nov 17 21:39:28 2005
@@ -13,19 +13,24 @@
 
 package se.anatom.ejbca.ca.store;
 
+import java.util.ArrayList;
+
 import javax.naming.Context;
 import javax.naming.NamingException;
 
 import junit.framework.TestCase;
+
 import org.apache.log4j.Logger;
+
 import se.anatom.ejbca.ca.exception.CertificateProfileExistsException;
 import se.anatom.ejbca.ca.store.certificateprofiles.CertificateProfile;
 import se.anatom.ejbca.log.Admin;
+import se.anatom.ejbca.ra.raadmin.DNFieldExtractor;
 
 /**
  * Tests the certificate profile entity bean.
  *
- * @version $Id: TestCertificateProfile.java,v 1.2 2004/07/23 10:24:42 anatom Exp $
+ * @version $Id: TestCertificateProfile.java,v 1.2.2.1 2005/11/17 20:39:28 herrvendil Exp $
  */
 public class TestCertificateProfile extends TestCase {
     private static Logger log = Logger.getLogger(TestCertificateProfile.class);
@@ -168,6 +173,51 @@
 
         log.debug("<test05removeCertificateProfiles()");
     }
-
-
+    
+    public void test06createSubjectDNSubSet() throws Exception{
+        log.debug(">test06createSubjectDNSubSet()");    	
+    	CertificateProfile profile = new CertificateProfile();
+    	
+    	ArrayList dnsubset = new ArrayList();
+    	dnsubset.add(new Integer(DNFieldExtractor.CN));
+    	dnsubset.add(new Integer(DNFieldExtractor.UID));
+    	dnsubset.add(new Integer(DNFieldExtractor.GIVENNAME));
+    	dnsubset.add(new Integer(DNFieldExtractor.SURNAME));    	
+    	profile.setSubjectDNSubSet(dnsubset);
+    	
+    	String indn1 = "UID=PVE,CN=Philip Vendil,SN=123435,GIVENNAME=Philip,SURNAME=Vendil";
+    	String outdn1 = profile.createSubjectDNSubSet(indn1);
+    	String expecteddn1 = "UID=PVE,CN=Philip Vendil,GIVENNAME=Philip,SURNAME=Vendil";
+        assertTrue("createSubjectDNSubSet doesn't work" + outdn1 + " != "+ expecteddn1, expecteddn1.equalsIgnoreCase(outdn1)); 
+        
+    	String indn2 = "UID=PVE,CN=Philip Vendil,CN=SecondUsername,SN=123435,SN=54321,GIVENNAME=Philip,SURNAME=Vendil";
+    	String outdn2 = profile.createSubjectDNSubSet(indn2);
+    	String expecteddn2 = "UID=PVE,CN=Philip Vendil,CN=SecondUsername,GIVENNAME=Philip,SURNAME=Vendil";
+        assertTrue("createSubjectDNSubSet doesn't work" + outdn2 + " != "+ expecteddn2, expecteddn2.equalsIgnoreCase(outdn2));
+        
+        log.debug(">test06createSubjectDNSubSet()");
+    }
+
+    public void test07createSubjectAltNameSubSet() throws Exception{
+        log.debug(">test07createSubjectAltNameSubSet()");
+
+    	CertificateProfile profile = new CertificateProfile();
+    	
+    	ArrayList altnamesubset = new ArrayList();
+    	altnamesubset.add(new Integer(DNFieldExtractor.RFC822NAME));
+    	altnamesubset.add(new Integer(DNFieldExtractor.UPN));    	
+    	profile.setSubjectAltNameSubSet(altnamesubset);
+    	
+    	String inaltname1 = "RFC822NAME=test@test.se,UPN=testacc@test.se,IPADDRESS=10.1.1.0";
+    	String outaltname1 = profile.createSubjectAltNameSubSet(inaltname1);
+    	String expectedaltname1 = "RFC822NAME=test@test.se,UPN=testacc@test.se";
+        assertTrue("createSubjectAltNameSubSet doesn't work" + outaltname1 + " != "+ expectedaltname1, expectedaltname1.equalsIgnoreCase(outaltname1)); 
+        
+    	String inaltname2 = "RFC822NAME=test@test.se,RFC822NAME=test2@test2.se,UPN=testacc@test.se,IPADDRESS=10.1.1.0,IPADDRESS=10.1.1.2";
+    	String outaltname2 = profile.createSubjectAltNameSubSet(inaltname2);
+    	String expectedaltname2 = "RFC822NAME=test@test.se,RFC822NAME=test2@test2.se,UPN=testacc@test.se";
+        assertTrue("createSubjectAltNameSubSet doesn't work" + outaltname2 + " != "+ expectedaltname2, expectedaltname2.equalsIgnoreCase(outaltname2));
+        
+        log.debug(">test07createSubjectAltNameSubSet()");
+    }
 }
diff -urN ../../312/ejbca/src/test/se/anatom/ejbca/protocol/ProtocolScepHttpTest.java ./src/test/se/anatom/ejbca/protocol/ProtocolScepHttpTest.java
--- ../../312/ejbca/src/test/se/anatom/ejbca/protocol/ProtocolScepHttpTest.java	Thu Aug 11 11:06:05 2005
+++ ./src/test/se/anatom/ejbca/protocol/ProtocolScepHttpTest.java	Tue Nov  8 20:36:56 2005
@@ -59,6 +59,7 @@
 import org.bouncycastle.cms.CMSException;
 import org.bouncycastle.cms.CMSProcessable;
 import org.bouncycastle.cms.CMSSignedData;
+import org.bouncycastle.cms.CMSSignedDataGenerator;
 import org.bouncycastle.cms.RecipientInformation;
 import org.bouncycastle.cms.RecipientInformationStore;
 import org.bouncycastle.cms.SignerId;
@@ -93,6 +94,7 @@
 
     private static final String httpReqPath = "http://127.0.0.1:8080/ejbca";
     private static final String resourceScep = "publicweb/apply/scep/pkiclient.exe";
+    private static final String resourceScepNoCA = "publicweb/apply/scep/noca/pkiclient.exe";
 
     static byte[] openscep = Base64.decode(("MIIGqwYJKoZIhvcNAQcCoIIGnDCCBpgCAQExDjAMBggqhkiG9w0CBQUAMIICuwYJ" +
             "KoZIhvcNAQcBoIICrASCAqgwggKkBgkqhkiG9w0BBwOgggKVMIICkQIBADGB1TCB" +
@@ -231,8 +233,8 @@
         log.debug("<test02OpenScep()");
     }
 
-    public void test03ScepRequestOK() throws Exception {
-        log.debug(">test03ScepRequestOK()");
+    public void test03ScepRequestOKSHA1() throws Exception {
+        log.debug(">test03ScepRequestOKSHA1()");
         // find a CA create a user and
         // send SCEP req to server and get good response with cert
 
@@ -241,31 +243,64 @@
         
         // Pre-generate key for all requests to speed things up a bit
         keys = KeyTools.genKeys(512);
-        byte[] msgBytes = genScepRequest(false);
+        byte[] msgBytes = genScepRequest(false, CMSSignedDataGenerator.DIGEST_SHA1);
         // Send message with GET
-        byte[] retMsg = sendScep(false, msgBytes);
+        byte[] retMsg = sendScep(false, msgBytes, false);
         assertNotNull(retMsg);
-        checkScepResponse(retMsg, "C=SE,O=PrimeKey,CN=sceptest", senderNonce, transId, false);
-        log.debug("<test03ScepRequestOK()");
+        checkScepResponse(retMsg, "C=SE,O=PrimeKey,CN=sceptest", senderNonce, transId, false, CMSSignedDataGenerator.DIGEST_SHA1, false);
+        log.debug("<test03ScepRequestOKSHA1()");
     }
 
-    public void test04ScepRequestPostOK() throws Exception {
-        log.debug(">test04ScepRequestPostOK()");
+    public void test04ScepRequestOKMD5() throws Exception {
+        log.debug(">test04ScepRequestOKMD5()");
+        // find a CA create a user and
+        // send SCEP req to server and get good response with cert
+
+        // Make user that we know...
+        createScepUser();
+        
+        // Pre-generate key for all requests to speed things up a bit
+        keys = KeyTools.genKeys(512);
+        byte[] msgBytes = genScepRequest(false, CMSSignedDataGenerator.DIGEST_MD5);
+        // Send message with GET
+        byte[] retMsg = sendScep(false, msgBytes, false);
+        assertNotNull(retMsg);
+        checkScepResponse(retMsg, "C=SE,O=PrimeKey,CN=sceptest", senderNonce, transId, false, CMSSignedDataGenerator.DIGEST_MD5, false);
+        log.debug("<test04ScepRequestOKMD5()");
+    }
+
+    public void test05ScepRequestPostOK() throws Exception {
+        log.debug(">test05ScepRequestPostOK()");
         // find a CA, create a user and
         // send SCEP req to server and get good response with cert
 
         createScepUser();
         
-        byte[] msgBytes = genScepRequest(false);
+        byte[] msgBytes = genScepRequest(false, CMSSignedDataGenerator.DIGEST_SHA1);
         // Send message with GET
-        byte[] retMsg = sendScep(true, msgBytes);
+        byte[] retMsg = sendScep(true, msgBytes, false);
         assertNotNull(retMsg);
-        checkScepResponse(retMsg, "C=SE,O=PrimeKey,CN=sceptest", senderNonce, transId, false);
-        log.debug(">test04ScepRequestPostOK()");
+        checkScepResponse(retMsg, "C=SE,O=PrimeKey,CN=sceptest", senderNonce, transId, false, CMSSignedDataGenerator.DIGEST_SHA1, false);
+        log.debug(">test05ScepRequestPostOK()");
     }
 
-    public void test05ScepGetCACert() throws Exception {
-        log.debug(">test05ScepGetCACert()");
+    public void test06ScepRequestPostOKNoCA() throws Exception {
+        log.debug(">test06ScepRequestPostOKNoCA()");
+        // find a CA, create a user and
+        // send SCEP req to server and get good response with cert
+
+        createScepUser();
+        
+        byte[] msgBytes = genScepRequest(false, CMSSignedDataGenerator.DIGEST_SHA1);
+        // Send message with GET
+        byte[] retMsg = sendScep(true, msgBytes, true);
+        assertNotNull(retMsg);
+        checkScepResponse(retMsg, "C=SE,O=PrimeKey,CN=sceptest", senderNonce, transId, false, CMSSignedDataGenerator.DIGEST_SHA1, true);
+        log.debug(">test06ScepRequestPostOKNoCA()");
+    }
+
+    public void test07ScepGetCACert() throws Exception {
+        log.debug(">test07ScepGetCACert()");
         String reqUrl = httpReqPath + '/' + resourceScep+"?operation=GetCACert&message="+caname;
         URL url = new URL(reqUrl);
         HttpURLConnection con = (HttpURLConnection)url.openConnection();
@@ -290,20 +325,20 @@
         X509Certificate cert = CertTools.getCertfromByteArray(respBytes);
         // Check that we got the right cert back
         assertEquals(cacert.getSubjectDN().getName(), cert.getSubjectDN().getName());
-        log.debug(">test05ScepGetCACert()");
+        log.debug(">test07ScepGetCACert()");
     }
 
-    public void test06ScepGetCrl() throws Exception {
-        log.debug(">test06ScepGetCrl()");
-        byte[] msgBytes = genScepRequest(true);
+    public void test08ScepGetCrl() throws Exception {
+        log.debug(">test08ScepGetCrl()");
+        byte[] msgBytes = genScepRequest(true, CMSSignedDataGenerator.DIGEST_SHA1);
         // Send message with GET
-        byte[] retMsg = sendScep(false, msgBytes);
+        byte[] retMsg = sendScep(false, msgBytes, false);
         assertNotNull(retMsg);
-        checkScepResponse(retMsg, "C=SE,O=PrimeKey,CN=sceptest", senderNonce, transId, true);
-        log.debug(">test06ScepGetCrl()");
+        checkScepResponse(retMsg, "C=SE,O=PrimeKey,CN=sceptest", senderNonce, transId, true, CMSSignedDataGenerator.DIGEST_SHA1, false);
+        log.debug(">test08ScepGetCrl()");
     }
-    public void test07ScepGetCACaps() throws Exception {
-        log.debug(">test07ScepGetCACaps()");
+    public void test09ScepGetCACaps() throws Exception {
+        log.debug(">test09ScepGetCACaps()");
         String reqUrl = httpReqPath + '/' + resourceScep+"?operation=GetCACaps&message="+caname;
         URL url = new URL(reqUrl);
         HttpURLConnection con = (HttpURLConnection)url.openConnection();
@@ -326,7 +361,7 @@
         assertNotNull("Response can not be null.", respBytes);
         assertTrue(respBytes.length > 0);
         assertEquals(new String(respBytes), "POSTPKIOperation\nSHA-1");
-        log.debug(">test07ScepGetCACaps()");
+        log.debug(">test09ScepGetCACaps()");
     }
     public void test99CleanUp() throws Exception {
         // remove user
@@ -359,9 +394,10 @@
         
     }
 
-    private byte[] genScepRequest(boolean makeCrlReq) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, InvalidAlgorithmParameterException, CertStoreException, IOException, CMSException {
+    private byte[] genScepRequest(boolean makeCrlReq, String digestoid) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, InvalidAlgorithmParameterException, CertStoreException, IOException, CMSException {
         ScepRequestGenerator gen = new ScepRequestGenerator();
         gen.setKeys(keys);
+        gen.setDigestOid(digestoid);
         byte[] msgBytes = null;
         if (makeCrlReq) {
             msgBytes = gen.generateCrlReq("C=SE, O=PrimeKey, CN=sceptest", cacert);
@@ -379,7 +415,7 @@
         return msgBytes;
     }
     
-    private void checkScepResponse(byte[] retMsg, String userDN, String senderNonce, String transId, boolean crlRep) throws CMSException, NoSuchProviderException, NoSuchAlgorithmException, CertStoreException, InvalidKeyException, CertificateException, SignatureException, CRLException {
+    private void checkScepResponse(byte[] retMsg, String userDN, String senderNonce, String transId, boolean crlRep, String digestOid, boolean noca) throws CMSException, NoSuchProviderException, NoSuchAlgorithmException, CertStoreException, InvalidKeyException, CertificateException, SignatureException, CRLException {
         //
         // Parse response message
         //
@@ -390,9 +426,13 @@
         assertTrue(col.size() > 0);
         Iterator iter = col.iterator();
         SignerInformation signerInfo = (SignerInformation)iter.next();
+        // Check that the message is signed with the correct digest alg
+        assertEquals(signerInfo.getDigestAlgOID(), digestOid);
         SignerId sinfo = signerInfo.getSID();
         // Check that the signer is the expected CA
         assertEquals(CertTools.stringToBCDNString(cacert.getIssuerDN().getName()), CertTools.stringToBCDNString(sinfo.getIssuerAsString()));
+        // Verify the signature
+        signerInfo.verify(cacert.getPublicKey(), "BC");
         // Get authenticated attributes
         AttributeTable tab = signerInfo.getSignedAttributes();
         // --Fail info
@@ -480,7 +520,11 @@
                 // We got a reply with a requested certificate 
                 Collection certs = certstore.getCertificates(null);
                 // EJBCA returns the issued cert and the CA cert (cisco vpn client requires that the ca cert is included)
-                assertEquals(certs.size(), 2);
+                if (noca) {
+                    assertEquals(certs.size(), 1);	                	
+                } else {
+                    assertEquals(certs.size(), 2);                	
+                }
                 it = certs.iterator();
                 // Issued certificate must be first
                 boolean verified = false;
@@ -510,7 +554,11 @@
                     }
                 }
                 assertTrue(verified);
-                assertTrue(gotcacert);
+                if (noca) {
+                	assertFalse(gotcacert);
+                } else {
+                    assertTrue(gotcacert);                	
+                }
             }
         }
         
@@ -529,12 +577,18 @@
         signer2.update("PrimeKey".getBytes());
         return signer2.verify(signature);
     }
-    private byte[] sendScep(boolean post, byte[] scepPackage) throws IOException, OCSPException, NoSuchProviderException {
+    private byte[] sendScep(boolean post, byte[] scepPackage, boolean noca) throws IOException, OCSPException, NoSuchProviderException {
         // POST the OCSP request
         // we are going to do a POST
+    	String resource = resourceScep;
+    	if (noca) {
+    		resource = resourceScepNoCA;
+    	}
+    	String urlString = httpReqPath + '/' + resource+"?operation=PKIOperation";
+    	log.debug("UrlString =" + urlString);
         HttpURLConnection con = null;
         if (post) {
-            URL url = new URL(httpReqPath + '/' + resourceScep+"?operation=PKIOperation");
+            URL url = new URL(urlString);
             con = (HttpURLConnection)url.openConnection();
             con.setDoOutput(true);
             con.setRequestMethod("POST");
@@ -544,7 +598,7 @@
             os.write(scepPackage);
             os.close();
         } else {
-            String reqUrl = httpReqPath + '/' + resourceScep+"?operation=PKIOperation&message=" + URLEncoder.encode(new String(Base64.encode(scepPackage)),"UTF-8");
+            String reqUrl = urlString + "&message=" + URLEncoder.encode(new String(Base64.encode(scepPackage)),"UTF-8");
             URL url = new URL(reqUrl);
             con = (HttpURLConnection)url.openConnection();
             con.setRequestMethod("GET");
diff -urN ../../312/ejbca/src/test/se/anatom/ejbca/protocol/ScepRequestGenerator.java ./src/test/se/anatom/ejbca/protocol/ScepRequestGenerator.java
--- ../../312/ejbca/src/test/se/anatom/ejbca/protocol/ScepRequestGenerator.java	Thu Aug 11 11:06:05 2005
+++ ./src/test/se/anatom/ejbca/protocol/ScepRequestGenerator.java	Thu Nov 24 22:18:00 2005
@@ -36,8 +36,8 @@
 import org.bouncycastle.cms.CMSProcessableByteArray;
 import org.bouncycastle.cms.CMSSignedData;
 import org.bouncycastle.cms.CMSSignedDataGenerator;
-import org.bouncycastle.jce.PKCS10CertificationRequest;
 
+import se.anatom.ejbca.common.ExtendedPKCS10CertificationRequest;
 import se.anatom.ejbca.util.Base64;
 import se.anatom.ejbca.util.CertTools;
 import se.anatom.ejbca.util.KeyTools;
@@ -49,7 +49,8 @@
     private X509Certificate cacert = null;
     private String reqdn = null;
     private KeyPair keys = null;
-    private PKCS10CertificationRequest p10request;
+    private String digestOid = CMSSignedDataGenerator.DIGEST_SHA1;
+    private ExtendedPKCS10CertificationRequest p10request;
     int keysize = 1024;
     private String senderNonce = null;
     private String transactionId = null;
@@ -60,6 +61,9 @@
     public void setKeys(KeyPair myKeys) {
         this.keys = myKeys;
     }
+    public void setDigestOid(String oid) {
+    	digestOid = oid;
+    }
     /** Base 64 encode senderNonce
      */
     public String getSenderNonce() {
@@ -104,7 +108,7 @@
         v.add(new DERSequence(vec));
         DERSet set = new DERSet(v);
         // Create PKCS#10 certificate request
-        p10request = new PKCS10CertificationRequest("SHA1WithRSA",
+        p10request = new ExtendedPKCS10CertificationRequest("SHA1WithRSA",
                 CertTools.stringToBcX509Name(reqdn), keys.getPublic(), set, keys.getPrivate());
         
         // Create self signed cert, validity 1 day
@@ -163,7 +167,7 @@
         certList.add(cert);
         CertStore certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC");
         gen1.addCertificatesAndCRLs(certs);
-        gen1.addSigner(keys.getPrivate(), cert, CMSSignedDataGenerator.DIGEST_SHA1,
+        gen1.addSigner(keys.getPrivate(), cert, digestOid,
                 new AttributeTable(attributes), null);
         // The signed data to be enveloped
         CMSSignedData s = gen1.generate(signThis, true, "BC");
diff -urN ../../312/ejbca/src/test/se/anatom/ejbca/protocol/TestMessages.java ./src/test/se/anatom/ejbca/protocol/TestMessages.java
--- ../../312/ejbca/src/test/se/anatom/ejbca/protocol/TestMessages.java	Thu Aug  4 16:59:14 2005
+++ ./src/test/se/anatom/ejbca/protocol/TestMessages.java	Tue Nov  8 20:03:29 2005
@@ -33,7 +33,7 @@
 /**
  * Protocol messages.
  *
- * @version $Id: TestMessages.java,v 1.1.2.1 2005/08/04 14:59:14 anatom Exp $
+ * @version $Id: TestMessages.java,v 1.1.2.4 2005/11/08 19:03:29 anatom Exp $
  */
 public class TestMessages extends TestCase {
 
@@ -87,13 +87,13 @@
      */
     public void test01TestOpenScep() throws Exception {
         log.debug(">test01TestOpenScep()");
-        ScepRequestMessage msg = new ScepRequestMessage(openscep);
+        ScepRequestMessage msg = new ScepRequestMessage(openscep, true);
         // You should be able to get issuer DN before anything else
         String issuerdn = msg.getIssuerDN();
         log.debug("IssuerDN: " + issuerdn);
         assertEquals("CN=AdminCA1,O=EJBCA Sample,C=SE", issuerdn);
         if (msg.requireKeyInfo()) {
-            msg.setKeyInfo(caCert, privateKey);
+            msg.setKeyInfo(caCert, privateKey, null);
         }
         boolean ret = msg.verify();
         assertTrue("Failed to verify SCEP message from OpenSCEP.", ret);
@@ -113,13 +113,13 @@
      */
     public void test02TestSimpleScep() throws Exception {
         log.debug(">test02TestSimpleScep()");
-        ScepRequestMessage msg = new ScepRequestMessage(sscep);
+        ScepRequestMessage msg = new ScepRequestMessage(sscep, true);
         // You should be able to get issuer DN before anything else
         String issuerdn = msg.getIssuerDN();
         log.debug("IssuerDN: " + issuerdn);
         assertEquals("CN=AdminCA1,O=EJBCA Sample,C=SE", issuerdn);
         if (msg.requireKeyInfo()) {
-            msg.setKeyInfo(caCert, privateKey);
+            msg.setKeyInfo(caCert, privateKey, null);
         }
         boolean ret = msg.verify();
         assertTrue("Failed to verify SCEP message from Simple Scep.", ret);
@@ -139,24 +139,18 @@
      */
     public void test03TestJavaScepClient() throws Exception {
         log.debug(">test03TestJavaScepClient()");
-        ScepRequestMessage msg = new ScepRequestMessage(scepclient);
+        ScepRequestMessage msg = new ScepRequestMessage(scepclient, true);
         // You should be able to get issuer DN before anything else
         String issuerdn = msg.getIssuerDN();
         log.debug("IssuerDN: " + issuerdn);
         assertEquals("CN=AdminCA1,O=EJBCA Sample,C=SE", issuerdn);
         if (msg.requireKeyInfo()) {
-            msg.setKeyInfo(caCert, privateKey);
+            msg.setKeyInfo(caCert, privateKey, null);
         }
-        boolean thrown = false;
-        try {
-            // We know this will throw an exception since scepclient doesn't work
-            // If it starts working we know there is something wrong
-            boolean ret = msg.verify();  
-            assertTrue("Failed to verify SCEP message from Java Scep Client.", ret);
-        } catch (IllegalArgumentException e) {
-            thrown = true;
-        }
-        assertTrue(thrown);
+        // We know this will feil to verify since java scepclient doesn't work
+        // If it starts working we know there is something wrong
+        boolean ret = msg.verify();  
+        assertFalse("Failed to fail to verify SCEP message from Java Scep Client.", ret);
         /*
         String dn = msg.getRequestDN();
         log.debug("DN: " + dn);
@@ -174,13 +168,13 @@
      */
     public void test03TestCiscoVPNScep() throws Exception {
         log.debug(">test03TestCiscoVPNScep()");
-        ScepRequestMessage msg = new ScepRequestMessage(ciscovpnscep);
+        ScepRequestMessage msg = new ScepRequestMessage(ciscovpnscep, true);
         // You should be able to get issuer DN before anything else
         String issuerdn = msg.getIssuerDN();
         log.debug("IssuerDN: " + issuerdn);
         assertEquals("CN=AdminCA1,O=EJBCA Sample,C=SE", issuerdn);
         if (msg.requireKeyInfo()) {
-            msg.setKeyInfo(caCert, privateKey);
+            msg.setKeyInfo(caCert, privateKey, null);
         }
         boolean ret = msg.verify();
         assertTrue("Failed to verify SCEP message from Cisco VPN client.", ret);
diff -urN ../../312/ejbca/src/test/se/anatom/ejbca/util/TestCertTools.java ./src/test/se/anatom/ejbca/util/TestCertTools.java
--- ../../312/ejbca/src/test/se/anatom/ejbca/util/TestCertTools.java	Thu Aug 18 09:48:47 2005
+++ ./src/test/se/anatom/ejbca/util/TestCertTools.java	Thu Nov 17 21:42:01 2005
@@ -16,13 +16,14 @@
 import java.security.cert.X509Certificate;
 
 import junit.framework.TestCase;
+
 import org.apache.log4j.Logger;
 
 
 /**
  * Tests the CertTools class .
  *
- * @version $Id: TestCertTools.java,v 1.6.2.2 2005/08/18 07:48:47 anatom Exp $
+ * @version $Id: TestCertTools.java,v 1.6.2.5 2005/11/17 20:42:01 herrvendil Exp $
  */
 public class TestCertTools extends TestCase {
     private static Logger log = Logger.getLogger(TestCertTools.class);
@@ -80,7 +81,7 @@
              +"8Xyj2tZEJKjLgAW6qJ3ye81pEVKHgMmapWTQU2uI1qyEPYxoT9WkQtSObGI1wCqO"
              +"YmKglnd5BIUBPO9LOryyHlSRTID5z0UgDlrTAaNYuN8QOYF+DZEQxm4bSXTDooGX"
              +"rHjSjn/7Urb31CXWAxq0Zhk3fg==").getBytes());
-
+    
     /**
      * Creates a new TestCertTools object.
      *
@@ -457,10 +458,16 @@
       String dn4 = "dc=com,dc=bigcorp,dc=se,ou=orgunit,ou=users,cn=Tomas G,CN=Bagare";
       String newdn4 = CertTools.insertCNPostfix(dn4,cnpostfix1); 
       assertEquals("dc=com,dc=bigcorp,dc=se,ou=orgunit,ou=users,cn=Tomas G (VPN),CN=Bagare", newdn4);
+
+      // Test case with two CNs in reversed DN 
+      String dn5 = "UID=tomas,CN=tomas,OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com";
+      String cnpostfix5 = " (VPN)";      
+      String newdn5 = CertTools.insertCNPostfix(dn5,cnpostfix5);
+      assertEquals("UID=tomas,CN=tomas (VPN),OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com", newdn5);
       
       log.debug("<test11TestInsertCNPostfix()");
   }
-    
+  
   /**
    */
   public void test12GetPartsFromDN() throws Exception {
@@ -510,6 +517,10 @@
       assertEquals("http://www.a.se/", name);
       name = CertTools.getPartFromDN(altNames,CertTools.EMAIL);
       assertEquals("tomas@a.se", name);
+      name = CertTools.getEMailAddress(CertTools.getCertfromByteArray(altNameCert));
+      assertEquals("tomas@a.se", name);
+      name = CertTools.getEMailAddress(CertTools.getCertfromByteArray(testcert));
+      assertNull(name);
       name = CertTools.getPartFromDN(altNames,CertTools.DNS);
       assertEquals("www.a.se", name);
       name = CertTools.getPartFromDN(altNames,CertTools.IPADDR);