Beispiel #1
3
  @Test
  public void testReIssuance() throws Exception {
    int keyLength = 2048;
    SecretWrapper uproveSecretWrapper = new SecretWrapper(IntegrationTestUtil.getUProveSecret());

    UProveUtils uproveUtils = new UProveUtils();

    // Get Injectors,
    Injector revocationInjector =
        Guice.createInjector(
            IntegrationModuleFactory.newModule(
                new Random(1231), CryptoEngine.IDEMIX, uproveUtils.getUserServicePort()));
    RevocationProxyAuthority revocationProxyAuthority =
        revocationInjector.getInstance(RevocationProxyAuthority.class);

    Injector governmentInjector =
        Guice.createInjector(
            BridgingModuleFactory.newModule(
                new Random(1231),
                IssuerCryptoEngine.UPROVE,
                uproveUtils.getIssuerServicePort(),
                revocationProxyAuthority));

    Injector fakeInjector =
        Guice.createInjector(
            IntegrationModuleFactory.newModule(
                new Random(1231), CryptoEngine.IDEMIX, uproveUtils.getUserServicePort()));

    Injector userInjector =
        Guice.createInjector(
            BridgingModuleFactory.newModule(
                new Random(1231), uproveUtils.getUserServicePort(), revocationProxyAuthority));

    Injector verifierInjector =
        Guice.createInjector(
            BridgingModuleFactory.newModule(
                new Random(1231), uproveUtils.getVerifierServicePort(), revocationProxyAuthority));

    IssuerAbcEngine governmentEngine = governmentInjector.getInstance(IssuerAbcEngine.class);

    SystemParameters systemParameters =
        governmentEngine.setupSystemParameters(keyLength, CryptoUriUtil.getUproveMechanism());

    IssuerAbcEngine fakeEngine = fakeInjector.getInstance(IssuerAbcEngine.class);
    SystemParameters ideMixSystemParameters =
        fakeEngine.setupSystemParameters(keyLength, CryptoUriUtil.getIdemixMechanism());

    systemParameters.getAny().addAll(ideMixSystemParameters.getAny());

    // Load secret and store it.
    CredentialManager userCredentialManager = userInjector.getInstance(CredentialManager.class);

    IssuanceHelper issuanceHelper = new IssuanceHelper();

    // Setup key managers.
    KeyManager issuerKeyManager = governmentInjector.getInstance(KeyManager.class);
    KeyManager userKeyManager = userInjector.getInstance(KeyManager.class);
    KeyManager verifierKeyManager = verifierInjector.getInstance(KeyManager.class);
    KeyManager revocationKeyManager = revocationInjector.getInstance(KeyManager.class);

    issuerKeyManager.storeSystemParameters(systemParameters);
    userKeyManager.storeSystemParameters(systemParameters);
    verifierKeyManager.storeSystemParameters(systemParameters);
    revocationKeyManager.storeSystemParameters(systemParameters);

    // Setup issuance policies.
    IssuancePolicy issuancePolicyIdCard =
        getObjectFromXML(IntegrationTestUtil.ISSUANCE_POLICY_ID_CARD, true);

    URI idCardIssuancePolicyUid =
        issuancePolicyIdCard.getCredentialTemplate().getIssuerParametersUID();

    // Load credential specifications.
    CredentialSpecification credSpecIdCard =
        getObjectFromXML(IntegrationTestUtil.CREDENTIAL_SPECIFICATION_ID_CARD, true);

    // Store credential specifications.
    URI credSpecIdCardUID = credSpecIdCard.getSpecificationUID();
    issuerKeyManager.storeCredentialSpecification(credSpecIdCardUID, credSpecIdCard);
    verifierKeyManager.storeCredentialSpecification(credSpecIdCardUID, credSpecIdCard);

    // Generate revocation parameters.
    RevocationAbcEngine revocationEngine =
        revocationInjector.getInstance(RevocationAbcEngine.class);
    URI revParamsUid = IntegrationTestUtil.REVOCATION_PARAMETERS_UID;

    Reference revocationInfoReference = new Reference();
    revocationInfoReference.setReferenceType(URI.create("https"));
    revocationInfoReference.getReferences().add(URI.create("example.org"));
    Reference nonRevocationEvidenceReference = new Reference();
    nonRevocationEvidenceReference.setReferenceType(URI.create("https"));
    nonRevocationEvidenceReference.getReferences().add(URI.create("example.org"));
    Reference nonRrevocationUpdateReference = new Reference();
    nonRrevocationUpdateReference.setReferenceType(URI.create("https"));
    nonRrevocationUpdateReference.getReferences().add(URI.create("example.org"));
    RevocationAuthorityParameters revocationAuthorityParameters =
        revocationEngine.setupRevocationAuthorityParameters(
            keyLength,
            CryptoUriUtil.getIdemixMechanism(),
            revParamsUid,
            revocationInfoReference,
            nonRevocationEvidenceReference,
            nonRrevocationUpdateReference);

    // Generate issuer parameters.
    URI hash = new URI("urn:abc4trust:1.0:hashalgorithm:sha-256");
    IssuerParameters issuerParametersGovernment =
        governmentEngine.setupIssuerParameters(
            credSpecIdCard,
            systemParameters,
            idCardIssuancePolicyUid,
            hash,
            CryptoUriUtil.getUproveMechanism(),
            revParamsUid,
            null);

    issuerKeyManager.storeRevocationAuthorityParameters(
        revParamsUid, revocationAuthorityParameters);
    userKeyManager.storeRevocationAuthorityParameters(revParamsUid, revocationAuthorityParameters);
    verifierKeyManager.storeRevocationAuthorityParameters(
        revParamsUid, revocationAuthorityParameters);

    issuerKeyManager.storeIssuerParameters(idCardIssuancePolicyUid, issuerParametersGovernment);
    userKeyManager.storeIssuerParameters(idCardIssuancePolicyUid, issuerParametersGovernment);
    verifierKeyManager.storeIssuerParameters(idCardIssuancePolicyUid, issuerParametersGovernment);

    if (uproveSecretWrapper.isSecretOnSmartcard()) {
      // add smartcard to manager
      CardStorage cardStorage = userInjector.getInstance(CardStorage.class);
      cardStorage.addSmartcard(
          uproveSecretWrapper.getSoftwareSmartcard(), uproveSecretWrapper.getPin());

      // sign issuer attributes and add to smartcard
      uproveSecretWrapper.addIssuerParameters(issuerParametersGovernment);
    } else {
      userCredentialManager.storeSecret(uproveSecretWrapper.getSecret());
      // URI secretUid = secret.getSecretDescription().getSecretUID();
    }

    // Get identity card.
    String birthday = "1995-05-05Z";
    CredentialDescription cd3 =
        IntegrationTestUtil.issueAndStoreIdCard(
            governmentInjector, userInjector, issuanceHelper, birthday);

    Credential c = userCredentialManager.getCredential(cd3.getCredentialUID());
    System.out.println("Printing credential: " + c);
    System.out.println(
        "Cred Desc: "
            + XmlUtils.toXml(of.createCredentialDescription(c.getCredentialDescription())));
    System.out.println("CryptoParams size: " + c.getCryptoParams().getAny().size());
    System.out.println(
        "Arraylist size: " + ((ArrayList<?>) c.getCryptoParams().getAny().get(0)).size());

    // The verifier needs to retrive the latest revocation information
    // in order to put in the UID in the presentation policy.
    RevocationInformation revocationInformation =
        revocationEngine.updateRevocationInformation(revParamsUid);

    useOneToken(
        userInjector,
        verifierInjector,
        issuanceHelper,
        revocationInformation,
        cd3.getCredentialUID());
    useOneToken(
        userInjector,
        verifierInjector,
        issuanceHelper,
        revocationInformation,
        cd3.getCredentialUID());
    useOneToken(
        userInjector,
        verifierInjector,
        issuanceHelper,
        revocationInformation,
        cd3.getCredentialUID());
    useOneToken(
        userInjector,
        verifierInjector,
        issuanceHelper,
        revocationInformation,
        cd3.getCredentialUID());
    useOneToken(
        userInjector,
        verifierInjector,
        issuanceHelper,
        revocationInformation,
        cd3.getCredentialUID());
    useOneToken(
        userInjector,
        verifierInjector,
        issuanceHelper,
        revocationInformation,
        cd3.getCredentialUID());
    useOneToken(
        userInjector,
        verifierInjector,
        issuanceHelper,
        revocationInformation,
        cd3.getCredentialUID());
    useOneToken(
        userInjector,
        verifierInjector,
        issuanceHelper,
        revocationInformation,
        cd3.getCredentialUID());
    useOneToken(
        userInjector,
        verifierInjector,
        issuanceHelper,
        revocationInformation,
        cd3.getCredentialUID());
  }
Beispiel #2
0
  private PresentationTokenDescriptionWithCommitments addCommitments(
      PresentationTokenDescription ptd) {
    ObjectFactory of = new ObjectFactory();
    PresentationTokenDescriptionWithCommitments ptdwc =
        of.createPresentationTokenDescriptionWithCommitments();
    ptdwc.setMessage(ptd.getMessage());
    ptdwc.setPolicyUID(ptd.getPolicyUID());
    ptdwc.setTokenUID(ptd.getTokenUID());
    ptdwc.getAttributePredicate().addAll(ptd.getAttributePredicate());
    ptdwc.getPseudonym().addAll(ptd.getPseudonym());
    ptdwc.getVerifierDrivenRevocation().addAll(ptd.getVerifierDrivenRevocation());
    for (CredentialInToken cit : ptd.getCredential()) {
      CredentialInTokenWithCommitments citwc = of.createCredentialInTokenWithCommitments();
      citwc.setAlias(cit.getAlias());
      citwc.setSameKeyBindingAs(cit.getSameKeyBindingAs());
      citwc.setIssuerParametersUID(cit.getIssuerParametersUID());
      citwc.setRevocationInformationUID(cit.getRevocationInformationUID());
      citwc.setCredentialSpecUID(cit.getCredentialSpecUID());
      citwc.getDisclosedAttribute().addAll(cit.getDisclosedAttribute());

      ptdwc.getCredential().add(citwc);
    }
    return ptdwc;
  }
Beispiel #3
0
  @Override
  public boolean verifyToken(PresentationToken t) throws TokenVerificationException {

    ObjectFactory of = new ObjectFactory();
    // System.out.println("Bridging verify token: "+t);
    try {
      //            String xml = XmlUtils.toXml(of.createPresentationToken(t), false);
      //            System.out.println(xml+"\n\n");

      String[] pseudonymEngines = this.getPseudonymEngines(t);

      boolean tokenContainsUProve = false;
      PresentationTokenWithCommitments idemixToken = of.createPresentationTokenWithCommitments();
      PresentationToken uproveToken = of.createPresentationToken();
      if (t.getVersion() == null) {
        uproveToken.setVersion("1.0");
        idemixToken.setVersion("1.0");
      } else {
        idemixToken.setVersion(t.getVersion());
        uproveToken.setVersion(t.getVersion());
      }
      PresentationTokenDescription desc = t.getPresentationTokenDescription();
      PresentationTokenDescription iDesc = of.createPresentationTokenDescription();
      PresentationTokenDescription uDesc = of.createPresentationTokenDescription();
      iDesc.setMessage(desc.getMessage());
      uDesc.setMessage(desc.getMessage());
      iDesc.setPolicyUID(desc.getPolicyUID());
      uDesc.setPolicyUID(desc.getPolicyUID());
      iDesc.setTokenUID(desc.getTokenUID());
      uDesc.setTokenUID(desc.getTokenUID());

      for (int i = 0; i < pseudonymEngines.length; i++) {
        PseudonymInToken pit = t.getPresentationTokenDescription().getPseudonym().get(i);
        if ("UPROVE".equals(pseudonymEngines[i])) {
          uDesc.getPseudonym().add(pit);
        } else {
          iDesc.getPseudonym().add(pit);
        }
      }

      this.verifierRevocation.clearCredentialInToken();

      Set<URI> idemixCredentialAliases = new HashSet<URI>();
      Set<URI> uproveCredentialAliases = new HashSet<URI>();
      for (CredentialInToken cit : desc.getCredential()) {

        this.verifierRevocation.addCredentialInToken(cit);

        /*
        try{
        	System.out.println("original: "+XmlUtils.toXml(of.createCredentialInToken(cit)));
        }catch(Exception e){System.out.println("failed to print original cit");};
         */
        if ((this.keyManager.getIssuerParameters(cit.getIssuerParametersUID()))
            .getAlgorithmID()
            .equals(CryptoUriUtil.getIdemixMechanism())) {
          idemixCredentialAliases.add(cit.getAlias());
          iDesc.getCredential().add(cit);
        } else {
          uproveCredentialAliases.add(cit.getAlias());
          uDesc.getCredential().add(cit);
          tokenContainsUProve = true;

          // Add issuer parameters to Idemix Structure store
          try {
            this.storeUProveIssuerParameters(cit.getIssuerParametersUID());
          } catch (Exception e) {
            System.out.println(
                "Failed to store UProve issuer parameters in Idemix structure store");
            throw new RuntimeException(e);
          }
        }
      }

      for (AttributePredicate ap : desc.getAttributePredicate()) {
        for (Object o : ap.getAttributeOrConstantValue()) {
          if (o instanceof AttributePredicate.Attribute) {
            iDesc.getAttributePredicate().add(ap);
            break;
          }
        }
      }

      // TODO This might require some changes to work with revocation
      for (VerifierDrivenRevocationInToken vdr : desc.getVerifierDrivenRevocation()) {
        for (AttributeInRevocation air : vdr.getAttribute()) {
          if (idemixCredentialAliases.contains(air.getCredentialAlias())) {
            iDesc.getVerifierDrivenRevocation().add(vdr);
            break;
          } else {
            uDesc.getVerifierDrivenRevocation().add(vdr);
          }
        }
      }

      // TODO Look at the uprove crypto evidence, if there are committed indices,
      // check with cred spec if they are for revocation handles
      // if so, do some stuff that allows poltransl and the other idemix parts to work

      idemixToken.setPresentationTokenDescriptionWithCommitments(this.addCommitments(iDesc));
      uproveToken.setPresentationTokenDescription(uDesc);

      boolean verifies = false;
      CryptoParams tcp = t.getCryptoEvidence();
      CryptoParams icp = of.createCryptoParams();
      boolean cryptoEvidenceContainsIdemix = false;
      for (Object o : tcp.getAny()) {
        try {
          if (o instanceof JAXBElement) {
            JAXBElement<?> jaxb = (JAXBElement<?>) o;
            Object wrapped = jaxb.getValue();
            if (wrapped instanceof CredentialInTokenWithCommitments) {
              cryptoEvidenceContainsIdemix = true;
              CredentialInTokenWithCommitments citwc = (CredentialInTokenWithCommitments) wrapped;
              idemixToken
                  .getPresentationTokenDescriptionWithCommitments()
                  .getCredential()
                  .add(
                      citwc); // (CredentialInTokenWithCommitments)XmlUtils.getObjectFromXML(credIn,
                              // false));
            } else {
              System.err.println(
                  "Element is JaxB : "
                      + jaxb.getValue()
                      + " : "
                      + jaxb.getDeclaredType()
                      + " : "
                      + jaxb.getScope()
                      + " : "
                      + jaxb.getName());
            }
            continue;
          }
          Element e = (Element) o;
          String elementName = e.getLocalName() != null ? e.getLocalName() : e.getNodeName();
          if ("UProveCredentialAndPseudonym".equals(elementName)) {
            String credAlias =
                ((Element) e.getElementsByTagName("Proof").item(0))
                    .getElementsByTagName("CredentialAlias")
                    .item(0)
                    .getTextContent();
            CredentialSpecification credSpec = null;
            CredentialInToken c = null;

            for (CredentialInToken cit : t.getPresentationTokenDescription().getCredential()) {
              if (cit.getAlias().toString().equals(credAlias)) {
                credSpec = this.keyManager.getCredentialSpecification(cit.getCredentialSpecUID());
                c = cit;
                break;
              }
            }

            if (credSpec == null) {
              throw new RuntimeException("Could not find credential specification.");
            }

            List<Integer> inspectableAttributes = new ArrayList<Integer>();
            Map<Integer, URI> indexToInspectorKey = new HashMap<Integer, URI>();
            Map<Integer, URI> indexToAttributeType = new HashMap<Integer, URI>();
            // TODO here we have to also look at any inspectable attributes.
            // If there are any, we need to create an inspectable information element etc.
            int revocationindex = -1;
            for (int i = 0;
                i < credSpec.getAttributeDescriptions().getAttributeDescription().size();
                i++) {
              AttributeDescription ad =
                  credSpec.getAttributeDescriptions().getAttributeDescription().get(i);

              if (ad.getType()
                  .toString()
                  .equals("http://abc4trust.eu/wp2/abcschemav1.0/revocationhandle")) {
                revocationindex = i;
              }
              for (AttributeInToken da : c.getDisclosedAttribute()) {
                if (da.getAttributeType().equals(ad.getType())
                    && (da.getInspectorPublicKeyUID() != null)) {
                  inspectableAttributes.add(i);
                  indexToInspectorKey.put(i, da.getInspectorPublicKeyUID());
                  indexToAttributeType.put(i, da.getAttributeType());
                }
              }
            }
            Set<Integer> committedValues = new HashSet<Integer>();
            committedValues.addAll(inspectableAttributes);
            if (!committedValues.contains(revocationindex) && (revocationindex != -1)) {
              committedValues.add(revocationindex);
            }
            Map<Integer, Integer> indexToIndexInProof = this.mapIndices(committedValues);

            if (e.getElementsByTagName("CommittedAttributesIndices").getLength() > 0) {
              Element cai = (Element) e.getElementsByTagName("CommittedAttributesIndices").item(0);
              NodeList nl = cai.getChildNodes();
              for (int j = 0; j < nl.getLength(); j++) {
                Element ind = null;
                try {
                  ind = (Element) nl.item(j);
                } catch (ClassCastException ex) {
                  // If we end up here, it is most likely because we got a TextElement which is
                  // empty due
                  // to malformed xml (such as \r or \n)
                  continue;
                }
                int committedIndex = Integer.parseInt(ind.getTextContent()) - 1;
                Element root = null;
                // make addToRoot method, to allow for inspectable revocationinformation
                if (committedIndex == revocationindex) {
                  root = ind.getOwnerDocument().createElement("RevocationInformation");
                } else if (inspectableAttributes.contains(committedIndex)) {
                  root = ind.getOwnerDocument().createElement("InspectableInformation");
                  root.setAttribute(
                      "InspectorPublicKey", indexToInspectorKey.get(committedIndex).toString());
                  root.setAttribute(
                      "AttributeType", indexToAttributeType.get(committedIndex).toString());
                } else {
                  // TODO: @Michael - explain this code a little :)
                  continue;
                }
                root.setAttribute("CredentialAlias", c.getAlias().toString());
                root.setAttribute("CredentialSpecUID", credSpec.getSpecificationUID().toString());
                root.setAttribute("IssuerParamsUID", c.getIssuerParametersUID().toString());

                Element tilde = root.getOwnerDocument().createElement("TildeO");
                root.appendChild(tilde);
                NodeList tildes = e.getElementsByTagName("TildeO").item(0).getChildNodes();
                //
                // System.out.println("got the tildeO nodes: "+tildes.getLength());

                tilde.appendChild(
                    tildes.item(indexToIndexInProof.get(committedIndex)).cloneNode(true));
                tilde = root.getOwnerDocument().createElement("TildeValues");
                root.appendChild(tilde);
                tildes = e.getElementsByTagName("TildeValues").item(0).getChildNodes();
                tilde.appendChild(
                    tildes.item((indexToIndexInProof.get(committedIndex) * 3)).cloneNode(true));
                icp.getAny().add(root);
              }
            }
          }

          if ("IdmxProof".equals(elementName)) {
            cryptoEvidenceContainsIdemix = true;
            icp.getAny().add(o);
          }
          if ("CredentialInTokenWithCommitments".equals(elementName)
              || "abc:CredentialInTokenWithCommitments".equals(elementName)) {
            cryptoEvidenceContainsIdemix = true;
            // magic code adding the CrednetialInToken
            TransformerFactory transfac = TransformerFactory.newInstance();
            Transformer trans = transfac.newTransformer();
            trans.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
            trans.setOutputProperty(OutputKeys.INDENT, "yes");

            // create string from xml tree
            StringWriter sw = new StringWriter();
            StreamResult result = new StreamResult(sw);
            DOMSource source = new DOMSource(e.getOwnerDocument());
            trans.transform(source, result);
            String xmlString = sw.toString();

            InputStream credIn = new ByteArrayInputStream(xmlString.getBytes());
            idemixToken
                .getPresentationTokenDescriptionWithCommitments()
                .getCredential()
                .add((CredentialInTokenWithCommitments) XmlUtils.getObjectFromXML(credIn, false));
          }
          if ("VerifiableEncryption".equals(elementName)) {
            icp.getAny().add(o);
          }
        } catch (Exception e) {
          e.printStackTrace();
          // TODO @jdn, I think your revocation code causes some some serialization problems
          // /Michael
          // throw new RuntimeException(e);
        }
      }

      if (cryptoEvidenceContainsIdemix) {
        idemixToken.setCryptoEvidence(icp);

        //    System.out.println("\n\nNow verifying idmtoken!!");
        //	System.out.println(XmlUtils.toXml(of.createPresentationTokenWithCommitments(idemixToken),
        // false)+"\n\n");

        // System.out.println("about to call idmix engine for verification");
        // System.out.println("we have "+idemixToken.getCryptoEvidence().getAny().size()+" crypto
        // evidence");
        if (idemixToken.getCryptoEvidence().getAny().size() == 0) {
          verifies = true;
        } else {
          verifies = this.idemixEngine.verifyTokenWithCommitments(idemixToken);
        }
        System.out.println("idemix verifies: " + verifies);
      }

      if (tokenContainsUProve) {
        //                CryptoParams tcp = t.getCryptoEvidence();
        tcp = t.getCryptoEvidence();
        CryptoParams ucp = of.createCryptoParams();
        for (Object o : tcp.getAny()) {
          try {
            Element e = (Element) o;
            if (e.getNodeName().startsWith("UProve")) {
              ucp.getAny().add(o);
            }
          } catch (Exception e) {
          }
        }
        uproveToken.setCryptoEvidence(ucp);
        // System.out.println("Now verifying uprove");

        // xml = XmlUtils.toXml(of.createPresentationToken(uproveToken), false);
        // System.out.println(xml+"\n\n");

        boolean ver = this.uproveEngine.verifyToken(uproveToken);
        // System.out.println("uprove verifies: "+ver);
        if (cryptoEvidenceContainsIdemix) {
          verifies = verifies && ver;
        } else {
          verifies = ver;
        }
      }

      // System.out.println("DELEGATION VERIFIER.verifies:::: "+verifies);
      return verifies;
    } catch (Exception e) {
      e.printStackTrace();
    }
    return false;
  }
Beispiel #4
0
  private void populateAttributes(List<Attribute> issuerAtts) throws Exception {
    ObjectFactory of = new ObjectFactory();

    Attribute cardType = of.createAttribute();
    cardType.setAttributeUID(new URI("card:type:blibliblib"));
    cardType.setAttributeValue("VISA");
    cardType.setAttributeDescription(of.createAttributeDescription());
    cardType.getAttributeDescription().setDataType(new URI("xs:string"));
    cardType
        .getAttributeDescription()
        .setEncoding(new URI("urn:abc4trust:1.0:encoding:string:sha-256"));
    cardType.getAttributeDescription().setType(new URI("CardType"));
    issuerAtts.add(cardType);

    Attribute name = of.createAttribute();
    name.setAttributeUID(new URI("card:name:blibliblib"));
    name.setAttributeValue("Jens");
    name.setAttributeDescription(of.createAttributeDescription());
    name.getAttributeDescription().setDataType(new URI("xs:string"));
    name.getAttributeDescription()
        .setEncoding(new URI("urn:abc4trust:1.0:encoding:string:sha-256"));
    name.getAttributeDescription().setType(new URI("Name"));
    issuerAtts.add(name);

    Attribute lastName = of.createAttribute();
    lastName.setAttributeUID(new URI("card:lastname:blibliblib"));
    lastName.setAttributeValue("Jensen");
    lastName.setAttributeDescription(of.createAttributeDescription());
    lastName.getAttributeDescription().setDataType(new URI("xs:string"));
    lastName
        .getAttributeDescription()
        .setEncoding(new URI("urn:abc4trust:1.0:encoding:string:sha-256"));
    lastName.getAttributeDescription().setType(new URI("LastName"));
    issuerAtts.add(lastName);

    Attribute cardNumber = of.createAttribute();
    cardNumber.setAttributeUID(new URI("card:cardnumber"));
    cardNumber.setAttributeValue(234567812345678L);
    cardNumber.setAttributeDescription(of.createAttributeDescription());
    cardNumber.getAttributeDescription().setDataType(new URI("xs:integer"));
    cardNumber
        .getAttributeDescription()
        .setEncoding(new URI("urn:abc4trust:1.0:encoding:integer:signed"));
    cardNumber.getAttributeDescription().setType(new URI("CardNumber"));
    issuerAtts.add(cardNumber);

    Attribute expirationDate = of.createAttribute();
    expirationDate.setAttributeUID(new URI("card:expdate:blablablabla"));
    expirationDate.setAttributeValue("1976-12-30T10:42:42Z");
    expirationDate.setAttributeDescription(of.createAttributeDescription());
    expirationDate.getAttributeDescription().setDataType(new URI("xs:dateTime"));
    expirationDate
        .getAttributeDescription()
        .setEncoding(new URI("urn:abc4trust:1.0:encoding:dateTime:unix:signed"));
    expirationDate.getAttributeDescription().setType(new URI("ExpirationDate"));
    issuerAtts.add(expirationDate);

    Attribute securityCode = of.createAttribute();
    securityCode.setAttributeUID(new URI("security:code:blablabla"));
    securityCode.setAttributeValue(42);
    securityCode.setAttributeDescription(of.createAttributeDescription());
    securityCode.getAttributeDescription().setDataType(new URI("xs:integer"));
    securityCode
        .getAttributeDescription()
        .setEncoding(new URI("urn:abc4trust:1.0:encoding:integer:signed"));
    securityCode.getAttributeDescription().setType(new URI("SecurityCode"));
    issuerAtts.add(securityCode);

    Attribute status = of.createAttribute();
    status.setAttributeUID(new URI("status:blablablabla"));
    status.setAttributeValue(new URI("Customer"));
    status.setAttributeDescription(of.createAttributeDescription());
    status.getAttributeDescription().setDataType(new URI("xs:anyURI"));
    status
        .getAttributeDescription()
        .setEncoding(new URI("urn:abc4trust:1.0:encoding:anyUri:sha-256"));
    status.getAttributeDescription().setType(new URI("Status"));
    issuerAtts.add(status);
  }