Java > Open Source Codes > org > ejbca > core > ejb > ca > caadmin > TestCAImportExport


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13
14 package org.ejbca.core.ejb.ca.caadmin;
15
16 import java.util.ArrayList ;
17 import java.util.Date ;
18
19 import javax.naming.Context ;
20
21 import junit.framework.TestCase;
22
23 import org.apache.log4j.Logger;
24 import org.ejbca.core.model.SecConst;
25 import org.ejbca.core.model.ca.caadmin.CAInfo;
26 import org.ejbca.core.model.ca.caadmin.X509CAInfo;
27 import org.ejbca.core.model.ca.catoken.CATokenConstants;
28 import org.ejbca.core.model.ca.catoken.CATokenInfo;
29 import org.ejbca.core.model.ca.catoken.SoftCATokenInfo;
30 import org.ejbca.core.model.log.Admin;
31
32 /**
33  * Tests CA import and export.
34  */
35 public class TestCAImportExport extends TestCase {
36     private static Logger log = Logger.getLogger(TestCAImportExport.class);
37     private static Context ctx;
38     private static ICAAdminSessionRemote caadminsession;
39     private static X509CAInfo cainfo = null;
40
41     /**
42      * Creates a new TestCAImportExport object.
43      *
44      * @param name name
45      */
46     public TestCAImportExport(String name) {
47         super(name);
48     }
49     
50     /**
51      * Setup test enviroment.
52      *
53      * @throws Exception
54      */
55     protected void setUp() throws Exception {
56         log.debug(">setUp()");
57         ctx = org.ejbca.core.ejb.InitialContextBuilder.getInstance().getInitialContext();
58         ICAAdminSessionHome home = (org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(ctx.lookup("CAAdminSession"), org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionHome.class );
59         caadminsession = home.create();
60         log.debug("<setUp()");
61     }
62     
63     /**
64      * Tear down test enviroment. Does nothing.
65      *
66      * @throws Exception
67      */
68     protected void tearDown() throws Exception {
69     }
70     
71     /**
72      * Tries to export and import a CA that is using SHA1withRSA as signature algorithm.
73      *
74      * @throws Exception
75      */
76     public void test01ImportExportSHA1withRSA() throws Exception {
77         log.debug("<test01ImportExport..()");
78         CATokenInfo catokeninfo = new SoftCATokenInfo();
79         catokeninfo.setSignatureAlgorithm(CATokenConstants.SIGALG_SHA1_WITH_RSA);
80         ((SoftCATokenInfo) catokeninfo).setSignKeyAlgorithm(CATokenConstants.KEYALGORITHM_RSA);
81         ((SoftCATokenInfo) catokeninfo).setSignKeySpec("2048");
82         catokeninfo.setEncryptionAlgorithm(CATokenConstants.SIGALG_SHA1_WITH_RSA);
83         ((SoftCATokenInfo) catokeninfo).setEncKeyAlgorithm(CATokenConstants.KEYALGORITHM_RSA);
84         ((SoftCATokenInfo) catokeninfo).setEncKeySpec("2048");
85         subTest(catokeninfo);
86         log.debug("<test01ImportExport()");
87     } // test01ImportExport
88
89     /**
90      * Tries to export and import a CA that is using SHA1withECDSA as signature algorithm.
91      *
92      * @throws Exception
93      */
94     public void test02ImportExportSHA1withECDSA() throws Exception {
95         log.debug("<test02ImportExport..()");
96         CATokenInfo catokeninfo = new SoftCATokenInfo();
97         catokeninfo.setSignatureAlgorithm(CATokenConstants.SIGALG_SHA1_WITH_ECDSA);
98         ((SoftCATokenInfo) catokeninfo).setSignKeyAlgorithm(CATokenConstants.KEYALGORITHM_ECDSA);
99         ((SoftCATokenInfo) catokeninfo).setSignKeySpec("prime192v1");
100         catokeninfo.setEncryptionAlgorithm(CATokenConstants.SIGALG_SHA1_WITH_RSA);
101         ((SoftCATokenInfo) catokeninfo).setEncKeyAlgorithm(CATokenConstants.KEYALGORITHM_RSA);
102         ((SoftCATokenInfo) catokeninfo).setEncKeySpec("2048");
103         subTest(catokeninfo);
104         log.debug("<test02ImportExport()");
105     } // test02ImportExport
106
107     /**
108      * Tries to export and import a CA that is using SHA256withRSA as signature algorithm.
109      *
110      * @throws Exception
111      */
112     public void test03ImportExportSHA256withRSA() throws Exception {
113         log.debug("<test03ImportExport..()");
114         CATokenInfo catokeninfo = new SoftCATokenInfo();
115         catokeninfo.setSignatureAlgorithm(CATokenConstants.SIGALG_SHA256_WITH_RSA);
116         ((SoftCATokenInfo) catokeninfo).setSignKeyAlgorithm(CATokenConstants.KEYALGORITHM_RSA);
117         ((SoftCATokenInfo) catokeninfo).setSignKeySpec("2048");
118         catokeninfo.setEncryptionAlgorithm(CATokenConstants.SIGALG_SHA1_WITH_RSA);
119         ((SoftCATokenInfo) catokeninfo).setEncKeyAlgorithm(CATokenConstants.KEYALGORITHM_RSA);
120         ((SoftCATokenInfo) catokeninfo).setEncKeySpec("2048");
121         subTest(catokeninfo);
122         log.debug("<test03ImportExport()");
123     } // test03ImportExport
124
125     /**
126      * Tries to export and import a CA that is using SHA256withECDSA as signature algorithm.
127      *
128      * @throws Exception
129      */
130     public void test04ImportExportSHA256withECDSA() throws Exception {
131         log.debug("<test04ImportExport..()");
132         CATokenInfo catokeninfo = new SoftCATokenInfo();
133         catokeninfo.setSignatureAlgorithm(CATokenConstants.SIGALG_SHA256_WITH_ECDSA);
134         ((SoftCATokenInfo) catokeninfo).setSignKeyAlgorithm(CATokenConstants.KEYALGORITHM_ECDSA);
135         ((SoftCATokenInfo) catokeninfo).setSignKeySpec("prime192v1");
136         catokeninfo.setEncryptionAlgorithm(CATokenConstants.SIGALG_SHA1_WITH_RSA);
137         ((SoftCATokenInfo) catokeninfo).setEncKeyAlgorithm(CATokenConstants.KEYALGORITHM_RSA);
138         ((SoftCATokenInfo) catokeninfo).setEncKeySpec("2048");
139         subTest(catokeninfo);
140         log.debug("<test04ImportExport()");
141     } // test04ImportExport
142
143     /**
144      * Tries to export and import a CA that is using SHA256withRSA as signature algorithm and assuming
145      * the admin role of a "Public web user". This method tests that the accessrules are working for
146      * and the test will succeed if the commands fail.
147      *
148      * @throws Exception
149      */
150     public void test05ImportExportAccess() throws Exception {
151         log.debug("<test05ImportExport..()");
152         CATokenInfo catokeninfo = new SoftCATokenInfo();
153         catokeninfo.setSignatureAlgorithm(CATokenConstants.SIGALG_SHA256_WITH_ECDSA);
154         ((SoftCATokenInfo) catokeninfo).setSignKeyAlgorithm(CATokenConstants.KEYALGORITHM_ECDSA);
155         ((SoftCATokenInfo) catokeninfo).setSignKeySpec("prime192v1");
156         catokeninfo.setEncryptionAlgorithm(CATokenConstants.SIGALG_SHA1_WITH_RSA);
157         ((SoftCATokenInfo) catokeninfo).setEncKeyAlgorithm(CATokenConstants.KEYALGORITHM_RSA);
158         ((SoftCATokenInfo) catokeninfo).setEncKeySpec("2048");
159         subTestPublicAccess(catokeninfo, new Admin(Admin.TYPE_PUBLIC_WEB_USER));
160         log.debug("<test05ImportExport()");
161     } // test05ImportExport
162
163     /**
164      * Creates a CAinfo for testing.
165      *
166      * @param caname The name this CA-info will be assigned
167      * @param catokeninfo The tokeninfo for this CA-info
168      * @return The new X509CAInfo for testing.
169      */
170     private X509CAInfo getNewCAInfo(String caname, CATokenInfo catokeninfo) {
171         cainfo = new X509CAInfo("CN="+caname,
172                 caname, SecConst.CA_ACTIVE, new Date (),
173                 "", SecConst.CERTPROFILE_FIXED_ROOTCA,
174                 365,
175                 new Date (System.currentTimeMillis()+364*24*3600*1000), // Expiretime
176 CAInfo.CATYPE_X509,
177                 CAInfo.SELFSIGNED,
178                 null, // certificatechain
179 catokeninfo,
180                 "Used for testing CA import and export",
181                 -1, null, // revokationreason, revokationdate
182 "", // PolicyId
183 24, // CRLPeriod
184 0, // CRLIssuePeriod
185 10, // CRLOverlapTime
186 new ArrayList (),
187                 true, // Authority Key Identifier
188 false, // Authority Key Identifier Critical
189 true, // CRL Number
190 false, // CRL Number Critical
191 "", // Default CRL Dist Point
192 "", // Default CRL Issuer
193 "", // Default OCSP Service Locator
194 true, // Finish User
195 new ArrayList (), //extendedcaservices
196 false, // use default utf8 settings
197 new ArrayList (), // Approvals Settings
198 1, // Number of Req approvals
199 false); // Use UTF8 subject DN by default
200 return cainfo;
201     }
202
203     /**
204      * Perform test of import and export with interal admin.
205
206      * @param catokeninfo The tokeninfo for this CA-info
207      */
208     private void subTest(CATokenInfo catokeninfo) throws Exception {
209         byte[] keystorebytes = null;
210         String caname = "DummyTestCA";
211         String capassword = "foo123";
212         String keyFingerPrint = null;
213         cainfo = getNewCAInfo(caname, catokeninfo);
214         Admin admin = new Admin(Admin.TYPE_INTERNALUSER);
215         boolean defaultRetValue = false;
216         if ( admin.getAdminType() == Admin.TYPE_INTERNALUSER ) {
217             defaultRetValue = true;
218         }
219         try {
220             caadminsession.removeCA(admin, cainfo.getCAId());
221         } catch (Exception e) { }
222         boolean ret = false;
223         try {
224             caadminsession.createCA(admin, cainfo);
225             ret = true;
226         } catch (Exception e) { }
227         assertEquals("Could not create CA \"" + caname + "\" for testing.", ret, defaultRetValue);
228         ret = false;
229         try {
230             keyFingerPrint = caadminsession.getKeyFingerPrint(admin, caname);
231             ret = true;
232         } catch (Exception e) { }
233         assertEquals("Could not get key fingerprint for \"" + caname + "\".", ret, defaultRetValue);
234         ret = false;
235         try {
236             keystorebytes = caadminsession.exportCAKeyStore(admin, caname, capassword.toCharArray(), capassword.toCharArray(), "SignatureKeyAlias", "EncryptionKeyAlias");
237             ret = true;
238         } catch (Exception e) { }
239         assertEquals("Could not export CA.", ret, defaultRetValue);
240         ret = false;
241         try {
242             caadminsession.removeCA(admin, cainfo.getCAId());
243             ret = true;
244         } catch (Exception e) { }
245         assertEquals("Could not remove CA.", ret, defaultRetValue);
246         ret = false;
247         try {
248             caadminsession.importCAFromKeyStore(admin, caname, keystorebytes, capassword.toCharArray(), capassword.toCharArray(), "SignatureKeyAlias", "EncryptionKeyAlias");
249             ret = true;
250         } catch (Exception e) { }
251         assertEquals("Could not import CA.", ret, defaultRetValue);
252         ret = false;
253         try {
254             if ( keyFingerPrint.equals(caadminsession.getKeyFingerPrint(admin, caname)) ) {
255                 ret = true;
256             }
257         } catch (Exception e) { }
258         assertEquals("Fingerprint does not match for \"" + caname + "\".", ret, defaultRetValue);
259         ret = false;
260         try {
261             caadminsession.removeCA(admin, cainfo.getCAId());
262             ret = true;
263         } catch (Exception e) { }
264         assertEquals("Could not remove CA.", ret, defaultRetValue);
265     }
266
267     /**
268      * Perform security test of import and export with specified admin.
269      *
270      * @param catokeninfo The tokeninfo for this CA-info
271      * @param admin The unathorized administrator
272      */
273     private void subTestPublicAccess(CATokenInfo catokeninfo, Admin admin) throws Exception {
274         byte[] keystorebytes = null;
275         String caname = "DummyTestCA";
276         String capassword = "foo123";
277         String keyFingerPrint = null;
278         cainfo = getNewCAInfo(caname, catokeninfo);
279         Admin internalAdmin = new Admin(Admin.TYPE_INTERNALUSER);
280         try {
281             caadminsession.removeCA(internalAdmin, cainfo.getCAId());
282         } catch (Exception e) { }
283         boolean ret = false;
284         try {
285             caadminsession.createCA(internalAdmin, cainfo);
286             ret = true;
287         } catch (Exception e) { }
288         assertTrue("Could not create CA \"" + caname + "\" for testing.", ret);
289         ret = false;
290         try {
291             keyFingerPrint = caadminsession.getKeyFingerPrint(admin, caname);
292             ret = true;
293         } catch (Exception e) { }
294         assertFalse("Could get key fingerprint for \"" + caname + "\".", ret);
295         ret = false;
296         try {
297             keyFingerPrint = caadminsession.getKeyFingerPrint(internalAdmin, caname);
298             ret = true;
299         } catch (Exception e) { }
300         assertTrue("Could not get key fingerprint for \"" + caname + "\".", ret);
301         ret = false;
302         try {
303             keystorebytes = caadminsession.exportCAKeyStore(admin, caname, capassword.toCharArray(), capassword.toCharArray(), "SignatureKeyAlias", "EncryptionKeyAlias");
304             ret = true;
305         } catch (Exception e) { }
306         assertFalse("Could export CA.", ret);
307         ret = false;
308         try {
309             keystorebytes = caadminsession.exportCAKeyStore(internalAdmin, caname, capassword.toCharArray(), capassword.toCharArray(), "SignatureKeyAlias", "EncryptionKeyAlias");
310             ret = true;
311         } catch (Exception e) { }
312         assertTrue("Could not export CA.", ret);
313         ret = false;
314         try {
315             caadminsession.removeCA(internalAdmin, cainfo.getCAId());
316             ret = true;
317         } catch (Exception e) { }
318         assertTrue("Could not remove CA.", ret);
319         ret = false;
320         try {
321             caadminsession.importCAFromKeyStore(admin, caname, keystorebytes, capassword.toCharArray(), capassword.toCharArray(), "SignatureKeyAlias", "EncryptionKeyAlias");
322             ret = true;
323         } catch (Exception e) { }
324         assertFalse("Could import CA.", ret);
325         ret = false;
326         try {
327             caadminsession.importCAFromKeyStore(internalAdmin, caname, keystorebytes, capassword.toCharArray(), capassword.toCharArray(), "SignatureKeyAlias", "EncryptionKeyAlias");
328             ret = true;
329         } catch (Exception e) { }
330         assertTrue("Could not import CA.", ret);
331         ret = false;
332         try {
333             if ( keyFingerPrint.equals(caadminsession.getKeyFingerPrint(admin, caname)) ) {
334                 ret = true;
335             }
336         } catch (Exception e) { }
337         assertFalse("Fingerprint does match for \"" + caname + "\".", ret);
338         ret = false;
339         try {
340             if ( keyFingerPrint.equals(caadminsession.getKeyFingerPrint(internalAdmin, caname)) ) {
341                 ret = true;
342             }
343         } catch (Exception e) { }
344         assertTrue("Fingerprint does not match for \"" + caname + "\".", ret);
345         ret = false;
346         try {
347             caadminsession.removeCA(internalAdmin, cainfo.getCAId());
348             ret = true;
349         } catch (Exception e) { }
350         assertTrue("Could not remove CA.", ret);
351     }
352 }
353

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags