1 13 14 package org.ejbca.core.protocol.xkms; 15 16 import java.math.BigInteger ; 17 import java.security.KeyPair ; 18 import java.security.KeyPairGenerator ; 19 import java.security.cert.X509CRL ; 20 import java.security.cert.X509Certificate ; 21 import java.security.interfaces.RSAPrivateKey ; 22 import java.security.interfaces.RSAPublicKey ; 23 import java.util.ArrayList ; 24 import java.util.GregorianCalendar ; 25 import java.util.Iterator ; 26 import java.util.List ; 27 import java.util.Random ; 28 29 import javax.naming.Context ; 30 import javax.naming.NamingException ; 31 import javax.xml.bind.JAXBElement; 32 import javax.xml.datatype.XMLGregorianCalendar ; 33 34 import junit.framework.TestCase; 35 36 import org.apache.log4j.Logger; 37 import org.ejbca.core.ejb.ca.sign.ISignSessionHome; 38 import org.ejbca.core.ejb.ca.sign.ISignSessionRemote; 39 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionHome; 40 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote; 41 import org.ejbca.core.ejb.ra.IUserAdminSessionHome; 42 import org.ejbca.core.ejb.ra.IUserAdminSessionRemote; 43 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionHome; 44 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionRemote; 45 import org.ejbca.core.model.SecConst; 46 import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile; 47 import org.ejbca.core.model.ca.certificateprofiles.CertificateProfileExistsException; 48 import org.ejbca.core.model.ca.certificateprofiles.EndUserCertificateProfile; 49 import org.ejbca.core.model.ca.crl.RevokedCertInfo; 50 import org.ejbca.core.model.log.Admin; 51 import org.ejbca.core.model.ra.raadmin.EndEntityProfile; 52 import org.ejbca.core.model.ra.raadmin.EndEntityProfileExistsException; 53 import org.ejbca.core.protocol.xkms.client.XKMSInvoker; 54 import org.ejbca.core.protocol.xkms.common.XKMSConstants; 55 import org.ejbca.util.Base64; 56 import org.ejbca.util.CertTools; 57 import org.w3._2000._09.xmldsig_.KeyInfoType; 58 import org.w3._2000._09.xmldsig_.KeyValueType; 59 import org.w3._2000._09.xmldsig_.RSAKeyValueType; 60 import org.w3._2000._09.xmldsig_.X509DataType; 61 import org.w3._2002._03.xkms_.LocateRequestType; 62 import org.w3._2002._03.xkms_.LocateResultType; 63 import org.w3._2002._03.xkms_.ObjectFactory; 64 import org.w3._2002._03.xkms_.OpaqueClientDataType; 65 import org.w3._2002._03.xkms_.QueryKeyBindingType; 66 import org.w3._2002._03.xkms_.TimeInstantType; 67 import org.w3._2002._03.xkms_.UnverifiedKeyBindingType; 68 import org.w3._2002._03.xkms_.UseKeyWithType; 69 import org.w3._2002._03.xkms_.ValidateRequestType; 70 import org.w3._2002._03.xkms_.ValidateResultType; 71 72 80 81 public class TestXKMSKISS extends TestCase { 82 83 private static Logger log = Logger.getLogger(TestXKMSKISS.class); 84 85 static{ 86 org.apache.xml.security.Init.init(); 87 } 88 89 private XKMSInvoker xKMSInvoker = new XKMSInvoker("http://localhost:8080/ejbca/xkms/xkms",null); 90 91 private ObjectFactory xKMSObjectFactory = new ObjectFactory(); 92 private org.w3._2000._09.xmldsig_.ObjectFactory sigFactory = new org.w3._2000._09.xmldsig_.ObjectFactory(); 93 94 private static String baseUsername; 95 private IUserAdminSessionRemote cacheAdmin; 96 private IUserAdminSessionHome cacheHome; 97 private ISignSessionRemote rsaremote; 98 private ICertificateStoreSessionRemote certStore; 99 private IRaAdminSessionRemote raAdmin; 100 101 private int caid; 102 private static String username1 = null; 103 private static String username2 = null; 104 private static String username3 = null; 105 106 private static String issuerdn = null; 107 108 private int userNo; 109 110 private static X509Certificate cert1; 111 private static X509Certificate cert2; 112 113 private static String dn1; 114 private static String dn2; 115 private static String dn3; 116 117 protected void setUp() throws Exception { 118 log.debug(">setUp()"); 119 CertTools.installBCProvider(); 120 121 122 if (cacheAdmin == null) { 123 if (cacheHome == null) { 124 Context jndiContext = getInitialContext(); 125 Object obj1 = jndiContext.lookup("UserAdminSession"); 126 cacheHome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj1, IUserAdminSessionHome.class); 127 128 Object obj = jndiContext.lookup("RSASignSession"); 129 ISignSessionHome rsahome = (ISignSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, ISignSessionHome.class); 130 rsaremote = rsahome.create(); 131 132 Object obj2 = jndiContext.lookup("CertificateStoreSession"); 133 ICertificateStoreSessionHome certhome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject.narrow(obj2, ICertificateStoreSessionHome.class); 134 certStore = certhome.create(); 135 136 Object obj3 = jndiContext.lookup("RaAdminSession"); 137 IRaAdminSessionHome raAdminHome = (IRaAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj3, IRaAdminSessionHome.class); 138 raAdmin = raAdminHome.create(); 139 140 issuerdn = "CN=AdminCA1,O=EJBCA Sample,C=SE"; 141 caid = issuerdn.hashCode(); 142 143 } 144 145 cacheAdmin = cacheHome.create(); 146 } 147 148 149 Random ran = new Random (); 150 if(baseUsername == null){ 151 baseUsername = "xkmstestuser" + (ran.nextInt() % 1000) + "-"; 152 } 153 154 log.debug("<setUp()"); 155 } 156 157 protected void tearDown() throws Exception { 158 } 159 160 public void test00SetupDatabase() throws Exception { 161 Admin administrator = new Admin(Admin.TYPE_RA_USER); 162 163 EndUserCertificateProfile profile1 = new EndUserCertificateProfile(); 165 profile1.setKeyUsage(CertificateProfile.DIGITALSIGNATURE,false); 166 profile1.setKeyUsage(CertificateProfile.KEYENCIPHERMENT,false); 167 profile1.setKeyUsage(CertificateProfile.NONREPUDIATION,true); 168 169 EndUserCertificateProfile profile2 = new EndUserCertificateProfile(); 170 profile2.setKeyUsage(CertificateProfile.DATAENCIPHERMENT,true); 171 172 try { 173 certStore.addCertificateProfile(administrator, "XKMSTESTSIGN", profile1); 174 } catch (CertificateProfileExistsException e) { 175 System.out.println("Certificateprofile XKMSTESTSIGN already exists."); 176 } 177 try { 178 certStore.addCertificateProfile(administrator, "XKMSTESTEXCHANDENC", profile2); 179 } catch (CertificateProfileExistsException e) { 180 System.out.println("Certificateprofile XKMSTESTSIGN already exists."); 181 } 182 183 int profile1Id = certStore.getCertificateProfileId(administrator, "XKMSTESTSIGN"); 184 int profile2Id = certStore.getCertificateProfileId(administrator, "XKMSTESTEXCHANDENC"); 185 186 EndEntityProfile endentityprofile = new EndEntityProfile(true); 187 endentityprofile.setValue(EndEntityProfile.AVAILCAS, 0, ""+caid); 188 endentityprofile.setValue(EndEntityProfile.AVAILCERTPROFILES, 0, ""+SecConst.CERTPROFILE_FIXED_ENDUSER +";" + profile1Id + ";" + profile2Id ); 189 190 try { 191 raAdmin.addEndEntityProfile(administrator, "XKMSTESTPROFILE", endentityprofile); 192 } catch (EndEntityProfileExistsException e) { 193 System.out.println("Endentityprofile XKMSTESTPROFILE already exists."); 194 } 195 int endEntityProfileId = raAdmin.getEndEntityProfileId(administrator, "XKMSTESTPROFILE"); 196 197 198 username1 = genUserName(); 199 String pwd = "foo123"; 200 int type = SecConst.USER_ENDUSER; 201 int token = SecConst.TOKEN_SOFT_P12; 202 int certificatetypeid = SecConst.CERTPROFILE_FIXED_ENDUSER; 203 int hardtokenissuerid = SecConst.NO_HARDTOKENISSUER; 204 dn1 = "C=SE, O=AnaTom, CN=" + username1; 205 String subjectaltname1 = "RFC822NAME=" + username1 + "@foo.se"; 206 String email1 = username1 + "@foo.se"; 207 if (cacheAdmin.findUser(administrator, username1) != null) { 208 System.out.println("Error : User already exists in the database."); 209 } 210 cacheAdmin.addUser(administrator, username1, pwd, CertTools.stringToBCDNString(dn1), subjectaltname1, email1, false, endEntityProfileId, certificatetypeid, 211 type, token, hardtokenissuerid, caid); 212 cacheAdmin.setClearTextPassword(administrator, username1, pwd); 213 KeyPair keys1 = genKeys(); 214 cert1 = (X509Certificate ) rsaremote.createCertificate(administrator, username1, "foo123", keys1.getPublic()); 215 216 username2 = genUserName(); 217 dn2 = "C=SE, O=AnaTom, CN=" + username2; 218 String subjectaltname2 = "RFC822NAME=" + username2 + "@foo.se,UNIFORMRESOURCEIDENTIFIER=http://www.test.com/"+username2+",IPADDRESS=10.0.0.1,DNSNAME="+username2+".test.com"; 219 String email2 = username2 + "@foo.se"; 220 if (cacheAdmin.findUser(administrator, username2) != null) { 221 System.out.println("Error : User already exists in the database."); 222 } 223 cacheAdmin.addUser(administrator, username2, pwd, CertTools.stringToBCDNString(dn2), subjectaltname2, email2, false, endEntityProfileId, profile1Id, 224 type, token, hardtokenissuerid, caid); 225 cacheAdmin.setClearTextPassword(administrator, username2, pwd); 226 KeyPair keys2 = genKeys(); 227 cert2 = (X509Certificate ) rsaremote.createCertificate(administrator, username2, "foo123", keys2.getPublic()); 228 229 username3 = genUserName(); 230 dn3 = "C=SE, O=AnaTom, CN=" + username3; 231 String subjectaltname3 = "RFC822NAME=" + username3 + "@foo.se"; 232 String email3 = username3 + "@foo.se"; 233 if (cacheAdmin.findUser(administrator, username3) != null) { 234 System.out.println("Error : User already exists in the database."); 235 } 236 cacheAdmin.addUser(administrator, username3, pwd, CertTools.stringToBCDNString(dn3), subjectaltname3, email3, false, endEntityProfileId, profile2Id, 237 type, token, hardtokenissuerid, caid); 238 cacheAdmin.setClearTextPassword(administrator, username3, pwd); 239 KeyPair keys3 = genKeys(); 240 rsaremote.createCertificate(administrator, username3, "foo123", keys3.getPublic()); 241 242 } 243 244 public void test01AbstractType() throws Exception { 245 LocateRequestType abstractRequestType = xKMSObjectFactory.createLocateRequestType(); 246 abstractRequestType.setId("123"); 247 OpaqueClientDataType opaqueClientDataType = new OpaqueClientDataType(); 248 opaqueClientDataType.getOpaqueData().add("TEST".getBytes()); 249 opaqueClientDataType.getOpaqueData().add("TEST2".getBytes()); 250 QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 251 abstractRequestType.setQueryKeyBinding(queryKeyBindingType); 252 253 abstractRequestType.setOpaqueClientData(opaqueClientDataType); 254 LocateResultType abstractResultType = xKMSInvoker.locate(abstractRequestType,null,null); 255 assertTrue(abstractResultType.getRequestId().equals("123")); 256 assertTrue(!abstractResultType.getId().equals("123")); 257 258 OpaqueClientDataType opaqueClientDataTypeResult = abstractResultType.getOpaqueClientData(); 259 assertTrue(opaqueClientDataTypeResult.getOpaqueData().size() == 2); 260 assertTrue(new String (opaqueClientDataTypeResult.getOpaqueData().get(0)).equals("TEST")); 261 assertTrue(new String (opaqueClientDataTypeResult.getOpaqueData().get(1)).equals("TEST2")); 262 263 } 264 265 public void test02TimeInstantNotSupported() throws Exception { 266 LocateRequestType localteRequestType = xKMSObjectFactory.createLocateRequestType(); 267 localteRequestType.setId("124"); 268 269 QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 270 TimeInstantType timeInstantType = xKMSObjectFactory.createTimeInstantType(); 271 GregorianCalendar caledar = new GregorianCalendar (); 272 XMLGregorianCalendar xMLGregorianCalendar = javax.xml.datatype.DatatypeFactory.newInstance().newXMLGregorianCalendar(caledar); 273 xMLGregorianCalendar.normalize(); 274 timeInstantType.setTime(xMLGregorianCalendar); 275 queryKeyBindingType.setTimeInstant(timeInstantType); 276 localteRequestType.setQueryKeyBinding(queryKeyBindingType); 277 278 279 LocateResultType abstractResultType = xKMSInvoker.locate(localteRequestType,null,null); 280 abstractResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_RECIEVER); 281 abstractResultType.getResultMajor().equals(XKMSConstants.RESULTMINOR_TIMEINSTANTNOTSUPPORTED); 282 283 } 284 285 286 public void test03Locate() throws Exception { 287 288 LocateRequestType locateRequestType = xKMSObjectFactory.createLocateRequestType(); 290 locateRequestType.setId("125"); 291 292 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 293 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP); 294 useKeyWithType.setIdentifier(username1); 295 296 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 297 298 QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 299 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 300 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 301 302 LocateResultType locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 303 304 assertTrue(locateResultType.getUnverifiedKeyBinding().size() > 0); 305 } 306 307 public void test04LocateAndUseKeyWith() throws Exception { 308 309 LocateRequestType locateRequestType = xKMSObjectFactory.createLocateRequestType(); 311 locateRequestType.setId("126"); 312 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 313 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLS); 314 useKeyWithType.setIdentifier("http://www.test.com/"+username2); 315 316 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 317 318 QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 319 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 320 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 321 322 LocateResultType locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 323 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1); 324 325 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 327 locateRequestType.setId("127"); 328 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 329 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP); 330 useKeyWithType.setIdentifier(username2+".test.com"); 331 332 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 333 334 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 335 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 336 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 337 338 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 339 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1); 340 341 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 343 locateRequestType.setId("128"); 344 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 345 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_IPSEC); 346 useKeyWithType.setIdentifier("10.0.0.1"); 347 348 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 349 350 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 351 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 352 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 353 354 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 355 assertTrue(locateResultType.getUnverifiedKeyBinding().size() > 0); 356 357 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 359 locateRequestType.setId("129"); 360 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 361 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX); 362 useKeyWithType.setIdentifier(dn1); 363 364 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 365 366 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 367 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 368 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 369 370 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 371 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1); 372 373 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 375 locateRequestType.setId("129"); 376 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 377 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX); 378 useKeyWithType.setIdentifier(dn1); 379 380 UseKeyWithType useKeyWithType2 = xKMSObjectFactory.createUseKeyWithType(); 381 useKeyWithType2.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP); 382 useKeyWithType2.setIdentifier(username2+".test.com"); 383 384 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 385 386 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 387 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 388 queryKeyBindingType.getUseKeyWith().add(useKeyWithType2); 389 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 390 391 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 392 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 2); 394 395 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 397 locateRequestType.setId("129"); 398 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 399 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX); 400 useKeyWithType.setIdentifier(dn2); 401 402 useKeyWithType2 = xKMSObjectFactory.createUseKeyWithType(); 403 useKeyWithType2.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP); 404 useKeyWithType2.setIdentifier(username2+".test.com"); 405 406 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 407 408 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 409 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 410 queryKeyBindingType.getUseKeyWith().add(useKeyWithType2); 411 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 412 413 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 414 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1); 415 416 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 418 locateRequestType.setId("129"); 419 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 420 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX); 421 useKeyWithType.setIdentifier("CN=nomatch"); 422 423 useKeyWithType2 = xKMSObjectFactory.createUseKeyWithType(); 424 useKeyWithType2.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP); 425 useKeyWithType2.setIdentifier(username2+".test.com"); 426 427 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 428 429 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 430 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 431 queryKeyBindingType.getUseKeyWith().add(useKeyWithType2); 432 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 433 434 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 435 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1); 436 437 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 439 locateRequestType.setId("130"); 440 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 441 X509DataType x509DataType = sigFactory.createX509DataType(); 442 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert1.getEncoded())); 443 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 444 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 445 queryKeyBindingType.setKeyInfo(keyInfoType); 446 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 447 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 448 449 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 450 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1); 451 } 452 453 public void test05LocateAndReturnWith() throws Exception { 454 LocateRequestType locateRequestType = xKMSObjectFactory.createLocateRequestType(); 456 locateRequestType.setId("131"); 457 QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 458 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 459 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP); 460 useKeyWithType.setIdentifier(username2+".test.com"); 461 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 462 463 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 464 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 465 466 LocateResultType locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 467 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1); 468 List <UnverifiedKeyBindingType> numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding(); 469 Iterator <UnverifiedKeyBindingType> iter = numberOfUnverifiedKeyBindings.iterator(); 470 KeyInfoType keyInfoType; 471 while(iter.hasNext()){ 472 UnverifiedKeyBindingType nextKeyBinding = iter.next(); 473 keyInfoType = nextKeyBinding.getKeyInfo(); 474 assertTrue(keyInfoType.getContent().size() > 0 ); 475 JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType.getContent().get(0); 476 Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator(); 477 while(iter2.hasNext()){ 478 JAXBElement next = (JAXBElement) iter2.next(); 479 assertTrue(next.getName().getLocalPart().equals("X509Certificate")); 480 byte[] encoded = (byte[]) next.getValue(); 481 X509Certificate nextCert = CertTools.getCertfromByteArray(encoded); 482 assertTrue(CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(dn2))); 483 } 484 485 } 486 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 488 locateRequestType.setId("132"); 489 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 490 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 491 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP); 492 useKeyWithType.setIdentifier(username2+".test.com"); 493 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 494 495 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 496 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 497 498 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 499 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1); 500 numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding(); 501 iter = numberOfUnverifiedKeyBindings.iterator(); 502 while(iter.hasNext()){ 503 UnverifiedKeyBindingType nextKeyBinding = iter.next(); 504 keyInfoType = nextKeyBinding.getKeyInfo(); 505 assertTrue(keyInfoType.getContent().size() > 1 ); 506 JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType.getContent().get(0); 507 assertTrue(jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 2); 508 Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator(); 509 while(iter2.hasNext()){ 510 JAXBElement next = (JAXBElement) iter2.next(); 511 assertTrue(next.getName().getLocalPart().equals("X509Certificate")); 512 byte[] encoded = (byte[]) next.getValue(); 513 X509Certificate nextCert = CertTools.getCertfromByteArray(encoded); 514 assertTrue(CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(dn2)) || 515 CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(issuerdn))); 516 } 517 518 } 519 520 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 522 locateRequestType.setId("133"); 523 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 524 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 525 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP); 526 useKeyWithType.setIdentifier(username2+".test.com"); 527 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 528 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 529 530 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 531 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 532 533 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 534 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1); 535 numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding(); 536 iter = numberOfUnverifiedKeyBindings.iterator(); 537 while(iter.hasNext()){ 538 UnverifiedKeyBindingType nextKeyBinding = iter.next(); 539 keyInfoType = nextKeyBinding.getKeyInfo(); 540 assertTrue(keyInfoType.getContent().size() > 1 ); 541 JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType.getContent().get(0); 542 assertTrue(jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 2); 543 Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator(); 544 while(iter2.hasNext()){ 545 JAXBElement next = (JAXBElement) iter2.next(); 546 assertTrue(next.getName().getLocalPart().equals("X509Certificate")); 547 byte[] encoded = (byte[]) next.getValue(); 548 X509Certificate nextCert = CertTools.getCertfromByteArray(encoded); 549 assertTrue(CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(dn2)) || 550 CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(issuerdn))); 551 } 552 553 } 554 555 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 557 locateRequestType.setId("134"); 558 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 559 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 560 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP); 561 useKeyWithType.setIdentifier(username2+".test.com"); 562 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CRL); 563 564 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 565 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 566 567 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 568 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1); 569 numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding(); 570 iter = numberOfUnverifiedKeyBindings.iterator(); 571 while(iter.hasNext()){ 572 UnverifiedKeyBindingType nextKeyBinding = iter.next(); 573 keyInfoType = nextKeyBinding.getKeyInfo(); 574 assertTrue(keyInfoType.getContent().size() > 1 ); 575 JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType.getContent().get(0); 576 assertTrue(jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 1); 577 Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator(); 578 while(iter2.hasNext()){ 579 JAXBElement next = (JAXBElement) iter2.next(); 580 assertTrue(next.getName().getLocalPart().equals("X509CRL")); 581 byte[] encoded = (byte[]) next.getValue(); 582 X509CRL nextCRL = CertTools.getCRLfromByteArray(encoded); 583 assertTrue(CertTools.stringToBCDNString(nextCRL.getIssuerDN().toString()).equals(CertTools.stringToBCDNString(issuerdn))); 584 } 585 } 586 587 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 589 locateRequestType.setId("135"); 590 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 591 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 592 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP); 593 useKeyWithType.setIdentifier(username2+".test.com"); 594 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CRL); 595 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 596 597 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 598 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 599 600 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 601 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1); 602 numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding(); 603 iter = numberOfUnverifiedKeyBindings.iterator(); 604 while(iter.hasNext()){ 605 UnverifiedKeyBindingType nextKeyBinding = iter.next(); 606 keyInfoType = nextKeyBinding.getKeyInfo(); 607 assertTrue(keyInfoType.getContent().size() > 1 ); 608 JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType.getContent().get(0); 609 assertTrue(jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 3); 610 Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator(); 611 while(iter2.hasNext()){ 612 JAXBElement next = (JAXBElement) iter2.next(); 613 if(next.getName().getLocalPart().equals("X509CRL")){ 614 byte[] encoded = (byte[]) next.getValue(); 615 X509CRL nextCRL = CertTools.getCRLfromByteArray(encoded); 616 assertTrue(CertTools.stringToBCDNString(nextCRL.getIssuerDN().toString()).equals(CertTools.stringToBCDNString(issuerdn))); 617 } 618 if(next.getName().getLocalPart().equals("X509Certificate")){ 619 byte[] encoded = (byte[]) next.getValue(); 620 X509Certificate nextCert = CertTools.getCertfromByteArray(encoded); 621 assertTrue(CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(dn2)) || 622 CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(issuerdn))); 623 } 624 } 625 } 626 627 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 629 locateRequestType.setId("135"); 630 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 631 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 632 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP); 633 useKeyWithType.setIdentifier(username2+".test.com"); 634 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_KEYNAME); 635 636 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 637 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 638 639 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 640 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1); 641 numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding(); 642 iter = numberOfUnverifiedKeyBindings.iterator(); 643 while(iter.hasNext()){ 644 UnverifiedKeyBindingType nextKeyBinding = iter.next(); 645 keyInfoType = nextKeyBinding.getKeyInfo(); 646 assertTrue(keyInfoType.getContent().size() > 1 ); 647 JAXBElement<String > jAXBString = (JAXBElement<String >) keyInfoType.getContent().get(0); 648 assertTrue(jAXBString.getName().getLocalPart().equals("KeyName")); 649 assertTrue(CertTools.stringToBCDNString(jAXBString.getValue()) + " = " + CertTools.stringToBCDNString(dn2),CertTools.stringToBCDNString(jAXBString.getValue()).equals(CertTools.stringToBCDNString(dn2))); 650 } 651 652 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 654 locateRequestType.setId("135"); 655 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 656 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 657 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP); 658 useKeyWithType.setIdentifier(username2+".test.com"); 659 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_KEYVALUE); 660 661 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 662 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 663 664 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 665 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1); 666 numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding(); 667 iter = numberOfUnverifiedKeyBindings.iterator(); 668 while(iter.hasNext()){ 669 UnverifiedKeyBindingType nextKeyBinding = iter.next(); 670 keyInfoType = nextKeyBinding.getKeyInfo(); 671 assertTrue("" + keyInfoType.getContent().size(), keyInfoType.getContent().size() > 0 ); 672 JAXBElement<KeyValueType> jAXBKeyValue = (JAXBElement<KeyValueType>) keyInfoType.getContent().get(0); 673 assertTrue(jAXBKeyValue.getName().getLocalPart(), jAXBKeyValue.getName().getLocalPart().equals("KeyValue")); 674 assertTrue(""+jAXBKeyValue.getValue().getContent().size(),jAXBKeyValue.getValue().getContent().size() > 1); 675 JAXBElement<RSAKeyValueType> rSAKeyValueType = (JAXBElement<RSAKeyValueType>) jAXBKeyValue.getValue().getContent().get(0); 676 assertTrue(rSAKeyValueType.getName().getLocalPart(),rSAKeyValueType.getName().getLocalPart().equals("RSAKeyValue")); 677 BigInteger exp = new BigInteger (rSAKeyValueType.getValue().getExponent()); 678 BigInteger modulus = new BigInteger (rSAKeyValueType.getValue().getModulus()); 679 assertTrue(((RSAPublicKey )cert2.getPublicKey()).getModulus().equals(modulus)); 680 assertTrue(((RSAPublicKey )cert2.getPublicKey()).getPublicExponent().equals(exp)); 681 } 682 683 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 685 locateRequestType.setId("136"); 686 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 687 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 688 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP); 689 useKeyWithType.setIdentifier(username2+".test.com"); 690 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_RETRIEVALMETHOD); 691 692 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 693 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 694 695 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 696 assertTrue(locateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 697 assertTrue(locateResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_MESSAGENOTSUPPORTED)); 698 699 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 701 locateRequestType.setId("137"); 702 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 703 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 704 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP); 705 useKeyWithType.setIdentifier(username2+".test.com"); 706 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_RETRIEVALMETHOD); 707 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PGP); 708 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PGPWEB); 709 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_SPKI); 710 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PRIVATEKEY); 711 712 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 713 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 714 715 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 716 assertTrue(locateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 717 assertTrue(locateResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_MESSAGENOTSUPPORTED)); 718 719 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 721 locateRequestType.setId("138"); 722 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 723 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 724 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP); 725 useKeyWithType.setIdentifier(username2+".test.com"); 726 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 727 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_RETRIEVALMETHOD); 728 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PGP); 729 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PGPWEB); 730 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_SPKI); 731 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PRIVATEKEY); 732 733 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 734 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 735 736 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 737 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1); 738 numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding(); 739 iter = numberOfUnverifiedKeyBindings.iterator(); 740 741 while(iter.hasNext()){ 742 UnverifiedKeyBindingType nextKeyBinding = iter.next(); 743 keyInfoType = nextKeyBinding.getKeyInfo(); 744 assertTrue(keyInfoType.getContent().size() > 0 ); 745 JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType.getContent().get(0); 746 Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator(); 747 while(iter2.hasNext()){ 748 JAXBElement next = (JAXBElement) iter2.next(); 749 assertTrue(next.getName().getLocalPart().equals("X509Certificate")); 750 byte[] encoded = (byte[]) next.getValue(); 751 X509Certificate nextCert = CertTools.getCertfromByteArray(encoded); 752 assertTrue(CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(dn2))); 753 } 754 } 755 756 757 } 758 759 public void test06LocateAndKeyUsage() throws Exception { 760 LocateRequestType locateRequestType = xKMSObjectFactory.createLocateRequestType(); 762 locateRequestType.setId("139"); 763 QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 764 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 765 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP); 766 useKeyWithType.setIdentifier(username2+".test.com"); 767 768 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 769 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 770 queryKeyBindingType.getKeyUsage().add(XKMSConstants.KEYUSAGE_SIGNATURE); 771 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 772 773 LocateResultType locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 774 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1); 775 List <UnverifiedKeyBindingType> numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding(); 776 Iterator <UnverifiedKeyBindingType> iter = numberOfUnverifiedKeyBindings.iterator(); 777 while(iter.hasNext()){ 778 UnverifiedKeyBindingType nextKeyBinding = iter.next(); 779 assertTrue(nextKeyBinding.getKeyUsage().size() == 1); 780 assertTrue(nextKeyBinding.getKeyUsage().contains(XKMSConstants.KEYUSAGE_SIGNATURE)); 781 } 782 783 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 785 locateRequestType.setId("140"); 786 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 787 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 788 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX); 789 useKeyWithType.setIdentifier(dn1); 790 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 791 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 792 queryKeyBindingType.getKeyUsage().add(XKMSConstants.KEYUSAGE_SIGNATURE); 793 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 794 795 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 796 assertTrue(locateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS)); 797 assertTrue(locateResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOMATCH)); 798 799 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 801 locateRequestType.setId("141"); 802 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 803 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 804 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP); 805 useKeyWithType.setIdentifier(username2+".test.com"); 806 807 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 808 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 809 queryKeyBindingType.getKeyUsage().add(XKMSConstants.KEYUSAGE_SIGNATURE); 810 queryKeyBindingType.getKeyUsage().add(XKMSConstants.KEYUSAGE_EXCHANGE); 811 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 812 813 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 814 assertTrue(locateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS)); 815 assertTrue(locateResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOMATCH)); 816 817 818 819 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 821 locateRequestType.setId("142"); 822 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 823 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 824 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX); 825 useKeyWithType.setIdentifier(dn3); 826 827 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 828 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 829 queryKeyBindingType.getKeyUsage().add(XKMSConstants.KEYUSAGE_ENCRYPTION); 830 queryKeyBindingType.getKeyUsage().add(XKMSConstants.KEYUSAGE_EXCHANGE); 831 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 832 833 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 834 assertTrue(locateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS)); 835 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1); 836 numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding(); 837 iter = numberOfUnverifiedKeyBindings.iterator(); 838 while(iter.hasNext()){ 839 UnverifiedKeyBindingType nextKeyBinding = iter.next(); 840 assertTrue(nextKeyBinding.getKeyUsage().size() == 2); 841 assertTrue(nextKeyBinding.getKeyUsage().contains(XKMSConstants.KEYUSAGE_ENCRYPTION)); 842 assertTrue(nextKeyBinding.getKeyUsage().contains(XKMSConstants.KEYUSAGE_EXCHANGE)); 843 } 844 845 } 846 847 public void test07LocateAndResponseLimit() throws Exception { 848 LocateRequestType locateRequestType = xKMSObjectFactory.createLocateRequestType(); 850 locateRequestType.setId("300"); 851 QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 852 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 853 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP); 854 useKeyWithType.setIdentifier(baseUsername); 855 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 856 locateRequestType.setResponseLimit(new BigInteger ("3")); 857 858 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 859 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 860 861 LocateResultType locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 862 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 3); 863 864 locateRequestType = xKMSObjectFactory.createLocateRequestType(); 866 locateRequestType.setId("301"); 867 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 868 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 869 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP); 870 useKeyWithType.setIdentifier(baseUsername); 871 locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 872 locateRequestType.setResponseLimit(new BigInteger ("2")); 873 874 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 875 locateRequestType.setQueryKeyBinding(queryKeyBindingType); 876 877 locateResultType = xKMSInvoker.locate(locateRequestType,null,null); 878 assertTrue(locateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS)); 879 assertTrue(locateResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_TOOMANYRESPONSES)); 880 } 881 882 static byte[] certbytes = Base64.decode(("MIICNzCCAaCgAwIBAgIIIOqiVwJHz+8wDQYJKoZIhvcNAQEFBQAwKzENMAsGA1UE" 884 + "AxMEVGVzdDENMAsGA1UEChMEVGVzdDELMAkGA1UEBhMCU0UwHhcNMDQwNTA4MDkx" 885 + "ODMwWhcNMDUwNTA4MDkyODMwWjArMQ0wCwYDVQQDEwRUZXN0MQ0wCwYDVQQKEwRU" 886 + "ZXN0MQswCQYDVQQGEwJTRTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgbf2" 887 + "Sv34lsY43C8WJjbUd57TNuHJ6p2Es7ojS3D2yxtzQg/A8wL1OfXes344PPNGHkDd" 888 + "QPBaaWYQrvLvqpjKwx/vA1835L3I92MsGs+uivq5L5oHfCxEh8Kwb9J2p3xjgeWX" 889 + "YdZM5dBj3zzyu+Jer4iU4oCAnnyG+OlVnPsFt6ECAwEAAaNkMGIwDwYDVR0TAQH/" 890 + "BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBQArVZXuGqbb9yhBLbu" 891 + "XfzjSuXfHTAfBgNVHSMEGDAWgBQArVZXuGqbb9yhBLbuXfzjSuXfHTANBgkqhkiG" 892 + "9w0BAQUFAAOBgQA1cB6wWzC2rUKBjFAzfkLvDUS3vEMy7ntYMqqQd6+5s1LHCoPw" 893 + "eaR42kMWCxAbdSRgv5ATM0JU3Q9jWbLO54FkJDzq+vw2TaX+Y5T+UL1V0o4TPKxp" 894 + "nKuay+xl5aoUcVEs3h3uJDjcpgMAtyusMEyv4d+RFYvWJWFzRTKDueyanw==").getBytes()); 895 896 public void test09Validate() throws Exception { 897 898 ValidateRequestType validateRequestType = xKMSObjectFactory.createValidateRequestType(); 900 validateRequestType.setId("200"); 901 902 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 903 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP); 904 useKeyWithType.setIdentifier(username1); 905 906 validateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 907 908 QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 909 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 910 validateRequestType.setQueryKeyBinding(queryKeyBindingType); 911 912 ValidateResultType validateResultType = xKMSInvoker.validate(validateRequestType,null,null); 913 914 assertTrue(validateResultType.getKeyBinding().size() > 0); 915 assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_VALIDITYINTERVAL)); 916 assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_ISSUERTRUST)); 917 assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_SIGNATURE)); 918 assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_REVOCATIONSTATUS)); 919 920 validateRequestType = xKMSObjectFactory.createValidateRequestType(); 922 validateRequestType.setId("201"); 923 924 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 925 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP); 926 useKeyWithType.setIdentifier(username1); 927 928 validateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 929 930 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 931 X509DataType x509DataType = sigFactory.createX509DataType(); 932 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert1.getEncoded())); 933 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 934 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 935 queryKeyBindingType.setKeyInfo(keyInfoType); 936 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 937 validateRequestType.setQueryKeyBinding(queryKeyBindingType); 938 939 validateResultType = xKMSInvoker.validate(validateRequestType,null,null); 940 941 assertTrue(validateResultType.getKeyBinding().size() > 0); 942 assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_VALIDITYINTERVAL)); 943 assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_ISSUERTRUST)); 944 assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_SIGNATURE)); 945 assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_REVOCATIONSTATUS)); 946 947 validateRequestType = xKMSObjectFactory.createValidateRequestType(); 949 validateRequestType.setId("202"); 950 951 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 952 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP); 953 useKeyWithType.setIdentifier(username1); 954 955 validateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 956 957 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 958 x509DataType = sigFactory.createX509DataType(); 959 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(certbytes)); 960 keyInfoType = sigFactory.createKeyInfoType(); 961 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 962 queryKeyBindingType.setKeyInfo(keyInfoType); 963 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 964 validateRequestType.setQueryKeyBinding(queryKeyBindingType); 965 966 validateResultType = xKMSInvoker.validate(validateRequestType,null,null); 967 968 assertTrue(validateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS)); 969 assertTrue(validateResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOMATCH)); 970 971 Admin administrator = new Admin(Admin.TYPE_RA_USER); 973 certStore.revokeCertificate(administrator, cert1, new ArrayList (), RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED); 974 validateRequestType = xKMSObjectFactory.createValidateRequestType(); 976 validateRequestType.setId("203"); 977 978 useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 979 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP); 980 useKeyWithType.setIdentifier(username1); 981 982 validateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 983 984 queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 985 x509DataType = sigFactory.createX509DataType(); 986 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert1.getEncoded())); 987 keyInfoType = sigFactory.createKeyInfoType(); 988 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 989 queryKeyBindingType.setKeyInfo(keyInfoType); 990 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 991 validateRequestType.setQueryKeyBinding(queryKeyBindingType); 992 993 validateResultType = xKMSInvoker.validate(validateRequestType,null,null); 994 995 assertTrue(validateResultType.getKeyBinding().size() > 0); 996 assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_VALIDITYINTERVAL)); 997 assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_ISSUERTRUST)); 998 assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_SIGNATURE)); 999 assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getInvalidReason().contains(XKMSConstants.STATUSREASON_REVOCATIONSTATUS)); 1000 1001 } 1002 1003 public void test99CleanDatabase() throws Exception { 1004 Admin administrator = new Admin(Admin.TYPE_RA_USER); 1005 cacheAdmin.deleteUser(administrator, username1); 1006 cacheAdmin.deleteUser(administrator, username2); 1007 cacheAdmin.deleteUser(administrator, username3); 1008 1009 raAdmin.removeEndEntityProfile(administrator, "XKMSTESTPROFILE"); 1010 1011 certStore.removeCertificateProfile(administrator, "XKMSTESTSIGN"); 1012 certStore.removeCertificateProfile(administrator, "XKMSTESTEXCHANDENC"); 1013 } 1014 1015 1016 private Context getInitialContext() throws NamingException { 1017 log.debug(">getInitialContext"); 1018 1019 Context ctx = new javax.naming.InitialContext (); 1020 log.debug("<getInitialContext"); 1021 1022 return ctx; 1023 } 1024 1025 private String genUserName() throws Exception { 1026 userNo++; 1028 1029 return baseUsername + userNo; 1030 } 1032 private static KeyPair genKeys() throws Exception { 1033 KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA", "BC"); 1034 keygen.initialize(1024); 1035 log.debug("Generating keys, please wait..."); 1036 KeyPair rsaKeys = keygen.generateKeyPair(); 1037 log.debug("Generated " + rsaKeys.getPrivate().getAlgorithm() + " keys with length" + 1038 ((RSAPrivateKey ) rsaKeys.getPrivate()).getModulus().bitLength()); 1039 1040 return rsaKeys; 1041 } } 1043 | Popular Tags |