Java > Open Source Codes > org > ejbca > core > protocol > xkms > TestXKMSKISS


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13
14 package org.ejbca.core.protocol.xkms;
15
16 import java.math.BigInteger ;
17 import java.security.KeyPair ;
18 import java.security.KeyPairGenerator ;
19 import java.security.cert.X509CRL ;
20 import java.security.cert.X509Certificate ;
21 import java.security.interfaces.RSAPrivateKey ;
22 import java.security.interfaces.RSAPublicKey ;
23 import java.util.ArrayList ;
24 import java.util.GregorianCalendar ;
25 import java.util.Iterator ;
26 import java.util.List ;
27 import java.util.Random ;
28
29 import javax.naming.Context ;
30 import javax.naming.NamingException ;
31 import javax.xml.bind.JAXBElement;
32 import javax.xml.datatype.XMLGregorianCalendar ;
33
34 import junit.framework.TestCase;
35
36 import org.apache.log4j.Logger;
37 import org.ejbca.core.ejb.ca.sign.ISignSessionHome;
38 import org.ejbca.core.ejb.ca.sign.ISignSessionRemote;
39 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionHome;
40 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote;
41 import org.ejbca.core.ejb.ra.IUserAdminSessionHome;
42 import org.ejbca.core.ejb.ra.IUserAdminSessionRemote;
43 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionHome;
44 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionRemote;
45 import org.ejbca.core.model.SecConst;
46 import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile;
47 import org.ejbca.core.model.ca.certificateprofiles.CertificateProfileExistsException;
48 import org.ejbca.core.model.ca.certificateprofiles.EndUserCertificateProfile;
49 import org.ejbca.core.model.ca.crl.RevokedCertInfo;
50 import org.ejbca.core.model.log.Admin;
51 import org.ejbca.core.model.ra.raadmin.EndEntityProfile;
52 import org.ejbca.core.model.ra.raadmin.EndEntityProfileExistsException;
53 import org.ejbca.core.protocol.xkms.client.XKMSInvoker;
54 import org.ejbca.core.protocol.xkms.common.XKMSConstants;
55 import org.ejbca.util.Base64;
56 import org.ejbca.util.CertTools;
57 import org.w3._2000._09.xmldsig_.KeyInfoType;
58 import org.w3._2000._09.xmldsig_.KeyValueType;
59 import org.w3._2000._09.xmldsig_.RSAKeyValueType;
60 import org.w3._2000._09.xmldsig_.X509DataType;
61 import org.w3._2002._03.xkms_.LocateRequestType;
62 import org.w3._2002._03.xkms_.LocateResultType;
63 import org.w3._2002._03.xkms_.ObjectFactory;
64 import org.w3._2002._03.xkms_.OpaqueClientDataType;
65 import org.w3._2002._03.xkms_.QueryKeyBindingType;
66 import org.w3._2002._03.xkms_.TimeInstantType;
67 import org.w3._2002._03.xkms_.UnverifiedKeyBindingType;
68 import org.w3._2002._03.xkms_.UseKeyWithType;
69 import org.w3._2002._03.xkms_.ValidateRequestType;
70 import org.w3._2002._03.xkms_.ValidateResultType;
71
72 /**
73  *
74  *
75  *
76  * @author Philip Vendil 2006 sep 27
77  *
78  * @version $Id: TestXKMSKISS.java,v 1.3.2.1 2007/02/02 09:34:02 anatom Exp $
79  */
80
81 public class TestXKMSKISS extends TestCase {
82     
83     private static Logger log = Logger.getLogger(TestXKMSKISS.class);
84
85     static{
86         org.apache.xml.security.Init.init();
87     }
88     
89     private XKMSInvoker xKMSInvoker = new XKMSInvoker("http://localhost:8080/ejbca/xkms/xkms",null);
90         
91     private ObjectFactory xKMSObjectFactory = new ObjectFactory();
92     private org.w3._2000._09.xmldsig_.ObjectFactory sigFactory = new org.w3._2000._09.xmldsig_.ObjectFactory();
93
94     private static String baseUsername;
95     private IUserAdminSessionRemote cacheAdmin;
96     private IUserAdminSessionHome cacheHome;
97     private ISignSessionRemote rsaremote;
98     private ICertificateStoreSessionRemote certStore;
99     private IRaAdminSessionRemote raAdmin;
100     
101     private int caid;
102     private static String username1 = null;
103     private static String username2 = null;
104     private static String username3 = null;
105
106     private static String issuerdn = null;
107     
108     private int userNo;
109
110     private static X509Certificate cert1;
111     private static X509Certificate cert2;
112     
113     private static String dn1;
114     private static String dn2;
115     private static String dn3;
116     
117     protected void setUp() throws Exception {
118         log.debug(">setUp()");
119         CertTools.installBCProvider();
120
121         
122         if (cacheAdmin == null) {
123             if (cacheHome == null) {
124                 Context jndiContext = getInitialContext();
125                 Object obj1 = jndiContext.lookup("UserAdminSession");
126                 cacheHome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj1, IUserAdminSessionHome.class);
127                 
128                 Object obj = jndiContext.lookup("RSASignSession");
129                 ISignSessionHome rsahome = (ISignSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, ISignSessionHome.class);
130                 rsaremote = rsahome.create();
131                 
132                 Object obj2 = jndiContext.lookup("CertificateStoreSession");
133                 ICertificateStoreSessionHome certhome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject.narrow(obj2, ICertificateStoreSessionHome.class);
134                 certStore = certhome.create();
135                 
136                 Object obj3 = jndiContext.lookup("RaAdminSession");
137                 IRaAdminSessionHome raAdminHome = (IRaAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj3, IRaAdminSessionHome.class);
138                 raAdmin = raAdminHome.create();
139                 
140                 issuerdn = "CN=AdminCA1,O=EJBCA Sample,C=SE";
141                 caid = issuerdn.hashCode();
142                 
143             }
144
145             cacheAdmin = cacheHome.create();
146         }
147
148         
149         Random ran = new Random ();
150         if(baseUsername == null){
151           baseUsername = "xkmstestuser" + (ran.nextInt() % 1000) + "-";
152         }
153         
154         log.debug("<setUp()");
155     }
156
157     protected void tearDown() throws Exception {
158     }
159     
160     public void test00SetupDatabase() throws Exception {
161         Admin administrator = new Admin(Admin.TYPE_RA_USER);
162
163         // Setup with two new Certificate profiles.
164 EndUserCertificateProfile profile1 = new EndUserCertificateProfile();
165         profile1.setKeyUsage(CertificateProfile.DIGITALSIGNATURE,false);
166         profile1.setKeyUsage(CertificateProfile.KEYENCIPHERMENT,false);
167         profile1.setKeyUsage(CertificateProfile.NONREPUDIATION,true);
168         
169         EndUserCertificateProfile profile2 = new EndUserCertificateProfile();
170         profile2.setKeyUsage(CertificateProfile.DATAENCIPHERMENT,true);
171         
172         try {
173             certStore.addCertificateProfile(administrator, "XKMSTESTSIGN", profile1);
174         } catch (CertificateProfileExistsException e) {
175             System.out.println("Certificateprofile XKMSTESTSIGN already exists.");
176         }
177         try {
178             certStore.addCertificateProfile(administrator, "XKMSTESTEXCHANDENC", profile2);
179         } catch (CertificateProfileExistsException e) {
180             System.out.println("Certificateprofile XKMSTESTSIGN already exists.");
181         }
182         
183         int profile1Id = certStore.getCertificateProfileId(administrator, "XKMSTESTSIGN");
184         int profile2Id = certStore.getCertificateProfileId(administrator, "XKMSTESTEXCHANDENC");
185         
186         EndEntityProfile endentityprofile = new EndEntityProfile(true);
187         endentityprofile.setValue(EndEntityProfile.AVAILCAS, 0, ""+caid);
188         endentityprofile.setValue(EndEntityProfile.AVAILCERTPROFILES, 0, ""+SecConst.CERTPROFILE_FIXED_ENDUSER +";" + profile1Id + ";" + profile2Id );
189         
190         try {
191             raAdmin.addEndEntityProfile(administrator, "XKMSTESTPROFILE", endentityprofile);
192         } catch (EndEntityProfileExistsException e) {
193             System.out.println("Endentityprofile XKMSTESTPROFILE already exists.");
194         }
195         int endEntityProfileId = raAdmin.getEndEntityProfileId(administrator, "XKMSTESTPROFILE");
196         
197         
198         username1 = genUserName();
199         String pwd = "foo123";
200         int type = SecConst.USER_ENDUSER;
201         int token = SecConst.TOKEN_SOFT_P12;
202         int certificatetypeid = SecConst.CERTPROFILE_FIXED_ENDUSER;
203         int hardtokenissuerid = SecConst.NO_HARDTOKENISSUER;
204         dn1 = "C=SE, O=AnaTom, CN=" + username1;
205         String subjectaltname1 = "RFC822NAME=" + username1 + "@foo.se";
206         String email1 = username1 + "@foo.se";
207         if (cacheAdmin.findUser(administrator, username1) != null) {
208             System.out.println("Error : User already exists in the database.");
209         }
210         cacheAdmin.addUser(administrator, username1, pwd, CertTools.stringToBCDNString(dn1), subjectaltname1, email1, false, endEntityProfileId, certificatetypeid,
211                 type, token, hardtokenissuerid, caid);
212         cacheAdmin.setClearTextPassword(administrator, username1, pwd);
213         KeyPair keys1 = genKeys();
214         cert1 = (X509Certificate ) rsaremote.createCertificate(administrator, username1, "foo123", keys1.getPublic());
215
216         username2 = genUserName();
217         dn2 = "C=SE, O=AnaTom, CN=" + username2;
218         String subjectaltname2 = "RFC822NAME=" + username2 + "@foo.se,UNIFORMRESOURCEIDENTIFIER=http://www.test.com/"+username2+",IPADDRESS=10.0.0.1,DNSNAME="+username2+".test.com";
219         String email2 = username2 + "@foo.se";
220         if (cacheAdmin.findUser(administrator, username2) != null) {
221             System.out.println("Error : User already exists in the database.");
222         }
223         cacheAdmin.addUser(administrator, username2, pwd, CertTools.stringToBCDNString(dn2), subjectaltname2, email2, false, endEntityProfileId, profile1Id,
224                 type, token, hardtokenissuerid, caid);
225         cacheAdmin.setClearTextPassword(administrator, username2, pwd);
226         KeyPair keys2 = genKeys();
227         cert2 = (X509Certificate ) rsaremote.createCertificate(administrator, username2, "foo123", keys2.getPublic());
228
229         username3 = genUserName();
230         dn3 = "C=SE, O=AnaTom, CN=" + username3;
231         String subjectaltname3 = "RFC822NAME=" + username3 + "@foo.se";
232         String email3 = username3 + "@foo.se";
233         if (cacheAdmin.findUser(administrator, username3) != null) {
234             System.out.println("Error : User already exists in the database.");
235         }
236         cacheAdmin.addUser(administrator, username3, pwd, CertTools.stringToBCDNString(dn3), subjectaltname3, email3, false, endEntityProfileId, profile2Id,
237                 type, token, hardtokenissuerid, caid);
238         cacheAdmin.setClearTextPassword(administrator, username3, pwd);
239         KeyPair keys3 = genKeys();
240          rsaremote.createCertificate(administrator, username3, "foo123", keys3.getPublic());
241
242     }
243     
244     public void test01AbstractType() throws Exception {
245         LocateRequestType abstractRequestType = xKMSObjectFactory.createLocateRequestType();
246         abstractRequestType.setId("123");
247         OpaqueClientDataType opaqueClientDataType = new OpaqueClientDataType();
248         opaqueClientDataType.getOpaqueData().add("TEST".getBytes());
249         opaqueClientDataType.getOpaqueData().add("TEST2".getBytes());
250         QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
251         abstractRequestType.setQueryKeyBinding(queryKeyBindingType);
252         
253         abstractRequestType.setOpaqueClientData(opaqueClientDataType);
254         LocateResultType abstractResultType = xKMSInvoker.locate(abstractRequestType,null,null);
255         assertTrue(abstractResultType.getRequestId().equals("123"));
256         assertTrue(!abstractResultType.getId().equals("123"));
257         
258         OpaqueClientDataType opaqueClientDataTypeResult = abstractResultType.getOpaqueClientData();
259         assertTrue(opaqueClientDataTypeResult.getOpaqueData().size() == 2);
260         assertTrue(new String (opaqueClientDataTypeResult.getOpaqueData().get(0)).equals("TEST"));
261         assertTrue(new String (opaqueClientDataTypeResult.getOpaqueData().get(1)).equals("TEST2"));
262         
263     }
264     
265     public void test02TimeInstantNotSupported() throws Exception {
266         LocateRequestType localteRequestType = xKMSObjectFactory.createLocateRequestType();
267         localteRequestType.setId("124");
268             
269         QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
270         TimeInstantType timeInstantType = xKMSObjectFactory.createTimeInstantType();
271         GregorianCalendar caledar = new GregorianCalendar ();
272         XMLGregorianCalendar xMLGregorianCalendar = javax.xml.datatype.DatatypeFactory.newInstance().newXMLGregorianCalendar(caledar);
273         xMLGregorianCalendar.normalize();
274         timeInstantType.setTime(xMLGregorianCalendar);
275         queryKeyBindingType.setTimeInstant(timeInstantType);
276         localteRequestType.setQueryKeyBinding(queryKeyBindingType);
277         
278         
279         LocateResultType abstractResultType = xKMSInvoker.locate(localteRequestType,null,null);
280         abstractResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_RECIEVER);
281         abstractResultType.getResultMajor().equals(XKMSConstants.RESULTMINOR_TIMEINSTANTNOTSUPPORTED);
282         
283     }
284  
285     
286     public void test03Locate() throws Exception {
287         
288         // Test simple locate
289 LocateRequestType locateRequestType = xKMSObjectFactory.createLocateRequestType();
290         locateRequestType.setId("125");
291             
292         UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
293         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
294         useKeyWithType.setIdentifier(username1);
295         
296         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN);
297         
298         QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
299         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
300         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
301         
302         LocateResultType locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
303         
304         assertTrue(locateResultType.getUnverifiedKeyBinding().size() > 0);
305     }
306     
307     public void test04LocateAndUseKeyWith() throws Exception {
308         
309         // Locate by URI
310 LocateRequestType locateRequestType = xKMSObjectFactory.createLocateRequestType();
311         locateRequestType.setId("126");
312         UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
313         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLS);
314         useKeyWithType.setIdentifier("http://www.test.com/"+username2);
315         
316         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
317         
318         QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
319         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
320         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
321         
322         LocateResultType locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
323         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
324         
325         // Locate by DNS Name
326 locateRequestType = xKMSObjectFactory.createLocateRequestType();
327         locateRequestType.setId("127");
328         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
329         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
330         useKeyWithType.setIdentifier(username2+".test.com");
331         
332         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
333         
334         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
335         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
336         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
337         
338         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
339         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
340         
341         // Locate by IP Name
342 locateRequestType = xKMSObjectFactory.createLocateRequestType();
343         locateRequestType.setId("128");
344         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
345         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_IPSEC);
346         useKeyWithType.setIdentifier("10.0.0.1");
347         
348         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
349         
350         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
351         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
352         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
353         
354         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
355         assertTrue(locateResultType.getUnverifiedKeyBinding().size() > 0);
356         
357         // Locate by Subject DN
358 locateRequestType = xKMSObjectFactory.createLocateRequestType();
359         locateRequestType.setId("129");
360         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
361         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
362         useKeyWithType.setIdentifier(dn1);
363         
364         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
365         
366         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
367         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
368         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
369         
370         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
371         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
372     
373         // Locate by With a more complicated query
374 locateRequestType = xKMSObjectFactory.createLocateRequestType();
375         locateRequestType.setId("129");
376         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
377         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
378         useKeyWithType.setIdentifier(dn1);
379         
380         UseKeyWithType useKeyWithType2 = xKMSObjectFactory.createUseKeyWithType();
381         useKeyWithType2.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
382         useKeyWithType2.setIdentifier(username2+".test.com");
383         
384         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
385         
386         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
387         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
388         queryKeyBindingType.getUseKeyWith().add(useKeyWithType2);
389         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
390         
391         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
392         // Should return the cert of username1 and username2
393 assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 2);
394         
395         // Locate by With a more complicated query but results in only one cert
396 locateRequestType = xKMSObjectFactory.createLocateRequestType();
397         locateRequestType.setId("129");
398         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
399         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
400         useKeyWithType.setIdentifier(dn2);
401         
402         useKeyWithType2 = xKMSObjectFactory.createUseKeyWithType();
403         useKeyWithType2.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
404         useKeyWithType2.setIdentifier(username2+".test.com");
405         
406         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
407         
408         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
409         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
410         queryKeyBindingType.getUseKeyWith().add(useKeyWithType2);
411         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
412         
413         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
414         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
415         
416 // Locate by With a more complicated query with one subquery doesn't match
417 locateRequestType = xKMSObjectFactory.createLocateRequestType();
418         locateRequestType.setId("129");
419         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
420         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
421         useKeyWithType.setIdentifier("CN=nomatch");
422         
423         useKeyWithType2 = xKMSObjectFactory.createUseKeyWithType();
424         useKeyWithType2.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
425         useKeyWithType2.setIdentifier(username2+".test.com");
426         
427         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
428         
429         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
430         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
431         queryKeyBindingType.getUseKeyWith().add(useKeyWithType2);
432         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
433         
434         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
435         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
436     
437         // Test with certificate
438 locateRequestType = xKMSObjectFactory.createLocateRequestType();
439         locateRequestType.setId("130");
440         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
441         X509DataType x509DataType = sigFactory.createX509DataType();
442         x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert1.getEncoded()));
443         KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
444         keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType));
445         queryKeyBindingType.setKeyInfo(keyInfoType);
446         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
447         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
448         
449         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
450         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
451     }
452     
453     public void test05LocateAndReturnWith() throws Exception {
454         // Test with returnwith values, first check that certificate is returning
455 LocateRequestType locateRequestType = xKMSObjectFactory.createLocateRequestType();
456         locateRequestType.setId("131");
457         QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
458         UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
459         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
460         useKeyWithType.setIdentifier(username2+".test.com");
461         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
462         
463         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
464         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
465         
466         LocateResultType locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
467         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
468         List <UnverifiedKeyBindingType> numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding();
469         Iterator <UnverifiedKeyBindingType> iter = numberOfUnverifiedKeyBindings.iterator();
470         KeyInfoType keyInfoType;
471         while(iter.hasNext()){
472             UnverifiedKeyBindingType nextKeyBinding = iter.next();
473             keyInfoType = nextKeyBinding.getKeyInfo();
474             assertTrue(keyInfoType.getContent().size() > 0 );
475             JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType.getContent().get(0);
476             Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator();
477             while(iter2.hasNext()){
478                 JAXBElement next = (JAXBElement) iter2.next();
479                 assertTrue(next.getName().getLocalPart().equals("X509Certificate"));
480                 byte[] encoded = (byte[]) next.getValue();
481                 X509Certificate nextCert = CertTools.getCertfromByteArray(encoded);
482                 assertTrue(CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(dn2)));
483             }
484             
485         }
486         // Test with returnwith values, first check that certificate chain is returning
487 locateRequestType = xKMSObjectFactory.createLocateRequestType();
488         locateRequestType.setId("132");
489         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
490         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
491         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
492         useKeyWithType.setIdentifier(username2+".test.com");
493         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN);
494         
495         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
496         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
497         
498         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
499         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
500         numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding();
501         iter = numberOfUnverifiedKeyBindings.iterator();
502         while(iter.hasNext()){
503             UnverifiedKeyBindingType nextKeyBinding = iter.next();
504             keyInfoType = nextKeyBinding.getKeyInfo();
505             assertTrue(keyInfoType.getContent().size() > 1 );
506             JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType.getContent().get(0);
507             assertTrue(jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 2);
508             Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator();
509             while(iter2.hasNext()){
510                 JAXBElement next = (JAXBElement) iter2.next();
511                 assertTrue(next.getName().getLocalPart().equals("X509Certificate"));
512                 byte[] encoded = (byte[]) next.getValue();
513                 X509Certificate nextCert = CertTools.getCertfromByteArray(encoded);
514                 assertTrue(CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(dn2)) ||
515                            CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(issuerdn)));
516             }
517             
518         }
519         
520         // Test with returnwith values, require both cert and chain in answer check that just chain is returned
521 locateRequestType = xKMSObjectFactory.createLocateRequestType();
522         locateRequestType.setId("133");
523         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
524         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
525         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
526         useKeyWithType.setIdentifier(username2+".test.com");
527         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN);
528         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
529         
530         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
531         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
532         
533         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
534         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
535         numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding();
536         iter = numberOfUnverifiedKeyBindings.iterator();
537         while(iter.hasNext()){
538             UnverifiedKeyBindingType nextKeyBinding = iter.next();
539             keyInfoType = nextKeyBinding.getKeyInfo();
540             assertTrue(keyInfoType.getContent().size() > 1 );
541             JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType.getContent().get(0);
542             assertTrue(jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 2);
543             Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator();
544             while(iter2.hasNext()){
545                 JAXBElement next = (JAXBElement) iter2.next();
546                 assertTrue(next.getName().getLocalPart().equals("X509Certificate"));
547                 byte[] encoded = (byte[]) next.getValue();
548                 X509Certificate nextCert = CertTools.getCertfromByteArray(encoded);
549                 assertTrue(CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(dn2)) ||
550                            CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(issuerdn)));
551             }
552             
553         }
554         
555         // Test with returnwith values, require crl in answer
556 locateRequestType = xKMSObjectFactory.createLocateRequestType();
557         locateRequestType.setId("134");
558         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
559         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
560         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
561         useKeyWithType.setIdentifier(username2+".test.com");
562         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CRL);
563         
564         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
565         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
566         
567         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
568         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
569         numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding();
570         iter = numberOfUnverifiedKeyBindings.iterator();
571         while(iter.hasNext()){
572             UnverifiedKeyBindingType nextKeyBinding = iter.next();
573             keyInfoType = nextKeyBinding.getKeyInfo();
574             assertTrue(keyInfoType.getContent().size() > 1 );
575             JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType.getContent().get(0);
576             assertTrue(jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 1);
577             Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator();
578             while(iter2.hasNext()){
579                 JAXBElement next = (JAXBElement) iter2.next();
580                 assertTrue(next.getName().getLocalPart().equals("X509CRL"));
581                 byte[] encoded = (byte[]) next.getValue();
582                 X509CRL nextCRL = CertTools.getCRLfromByteArray(encoded);
583                 assertTrue(CertTools.stringToBCDNString(nextCRL.getIssuerDN().toString()).equals(CertTools.stringToBCDNString(issuerdn)));
584             }
585         }
586         
587         // Test with returnwith values, require certchain and crl in answer
588 locateRequestType = xKMSObjectFactory.createLocateRequestType();
589         locateRequestType.setId("135");
590         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
591         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
592         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
593         useKeyWithType.setIdentifier(username2+".test.com");
594         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CRL);
595         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN);
596         
597         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
598         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
599         
600         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
601         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
602         numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding();
603         iter = numberOfUnverifiedKeyBindings.iterator();
604         while(iter.hasNext()){
605             UnverifiedKeyBindingType nextKeyBinding = iter.next();
606             keyInfoType = nextKeyBinding.getKeyInfo();
607             assertTrue(keyInfoType.getContent().size() > 1 );
608             JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType.getContent().get(0);
609             assertTrue(jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 3);
610             Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator();
611             while(iter2.hasNext()){
612                 JAXBElement next = (JAXBElement) iter2.next();
613                 if(next.getName().getLocalPart().equals("X509CRL")){
614                   byte[] encoded = (byte[]) next.getValue();
615                   X509CRL nextCRL = CertTools.getCRLfromByteArray(encoded);
616                   assertTrue(CertTools.stringToBCDNString(nextCRL.getIssuerDN().toString()).equals(CertTools.stringToBCDNString(issuerdn)));
617                 }
618                 if(next.getName().getLocalPart().equals("X509Certificate")){
619                     byte[] encoded = (byte[]) next.getValue();
620                     X509Certificate nextCert = CertTools.getCertfromByteArray(encoded);
621                     assertTrue(CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(dn2)) ||
622                                CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(issuerdn)));
623                 }
624             }
625         }
626         
627         // Test with returnwith values, require keyname in answer
628 locateRequestType = xKMSObjectFactory.createLocateRequestType();
629         locateRequestType.setId("135");
630         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
631         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
632         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
633         useKeyWithType.setIdentifier(username2+".test.com");
634         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_KEYNAME);
635         
636         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
637         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
638         
639         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
640         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
641         numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding();
642         iter = numberOfUnverifiedKeyBindings.iterator();
643         while(iter.hasNext()){
644             UnverifiedKeyBindingType nextKeyBinding = iter.next();
645             keyInfoType = nextKeyBinding.getKeyInfo();
646             assertTrue(keyInfoType.getContent().size() > 1 );
647             JAXBElement<String > jAXBString = (JAXBElement<String >) keyInfoType.getContent().get(0);
648             assertTrue(jAXBString.getName().getLocalPart().equals("KeyName"));
649             assertTrue(CertTools.stringToBCDNString(jAXBString.getValue()) + " = " + CertTools.stringToBCDNString(dn2),CertTools.stringToBCDNString(jAXBString.getValue()).equals(CertTools.stringToBCDNString(dn2)));
650         }
651         
652         // Test with returnwith values, require public key in answer
653 locateRequestType = xKMSObjectFactory.createLocateRequestType();
654         locateRequestType.setId("135");
655         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
656         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
657         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
658         useKeyWithType.setIdentifier(username2+".test.com");
659         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_KEYVALUE);
660         
661         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
662         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
663         
664         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
665         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
666         numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding();
667         iter = numberOfUnverifiedKeyBindings.iterator();
668         while(iter.hasNext()){
669             UnverifiedKeyBindingType nextKeyBinding = iter.next();
670             keyInfoType = nextKeyBinding.getKeyInfo();
671             assertTrue("" + keyInfoType.getContent().size(), keyInfoType.getContent().size() > 0 );
672             JAXBElement<KeyValueType> jAXBKeyValue = (JAXBElement<KeyValueType>) keyInfoType.getContent().get(0);
673             assertTrue(jAXBKeyValue.getName().getLocalPart(), jAXBKeyValue.getName().getLocalPart().equals("KeyValue"));
674             assertTrue(""+jAXBKeyValue.getValue().getContent().size(),jAXBKeyValue.getValue().getContent().size() > 1);
675             JAXBElement<RSAKeyValueType> rSAKeyValueType = (JAXBElement<RSAKeyValueType>) jAXBKeyValue.getValue().getContent().get(0);
676             assertTrue(rSAKeyValueType.getName().getLocalPart(),rSAKeyValueType.getName().getLocalPart().equals("RSAKeyValue"));
677             BigInteger exp = new BigInteger (rSAKeyValueType.getValue().getExponent());
678             BigInteger modulus = new BigInteger (rSAKeyValueType.getValue().getModulus());
679             assertTrue(((RSAPublicKey )cert2.getPublicKey()).getModulus().equals(modulus));
680             assertTrue(((RSAPublicKey )cert2.getPublicKey()).getPublicExponent().equals(exp));
681         }
682         
683         // Test with returnwith one invalid values
684 locateRequestType = xKMSObjectFactory.createLocateRequestType();
685         locateRequestType.setId("136");
686         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
687         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
688         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
689         useKeyWithType.setIdentifier(username2+".test.com");
690         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_RETRIEVALMETHOD);
691         
692         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
693         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
694         
695         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
696         assertTrue(locateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER));
697         assertTrue(locateResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_MESSAGENOTSUPPORTED));
698
699         // Test with returnwith many invalid values
700 locateRequestType = xKMSObjectFactory.createLocateRequestType();
701         locateRequestType.setId("137");
702         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
703         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
704         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
705         useKeyWithType.setIdentifier(username2+".test.com");
706         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_RETRIEVALMETHOD);
707         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PGP);
708         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PGPWEB);
709         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_SPKI);
710         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PRIVATEKEY);
711         
712         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
713         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
714         
715         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
716         assertTrue(locateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER));
717         assertTrue(locateResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_MESSAGENOTSUPPORTED));
718
719          // Test with many invalid values and one certificate
720 locateRequestType = xKMSObjectFactory.createLocateRequestType();
721         locateRequestType.setId("138");
722         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
723         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
724         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
725         useKeyWithType.setIdentifier(username2+".test.com");
726         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
727         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_RETRIEVALMETHOD);
728         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PGP);
729         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PGPWEB);
730         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_SPKI);
731         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PRIVATEKEY);
732         
733         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
734         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
735         
736         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
737         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
738         numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding();
739         iter = numberOfUnverifiedKeyBindings.iterator();
740         
741         while(iter.hasNext()){
742             UnverifiedKeyBindingType nextKeyBinding = iter.next();
743             keyInfoType = nextKeyBinding.getKeyInfo();
744             assertTrue(keyInfoType.getContent().size() > 0 );
745             JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType.getContent().get(0);
746             Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator();
747             while(iter2.hasNext()){
748                 JAXBElement next = (JAXBElement) iter2.next();
749                 assertTrue(next.getName().getLocalPart().equals("X509Certificate"));
750                 byte[] encoded = (byte[]) next.getValue();
751                 X509Certificate nextCert = CertTools.getCertfromByteArray(encoded);
752                 assertTrue(CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(dn2)));
753             }
754         }
755         
756         
757     }
758  
759     public void test06LocateAndKeyUsage() throws Exception {
760         // request with Signature and expect signature
761 LocateRequestType locateRequestType = xKMSObjectFactory.createLocateRequestType();
762         locateRequestType.setId("139");
763         QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
764         UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
765         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
766         useKeyWithType.setIdentifier(username2+".test.com");
767         
768         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
769         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
770         queryKeyBindingType.getKeyUsage().add(XKMSConstants.KEYUSAGE_SIGNATURE);
771         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
772         
773         LocateResultType locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
774         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
775         List <UnverifiedKeyBindingType> numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding();
776         Iterator <UnverifiedKeyBindingType> iter = numberOfUnverifiedKeyBindings.iterator();
777         while(iter.hasNext()){
778             UnverifiedKeyBindingType nextKeyBinding = iter.next();
779             assertTrue(nextKeyBinding.getKeyUsage().size() == 1);
780             assertTrue(nextKeyBinding.getKeyUsage().contains(XKMSConstants.KEYUSAGE_SIGNATURE));
781         }
782                 
783         // request with Signature and receive noMatch
784 locateRequestType = xKMSObjectFactory.createLocateRequestType();
785         locateRequestType.setId("140");
786         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
787         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
788         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
789         useKeyWithType.setIdentifier(dn1);
790         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
791         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
792         queryKeyBindingType.getKeyUsage().add(XKMSConstants.KEYUSAGE_SIGNATURE);
793         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
794         
795         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
796         assertTrue(locateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS));
797         assertTrue(locateResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOMATCH));
798         
799         // request Exchange or Signature and receive Signature expect Nomatch
800 locateRequestType = xKMSObjectFactory.createLocateRequestType();
801         locateRequestType.setId("141");
802         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
803         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
804         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
805         useKeyWithType.setIdentifier(username2+".test.com");
806         
807         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
808         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
809         queryKeyBindingType.getKeyUsage().add(XKMSConstants.KEYUSAGE_SIGNATURE);
810         queryKeyBindingType.getKeyUsage().add(XKMSConstants.KEYUSAGE_EXCHANGE);
811         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
812         
813         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
814         assertTrue(locateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS));
815         assertTrue(locateResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOMATCH));
816         
817         
818         
819         // request Exchange and that response can be used for both exchange and encryption.
820 locateRequestType = xKMSObjectFactory.createLocateRequestType();
821         locateRequestType.setId("142");
822         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
823         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
824         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
825         useKeyWithType.setIdentifier(dn3);
826         
827         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
828         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
829         queryKeyBindingType.getKeyUsage().add(XKMSConstants.KEYUSAGE_ENCRYPTION);
830         queryKeyBindingType.getKeyUsage().add(XKMSConstants.KEYUSAGE_EXCHANGE);
831         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
832         
833         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
834         assertTrue(locateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS));
835         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
836         numberOfUnverifiedKeyBindings = locateResultType.getUnverifiedKeyBinding();
837         iter = numberOfUnverifiedKeyBindings.iterator();
838         while(iter.hasNext()){
839             UnverifiedKeyBindingType nextKeyBinding = iter.next();
840             assertTrue(nextKeyBinding.getKeyUsage().size() == 2);
841             assertTrue(nextKeyBinding.getKeyUsage().contains(XKMSConstants.KEYUSAGE_ENCRYPTION));
842             assertTrue(nextKeyBinding.getKeyUsage().contains(XKMSConstants.KEYUSAGE_EXCHANGE));
843         }
844                 
845     }
846     
847     public void test07LocateAndResponseLimit() throws Exception {
848         // request with 3 and expect 3
849 LocateRequestType locateRequestType = xKMSObjectFactory.createLocateRequestType();
850         locateRequestType.setId("300");
851         QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
852         UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
853         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
854         useKeyWithType.setIdentifier(baseUsername);
855         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
856         locateRequestType.setResponseLimit(new BigInteger ("3"));
857         
858         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
859         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
860         
861         LocateResultType locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
862         assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 3);
863         
864         // request with 2 and expect 2
865 locateRequestType = xKMSObjectFactory.createLocateRequestType();
866         locateRequestType.setId("301");
867         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
868         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
869         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
870         useKeyWithType.setIdentifier(baseUsername);
871         locateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
872         locateRequestType.setResponseLimit(new BigInteger ("2"));
873         
874         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
875         locateRequestType.setQueryKeyBinding(queryKeyBindingType);
876         
877         locateResultType = xKMSInvoker.locate(locateRequestType,null,null);
878         assertTrue(locateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS));
879         assertTrue(locateResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_TOOMANYRESPONSES));
880     }
881     
882     //unknown testcert
883 static byte[] certbytes = Base64.decode(("MIICNzCCAaCgAwIBAgIIIOqiVwJHz+8wDQYJKoZIhvcNAQEFBQAwKzENMAsGA1UE"
884             + "AxMEVGVzdDENMAsGA1UEChMEVGVzdDELMAkGA1UEBhMCU0UwHhcNMDQwNTA4MDkx"
885             + "ODMwWhcNMDUwNTA4MDkyODMwWjArMQ0wCwYDVQQDEwRUZXN0MQ0wCwYDVQQKEwRU"
886             + "ZXN0MQswCQYDVQQGEwJTRTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgbf2"
887             + "Sv34lsY43C8WJjbUd57TNuHJ6p2Es7ojS3D2yxtzQg/A8wL1OfXes344PPNGHkDd"
888             + "QPBaaWYQrvLvqpjKwx/vA1835L3I92MsGs+uivq5L5oHfCxEh8Kwb9J2p3xjgeWX"
889             + "YdZM5dBj3zzyu+Jer4iU4oCAnnyG+OlVnPsFt6ECAwEAAaNkMGIwDwYDVR0TAQH/"
890             + "BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBQArVZXuGqbb9yhBLbu"
891             + "XfzjSuXfHTAfBgNVHSMEGDAWgBQArVZXuGqbb9yhBLbuXfzjSuXfHTANBgkqhkiG"
892             + "9w0BAQUFAAOBgQA1cB6wWzC2rUKBjFAzfkLvDUS3vEMy7ntYMqqQd6+5s1LHCoPw"
893             + "eaR42kMWCxAbdSRgv5ATM0JU3Q9jWbLO54FkJDzq+vw2TaX+Y5T+UL1V0o4TPKxp"
894             + "nKuay+xl5aoUcVEs3h3uJDjcpgMAtyusMEyv4d+RFYvWJWFzRTKDueyanw==").getBytes());
895     
896     public void test09Validate() throws Exception {
897         
898         // Test simple validate
899 ValidateRequestType validateRequestType = xKMSObjectFactory.createValidateRequestType();
900         validateRequestType.setId("200");
901             
902         UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
903         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
904         useKeyWithType.setIdentifier(username1);
905         
906         validateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN);
907         
908         QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
909         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
910         validateRequestType.setQueryKeyBinding(queryKeyBindingType);
911         
912         ValidateResultType validateResultType = xKMSInvoker.validate(validateRequestType,null,null);
913         
914         assertTrue(validateResultType.getKeyBinding().size() > 0);
915         assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_VALIDITYINTERVAL));
916         assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_ISSUERTRUST));
917         assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_SIGNATURE));
918         assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_REVOCATIONSTATUS));
919         
920         // Test with known certificate.
921 validateRequestType = xKMSObjectFactory.createValidateRequestType();
922         validateRequestType.setId("201");
923             
924         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
925         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
926         useKeyWithType.setIdentifier(username1);
927         
928         validateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
929         
930         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
931         X509DataType x509DataType = sigFactory.createX509DataType();
932         x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert1.getEncoded()));
933         KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
934         keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType));
935         queryKeyBindingType.setKeyInfo(keyInfoType);
936         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
937         validateRequestType.setQueryKeyBinding(queryKeyBindingType);
938         
939         validateResultType = xKMSInvoker.validate(validateRequestType,null,null);
940         
941         assertTrue(validateResultType.getKeyBinding().size() > 0);
942         assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_VALIDITYINTERVAL));
943         assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_ISSUERTRUST));
944         assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_SIGNATURE));
945         assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_REVOCATIONSTATUS));
946         
947         // Test with unknown certificate.
948 validateRequestType = xKMSObjectFactory.createValidateRequestType();
949         validateRequestType.setId("202");
950             
951         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
952         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
953         useKeyWithType.setIdentifier(username1);
954         
955         validateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
956         
957         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
958         x509DataType = sigFactory.createX509DataType();
959         x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(certbytes));
960         keyInfoType = sigFactory.createKeyInfoType();
961         keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType));
962         queryKeyBindingType.setKeyInfo(keyInfoType);
963         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
964         validateRequestType.setQueryKeyBinding(queryKeyBindingType);
965         
966         validateResultType = xKMSInvoker.validate(validateRequestType,null,null);
967         
968         assertTrue(validateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS));
969         assertTrue(validateResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOMATCH));
970         
971         // Revoke certificate
972 Admin administrator = new Admin(Admin.TYPE_RA_USER);
973         certStore.revokeCertificate(administrator, cert1, new ArrayList (), RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED);
974         // Validate with revoked certificate
975 validateRequestType = xKMSObjectFactory.createValidateRequestType();
976         validateRequestType.setId("203");
977             
978         useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
979         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
980         useKeyWithType.setIdentifier(username1);
981         
982         validateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT);
983         
984         queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
985         x509DataType = sigFactory.createX509DataType();
986         x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert1.getEncoded()));
987         keyInfoType = sigFactory.createKeyInfoType();
988         keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType));
989         queryKeyBindingType.setKeyInfo(keyInfoType);
990         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
991         validateRequestType.setQueryKeyBinding(queryKeyBindingType);
992         
993         validateResultType = xKMSInvoker.validate(validateRequestType,null,null);
994         
995         assertTrue(validateResultType.getKeyBinding().size() > 0);
996         assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_VALIDITYINTERVAL));
997         assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_ISSUERTRUST));
998         assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getValidReason().contains(XKMSConstants.STATUSREASON_SIGNATURE));
999         assertTrue(validateResultType.getKeyBinding().get(0).getStatus().getInvalidReason().contains(XKMSConstants.STATUSREASON_REVOCATIONSTATUS));
1000        
1001    }
1002    
1003    public void test99CleanDatabase() throws Exception {
1004        Admin administrator = new Admin(Admin.TYPE_RA_USER);
1005        cacheAdmin.deleteUser(administrator, username1);
1006        cacheAdmin.deleteUser(administrator, username2);
1007        cacheAdmin.deleteUser(administrator, username3);
1008        
1009        raAdmin.removeEndEntityProfile(administrator, "XKMSTESTPROFILE");
1010        
1011        certStore.removeCertificateProfile(administrator, "XKMSTESTSIGN");
1012        certStore.removeCertificateProfile(administrator, "XKMSTESTEXCHANDENC");
1013    }
1014    
1015    
1016    private Context getInitialContext() throws NamingException {
1017        log.debug(">getInitialContext");
1018
1019        Context ctx = new javax.naming.InitialContext ();
1020        log.debug("<getInitialContext");
1021
1022        return ctx;
1023    }
1024    
1025    private String genUserName() throws Exception {
1026        // Gen new user
1027 userNo++;
1028
1029        return baseUsername + userNo;
1030    } // genRandomUserName
1031
1032    private static KeyPair genKeys() throws Exception {
1033        KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA", "BC");
1034        keygen.initialize(1024);
1035        log.debug("Generating keys, please wait...");
1036        KeyPair rsaKeys = keygen.generateKeyPair();
1037        log.debug("Generated " + rsaKeys.getPrivate().getAlgorithm() + " keys with length" +
1038                ((RSAPrivateKey ) rsaKeys.getPrivate()).getModulus().bitLength());
1039
1040        return rsaKeys;
1041    } // genKeys
1042}
1043

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags