1 13 14 package org.ejbca.core.protocol.xkms; 15 16 import java.security.KeyPair ; 17 import java.security.KeyPairGenerator ; 18 import java.security.PrivateKey ; 19 import java.security.cert.X509Certificate ; 20 import java.security.interfaces.RSAPrivateKey ; 21 import java.security.interfaces.RSAPublicKey ; 22 import java.util.Arrays ; 23 import java.util.Iterator ; 24 import java.util.Random ; 25 26 import javax.naming.Context ; 27 import javax.naming.NamingException ; 28 import javax.xml.bind.JAXBContext; 29 import javax.xml.bind.JAXBElement; 30 import javax.xml.bind.JAXBException; 31 import javax.xml.bind.Marshaller; 32 import javax.xml.bind.PropertyException; 33 import javax.xml.parsers.DocumentBuilderFactory ; 34 35 import junit.framework.TestCase; 36 37 import org.apache.log4j.Logger; 38 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionHome; 39 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote; 40 import org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionHome; 41 import org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionRemote; 42 import org.ejbca.core.ejb.ra.IUserAdminSessionHome; 43 import org.ejbca.core.ejb.ra.IUserAdminSessionRemote; 44 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionHome; 45 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionRemote; 46 import org.ejbca.core.model.SecConst; 47 import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile; 48 import org.ejbca.core.model.ca.certificateprofiles.EndUserCertificateProfile; 49 import org.ejbca.core.model.log.Admin; 50 import org.ejbca.core.model.ra.UserDataConstants; 51 import org.ejbca.core.model.ra.raadmin.EndEntityProfile; 52 import org.ejbca.core.model.ra.raadmin.GlobalConfiguration; 53 import org.ejbca.core.protocol.xkms.client.XKMSInvoker; 54 import org.ejbca.core.protocol.xkms.common.XKMSConstants; 55 import org.ejbca.core.protocol.xkms.common.XKMSNamespacePrefixMapper; 56 import org.ejbca.core.protocol.xkms.common.XKMSUtil; 57 import org.ejbca.util.CertTools; 58 import org.w3._2000._09.xmldsig_.KeyInfoType; 59 import org.w3._2000._09.xmldsig_.RSAKeyValueType; 60 import org.w3._2000._09.xmldsig_.X509DataType; 61 import org.w3._2002._03.xkms_.AuthenticationType; 62 import org.w3._2002._03.xkms_.KeyBindingType; 63 import org.w3._2002._03.xkms_.NotBoundAuthenticationType; 64 import org.w3._2002._03.xkms_.ObjectFactory; 65 import org.w3._2002._03.xkms_.PrototypeKeyBindingType; 66 import org.w3._2002._03.xkms_.RecoverRequestType; 67 import org.w3._2002._03.xkms_.RecoverResultType; 68 import org.w3._2002._03.xkms_.RegisterRequestType; 69 import org.w3._2002._03.xkms_.RegisterResultType; 70 import org.w3._2002._03.xkms_.ReissueRequestType; 71 import org.w3._2002._03.xkms_.ReissueResultType; 72 import org.w3._2002._03.xkms_.RevokeRequestType; 73 import org.w3._2002._03.xkms_.RevokeResultType; 74 import org.w3._2002._03.xkms_.UseKeyWithType; 75 76 84 85 public class TestXKMSKRSS extends TestCase { 86 87 private static Logger log = Logger.getLogger(TestXKMSKRSS.class); 88 89 static{ 90 org.apache.xml.security.Init.init(); 91 } 92 93 private XKMSInvoker xKMSInvoker = new XKMSInvoker("http://localhost:8080/ejbca/xkms/xkms",null); 94 95 private ObjectFactory xKMSObjectFactory = new ObjectFactory(); 96 private org.w3._2000._09.xmldsig_.ObjectFactory sigFactory = new org.w3._2000._09.xmldsig_.ObjectFactory(); 97 98 private static String baseUsername; 99 private IUserAdminSessionRemote cacheAdmin; 100 private IUserAdminSessionHome cacheHome; 101 private ICertificateStoreSessionRemote certStore; 102 private IRaAdminSessionRemote raAdmin; 103 private IKeyRecoverySessionRemote keyAdmin; 104 105 private static Admin administrator = new Admin(Admin.TYPE_RA_USER); 106 107 private int caid; 108 private static String username1 = null; 109 private static String username2 = null; 110 private static String username3 = null; 111 112 private static String issuerdn = null; 113 114 private int userNo; 115 116 private static String dn1; 117 private static String dn2; 118 private static String dn3; 119 120 private static KeyPair keys1; 121 private static KeyPair keys3; 122 123 private static X509Certificate cert1; 124 private static X509Certificate cert2; 125 126 private static String certprofilename1 = null; 127 private static String certprofilename2 = null; 128 private static String endentityprofilename = null; 129 130 private static GlobalConfiguration orgGlobalConfig = null; 131 132 private static int endEntityProfileId; 133 134 private static JAXBContext jAXBContext = null; 135 private static Marshaller marshaller = null; 136 private static DocumentBuilderFactory dbf = null; 138 139 static{ 140 try { 141 CertTools.installBCProvider(); 142 org.apache.xml.security.Init.init(); 143 144 jAXBContext = JAXBContext.newInstance("org.w3._2002._03.xkms_:org.w3._2001._04.xmlenc_:org.w3._2000._09.xmldsig_"); 145 marshaller = jAXBContext.createMarshaller(); 146 try { 147 marshaller.setProperty("com.sun.xml.bind.namespacePrefixMapper",new XKMSNamespacePrefixMapper()); 148 } catch( PropertyException e ) { 149 log.error("Error registering namespace mapper property",e); 150 } 151 dbf = DocumentBuilderFactory.newInstance(); 152 dbf.setNamespaceAware(true); 153 155 } catch (JAXBException e) { 156 log.error("Error initializing RequestAbstractTypeResponseGenerator",e); 157 } 158 159 } 160 161 protected void setUp() throws Exception { 162 log.debug(">setUp()"); 163 CertTools.installBCProvider(); 164 165 166 if (cacheAdmin == null) { 167 if (cacheHome == null) { 168 Context jndiContext = getInitialContext(); 169 Object obj1 = jndiContext.lookup("UserAdminSession"); 170 cacheHome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj1, IUserAdminSessionHome.class); 171 172 173 Object obj2 = jndiContext.lookup("CertificateStoreSession"); 174 ICertificateStoreSessionHome certhome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject.narrow(obj2, ICertificateStoreSessionHome.class); 175 certStore = certhome.create(); 176 177 Object obj3 = jndiContext.lookup("RaAdminSession"); 178 IRaAdminSessionHome raAdminHome = (IRaAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj3, IRaAdminSessionHome.class); 179 raAdmin = raAdminHome.create(); 180 181 Object obj4 = jndiContext.lookup("KeyRecoverySession"); 182 IKeyRecoverySessionHome keyAdminHome = (IKeyRecoverySessionHome) javax.rmi.PortableRemoteObject.narrow(obj4, IKeyRecoverySessionHome.class); 183 keyAdmin = keyAdminHome.create(); 184 185 issuerdn = "CN=AdminCA1,O=EJBCA Sample,C=SE"; 186 caid = issuerdn.hashCode(); 187 188 } 189 190 cacheAdmin = cacheHome.create(); 191 } 192 193 194 Random ran = new Random (); 195 if(baseUsername == null){ 196 baseUsername = "xkmstestuser" + (ran.nextInt() % 1000) + "-"; 197 } 198 199 log.debug("<setUp()"); 200 } 201 202 protected void tearDown() throws Exception { 203 } 204 205 public void test00SetupDatabase() throws Exception { 206 207 208 certprofilename1 = "XKMSTESTSIGN" + baseUsername; 209 certprofilename2 = "XKMSTESTEXCHANDENC" + baseUsername; 210 endentityprofilename = "XKMSTESTPROFILE" + baseUsername; 211 212 orgGlobalConfig = raAdmin.loadGlobalConfiguration(administrator); 213 214 GlobalConfiguration newGlobalConfig = raAdmin.loadGlobalConfiguration(administrator); 215 newGlobalConfig.setEnableKeyRecovery(true); 216 raAdmin.saveGlobalConfiguration(administrator, newGlobalConfig); 217 218 219 EndUserCertificateProfile profile1 = new EndUserCertificateProfile(); 221 profile1.setKeyUsage(CertificateProfile.DIGITALSIGNATURE,false); 222 profile1.setKeyUsage(CertificateProfile.KEYENCIPHERMENT,false); 223 profile1.setKeyUsage(CertificateProfile.NONREPUDIATION,true); 224 225 EndUserCertificateProfile profile2 = new EndUserCertificateProfile(); 226 profile2.setKeyUsage(CertificateProfile.DATAENCIPHERMENT,true); 227 228 certStore.addCertificateProfile(administrator, certprofilename1, profile1); 229 certStore.addCertificateProfile(administrator, certprofilename2, profile2); 230 231 int profile1Id = certStore.getCertificateProfileId(administrator, certprofilename1); 232 int profile2Id = certStore.getCertificateProfileId(administrator, certprofilename2); 233 234 EndEntityProfile endentityprofile = new EndEntityProfile(true); 235 236 endentityprofile.setValue(EndEntityProfile.AVAILCAS, 0, ""+caid); 237 endentityprofile.setValue(EndEntityProfile.AVAILCERTPROFILES, 0, ""+SecConst.CERTPROFILE_FIXED_ENDUSER +";" + profile1Id + ";" + profile2Id ); 238 239 endentityprofile.setUse(EndEntityProfile.KEYRECOVERABLE, 0, true); 240 241 raAdmin.addEndEntityProfile(administrator, endentityprofilename, endentityprofile); 242 endEntityProfileId = raAdmin.getEndEntityProfileId(administrator, endentityprofilename); 243 244 245 username1 = genUserName(); 246 String pwd = "foo123"; 247 int type = SecConst.USER_ENDUSER ; 248 int token = SecConst.TOKEN_SOFT_BROWSERGEN; 249 int certificatetypeid = SecConst.CERTPROFILE_FIXED_ENDUSER; 250 int hardtokenissuerid = SecConst.NO_HARDTOKENISSUER; 251 dn1 = "C=SE, O=AnaTom, CN=" + username1; 252 String subjectaltname1 = "RFC822NAME=" + username1 + "@foo.se"; 253 String email1 = username1 + "@foo.se"; 254 if (cacheAdmin.findUser(administrator, username1) != null) { 255 System.out.println("Error : User already exists in the database."); 256 } 257 cacheAdmin.addUser(administrator, username1, pwd, CertTools.stringToBCDNString(dn1), subjectaltname1, email1, false, endEntityProfileId, certificatetypeid, 258 type, token, hardtokenissuerid, caid); 259 cacheAdmin.setClearTextPassword(administrator, username1, pwd); 260 261 username2 = genUserName(); 262 dn2 = "C=SE, O=AnaTom, CN=" + username2; 263 type = SecConst.USER_ENDUSER | SecConst.USER_KEYRECOVERABLE; 264 token = SecConst.TOKEN_SOFT_P12; 265 String subjectaltname2 = "RFC822NAME=" + username2 + "@foo.se,UNIFORMRESOURCEIDENTIFIER=http://www.test.com/"+username2+",IPADDRESS=10.0.0.1,DNSNAME="+username2+".test.com"; 266 String email2 = username2 + "@foo.se"; 267 if (cacheAdmin.findUser(administrator, username2) != null) { 268 System.out.println("Error : User already exists in the database."); 269 } 270 cacheAdmin.addUser(administrator, username2, pwd, CertTools.stringToBCDNString(dn2), subjectaltname2, email2, false, endEntityProfileId, profile1Id, 271 type, token, hardtokenissuerid, caid); 272 cacheAdmin.setClearTextPassword(administrator, username2, pwd); 273 274 username3 = genUserName(); 275 dn3 = "C=SE, O=AnaTom, CN=" + username3; 276 String subjectaltname3 = "RFC822NAME=" + username3 + "@foo.se"; 277 String email3 = username3 + "@foo.se"; 278 if (cacheAdmin.findUser(administrator, username3) != null) { 279 System.out.println("Error : User already exists in the database."); 280 } 281 cacheAdmin.addUser(administrator, username3, pwd, CertTools.stringToBCDNString(dn3), subjectaltname3, email3, false, endEntityProfileId, profile2Id, 282 type, token, hardtokenissuerid, caid); 283 cacheAdmin.setClearTextPassword(administrator, username3, pwd); 284 285 } 286 287 public void test01SimpleRegistration() throws Exception { 288 289 keys1 = genKeys(); 290 RegisterRequestType registerRequestType = xKMSObjectFactory.createRegisterRequestType(); 291 registerRequestType.setId("600"); 292 293 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 294 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX); 295 useKeyWithType.setIdentifier(dn1); 296 297 registerRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 298 299 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 300 RSAKeyValueType rsaKeyValueType = sigFactory.createRSAKeyValueType(); 301 rsaKeyValueType.setExponent(((RSAPublicKey ) keys1.getPublic()).getPublicExponent().toByteArray()); 302 rsaKeyValueType.setModulus(((RSAPublicKey ) keys1.getPublic()).getModulus().toByteArray()); 303 JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory.createRSAKeyValue(rsaKeyValueType); 304 keyInfoType.getContent().add(rsaKeyValue); 305 PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory.createPrototypeKeyBindingType(); 306 prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType); 307 prototypeKeyBindingType.setKeyInfo(keyInfoType); 308 prototypeKeyBindingType.setId("100231"); 309 registerRequestType.setPrototypeKeyBinding(prototypeKeyBindingType); 310 311 312 byte[] first = XKMSUtil.getSecretKeyFromPassphrase("UsersRevokationCodeIdentifier", true,20, XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1).getEncoded(); 313 byte[] second = XKMSUtil.getSecretKeyFromPassphrase(new String (first, "ISO8859-1"), false,20, XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS2).getEncoded(); 314 prototypeKeyBindingType.setRevocationCodeIdentifier(second); 315 316 RegisterResultType registerResultType = xKMSInvoker.register(registerRequestType, null, null, "foo123", keys1.getPrivate(), prototypeKeyBindingType.getId()); 317 318 assertTrue(registerResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS)); 319 320 assertTrue(registerResultType.getKeyBinding().size() == 1); 321 KeyBindingType keyBindingType = registerResultType.getKeyBinding().get(0); 322 assertTrue(keyBindingType.getStatus().getValidReason().size() == 4); 323 324 JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyBindingType.getKeyInfo().getContent().get(0); 325 assertTrue(jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 2); 326 Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator(); 327 while(iter2.hasNext()){ 328 JAXBElement next = (JAXBElement) iter2.next(); 329 assertTrue(next.getName().getLocalPart().equals("X509Certificate")); 330 byte[] encoded = (byte[]) next.getValue(); 331 X509Certificate nextCert = CertTools.getCertfromByteArray(encoded); 332 333 assertTrue(CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(dn1)) || 334 CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(issuerdn))); 335 if(CertTools.getSubjectDN(nextCert).equals(CertTools.stringToBCDNString(dn1))){ 336 assertTrue(Arrays.equals(keys1.getPublic().getEncoded(), nextCert.getPublicKey().getEncoded())); 337 cert1 = nextCert; 338 } 339 } 340 } 341 342 public void test02ServerGenRegistration() throws Exception { 343 RegisterRequestType registerRequestType = xKMSObjectFactory.createRegisterRequestType(); 344 registerRequestType.setId("601"); 345 346 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 347 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX); 348 useKeyWithType.setIdentifier(dn2); 349 350 registerRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 351 352 353 PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory.createPrototypeKeyBindingType(); 354 prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType); 355 356 prototypeKeyBindingType.setId("100231"); 357 registerRequestType.setPrototypeKeyBinding(prototypeKeyBindingType); 358 359 byte[] first = XKMSUtil.getSecretKeyFromPassphrase("UsersRevokationCodeId1234", true,20, XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1).getEncoded(); 360 byte[] second = XKMSUtil.getSecretKeyFromPassphrase(new String (first,"ISO8859-1"), false,20, XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS2).getEncoded(); 361 prototypeKeyBindingType.setRevocationCodeIdentifier(second); 362 363 364 RegisterResultType registerResultType = xKMSInvoker.register(registerRequestType, null, null, "foo123", null, prototypeKeyBindingType.getId()); 365 366 assertTrue(registerResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS)); 367 368 assertTrue(registerResultType.getKeyBinding().size() == 1); 369 KeyBindingType keyBindingType = registerResultType.getKeyBinding().get(0); 370 assertTrue(keyBindingType.getStatus().getValidReason().size() == 4); 371 372 JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyBindingType.getKeyInfo().getContent().get(0); 373 assertTrue(jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 1); 374 Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator(); 375 376 while(iter2.hasNext()){ 377 JAXBElement next = (JAXBElement) iter2.next(); 378 assertTrue(next.getName().getLocalPart().equals("X509Certificate")); 379 byte[] encoded = (byte[]) next.getValue(); 380 X509Certificate nextCert = CertTools.getCertfromByteArray(encoded); 381 382 assertTrue(CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(dn2))); 383 if(CertTools.getSubjectDN(nextCert).equals(CertTools.stringToBCDNString(dn2))){ 384 cert2 = nextCert; 385 386 } 387 } 388 389 assertTrue(registerResultType.getPrivateKey() != null); 390 PrivateKey privateKey = XKMSUtil.getPrivateKeyFromEncryptedXML(registerResultType.getPrivateKey(), "foo123"); 391 392 X509Certificate testCert = CertTools.genSelfCert("CN=sdf", 12, null, privateKey, cert2.getPublicKey(), "SHA1WithRSA", false); 393 testCert.verify(cert2.getPublicKey()); 394 395 } 396 397 public void test03RegisterWithWrongDN() throws Exception { 398 keys3 = genKeys(); 399 RegisterRequestType registerRequestType = xKMSObjectFactory.createRegisterRequestType(); 400 registerRequestType.setId("602"); 401 402 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 403 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX); 404 useKeyWithType.setIdentifier("CN=wrong"); 405 406 registerRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 407 408 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 409 RSAKeyValueType rsaKeyValueType = sigFactory.createRSAKeyValueType(); 410 rsaKeyValueType.setExponent(((RSAPublicKey ) keys3.getPublic()).getPublicExponent().toByteArray()); 411 rsaKeyValueType.setModulus(((RSAPublicKey ) keys3.getPublic()).getModulus().toByteArray()); 412 JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory.createRSAKeyValue(rsaKeyValueType); 413 keyInfoType.getContent().add(rsaKeyValue); 414 PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory.createPrototypeKeyBindingType(); 415 prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType); 416 prototypeKeyBindingType.setKeyInfo(keyInfoType); 417 prototypeKeyBindingType.setId("100231"); 418 registerRequestType.setPrototypeKeyBinding(prototypeKeyBindingType); 419 420 RegisterResultType registerResultType = xKMSInvoker.register(registerRequestType, null, null, "foo123", keys3.getPrivate(), prototypeKeyBindingType.getId()); 421 422 assertTrue(registerResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 423 assertTrue(registerResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOMATCH)); 424 425 } 426 427 public void test04RegisterWithWrongStatus() throws Exception { 428 KeyPair keys = genKeys(); 429 RegisterRequestType registerRequestType = xKMSObjectFactory.createRegisterRequestType(); 430 registerRequestType.setId("603"); 431 432 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 433 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX); 434 useKeyWithType.setIdentifier(dn1); 435 436 registerRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 437 438 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 439 RSAKeyValueType rsaKeyValueType = sigFactory.createRSAKeyValueType(); 440 rsaKeyValueType.setExponent(((RSAPublicKey ) keys.getPublic()).getPublicExponent().toByteArray()); 441 rsaKeyValueType.setModulus(((RSAPublicKey ) keys.getPublic()).getModulus().toByteArray()); 442 JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory.createRSAKeyValue(rsaKeyValueType); 443 keyInfoType.getContent().add(rsaKeyValue); 444 PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory.createPrototypeKeyBindingType(); 445 prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType); 446 prototypeKeyBindingType.setKeyInfo(keyInfoType); 447 prototypeKeyBindingType.setId("100231"); 448 registerRequestType.setPrototypeKeyBinding(prototypeKeyBindingType); 449 450 RegisterResultType registerResultType = xKMSInvoker.register(registerRequestType, null, null, "foo123", keys.getPrivate(), prototypeKeyBindingType.getId()); 451 452 assertTrue(registerResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 453 assertTrue(registerResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_REFUSED)); 454 455 456 } 457 458 public void test05RegisterWithWrongPassword() throws Exception { 459 KeyPair keys = genKeys(); 460 RegisterRequestType registerRequestType = xKMSObjectFactory.createRegisterRequestType(); 461 registerRequestType.setId("604"); 462 463 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 464 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX); 465 useKeyWithType.setIdentifier(dn3); 466 467 registerRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 468 469 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 470 RSAKeyValueType rsaKeyValueType = sigFactory.createRSAKeyValueType(); 471 rsaKeyValueType.setExponent(((RSAPublicKey ) keys.getPublic()).getPublicExponent().toByteArray()); 472 rsaKeyValueType.setModulus(((RSAPublicKey ) keys.getPublic()).getModulus().toByteArray()); 473 JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory.createRSAKeyValue(rsaKeyValueType); 474 keyInfoType.getContent().add(rsaKeyValue); 475 PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory.createPrototypeKeyBindingType(); 476 prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType); 477 prototypeKeyBindingType.setKeyInfo(keyInfoType); 478 prototypeKeyBindingType.setId("100231"); 479 registerRequestType.setPrototypeKeyBinding(prototypeKeyBindingType); 480 481 RegisterResultType registerResultType = xKMSInvoker.register(registerRequestType, null, null, "foo124", keys.getPrivate(), prototypeKeyBindingType.getId()); 482 483 assertTrue(registerResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 484 assertTrue(registerResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOAUTHENTICATION)); 485 486 487 } 488 489 public void test06RegisterWithNoPOP() throws Exception { 490 KeyPair keys = genKeys(); 491 RegisterRequestType registerRequestType = xKMSObjectFactory.createRegisterRequestType(); 492 registerRequestType.setId("605"); 493 494 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 495 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX); 496 useKeyWithType.setIdentifier(dn3); 497 498 registerRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 499 500 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 501 RSAKeyValueType rsaKeyValueType = sigFactory.createRSAKeyValueType(); 502 rsaKeyValueType.setExponent(((RSAPublicKey ) keys.getPublic()).getPublicExponent().toByteArray()); 503 rsaKeyValueType.setModulus(((RSAPublicKey ) keys.getPublic()).getModulus().toByteArray()); 504 JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory.createRSAKeyValue(rsaKeyValueType); 505 keyInfoType.getContent().add(rsaKeyValue); 506 PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory.createPrototypeKeyBindingType(); 507 prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType); 508 prototypeKeyBindingType.setKeyInfo(keyInfoType); 509 prototypeKeyBindingType.setId("100231"); 510 registerRequestType.setPrototypeKeyBinding(prototypeKeyBindingType); 511 512 RegisterResultType registerResultType = xKMSInvoker.register(registerRequestType, null, null, "foo123", null, prototypeKeyBindingType.getId()); 513 514 assertTrue(registerResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 515 assertTrue(registerResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_POPREQUIRED)); 516 517 518 } 519 520 public void test07RegisterWithBasicAuthentication() throws Exception { 521 KeyPair keys = genKeys(); 522 RegisterRequestType registerRequestType = xKMSObjectFactory.createRegisterRequestType(); 523 registerRequestType.setId("606"); 524 525 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 526 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX); 527 useKeyWithType.setIdentifier(dn3); 528 529 registerRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 530 531 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 532 RSAKeyValueType rsaKeyValueType = sigFactory.createRSAKeyValueType(); 533 rsaKeyValueType.setExponent(((RSAPublicKey ) keys.getPublic()).getPublicExponent().toByteArray()); 534 rsaKeyValueType.setModulus(((RSAPublicKey ) keys.getPublic()).getModulus().toByteArray()); 535 JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory.createRSAKeyValue(rsaKeyValueType); 536 keyInfoType.getContent().add(rsaKeyValue); 537 PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory.createPrototypeKeyBindingType(); 538 prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType); 539 prototypeKeyBindingType.setKeyInfo(keyInfoType); 540 prototypeKeyBindingType.setId("100231"); 541 registerRequestType.setPrototypeKeyBinding(prototypeKeyBindingType); 542 543 AuthenticationType authenticationType = xKMSObjectFactory.createAuthenticationType(); 544 NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory.createNotBoundAuthenticationType(); 545 notBoundAuthenticationType.setProtocol("NOTUSED"); 546 notBoundAuthenticationType.setValue("foo123".getBytes()); 547 authenticationType.setNotBoundAuthentication(notBoundAuthenticationType); 548 registerRequestType.setAuthentication(authenticationType); 549 550 RegisterResultType registerResultType = xKMSInvoker.register(registerRequestType, null, null, null, keys.getPrivate(), prototypeKeyBindingType.getId()); 551 552 assertTrue(registerResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS)); 553 554 assertTrue(registerResultType.getKeyBinding().size() == 1); 555 KeyBindingType keyBindingType = registerResultType.getKeyBinding().get(0); 556 assertTrue(keyBindingType.getStatus().getValidReason().size() == 4); 557 558 } 559 560 public void test08SimpleReissue() throws Exception { 561 cacheAdmin.setUserStatus(administrator, username1, 10); 562 cacheAdmin.setClearTextPassword(administrator, username1, "ReissuePassword"); 563 ReissueRequestType reissueRequestType = xKMSObjectFactory.createReissueRequestType(); 564 reissueRequestType.setId("607"); 565 566 reissueRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 567 568 X509DataType x509DataType = sigFactory.createX509DataType(); 569 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert1.getEncoded())); 570 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 571 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 572 573 KeyBindingType keyBindingType = xKMSObjectFactory.createKeyBindingType(); 574 keyBindingType.setKeyInfo(keyInfoType); 575 keyBindingType.setId("100123122"); 576 reissueRequestType.setReissueKeyBinding(keyBindingType); 577 578 AuthenticationType authenticationType = xKMSObjectFactory.createAuthenticationType(); 579 NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory.createNotBoundAuthenticationType(); 580 notBoundAuthenticationType.setProtocol("NOTUSED"); 581 notBoundAuthenticationType.setValue("ReissuePassword".getBytes()); 582 authenticationType.setNotBoundAuthentication(notBoundAuthenticationType); 583 reissueRequestType.setAuthentication(authenticationType); 584 585 ReissueResultType reissueResultType = xKMSInvoker.reissue(reissueRequestType, null, null, null, keys1.getPrivate(), keyBindingType.getId()); 586 587 assertTrue(reissueResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS)); 588 assertTrue(reissueResultType.getResultMinor() == null); 589 590 assertTrue(reissueResultType.getKeyBinding().size() == 1); 591 keyBindingType = reissueResultType.getKeyBinding().get(0); 592 assertTrue(keyBindingType.getStatus().getValidReason().size() == 4); 593 594 JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyBindingType.getKeyInfo().getContent().get(0); 595 assertTrue(jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 2); 596 Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator(); 597 while(iter2.hasNext()){ 598 JAXBElement next = (JAXBElement) iter2.next(); 599 assertTrue(next.getName().getLocalPart().equals("X509Certificate")); 600 byte[] encoded = (byte[]) next.getValue(); 601 X509Certificate nextCert = CertTools.getCertfromByteArray(encoded); 602 603 assertTrue(CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(dn1)) || 604 CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(issuerdn))); 605 if(CertTools.getSubjectDN(nextCert).equals(CertTools.stringToBCDNString(dn1))){ 606 assertTrue(Arrays.equals(keys1.getPublic().getEncoded(), nextCert.getPublicKey().getEncoded())); 607 assertFalse(cert1.getSerialNumber().equals(nextCert.getSerialNumber())); 608 } 609 } 610 } 611 612 public void test09ReissueWrongPassword() throws Exception { 613 cacheAdmin.setUserStatus(administrator, username1, 10); 614 cacheAdmin.setClearTextPassword(administrator, username1, "ReissuePassword"); 615 ReissueRequestType reissueRequestType = xKMSObjectFactory.createReissueRequestType(); 616 reissueRequestType.setId("608"); 617 618 reissueRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 619 620 X509DataType x509DataType = sigFactory.createX509DataType(); 621 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert1.getEncoded())); 622 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 623 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 624 625 KeyBindingType keyBindingType = xKMSObjectFactory.createKeyBindingType(); 626 keyBindingType.setKeyInfo(keyInfoType); 627 keyBindingType.setId("100123122"); 628 reissueRequestType.setReissueKeyBinding(keyBindingType); 629 630 AuthenticationType authenticationType = xKMSObjectFactory.createAuthenticationType(); 631 NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory.createNotBoundAuthenticationType(); 632 notBoundAuthenticationType.setProtocol("NOTUSED"); 633 notBoundAuthenticationType.setValue("Wrong".getBytes()); 634 authenticationType.setNotBoundAuthentication(notBoundAuthenticationType); 635 reissueRequestType.setAuthentication(authenticationType); 636 637 ReissueResultType reissueResultType = xKMSInvoker.reissue(reissueRequestType, null, null, null, keys1.getPrivate(), keyBindingType.getId()); 638 639 assertTrue(reissueResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 640 assertTrue(reissueResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOAUTHENTICATION)); 641 642 643 } 644 645 public void test10ReissueWrongStatus() throws Exception { 646 cacheAdmin.setUserStatus(administrator, username1, 40); 647 cacheAdmin.setClearTextPassword(administrator, username1, "ReissuePassword"); 648 ReissueRequestType reissueRequestType = xKMSObjectFactory.createReissueRequestType(); 649 reissueRequestType.setId("609"); 650 651 reissueRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 652 653 X509DataType x509DataType = sigFactory.createX509DataType(); 654 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert1.getEncoded())); 655 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 656 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 657 658 KeyBindingType keyBindingType = xKMSObjectFactory.createKeyBindingType(); 659 keyBindingType.setKeyInfo(keyInfoType); 660 keyBindingType.setId("100123122"); 661 reissueRequestType.setReissueKeyBinding(keyBindingType); 662 663 AuthenticationType authenticationType = xKMSObjectFactory.createAuthenticationType(); 664 NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory.createNotBoundAuthenticationType(); 665 notBoundAuthenticationType.setProtocol("NOTUSED"); 666 notBoundAuthenticationType.setValue("ReissuePassword".getBytes()); 667 authenticationType.setNotBoundAuthentication(notBoundAuthenticationType); 668 reissueRequestType.setAuthentication(authenticationType); 669 670 ReissueResultType reissueResultType = xKMSInvoker.reissue(reissueRequestType, null, null, null, keys1.getPrivate(), keyBindingType.getId()); 671 672 assertTrue(reissueResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 673 assertTrue(reissueResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_REFUSED)); 674 } 675 676 public void test11ReissueWrongCert() throws Exception { 677 678 cacheAdmin.setUserStatus(administrator, username1, 10); 679 cacheAdmin.setClearTextPassword(administrator, username1, "ReissuePassword"); 680 ReissueRequestType reissueRequestType = xKMSObjectFactory.createReissueRequestType(); 681 reissueRequestType.setId("610"); 682 683 reissueRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 684 685 X509DataType x509DataType = sigFactory.createX509DataType(); 686 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(Constants.getUserCert().getEncoded())); 687 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 688 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 689 690 KeyBindingType keyBindingType = xKMSObjectFactory.createKeyBindingType(); 691 keyBindingType.setKeyInfo(keyInfoType); 692 keyBindingType.setId("100123122"); 693 reissueRequestType.setReissueKeyBinding(keyBindingType); 694 695 AuthenticationType authenticationType = xKMSObjectFactory.createAuthenticationType(); 696 NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory.createNotBoundAuthenticationType(); 697 notBoundAuthenticationType.setProtocol("NOTUSED"); 698 notBoundAuthenticationType.setValue("ReissuePassword".getBytes()); 699 authenticationType.setNotBoundAuthentication(notBoundAuthenticationType); 700 reissueRequestType.setAuthentication(authenticationType); 701 702 ReissueResultType reissueResultType = xKMSInvoker.reissue(reissueRequestType, null, null, null, keys1.getPrivate(), keyBindingType.getId()); 703 704 assertTrue(reissueResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 705 assertTrue(reissueResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_REFUSED)); 706 } 707 708 public void test12SimpleRecover() throws Exception { 709 keyAdmin.markAsRecoverable(administrator, cert2, endEntityProfileId); 710 cacheAdmin.setClearTextPassword(administrator, username2, "RerecoverPassword"); 711 RecoverRequestType recoverRequestType = xKMSObjectFactory.createRecoverRequestType(); 712 recoverRequestType.setId("700"); 713 714 recoverRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 715 recoverRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PRIVATEKEY); 716 717 718 X509DataType x509DataType = sigFactory.createX509DataType(); 719 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert2.getEncoded())); 720 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 721 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 722 723 KeyBindingType keyBindingType = xKMSObjectFactory.createKeyBindingType(); 724 keyBindingType.setKeyInfo(keyInfoType); 725 keyBindingType.setId("100123123422"); 726 recoverRequestType.setRecoverKeyBinding(keyBindingType); 727 728 AuthenticationType authenticationType = xKMSObjectFactory.createAuthenticationType(); 729 NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory.createNotBoundAuthenticationType(); 730 notBoundAuthenticationType.setProtocol("NOTUSED"); 731 notBoundAuthenticationType.setValue("RerecoverPassword".getBytes()); 732 authenticationType.setNotBoundAuthentication(notBoundAuthenticationType); 733 recoverRequestType.setAuthentication(authenticationType); 734 735 RecoverResultType recoverResultType = xKMSInvoker.recover(recoverRequestType, null, null, null, keyBindingType.getId()); 736 737 assertTrue(recoverResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS)); 738 assertTrue(recoverResultType.getResultMinor() == null); 739 740 assertTrue(recoverResultType.getKeyBinding().size() == 1); 741 keyBindingType = recoverResultType.getKeyBinding().get(0); 742 assertTrue(keyBindingType.getStatus().getValidReason().size() == 4); 743 744 JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyBindingType.getKeyInfo().getContent().get(0); 745 assertTrue(jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 2); 746 Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator(); 747 748 while(iter2.hasNext()){ 749 JAXBElement next = (JAXBElement) iter2.next(); 750 assertTrue(next.getName().getLocalPart().equals("X509Certificate")); 751 byte[] encoded = (byte[]) next.getValue(); 752 X509Certificate nextCert = CertTools.getCertfromByteArray(encoded); 753 754 if(CertTools.getSubjectDN(nextCert).equals(CertTools.stringToBCDNString(dn2))){ 755 cert2 = nextCert; 756 757 } 758 } 759 760 assertTrue(recoverResultType.getPrivateKey() != null); 761 PrivateKey privateKey = XKMSUtil.getPrivateKeyFromEncryptedXML(recoverResultType.getPrivateKey(), "RerecoverPassword"); 762 763 X509Certificate testCert = CertTools.genSelfCert("CN=sdf", 12, null, privateKey, cert2.getPublicKey(), "SHA1WithRSA", false); 764 testCert.verify(cert2.getPublicKey()); 765 766 767 } 768 769 public void test13RecoverWrongPassword() throws Exception { 770 keyAdmin.markAsRecoverable(administrator, cert2, endEntityProfileId); 771 cacheAdmin.setClearTextPassword(administrator, username2, "RerecoverPassword"); 772 RecoverRequestType recoverRequestType = xKMSObjectFactory.createRecoverRequestType(); 773 recoverRequestType.setId("701"); 774 775 recoverRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 776 recoverRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PRIVATEKEY); 777 778 X509DataType x509DataType = sigFactory.createX509DataType(); 779 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert2.getEncoded())); 780 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 781 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 782 783 KeyBindingType keyBindingType = xKMSObjectFactory.createKeyBindingType(); 784 keyBindingType.setKeyInfo(keyInfoType); 785 keyBindingType.setId("100123123422"); 786 recoverRequestType.setRecoverKeyBinding(keyBindingType); 787 788 AuthenticationType authenticationType = xKMSObjectFactory.createAuthenticationType(); 789 NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory.createNotBoundAuthenticationType(); 790 notBoundAuthenticationType.setProtocol("NOTUSED"); 791 notBoundAuthenticationType.setValue("Wrong".getBytes()); 792 authenticationType.setNotBoundAuthentication(notBoundAuthenticationType); 793 recoverRequestType.setAuthentication(authenticationType); 794 795 RecoverResultType recoverResultType = xKMSInvoker.recover(recoverRequestType, null, null, null, keyBindingType.getId()); 796 797 assertTrue(recoverResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 798 assertTrue(recoverResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOAUTHENTICATION)); 799 800 } 801 802 public void test14RecoverWrongStatus() throws Exception { 803 cacheAdmin.setUserStatus(administrator, username2, 10); 804 cacheAdmin.setClearTextPassword(administrator, username2, "RerecoverPassword"); 805 RecoverRequestType recoverRequestType = xKMSObjectFactory.createRecoverRequestType(); 806 recoverRequestType.setId("702"); 807 808 recoverRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 809 recoverRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PRIVATEKEY); 810 811 812 X509DataType x509DataType = sigFactory.createX509DataType(); 813 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert2.getEncoded())); 814 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 815 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 816 817 KeyBindingType keyBindingType = xKMSObjectFactory.createKeyBindingType(); 818 keyBindingType.setKeyInfo(keyInfoType); 819 keyBindingType.setId("100123123422"); 820 recoverRequestType.setRecoverKeyBinding(keyBindingType); 821 822 AuthenticationType authenticationType = xKMSObjectFactory.createAuthenticationType(); 823 NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory.createNotBoundAuthenticationType(); 824 notBoundAuthenticationType.setProtocol("NOTUSED"); 825 notBoundAuthenticationType.setValue("RerecoverPassword".getBytes()); 826 authenticationType.setNotBoundAuthentication(notBoundAuthenticationType); 827 recoverRequestType.setAuthentication(authenticationType); 828 829 RecoverResultType recoverResultType = xKMSInvoker.recover(recoverRequestType, null, null, null, keyBindingType.getId()); 830 831 assertTrue(recoverResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 832 assertTrue(recoverResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_REFUSED)); 833 834 } 835 836 public void test15RecoverWrongCert() throws Exception { 837 cacheAdmin.setUserStatus(administrator, username2, UserDataConstants.STATUS_KEYRECOVERY); 838 cacheAdmin.setClearTextPassword(administrator, username2, "RerecoverPassword"); 839 RecoverRequestType recoverRequestType = xKMSObjectFactory.createRecoverRequestType(); 840 recoverRequestType.setId("703"); 841 842 recoverRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 843 recoverRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PRIVATEKEY); 844 845 846 X509DataType x509DataType = sigFactory.createX509DataType(); 847 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(Constants.getUserCert().getEncoded())); 848 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 849 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 850 851 KeyBindingType keyBindingType = xKMSObjectFactory.createKeyBindingType(); 852 keyBindingType.setKeyInfo(keyInfoType); 853 keyBindingType.setId("100123123422"); 854 recoverRequestType.setRecoverKeyBinding(keyBindingType); 855 856 AuthenticationType authenticationType = xKMSObjectFactory.createAuthenticationType(); 857 NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory.createNotBoundAuthenticationType(); 858 notBoundAuthenticationType.setProtocol("NOTUSED"); 859 notBoundAuthenticationType.setValue("RerecoverPassword".getBytes()); 860 authenticationType.setNotBoundAuthentication(notBoundAuthenticationType); 861 recoverRequestType.setAuthentication(authenticationType); 862 863 RecoverResultType recoverResultType = xKMSInvoker.recover(recoverRequestType, null, null, null, keyBindingType.getId()); 864 865 assertTrue(recoverResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 866 assertTrue(recoverResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOMATCH)); 867 868 } 869 870 public void test16CertNotMarked() throws Exception { 871 keyAdmin.unmarkUser(administrator, username2); 872 cacheAdmin.setUserStatus(administrator, username2, 40); 873 cacheAdmin.setClearTextPassword(administrator, username2, "RerecoverPassword"); 874 RecoverRequestType recoverRequestType = xKMSObjectFactory.createRecoverRequestType(); 875 recoverRequestType.setId("704"); 876 877 recoverRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 878 recoverRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PRIVATEKEY); 879 880 881 X509DataType x509DataType = sigFactory.createX509DataType(); 882 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert2.getEncoded())); 883 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 884 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 885 886 KeyBindingType keyBindingType = xKMSObjectFactory.createKeyBindingType(); 887 keyBindingType.setKeyInfo(keyInfoType); 888 keyBindingType.setId("100123123422"); 889 recoverRequestType.setRecoverKeyBinding(keyBindingType); 890 891 AuthenticationType authenticationType = xKMSObjectFactory.createAuthenticationType(); 892 NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory.createNotBoundAuthenticationType(); 893 notBoundAuthenticationType.setProtocol("NOTUSED"); 894 notBoundAuthenticationType.setValue("RerecoverPassword".getBytes()); 895 authenticationType.setNotBoundAuthentication(notBoundAuthenticationType); 896 recoverRequestType.setAuthentication(authenticationType); 897 898 RecoverResultType recoverResultType = xKMSInvoker.recover(recoverRequestType, null, null, null, keyBindingType.getId()); 899 900 assertTrue(recoverResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 901 assertTrue(recoverResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_REFUSED)); 902 903 } 904 905 public void test17SimpleRevoke() throws Exception { 906 RevokeRequestType revokeRequestType = xKMSObjectFactory.createRevokeRequestType(); 907 revokeRequestType.setId("800"); 908 909 910 X509DataType x509DataType = sigFactory.createX509DataType(); 911 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert1.getEncoded())); 912 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 913 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 914 915 KeyBindingType keyBindingType = xKMSObjectFactory.createKeyBindingType(); 916 keyBindingType.setKeyInfo(keyInfoType); 917 keyBindingType.setId("100123123422"); 918 revokeRequestType.setRevokeKeyBinding(keyBindingType); 919 920 byte[] first = XKMSUtil.getSecretKeyFromPassphrase("UsersRevokationCodeIdentifier", true,20, XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1).getEncoded(); 921 revokeRequestType.setRevocationCode(first); 922 923 924 RevokeResultType revokeResultType = xKMSInvoker.revoke(revokeRequestType, null, null, null, keyBindingType.getId()); 925 926 assertTrue(revokeResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS)); 927 assertTrue(revokeResultType.getResultMinor() == null ); 928 929 } 930 931 public void test18RevokeWrongPassword() throws Exception { 932 RevokeRequestType revokeRequestType = xKMSObjectFactory.createRevokeRequestType(); 933 revokeRequestType.setId("801"); 934 935 936 X509DataType x509DataType = sigFactory.createX509DataType(); 937 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert2.getEncoded())); 938 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 939 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 940 941 KeyBindingType keyBindingType = xKMSObjectFactory.createKeyBindingType(); 942 keyBindingType.setKeyInfo(keyInfoType); 943 keyBindingType.setId("100123123422"); 944 revokeRequestType.setRevokeKeyBinding(keyBindingType); 945 946 revokeRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 947 948 byte[] first = XKMSUtil.getSecretKeyFromPassphrase("Wrong", true,20, XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1).getEncoded(); 949 revokeRequestType.setRevocationCode(first); 950 951 952 RevokeResultType revokeResultType = xKMSInvoker.revoke(revokeRequestType, null, null, null, keyBindingType.getId()); 953 954 assertTrue(revokeResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 955 assertTrue(revokeResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOAUTHENTICATION)); 956 } 957 958 public void test19RevokeWithResult() throws Exception { 959 RevokeRequestType revokeRequestType = xKMSObjectFactory.createRevokeRequestType(); 960 revokeRequestType.setId("802"); 961 962 963 X509DataType x509DataType = sigFactory.createX509DataType(); 964 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert2.getEncoded())); 965 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 966 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 967 968 KeyBindingType keyBindingType = xKMSObjectFactory.createKeyBindingType(); 969 keyBindingType.setKeyInfo(keyInfoType); 970 keyBindingType.setId("100123123422"); 971 revokeRequestType.setRevokeKeyBinding(keyBindingType); 972 973 revokeRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 974 975 976 byte[] first = XKMSUtil.getSecretKeyFromPassphrase("UsersRevokationCodeId1234", true,20, XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1).getEncoded(); 977 revokeRequestType.setRevocationCode(first); 978 979 RevokeResultType revokeResultType = xKMSInvoker.revoke(revokeRequestType, null, null, null, keyBindingType.getId()); 980 981 assertTrue(revokeResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS)); 982 assertTrue(revokeResultType.getResultMinor() == null ); 983 984 assertTrue(revokeResultType.getKeyBinding().size() == 1); 985 keyBindingType = revokeResultType.getKeyBinding().get(0); 986 assertTrue(keyBindingType.getStatus().getValidReason().size() == 3); 987 assertTrue(keyBindingType.getStatus().getInvalidReason().size() == 1); 988 989 JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyBindingType.getKeyInfo().getContent().get(0); 990 assertTrue(jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 1); 991 Iterator iter2 = jAXBX509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator(); 992 993 while(iter2.hasNext()){ 994 JAXBElement next = (JAXBElement) iter2.next(); 995 assertTrue(next.getName().getLocalPart().equals("X509Certificate")); 996 byte[] encoded = (byte[]) next.getValue(); 997 X509Certificate nextCert = CertTools.getCertfromByteArray(encoded); 998 999 assertTrue(CertTools.stringToBCDNString(nextCert.getSubjectDN().toString()).equals(CertTools.stringToBCDNString(dn2))); 1000 1001 } 1002 } 1003 1004 public void test20RevokeAlreadyRevoked() throws Exception { 1005 RevokeRequestType revokeRequestType = xKMSObjectFactory.createRevokeRequestType(); 1006 revokeRequestType.setId("804"); 1007 1008 1009 X509DataType x509DataType = sigFactory.createX509DataType(); 1010 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(cert2.getEncoded())); 1011 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 1012 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 1013 1014 KeyBindingType keyBindingType = xKMSObjectFactory.createKeyBindingType(); 1015 keyBindingType.setKeyInfo(keyInfoType); 1016 keyBindingType.setId("100123123422"); 1017 revokeRequestType.setRevokeKeyBinding(keyBindingType); 1018 1019 revokeRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CERT); 1020 1021 1022 byte[] first = XKMSUtil.getSecretKeyFromPassphrase("UsersRevokationCodeId1234", true,20, XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1).getEncoded(); 1023 revokeRequestType.setRevocationCode(first); 1024 1025 RevokeResultType revokeResultType = xKMSInvoker.revoke(revokeRequestType, null, null, null, keyBindingType.getId()); 1026 1027 assertTrue(revokeResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 1028 assertTrue(revokeResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_REFUSED)); 1029 } 1030 1031 public void test99CleanDatabase() throws Exception { 1032 Admin administrator = new Admin(Admin.TYPE_RA_USER); 1033 cacheAdmin.deleteUser(administrator, username1); 1034 cacheAdmin.deleteUser(administrator, username2); 1035 cacheAdmin.deleteUser(administrator, username3); 1036 1037 raAdmin.removeEndEntityProfile(administrator, endentityprofilename); 1038 1039 certStore.removeCertificateProfile(administrator, certprofilename1); 1040 certStore.removeCertificateProfile(administrator, certprofilename2); 1041 1042 raAdmin.saveGlobalConfiguration(administrator, orgGlobalConfig); 1043 } 1044 1045 1046 private Context getInitialContext() throws NamingException { 1047 log.debug(">getInitialContext"); 1048 1049 Context ctx = new javax.naming.InitialContext (); 1050 log.debug("<getInitialContext"); 1051 1052 return ctx; 1053 } 1054 1055 private String genUserName() throws Exception { 1056 userNo++; 1058 1059 return baseUsername + userNo; 1060 } 1062 private static KeyPair genKeys() throws Exception { 1063 KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA", "BC"); 1064 keygen.initialize(1024); 1065 log.debug("Generating keys, please wait..."); 1066 KeyPair rsaKeys = keygen.generateKeyPair(); 1067 log.debug("Generated " + rsaKeys.getPrivate().getAlgorithm() + " keys with length" + 1068 ((RSAPrivateKey ) rsaKeys.getPrivate()).getModulus().bitLength()); 1069 1070 return rsaKeys; 1071 } } 1073 | Popular Tags |