KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > se > anatom > ejbca > ca > caadmin > TestCAs


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13
14 package se.anatom.ejbca.ca.caadmin;
15
16 import java.security.PublicKey JavaDoc;
17 import java.security.cert.X509Certificate JavaDoc;
18 import java.security.interfaces.RSAPublicKey JavaDoc;
19 import java.util.ArrayList JavaDoc;
20 import java.util.Collection JavaDoc;
21 import java.util.Date JavaDoc;
22
23 import javax.naming.Context JavaDoc;
24 import javax.naming.NamingException JavaDoc;
25
26 import junit.framework.TestCase;
27
28 import org.apache.log4j.Logger;
29 import org.bouncycastle.jce.provider.JCEECPublicKey;
30 import org.ejbca.core.ejb.authorization.IAuthorizationSessionHome;
31 import org.ejbca.core.ejb.authorization.IAuthorizationSessionRemote;
32 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionHome;
33 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionRemote;
34 import org.ejbca.core.model.SecConst;
35 import org.ejbca.core.model.ca.caadmin.CAExistsException;
36 import org.ejbca.core.model.ca.caadmin.CAInfo;
37 import org.ejbca.core.model.ca.caadmin.X509CAInfo;
38 import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceInfo;
39 import org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceInfo;
40 import org.ejbca.core.model.ca.caadmin.extendedcaservices.XKMSCAServiceInfo;
41 import org.ejbca.core.model.ca.catoken.CATokenConstants;
42 import org.ejbca.core.model.ca.catoken.CATokenInfo;
43 import org.ejbca.core.model.ca.catoken.SoftCATokenInfo;
44 import org.ejbca.core.model.log.Admin;
45 import org.ejbca.util.CertTools;
46
47 /**
48  * Tests the ca data entity bean.
49  *
50  * @version $Id: TestCAs.java,v 1.20.2.1 2007/06/05 13:37:23 anatom Exp $
51  */

52 public class TestCAs extends TestCase {
53     private static Logger log = Logger.getLogger(TestCAs.class);
54
55     private static ICAAdminSessionRemote cacheAdmin;
56
57
58     private static ICAAdminSessionHome cacheHome;
59
60     private static final Admin admin = new Admin(Admin.TYPE_INTERNALUSER);
61
62     /**
63      * Creates a new TestCAs object.
64      *
65      * @param name name
66      */

67     public TestCAs(String JavaDoc name) {
68         super(name);
69     }
70
71     protected void setUp() throws Exception JavaDoc {
72
73         log.debug(">setUp()");
74
75         if (cacheAdmin == null) {
76             if (cacheHome == null) {
77                 Context JavaDoc jndiContext = getInitialContext();
78                 Object JavaDoc obj1 = jndiContext.lookup("CAAdminSession");
79                 cacheHome = (ICAAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj1, ICAAdminSessionHome.class);
80             }
81
82             cacheAdmin = cacheHome.create();
83         }
84         
85         CertTools.installBCProvider();
86
87         log.debug("<setUp()");
88     }
89
90     protected void tearDown() throws Exception JavaDoc {
91     }
92
93     private Context JavaDoc getInitialContext() throws NamingException JavaDoc {
94         log.debug(">getInitialContext");
95
96         Context JavaDoc ctx = new javax.naming.InitialContext JavaDoc();
97         log.debug("<getInitialContext");
98
99         return ctx;
100     }
101
102
103     /**
104      * adds a CA using RSA keys to the database.
105      *
106      * It also checks that the CA is stored correctly.
107      *
108      * @throws Exception error
109      */

110     public void test01AddRSACA() throws Exception JavaDoc {
111         log.debug(">test01AddRSACA()");
112         boolean ret = false;
113         try {
114
115             Context JavaDoc context = getInitialContext();
116             IAuthorizationSessionHome authorizationsessionhome = (IAuthorizationSessionHome) javax.rmi.PortableRemoteObject.narrow(context.lookup("AuthorizationSession"), IAuthorizationSessionHome.class);
117             IAuthorizationSessionRemote authorizationsession = authorizationsessionhome.create();
118             authorizationsession.initialize(admin, "CN=TEST".hashCode());
119
120             SoftCATokenInfo catokeninfo = new SoftCATokenInfo();
121             catokeninfo.setSignKeySpec("1024");
122             catokeninfo.setEncKeySpec("1024");
123             catokeninfo.setSignKeyAlgorithm(SoftCATokenInfo.KEYALGORITHM_RSA);
124             catokeninfo.setEncKeyAlgorithm(SoftCATokenInfo.KEYALGORITHM_RSA);
125             catokeninfo.setSignatureAlgorithm(CATokenInfo.SIGALG_SHA1_WITH_RSA);
126             catokeninfo.setEncryptionAlgorithm(CATokenInfo.SIGALG_SHA1_WITH_RSA);
127             // Create and active OSCP CA Service.
128
ArrayList JavaDoc extendedcaservices = new ArrayList JavaDoc();
129             extendedcaservices.add(new OCSPCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE,
130                     "CN=OCSPSignerCertificate, " + "CN=TEST",
131                     "",
132                     "1024",
133                     CATokenConstants.KEYALGORITHM_RSA));
134             extendedcaservices.add(new XKMSCAServiceInfo(ExtendedCAServiceInfo.STATUS_INACTIVE,
135                     "CN=XKMSCertificate, " + "CN=TEST",
136                     "",
137                     "1024",
138                     CATokenConstants.KEYALGORITHM_RSA));
139
140
141             X509CAInfo cainfo = new X509CAInfo("CN=TEST",
142                     "TEST", SecConst.CA_ACTIVE, new Date JavaDoc(),
143                     "", SecConst.CERTPROFILE_FIXED_ROOTCA,
144                     365,
145                     null, // Expiretime
146
CAInfo.CATYPE_X509,
147                     CAInfo.SELFSIGNED,
148                     (Collection JavaDoc) null,
149                     catokeninfo,
150                     "JUnit RSA CA",
151                     -1, null,
152                     null, // PolicyId
153
24, // CRLPeriod
154
0, // CRLIssueInterval
155
10, // CRLOverlapTime
156
new ArrayList JavaDoc(),
157                     true, // Authority Key Identifier
158
false, // Authority Key Identifier Critical
159
true, // CRL Number
160
false, // CRL Number Critical
161
null, // defaultcrldistpoint
162
null, // defaultcrlissuer
163
null, // defaultocsplocator
164
true, // Finish User
165
extendedcaservices,
166                     false, // use default utf8 settings
167
new ArrayList JavaDoc(), // Approvals Settings
168
1, // Number of Req approvals
169
false); // Use UTF8 subject DN by default
170

171
172             cacheAdmin.createCA(admin, cainfo);
173
174
175             CAInfo info = cacheAdmin.getCAInfo(admin, "TEST");
176
177             X509Certificate JavaDoc cert = (X509Certificate JavaDoc) info.getCertificateChain().iterator().next();
178             assertTrue("Error in created ca certificate", cert.getSubjectDN().toString().equals("CN=TEST"));
179             assertTrue("Creating CA failed", info.getSubjectDN().equals("CN=TEST"));
180             PublicKey JavaDoc pk = cert.getPublicKey();
181             if (pk instanceof RSAPublicKey JavaDoc) {
182                 RSAPublicKey JavaDoc rsapk = (RSAPublicKey JavaDoc) pk;
183                 assertEquals(rsapk.getAlgorithm(), "RSA");
184             } else {
185                 assertTrue("Public key is not EC", false);
186             }
187
188             ret = true;
189         } catch (CAExistsException pee) {
190             log.info("CA exists.");
191         }
192
193         assertTrue("Creating RSA CA failed", ret);
194         log.debug("<test01AddRSACA()");
195     }
196
197     /**
198      * renames CA in database.
199      *
200      * @throws Exception error
201      */

202     public void test02RenameCA() throws Exception JavaDoc {
203         log.debug(">test02RenameCA()");
204
205         boolean ret = false;
206         try {
207             cacheAdmin.renameCA(admin, "TEST", "TEST2");
208             cacheAdmin.renameCA(admin, "TEST2", "TEST");
209             ret = true;
210         } catch (CAExistsException cee) {
211         }
212         assertTrue("Renaming CA failed", ret);
213
214         log.debug("<test02RenameCA()");
215     }
216
217
218     /**
219      * edits ca and checks that it's stored correctly.
220      *
221      * @throws Exception error
222      */

223     public void test03EditCA() throws Exception JavaDoc {
224         log.debug(">test03EditCA()");
225
226         X509CAInfo info = (X509CAInfo) cacheAdmin.getCAInfo(admin, "TEST");
227         info.setCRLPeriod(33);
228         cacheAdmin.editCA(admin, info);
229         X509CAInfo info2 = (X509CAInfo) cacheAdmin.getCAInfo(admin, "TEST");
230         assertTrue("Editing CA failed", info2.getCRLPeriod() == 33);
231
232         log.debug("<test03EditCA()");
233     }
234
235     /**
236      * adds a CA Using ECDSA keys to the database.
237      *
238      * It also checks that the CA is stored correctly.
239      *
240      * @throws Exception error
241      */

242     public void test04AddECDSACA() throws Exception JavaDoc {
243         log.debug(">test04AddECDSACA()");
244         boolean ret = false;
245         try {
246
247             Context JavaDoc context = getInitialContext();
248             IAuthorizationSessionHome authorizationsessionhome = (IAuthorizationSessionHome) javax.rmi.PortableRemoteObject.narrow(context.lookup("AuthorizationSession"), IAuthorizationSessionHome.class);
249             IAuthorizationSessionRemote authorizationsession = authorizationsessionhome.create();
250             authorizationsession.initialize(admin, "CN=TESTECDSA".hashCode());
251
252             SoftCATokenInfo catokeninfo = new SoftCATokenInfo();
253             catokeninfo.setSignKeySpec("prime192v1");
254             catokeninfo.setEncKeySpec("1024");
255             catokeninfo.setSignKeyAlgorithm(SoftCATokenInfo.KEYALGORITHM_ECDSA);
256             catokeninfo.setEncKeyAlgorithm(SoftCATokenInfo.KEYALGORITHM_RSA);
257             catokeninfo.setSignatureAlgorithm(CATokenInfo.SIGALG_SHA256_WITH_ECDSA);
258             catokeninfo.setEncryptionAlgorithm(CATokenInfo.SIGALG_SHA1_WITH_RSA);
259             // Create and active OSCP CA Service.
260
ArrayList JavaDoc extendedcaservices = new ArrayList JavaDoc();
261             extendedcaservices.add(new OCSPCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE,
262                     "CN=OCSPSignerCertificate, " + "CN=TESTECDSA",
263                     "",
264                     "prime192v1",
265                     CATokenConstants.KEYALGORITHM_ECDSA));
266             extendedcaservices.add(new XKMSCAServiceInfo(ExtendedCAServiceInfo.STATUS_INACTIVE,
267                     "CN=XKMSSignerCertificate, " + "CN=TESTECDSA",
268                     "",
269                     "prime192v1",
270                     CATokenConstants.KEYALGORITHM_ECDSA));
271
272
273             X509CAInfo cainfo = new X509CAInfo("CN=TESTECDSA",
274                     "TESTECDSA", SecConst.CA_ACTIVE, new Date JavaDoc(),
275                     "", SecConst.CERTPROFILE_FIXED_ROOTCA,
276                     365,
277                     null, // Expiretime
278
CAInfo.CATYPE_X509,
279                     CAInfo.SELFSIGNED,
280                     (Collection JavaDoc) null,
281                     catokeninfo,
282                     "JUnit ECDSA CA",
283                     -1, null,
284                     "2.5.29.32.0", // PolicyId
285
24, // CRLPeriod
286
0, // CRLIssueInterval
287
10, // CRLOverlapTime
288
new ArrayList JavaDoc(),
289                     true, // Authority Key Identifier
290
false, // Authority Key Identifier Critical
291
true, // CRL Number
292
false, // CRL Number Critical
293
null, // defaultcrldistpoint
294
null, // defaultcrlissuer
295
null, // defaultocsplocator
296
true, // Finish User
297
extendedcaservices,
298                     false, // use default utf8 settings
299
new ArrayList JavaDoc(), // Approvals Settings
300
1, // Number of Req approvals
301
false); // Use UTF8 subject DN by default
302

303
304             cacheAdmin.createCA(admin, cainfo);
305
306
307             CAInfo info = cacheAdmin.getCAInfo(admin, "TESTECDSA");
308
309             X509Certificate JavaDoc cert = (X509Certificate JavaDoc) info.getCertificateChain().iterator().next();
310             assertTrue("Error in created ca certificate", cert.getSubjectDN().toString().equals("CN=TESTECDSA"));
311             assertTrue("Creating CA failed", info.getSubjectDN().equals("CN=TESTECDSA"));
312             PublicKey JavaDoc pk = cert.getPublicKey();
313             if (pk instanceof JCEECPublicKey) {
314                 JCEECPublicKey ecpk = (JCEECPublicKey) pk;
315                 assertEquals(ecpk.getAlgorithm(), "EC");
316                 org.bouncycastle.jce.spec.ECParameterSpec spec = ecpk.getParameters();
317                 assertNotNull("ImplicitlyCA must have null spec", spec);
318             } else {
319                 assertTrue("Public key is not EC", false);
320             }
321
322             ret = true;
323         } catch (CAExistsException pee) {
324             log.info("CA exists.");
325         }
326
327         assertTrue("Creating ECDSA CA failed", ret);
328         log.debug("<test04AddECDSACA()");
329     }
330
331     /**
332      * adds a CA Using ECDSA 'implicitlyCA' keys to the database.
333      *
334      * It also checks that the CA is stored correctly.
335      *
336      * @throws Exception error
337      */

338     public void test05AddECDSAImplicitlyCACA() throws Exception JavaDoc {
339         log.debug(">test05AddECDSAImplicitlyCACA()");
340         boolean ret = false;
341         try {
342
343             Context JavaDoc context = getInitialContext();
344             IAuthorizationSessionHome authorizationsessionhome = (IAuthorizationSessionHome) javax.rmi.PortableRemoteObject.narrow(context.lookup("AuthorizationSession"), IAuthorizationSessionHome.class);
345             IAuthorizationSessionRemote authorizationsession = authorizationsessionhome.create();
346             authorizationsession.initialize(admin, "CN=TESTECDSAImplicitlyCA".hashCode());
347
348             SoftCATokenInfo catokeninfo = new SoftCATokenInfo();
349             catokeninfo.setSignKeySpec("implicitlyCA");
350             catokeninfo.setEncKeySpec("1024");
351             catokeninfo.setSignKeyAlgorithm(SoftCATokenInfo.KEYALGORITHM_ECDSA);
352             catokeninfo.setEncKeyAlgorithm(SoftCATokenInfo.KEYALGORITHM_RSA);
353             catokeninfo.setSignatureAlgorithm(CATokenInfo.SIGALG_SHA256_WITH_ECDSA);
354             catokeninfo.setEncryptionAlgorithm(CATokenInfo.SIGALG_SHA1_WITH_RSA);
355             // Create and active OSCP CA Service.
356
ArrayList JavaDoc extendedcaservices = new ArrayList JavaDoc();
357             extendedcaservices.add(new OCSPCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE,
358                     "CN=OCSPSignerCertificate, " + "CN=TESTECDSAImplicitlyCA",
359                     "",
360                     "prime192v1",
361                     CATokenConstants.KEYALGORITHM_ECDSA));
362             
363             extendedcaservices.add(new XKMSCAServiceInfo(ExtendedCAServiceInfo.STATUS_INACTIVE,
364                     "CN=XKMSCertificate, " + "CN=TESTECDSAImplicitlyCA",
365                     "",
366                     "prime192v1",
367                     CATokenConstants.KEYALGORITHM_ECDSA));
368
369
370             X509CAInfo cainfo = new X509CAInfo("CN=TESTECDSAImplicitlyCA",
371                     "TESTECDSAImplicitlyCA", SecConst.CA_ACTIVE, new Date JavaDoc(),
372                     "", SecConst.CERTPROFILE_FIXED_ROOTCA,
373                     365,
374                     null, // Expiretime
375
CAInfo.CATYPE_X509,
376                     CAInfo.SELFSIGNED,
377                     (Collection JavaDoc) null,
378                     catokeninfo,
379                     "JUnit ECDSA ImplicitlyCA CA",
380                     -1, null,
381                     "2.5.29.32.0", // PolicyId
382
24, // CRLPeriod
383
0, // CRLIssueInterval
384
10, // CRLOverlapTime
385
new ArrayList JavaDoc(),
386                     true, // Authority Key Identifier
387
false, // Authority Key Identifier Critical
388
true, // CRL Number
389
false, // CRL Number Critical
390
null, // defaultcrldistpoint
391
null, // defaultcrlissuer
392
null, // defaultocsplocator
393
true, // Finish User
394
extendedcaservices,
395                     false, // use default utf8 settings
396
new ArrayList JavaDoc(), // Approvals Settings
397
1, // Number of Req approvals
398
false); // Use UTF8 subject DN by default
399

400
401             cacheAdmin.createCA(admin, cainfo);
402
403
404             CAInfo info = cacheAdmin.getCAInfo(admin, "TESTECDSAImplicitlyCA");
405
406             X509Certificate JavaDoc cert = (X509Certificate JavaDoc) info.getCertificateChain().iterator().next();
407             assertTrue("Error in created ca certificate", cert.getSubjectDN().toString().equals("CN=TESTECDSAImplicitlyCA"));
408             assertTrue("Creating CA failed", info.getSubjectDN().equals("CN=TESTECDSAImplicitlyCA"));
409             PublicKey JavaDoc pk = cert.getPublicKey();
410             if (pk instanceof JCEECPublicKey) {
411                 JCEECPublicKey ecpk = (JCEECPublicKey) pk;
412                 assertEquals(ecpk.getAlgorithm(), "EC");
413                 org.bouncycastle.jce.spec.ECParameterSpec spec = ecpk.getParameters();
414                 assertNull("ImplicitlyCA must have null spec", spec);
415                 
416             } else {
417                 assertTrue("Public key is not EC", false);
418             }
419
420             ret = true;
421         } catch (CAExistsException pee) {
422             log.info("CA exists.");
423         }
424
425         assertTrue("Creating ECDSA ImplicitlyCA CA failed", ret);
426         log.debug("<test05AddECDSAImplicitlyCACA()");
427     }
428
429     /**
430      * adds a CA using RSA keys to the database.
431      *
432      * It also checks that the CA is stored correctly.
433      *
434      * @throws Exception error
435      */

436     public void test06AddRSASha256WithMGF1CA() throws Exception JavaDoc {
437         log.debug(">test06AddRSASha256WithMGF1CA()");
438         boolean ret = false;
439         try {
440             String JavaDoc cadn = "CN=TESTSha256WithMGF1";
441             Context JavaDoc context = getInitialContext();
442             IAuthorizationSessionHome authorizationsessionhome = (IAuthorizationSessionHome) javax.rmi.PortableRemoteObject.narrow(context.lookup("AuthorizationSession"), IAuthorizationSessionHome.class);
443             IAuthorizationSessionRemote authorizationsession = authorizationsessionhome.create();
444             authorizationsession.initialize(admin, cadn.hashCode());
445
446             SoftCATokenInfo catokeninfo = new SoftCATokenInfo();
447             catokeninfo.setSignKeySpec("1024");
448             catokeninfo.setEncKeySpec("1024");
449             catokeninfo.setSignKeyAlgorithm(SoftCATokenInfo.KEYALGORITHM_RSA);
450             catokeninfo.setEncKeyAlgorithm(SoftCATokenInfo.KEYALGORITHM_RSA);
451             catokeninfo.setSignatureAlgorithm(CATokenInfo.SIGALG_SHA256_WITH_RSA_AND_MGF1);
452             catokeninfo.setEncryptionAlgorithm(CATokenInfo.SIGALG_SHA256_WITH_RSA_AND_MGF1);
453             // Create and active OSCP CA Service.
454
ArrayList JavaDoc extendedcaservices = new ArrayList JavaDoc();
455             extendedcaservices.add(new OCSPCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE,
456                     "CN=OCSPSignerCertificate, " + cadn,
457                     "",
458                     "1024",
459                     CATokenConstants.KEYALGORITHM_RSA));
460             extendedcaservices.add(new XKMSCAServiceInfo(ExtendedCAServiceInfo.STATUS_INACTIVE,
461                     "CN=XKMSCertificate, " + cadn,
462                     "",
463                     "1024",
464                     CATokenConstants.KEYALGORITHM_RSA));
465
466
467             X509CAInfo cainfo = new X509CAInfo(cadn,
468                     "TESTSha256WithMGF1", SecConst.CA_ACTIVE, new Date JavaDoc(),
469                     "", SecConst.CERTPROFILE_FIXED_ROOTCA,
470                     365,
471                     null, // Expiretime
472
CAInfo.CATYPE_X509,
473                     CAInfo.SELFSIGNED,
474                     (Collection JavaDoc) null,
475                     catokeninfo,
476                     "JUnit RSA CA",
477                     -1, null,
478                     null, // PolicyId
479
24, // CRLPeriod
480
0, // CRLIssueInterval
481
10, // CRLOverlapTime
482
new ArrayList JavaDoc(),
483                     true, // Authority Key Identifier
484
false, // Authority Key Identifier Critical
485
true, // CRL Number
486
false, // CRL Number Critical
487
null, // defaultcrldistpoint
488
null, // defaultcrlissuer
489
null, // defaultocsplocator
490
true, // Finish User
491
extendedcaservices,
492                     false, // use default utf8 settings
493
new ArrayList JavaDoc(), // Approvals Settings
494
1, // Number of Req approvals
495
false); // Use UTF8 subject DN by default
496

497
498             cacheAdmin.createCA(admin, cainfo);
499
500
501             CAInfo info = cacheAdmin.getCAInfo(admin, "TESTSha256WithMGF1");
502
503             X509Certificate JavaDoc cert = (X509Certificate JavaDoc) info.getCertificateChain().iterator().next();
504             assertTrue("Error in created ca certificate", cert.getSubjectDN().toString().equals(cadn));
505             assertTrue("Creating CA failed", info.getSubjectDN().equals(cadn));
506             PublicKey JavaDoc pk = cert.getPublicKey();
507             if (pk instanceof RSAPublicKey JavaDoc) {
508                 RSAPublicKey JavaDoc rsapk = (RSAPublicKey JavaDoc) pk;
509                 assertEquals(rsapk.getAlgorithm(), "RSA");
510             } else {
511                 assertTrue("Public key is not RSA", false);
512             }
513
514             ret = true;
515         } catch (CAExistsException pee) {
516             log.info("CA exists.");
517         }
518
519         assertTrue("Creating RSA CA failed", ret);
520         log.debug("<test06AddRSASha256WithMGF1CA()");
521     }
522
523 }
Popular Tags