1 13 14 package se.anatom.ejbca.ca.caadmin; 15 16 import java.security.PublicKey ; 17 import java.security.cert.X509Certificate ; 18 import java.security.interfaces.RSAPublicKey ; 19 import java.util.ArrayList ; 20 import java.util.Collection ; 21 import java.util.Date ; 22 23 import javax.naming.Context ; 24 import javax.naming.NamingException ; 25 26 import junit.framework.TestCase; 27 28 import org.apache.log4j.Logger; 29 import org.bouncycastle.jce.provider.JCEECPublicKey; 30 import org.ejbca.core.ejb.authorization.IAuthorizationSessionHome; 31 import org.ejbca.core.ejb.authorization.IAuthorizationSessionRemote; 32 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionHome; 33 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionRemote; 34 import org.ejbca.core.model.SecConst; 35 import org.ejbca.core.model.ca.caadmin.CAExistsException; 36 import org.ejbca.core.model.ca.caadmin.CAInfo; 37 import org.ejbca.core.model.ca.caadmin.X509CAInfo; 38 import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceInfo; 39 import org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceInfo; 40 import org.ejbca.core.model.ca.caadmin.extendedcaservices.XKMSCAServiceInfo; 41 import org.ejbca.core.model.ca.catoken.CATokenConstants; 42 import org.ejbca.core.model.ca.catoken.CATokenInfo; 43 import org.ejbca.core.model.ca.catoken.SoftCATokenInfo; 44 import org.ejbca.core.model.log.Admin; 45 import org.ejbca.util.CertTools; 46 47 52 public class TestCAs extends TestCase { 53 private static Logger log = Logger.getLogger(TestCAs.class); 54 55 private static ICAAdminSessionRemote cacheAdmin; 56 57 58 private static ICAAdminSessionHome cacheHome; 59 60 private static final Admin admin = new Admin(Admin.TYPE_INTERNALUSER); 61 62 67 public TestCAs(String name) { 68 super(name); 69 } 70 71 protected void setUp() throws Exception { 72 73 log.debug(">setUp()"); 74 75 if (cacheAdmin == null) { 76 if (cacheHome == null) { 77 Context jndiContext = getInitialContext(); 78 Object obj1 = jndiContext.lookup("CAAdminSession"); 79 cacheHome = (ICAAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj1, ICAAdminSessionHome.class); 80 } 81 82 cacheAdmin = cacheHome.create(); 83 } 84 85 CertTools.installBCProvider(); 86 87 log.debug("<setUp()"); 88 } 89 90 protected void tearDown() throws Exception { 91 } 92 93 private Context getInitialContext() throws NamingException { 94 log.debug(">getInitialContext"); 95 96 Context ctx = new javax.naming.InitialContext (); 97 log.debug("<getInitialContext"); 98 99 return ctx; 100 } 101 102 103 110 public void test01AddRSACA() throws Exception { 111 log.debug(">test01AddRSACA()"); 112 boolean ret = false; 113 try { 114 115 Context context = getInitialContext(); 116 IAuthorizationSessionHome authorizationsessionhome = (IAuthorizationSessionHome) javax.rmi.PortableRemoteObject.narrow(context.lookup("AuthorizationSession"), IAuthorizationSessionHome.class); 117 IAuthorizationSessionRemote authorizationsession = authorizationsessionhome.create(); 118 authorizationsession.initialize(admin, "CN=TEST".hashCode()); 119 120 SoftCATokenInfo catokeninfo = new SoftCATokenInfo(); 121 catokeninfo.setSignKeySpec("1024"); 122 catokeninfo.setEncKeySpec("1024"); 123 catokeninfo.setSignKeyAlgorithm(SoftCATokenInfo.KEYALGORITHM_RSA); 124 catokeninfo.setEncKeyAlgorithm(SoftCATokenInfo.KEYALGORITHM_RSA); 125 catokeninfo.setSignatureAlgorithm(CATokenInfo.SIGALG_SHA1_WITH_RSA); 126 catokeninfo.setEncryptionAlgorithm(CATokenInfo.SIGALG_SHA1_WITH_RSA); 127 ArrayList extendedcaservices = new ArrayList (); 129 extendedcaservices.add(new OCSPCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE, 130 "CN=OCSPSignerCertificate, " + "CN=TEST", 131 "", 132 "1024", 133 CATokenConstants.KEYALGORITHM_RSA)); 134 extendedcaservices.add(new XKMSCAServiceInfo(ExtendedCAServiceInfo.STATUS_INACTIVE, 135 "CN=XKMSCertificate, " + "CN=TEST", 136 "", 137 "1024", 138 CATokenConstants.KEYALGORITHM_RSA)); 139 140 141 X509CAInfo cainfo = new X509CAInfo("CN=TEST", 142 "TEST", SecConst.CA_ACTIVE, new Date (), 143 "", SecConst.CERTPROFILE_FIXED_ROOTCA, 144 365, 145 null, CAInfo.CATYPE_X509, 147 CAInfo.SELFSIGNED, 148 (Collection ) null, 149 catokeninfo, 150 "JUnit RSA CA", 151 -1, null, 152 null, 24, 0, 10, new ArrayList (), 157 true, false, true, false, null, null, null, true, extendedcaservices, 166 false, new ArrayList (), 1, false); 171 172 cacheAdmin.createCA(admin, cainfo); 173 174 175 CAInfo info = cacheAdmin.getCAInfo(admin, "TEST"); 176 177 X509Certificate cert = (X509Certificate ) info.getCertificateChain().iterator().next(); 178 assertTrue("Error in created ca certificate", cert.getSubjectDN().toString().equals("CN=TEST")); 179 assertTrue("Creating CA failed", info.getSubjectDN().equals("CN=TEST")); 180 PublicKey pk = cert.getPublicKey(); 181 if (pk instanceof RSAPublicKey ) { 182 RSAPublicKey rsapk = (RSAPublicKey ) pk; 183 assertEquals(rsapk.getAlgorithm(), "RSA"); 184 } else { 185 assertTrue("Public key is not EC", false); 186 } 187 188 ret = true; 189 } catch (CAExistsException pee) { 190 log.info("CA exists."); 191 } 192 193 assertTrue("Creating RSA CA failed", ret); 194 log.debug("<test01AddRSACA()"); 195 } 196 197 202 public void test02RenameCA() throws Exception { 203 log.debug(">test02RenameCA()"); 204 205 boolean ret = false; 206 try { 207 cacheAdmin.renameCA(admin, "TEST", "TEST2"); 208 cacheAdmin.renameCA(admin, "TEST2", "TEST"); 209 ret = true; 210 } catch (CAExistsException cee) { 211 } 212 assertTrue("Renaming CA failed", ret); 213 214 log.debug("<test02RenameCA()"); 215 } 216 217 218 223 public void test03EditCA() throws Exception { 224 log.debug(">test03EditCA()"); 225 226 X509CAInfo info = (X509CAInfo) cacheAdmin.getCAInfo(admin, "TEST"); 227 info.setCRLPeriod(33); 228 cacheAdmin.editCA(admin, info); 229 X509CAInfo info2 = (X509CAInfo) cacheAdmin.getCAInfo(admin, "TEST"); 230 assertTrue("Editing CA failed", info2.getCRLPeriod() == 33); 231 232 log.debug("<test03EditCA()"); 233 } 234 235 242 public void test04AddECDSACA() throws Exception { 243 log.debug(">test04AddECDSACA()"); 244 boolean ret = false; 245 try { 246 247 Context context = getInitialContext(); 248 IAuthorizationSessionHome authorizationsessionhome = (IAuthorizationSessionHome) javax.rmi.PortableRemoteObject.narrow(context.lookup("AuthorizationSession"), IAuthorizationSessionHome.class); 249 IAuthorizationSessionRemote authorizationsession = authorizationsessionhome.create(); 250 authorizationsession.initialize(admin, "CN=TESTECDSA".hashCode()); 251 252 SoftCATokenInfo catokeninfo = new SoftCATokenInfo(); 253 catokeninfo.setSignKeySpec("prime192v1"); 254 catokeninfo.setEncKeySpec("1024"); 255 catokeninfo.setSignKeyAlgorithm(SoftCATokenInfo.KEYALGORITHM_ECDSA); 256 catokeninfo.setEncKeyAlgorithm(SoftCATokenInfo.KEYALGORITHM_RSA); 257 catokeninfo.setSignatureAlgorithm(CATokenInfo.SIGALG_SHA256_WITH_ECDSA); 258 catokeninfo.setEncryptionAlgorithm(CATokenInfo.SIGALG_SHA1_WITH_RSA); 259 ArrayList extendedcaservices = new ArrayList (); 261 extendedcaservices.add(new OCSPCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE, 262 "CN=OCSPSignerCertificate, " + "CN=TESTECDSA", 263 "", 264 "prime192v1", 265 CATokenConstants.KEYALGORITHM_ECDSA)); 266 extendedcaservices.add(new XKMSCAServiceInfo(ExtendedCAServiceInfo.STATUS_INACTIVE, 267 "CN=XKMSSignerCertificate, " + "CN=TESTECDSA", 268 "", 269 "prime192v1", 270 CATokenConstants.KEYALGORITHM_ECDSA)); 271 272 273 X509CAInfo cainfo = new X509CAInfo("CN=TESTECDSA", 274 "TESTECDSA", SecConst.CA_ACTIVE, new Date (), 275 "", SecConst.CERTPROFILE_FIXED_ROOTCA, 276 365, 277 null, CAInfo.CATYPE_X509, 279 CAInfo.SELFSIGNED, 280 (Collection ) null, 281 catokeninfo, 282 "JUnit ECDSA CA", 283 -1, null, 284 "2.5.29.32.0", 24, 0, 10, new ArrayList (), 289 true, false, true, false, null, null, null, true, extendedcaservices, 298 false, new ArrayList (), 1, false); 303 304 cacheAdmin.createCA(admin, cainfo); 305 306 307 CAInfo info = cacheAdmin.getCAInfo(admin, "TESTECDSA"); 308 309 X509Certificate cert = (X509Certificate ) info.getCertificateChain().iterator().next(); 310 assertTrue("Error in created ca certificate", cert.getSubjectDN().toString().equals("CN=TESTECDSA")); 311 assertTrue("Creating CA failed", info.getSubjectDN().equals("CN=TESTECDSA")); 312 PublicKey pk = cert.getPublicKey(); 313 if (pk instanceof JCEECPublicKey) { 314 JCEECPublicKey ecpk = (JCEECPublicKey) pk; 315 assertEquals(ecpk.getAlgorithm(), "EC"); 316 org.bouncycastle.jce.spec.ECParameterSpec spec = ecpk.getParameters(); 317 assertNotNull("ImplicitlyCA must have null spec", spec); 318 } else { 319 assertTrue("Public key is not EC", false); 320 } 321 322 ret = true; 323 } catch (CAExistsException pee) { 324 log.info("CA exists."); 325 } 326 327 assertTrue("Creating ECDSA CA failed", ret); 328 log.debug("<test04AddECDSACA()"); 329 } 330 331 338 public void test05AddECDSAImplicitlyCACA() throws Exception { 339 log.debug(">test05AddECDSAImplicitlyCACA()"); 340 boolean ret = false; 341 try { 342 343 Context context = getInitialContext(); 344 IAuthorizationSessionHome authorizationsessionhome = (IAuthorizationSessionHome) javax.rmi.PortableRemoteObject.narrow(context.lookup("AuthorizationSession"), IAuthorizationSessionHome.class); 345 IAuthorizationSessionRemote authorizationsession = authorizationsessionhome.create(); 346 authorizationsession.initialize(admin, "CN=TESTECDSAImplicitlyCA".hashCode()); 347 348 SoftCATokenInfo catokeninfo = new SoftCATokenInfo(); 349 catokeninfo.setSignKeySpec("implicitlyCA"); 350 catokeninfo.setEncKeySpec("1024"); 351 catokeninfo.setSignKeyAlgorithm(SoftCATokenInfo.KEYALGORITHM_ECDSA); 352 catokeninfo.setEncKeyAlgorithm(SoftCATokenInfo.KEYALGORITHM_RSA); 353 catokeninfo.setSignatureAlgorithm(CATokenInfo.SIGALG_SHA256_WITH_ECDSA); 354 catokeninfo.setEncryptionAlgorithm(CATokenInfo.SIGALG_SHA1_WITH_RSA); 355 ArrayList extendedcaservices = new ArrayList (); 357 extendedcaservices.add(new OCSPCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE, 358 "CN=OCSPSignerCertificate, " + "CN=TESTECDSAImplicitlyCA", 359 "", 360 "prime192v1", 361 CATokenConstants.KEYALGORITHM_ECDSA)); 362 363 extendedcaservices.add(new XKMSCAServiceInfo(ExtendedCAServiceInfo.STATUS_INACTIVE, 364 "CN=XKMSCertificate, " + "CN=TESTECDSAImplicitlyCA", 365 "", 366 "prime192v1", 367 CATokenConstants.KEYALGORITHM_ECDSA)); 368 369 370 X509CAInfo cainfo = new X509CAInfo("CN=TESTECDSAImplicitlyCA", 371 "TESTECDSAImplicitlyCA", SecConst.CA_ACTIVE, new Date (), 372 "", SecConst.CERTPROFILE_FIXED_ROOTCA, 373 365, 374 null, CAInfo.CATYPE_X509, 376 CAInfo.SELFSIGNED, 377 (Collection ) null, 378 catokeninfo, 379 "JUnit ECDSA ImplicitlyCA CA", 380 -1, null, 381 "2.5.29.32.0", 24, 0, 10, new ArrayList (), 386 true, false, true, false, null, null, null, true, extendedcaservices, 395 false, new ArrayList (), 1, false); 400 401 cacheAdmin.createCA(admin, cainfo); 402 403 404 CAInfo info = cacheAdmin.getCAInfo(admin, "TESTECDSAImplicitlyCA"); 405 406 X509Certificate cert = (X509Certificate ) info.getCertificateChain().iterator().next(); 407 assertTrue("Error in created ca certificate", cert.getSubjectDN().toString().equals("CN=TESTECDSAImplicitlyCA")); 408 assertTrue("Creating CA failed", info.getSubjectDN().equals("CN=TESTECDSAImplicitlyCA")); 409 PublicKey pk = cert.getPublicKey(); 410 if (pk instanceof JCEECPublicKey) { 411 JCEECPublicKey ecpk = (JCEECPublicKey) pk; 412 assertEquals(ecpk.getAlgorithm(), "EC"); 413 org.bouncycastle.jce.spec.ECParameterSpec spec = ecpk.getParameters(); 414 assertNull("ImplicitlyCA must have null spec", spec); 415 416 } else { 417 assertTrue("Public key is not EC", false); 418 } 419 420 ret = true; 421 } catch (CAExistsException pee) { 422 log.info("CA exists."); 423 } 424 425 assertTrue("Creating ECDSA ImplicitlyCA CA failed", ret); 426 log.debug("<test05AddECDSAImplicitlyCACA()"); 427 } 428 429 436 public void test06AddRSASha256WithMGF1CA() throws Exception { 437 log.debug(">test06AddRSASha256WithMGF1CA()"); 438 boolean ret = false; 439 try { 440 String cadn = "CN=TESTSha256WithMGF1"; 441 Context context = getInitialContext(); 442 IAuthorizationSessionHome authorizationsessionhome = (IAuthorizationSessionHome) javax.rmi.PortableRemoteObject.narrow(context.lookup("AuthorizationSession"), IAuthorizationSessionHome.class); 443 IAuthorizationSessionRemote authorizationsession = authorizationsessionhome.create(); 444 authorizationsession.initialize(admin, cadn.hashCode()); 445 446 SoftCATokenInfo catokeninfo = new SoftCATokenInfo(); 447 catokeninfo.setSignKeySpec("1024"); 448 catokeninfo.setEncKeySpec("1024"); 449 catokeninfo.setSignKeyAlgorithm(SoftCATokenInfo.KEYALGORITHM_RSA); 450 catokeninfo.setEncKeyAlgorithm(SoftCATokenInfo.KEYALGORITHM_RSA); 451 catokeninfo.setSignatureAlgorithm(CATokenInfo.SIGALG_SHA256_WITH_RSA_AND_MGF1); 452 catokeninfo.setEncryptionAlgorithm(CATokenInfo.SIGALG_SHA256_WITH_RSA_AND_MGF1); 453 ArrayList extendedcaservices = new ArrayList (); 455 extendedcaservices.add(new OCSPCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE, 456 "CN=OCSPSignerCertificate, " + cadn, 457 "", 458 "1024", 459 CATokenConstants.KEYALGORITHM_RSA)); 460 extendedcaservices.add(new XKMSCAServiceInfo(ExtendedCAServiceInfo.STATUS_INACTIVE, 461 "CN=XKMSCertificate, " + cadn, 462 "", 463 "1024", 464 CATokenConstants.KEYALGORITHM_RSA)); 465 466 467 X509CAInfo cainfo = new X509CAInfo(cadn, 468 "TESTSha256WithMGF1", SecConst.CA_ACTIVE, new Date (), 469 "", SecConst.CERTPROFILE_FIXED_ROOTCA, 470 365, 471 null, CAInfo.CATYPE_X509, 473 CAInfo.SELFSIGNED, 474 (Collection ) null, 475 catokeninfo, 476 "JUnit RSA CA", 477 -1, null, 478 null, 24, 0, 10, new ArrayList (), 483 true, false, true, false, null, null, null, true, extendedcaservices, 492 false, new ArrayList (), 1, false); 497 498 cacheAdmin.createCA(admin, cainfo); 499 500 501 CAInfo info = cacheAdmin.getCAInfo(admin, "TESTSha256WithMGF1"); 502 503 X509Certificate cert = (X509Certificate ) info.getCertificateChain().iterator().next(); 504 assertTrue("Error in created ca certificate", cert.getSubjectDN().toString().equals(cadn)); 505 assertTrue("Creating CA failed", info.getSubjectDN().equals(cadn)); 506 PublicKey pk = cert.getPublicKey(); 507 if (pk instanceof RSAPublicKey ) { 508 RSAPublicKey rsapk = (RSAPublicKey ) pk; 509 assertEquals(rsapk.getAlgorithm(), "RSA"); 510 } else { 511 assertTrue("Public key is not RSA", false); 512 } 513 514 ret = true; 515 } catch (CAExistsException pee) { 516 log.info("CA exists."); 517 } 518 519 assertTrue("Creating RSA CA failed", ret); 520 log.debug("<test06AddRSASha256WithMGF1CA()"); 521 } 522 523 } | Popular Tags |