1 13 14 package se.anatom.ejbca.ca.crl; 15 16 import java.math.BigInteger ; 17 import java.rmi.RemoteException ; 18 import java.security.KeyPair ; 19 import java.security.KeyPairGenerator ; 20 import java.security.cert.X509CRL ; 21 import java.security.cert.X509CRLEntry ; 22 import java.security.cert.X509Certificate ; 23 import java.security.interfaces.RSAPrivateKey ; 24 import java.util.Collection ; 25 import java.util.Iterator ; 26 import java.util.Set ; 27 28 import javax.ejb.DuplicateKeyException ; 29 import javax.naming.Context ; 30 import javax.naming.NamingException ; 31 32 import junit.framework.TestCase; 33 34 import org.apache.log4j.Logger; 35 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionHome; 36 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionRemote; 37 import org.ejbca.core.ejb.ca.crl.ICreateCRLSessionHome; 38 import org.ejbca.core.ejb.ca.crl.ICreateCRLSessionRemote; 39 import org.ejbca.core.ejb.ca.sign.ISignSessionHome; 40 import org.ejbca.core.ejb.ca.sign.ISignSessionRemote; 41 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionHome; 42 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote; 43 import org.ejbca.core.ejb.ra.IUserAdminSessionHome; 44 import org.ejbca.core.ejb.ra.IUserAdminSessionRemote; 45 import org.ejbca.core.model.SecConst; 46 import org.ejbca.core.model.ca.caadmin.CAInfo; 47 import org.ejbca.core.model.ca.crl.RevokedCertInfo; 48 import org.ejbca.core.model.log.Admin; 49 import org.ejbca.core.model.ra.UserDataConstants; 50 import org.ejbca.util.CertTools; 51 import org.ejbca.util.cert.CrlExtensions; 52 53 58 public class TestCreateCRLSession extends TestCase { 59 60 private static Logger log = Logger.getLogger(TestCreateCRLSession.class); 61 private static Context ctx; 62 private static ICreateCRLSessionHome home; 63 private static ICreateCRLSessionRemote remote; 64 private static ICertificateStoreSessionHome storehome; 65 private static ICertificateStoreSessionRemote storeremote; 66 private static IUserAdminSessionRemote usersession; 67 private static ISignSessionRemote signsession; 68 private static Admin admin; 69 private static int caid; 70 private static String cadn; 71 72 77 public TestCreateCRLSession(String name) { 78 super(name); 79 } 80 81 protected void setUp() throws Exception { 82 log.debug(">setUp()"); 83 CertTools.installBCProvider(); 84 85 ctx = getInitialContext(); 86 87 admin = new Admin(Admin.TYPE_INTERNALUSER); 88 89 Object obj = ctx.lookup("CreateCRLSession"); 90 home = (ICreateCRLSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, ICreateCRLSessionHome.class); 91 remote = home.create(); 92 93 Object obj1 = ctx.lookup("CertificateStoreSession"); 94 storehome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject.narrow(obj1, ICertificateStoreSessionHome.class); 95 storeremote = storehome.create(); 96 97 obj = ctx.lookup("UserAdminSession"); 98 IUserAdminSessionHome userhome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, IUserAdminSessionHome.class); 99 usersession = userhome.create(); 100 101 obj = ctx.lookup("RSASignSession"); 102 ISignSessionHome signhome = (ISignSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, ISignSessionHome.class); 103 signsession = signhome.create(); 104 105 obj = ctx.lookup("CAAdminSession"); 106 ICAAdminSessionHome cahome = (ICAAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, ICAAdminSessionHome.class); 107 ICAAdminSessionRemote casession = cahome.create(); 108 Collection caids = casession.getAvailableCAs(admin); 109 Iterator iter = caids.iterator(); 110 if (iter.hasNext()) { 111 caid = ((Integer ) iter.next()).intValue(); 112 CAInfo cainfo = casession.getCAInfo(admin, caid); 113 cadn = cainfo.getSubjectDN(); 114 } else { 115 assertTrue("No active CA! Must have at least one active CA to run tests!", false); 116 } 117 118 119 log.debug("<setUp()"); 120 } 121 122 protected void tearDown() throws Exception { 123 } 124 125 private Context getInitialContext() throws NamingException { 126 log.debug(">getInitialContext"); 127 Context ctx = new javax.naming.InitialContext (); 128 log.debug("<getInitialContext"); 129 130 return ctx; 131 } 132 133 138 public void test01CreateNewCRL() throws Exception { 139 log.debug(">test01CreateNewCRL()"); 140 remote.run(admin, cadn); 141 log.debug("<test01CreateNewCRL()"); 142 } 143 144 149 public void test02LastCRL() throws Exception { 150 log.debug(">test02LastCRL()"); 151 int number = storeremote.getLastCRLNumber(admin, cadn); 153 log.debug("Last CRLNumber = " + number); 154 byte[] crl = storeremote.getLastCRL(admin, cadn); 155 assertNotNull("Could not get CRL", crl); 156 X509CRL x509crl = CertTools.getCRLfromByteArray(crl); 157 BigInteger num = CrlExtensions.getCrlNumber(x509crl); 158 remote.run(admin, cadn); 160 int number1 = storeremote.getLastCRLNumber(admin, cadn); 161 assertEquals(number+1, number1); 162 byte[] crl1 = storeremote.getLastCRL(admin, cadn); 163 X509CRL x509crl1 = CertTools.getCRLfromByteArray(crl1); 164 BigInteger num1 = CrlExtensions.getCrlNumber(x509crl1); 165 assertEquals(num.intValue()+1, num1.intValue()); 166 log.debug("<test02LastCRL()"); 167 } 168 169 174 public void test03CheckNumberofRevokedCerts() throws Exception { 175 log.debug(">test03CheckNumberofRevokedCerts()"); 176 177 Collection revfp = storeremote.listRevokedCertificates(admin, cadn); 179 log.debug("Number of revoked certificates=" + revfp.size()); 180 byte[] crl = storeremote.getLastCRL(admin, cadn); 181 assertNotNull("Could not get CRL", crl); 182 183 X509CRL x509crl = CertTools.getCRLfromByteArray(crl); 184 Set revset = x509crl.getRevokedCertificates(); 185 int revsize = 0; 186 187 if (revset != null) { 188 revsize = revset.size(); 189 assertEquals(revfp.size(), revsize); 190 } 191 log.debug("<test03CheckNumberofRevokedCerts()"); 192 } 193 194 199 public void test04RevokeAndUnrevoke() throws Exception { 200 log.debug(">test04RevokeAndUnrevoke()"); 201 202 boolean userExists = false; 204 try { 205 usersession.addUser(admin,"foo","foo123","C=SE,O=AnaTom,CN=foo",null,"foo@anatom.se",false,SecConst.EMPTY_ENDENTITYPROFILE,SecConst.CERTPROFILE_FIXED_ENDUSER,SecConst.USER_ENDUSER,SecConst.TOKEN_SOFT_PEM,0,caid); 206 log.debug("created user: foo, foo123, C=SE, O=AnaTom, CN=foo"); 207 } catch (RemoteException re) { 208 userExists = true; 209 } catch (DuplicateKeyException dke) { 210 userExists = true; 211 } 212 if (userExists) { 213 log.info("User foo already exists, resetting status."); 214 usersession.setUserStatus(admin,"foo",UserDataConstants.STATUS_NEW); 215 log.debug("Reset status to NEW"); 216 } 217 KeyPair keys = genKeys(); 218 219 X509Certificate cert = (X509Certificate )signsession.createCertificate(admin, "foo", "foo123", keys.getPublic()); 221 assertNotNull("Misslyckades skapa cert", cert); 222 log.debug("Cert=" + cert.toString()); 223 224 remote.run(admin, cadn); 226 byte[] crl = storeremote.getLastCRL(admin, cadn); 228 assertNotNull("Could not get CRL", crl); 229 X509CRL x509crl = CertTools.getCRLfromByteArray(crl); 230 Set revset = x509crl.getRevokedCertificates(); 231 if (revset != null) { 232 Iterator iter = revset.iterator(); 233 while (iter.hasNext()) { 234 X509CRLEntry ce = (X509CRLEntry )iter.next(); 235 assertTrue(ce.getSerialNumber().compareTo(cert.getSerialNumber()) != 0); 236 } 237 } 239 storeremote.revokeCertificate(admin, cert, null, RevokedCertInfo.REVOKATION_REASON_CERTIFICATEHOLD); 240 remote.run(admin, cadn); 242 crl = storeremote.getLastCRL(admin, cadn); 244 assertNotNull("Could not get CRL", crl); 245 x509crl = CertTools.getCRLfromByteArray(crl); 246 revset = x509crl.getRevokedCertificates(); 247 assertNotNull(revset); 248 Iterator iter = revset.iterator(); 249 boolean found = false; 250 while (iter.hasNext()) { 251 X509CRLEntry ce = (X509CRLEntry )iter.next(); 252 if (ce.getSerialNumber().compareTo(cert.getSerialNumber()) == 0) { 253 found = true; 254 } 256 } 257 assertTrue(found); 258 259 storeremote.revokeCertificate(admin, cert, null, RevokedCertInfo.NOT_REVOKED); 261 remote.run(admin, cadn); 263 crl = storeremote.getLastCRL(admin, cadn); 265 assertNotNull("Could not get CRL", crl); 266 x509crl = CertTools.getCRLfromByteArray(crl); 267 revset = x509crl.getRevokedCertificates(); 268 if (revset != null) { 269 iter = revset.iterator(); 270 found = false; 271 while (iter.hasNext()) { 272 X509CRLEntry ce = (X509CRLEntry )iter.next(); 273 if (ce.getSerialNumber().compareTo(cert.getSerialNumber()) == 0) { 274 found = true; 275 } 276 } 277 assertFalse(found); 278 } 280 storeremote.revokeCertificate(admin, cert, null, RevokedCertInfo.REVOKATION_REASON_CACOMPROMISE); 281 remote.run(admin, cadn); 283 crl = storeremote.getLastCRL(admin, cadn); 285 assertNotNull("Could not get CRL", crl); 286 x509crl = CertTools.getCRLfromByteArray(crl); 287 revset = x509crl.getRevokedCertificates(); 288 iter = revset.iterator(); 289 found = false; 290 while (iter.hasNext()) { 291 X509CRLEntry ce = (X509CRLEntry )iter.next(); 292 if (ce.getSerialNumber().compareTo(cert.getSerialNumber()) == 0) { 293 found = true; 294 } 296 } 297 assertTrue(found); 298 299 storeremote.revokeCertificate(admin, cert, null, RevokedCertInfo.NOT_REVOKED); 300 remote.run(admin, cadn); 302 crl = storeremote.getLastCRL(admin, cadn); 305 assertNotNull("Could not get CRL", crl); 306 x509crl = CertTools.getCRLfromByteArray(crl); 307 revset = x509crl.getRevokedCertificates(); 308 iter = revset.iterator(); 309 found = false; 310 while (iter.hasNext()) { 311 X509CRLEntry ce = (X509CRLEntry )iter.next(); 312 if (ce.getSerialNumber().compareTo(cert.getSerialNumber()) == 0) { 313 found = true; 314 } 315 } 316 assertTrue(found); 317 log.debug("<test04RevokeAndUnrevoke()"); 318 } 319 320 324 331 private static KeyPair genKeys() throws Exception { 332 KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA", "BC"); 333 keygen.initialize(512); 334 log.debug("Generating keys, please wait..."); 335 KeyPair rsaKeys = keygen.generateKeyPair(); 336 log.debug("Generated " + rsaKeys.getPrivate().getAlgorithm() + " keys with length" + 337 ((RSAPrivateKey ) rsaKeys.getPrivate()).getModulus().bitLength()); 338 339 return rsaKeys; 340 } } 342 | Popular Tags |