KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > se > anatom > ejbca > ca > crl > TestCreateCRLSession


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13
14 package se.anatom.ejbca.ca.crl;
15
16 import java.math.BigInteger JavaDoc;
17 import java.rmi.RemoteException JavaDoc;
18 import java.security.KeyPair JavaDoc;
19 import java.security.KeyPairGenerator JavaDoc;
20 import java.security.cert.X509CRL JavaDoc;
21 import java.security.cert.X509CRLEntry JavaDoc;
22 import java.security.cert.X509Certificate JavaDoc;
23 import java.security.interfaces.RSAPrivateKey JavaDoc;
24 import java.util.Collection JavaDoc;
25 import java.util.Iterator JavaDoc;
26 import java.util.Set JavaDoc;
27
28 import javax.ejb.DuplicateKeyException JavaDoc;
29 import javax.naming.Context JavaDoc;
30 import javax.naming.NamingException JavaDoc;
31
32 import junit.framework.TestCase;
33
34 import org.apache.log4j.Logger;
35 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionHome;
36 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionRemote;
37 import org.ejbca.core.ejb.ca.crl.ICreateCRLSessionHome;
38 import org.ejbca.core.ejb.ca.crl.ICreateCRLSessionRemote;
39 import org.ejbca.core.ejb.ca.sign.ISignSessionHome;
40 import org.ejbca.core.ejb.ca.sign.ISignSessionRemote;
41 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionHome;
42 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote;
43 import org.ejbca.core.ejb.ra.IUserAdminSessionHome;
44 import org.ejbca.core.ejb.ra.IUserAdminSessionRemote;
45 import org.ejbca.core.model.SecConst;
46 import org.ejbca.core.model.ca.caadmin.CAInfo;
47 import org.ejbca.core.model.ca.crl.RevokedCertInfo;
48 import org.ejbca.core.model.log.Admin;
49 import org.ejbca.core.model.ra.UserDataConstants;
50 import org.ejbca.util.CertTools;
51 import org.ejbca.util.cert.CrlExtensions;
52
53 /**
54  * Tests CRL session (agentrunner and certificatesession).
55  *
56  * @version $Id: TestCreateCRLSession.java,v 1.8.6.1 2007/02/23 15:57:47 anatom Exp $
57  */
58 public class TestCreateCRLSession extends TestCase {
59
60     private static Logger log = Logger.getLogger(TestCreateCRLSession.class);
61     private static Context JavaDoc ctx;
62     private static ICreateCRLSessionHome home;
63     private static ICreateCRLSessionRemote remote;
64     private static ICertificateStoreSessionHome storehome;
65     private static ICertificateStoreSessionRemote storeremote;
66     private static IUserAdminSessionRemote usersession;
67     private static ISignSessionRemote signsession;
68     private static Admin admin;
69     private static int caid;
70     private static String JavaDoc cadn;
71
72     /**
73      * Creates a new TestCreateCRLSession object.
74      *
75      * @param name name
76      */
77     public TestCreateCRLSession(String JavaDoc name) {
78         super(name);
79     }
80
81     protected void setUp() throws Exception JavaDoc {
82         log.debug(">setUp()");
83         CertTools.installBCProvider();
84
85         ctx = getInitialContext();
86
87         admin = new Admin(Admin.TYPE_INTERNALUSER);
88
89         Object JavaDoc obj = ctx.lookup("CreateCRLSession");
90         home = (ICreateCRLSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, ICreateCRLSessionHome.class);
91         remote = home.create();
92
93         Object JavaDoc obj1 = ctx.lookup("CertificateStoreSession");
94         storehome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject.narrow(obj1, ICertificateStoreSessionHome.class);
95         storeremote = storehome.create();
96         
97         obj = ctx.lookup("UserAdminSession");
98         IUserAdminSessionHome userhome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, IUserAdminSessionHome.class);
99         usersession = userhome.create();
100
101         obj = ctx.lookup("RSASignSession");
102         ISignSessionHome signhome = (ISignSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, ISignSessionHome.class);
103         signsession = signhome.create();
104
105         obj = ctx.lookup("CAAdminSession");
106         ICAAdminSessionHome cahome = (ICAAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, ICAAdminSessionHome.class);
107         ICAAdminSessionRemote casession = cahome.create();
108         Collection JavaDoc caids = casession.getAvailableCAs(admin);
109         Iterator JavaDoc iter = caids.iterator();
110         if (iter.hasNext()) {
111             caid = ((Integer JavaDoc) iter.next()).intValue();
112             CAInfo cainfo = casession.getCAInfo(admin, caid);
113             cadn = cainfo.getSubjectDN();
114         } else {
115             assertTrue("No active CA! Must have at least one active CA to run tests!", false);
116         }
117
118
119         log.debug("<setUp()");
120     }
121
122     protected void tearDown() throws Exception JavaDoc {
123     }
124
125     private Context JavaDoc getInitialContext() throws NamingException JavaDoc {
126         log.debug(">getInitialContext");
127         Context JavaDoc ctx = new javax.naming.InitialContext JavaDoc();
128         log.debug("<getInitialContext");
129
130         return ctx;
131     }
132
133     /**
134      * creates new crl
135      *
136      * @throws Exception error
137      */
138     public void test01CreateNewCRL() throws Exception JavaDoc {
139         log.debug(">test01CreateNewCRL()");
140         remote.run(admin, cadn);
141         log.debug("<test01CreateNewCRL()");
142     }
143
144     /**
145      * gets last crl
146      *
147      * @throws Exception error
148      */
149     public void test02LastCRL() throws Exception JavaDoc {
150         log.debug(">test02LastCRL()");
151         // Get number of last CRL
152 int number = storeremote.getLastCRLNumber(admin, cadn);
153         log.debug("Last CRLNumber = " + number);
154         byte[] crl = storeremote.getLastCRL(admin, cadn);
155         assertNotNull("Could not get CRL", crl);
156         X509CRL JavaDoc x509crl = CertTools.getCRLfromByteArray(crl);
157         BigInteger JavaDoc num = CrlExtensions.getCrlNumber(x509crl);
158         // Create a new CRL again to see that the number increases
159 remote.run(admin, cadn);
160         int number1 = storeremote.getLastCRLNumber(admin, cadn);
161         assertEquals(number+1, number1);
162         byte[] crl1 = storeremote.getLastCRL(admin, cadn);
163         X509CRL JavaDoc x509crl1 = CertTools.getCRLfromByteArray(crl1);
164         BigInteger JavaDoc num1 = CrlExtensions.getCrlNumber(x509crl1);
165         assertEquals(num.intValue()+1, num1.intValue());
166         log.debug("<test02LastCRL()");
167     }
168
169     /**
170      * check revoked certificates
171      *
172      * @throws Exception error
173      */
174     public void test03CheckNumberofRevokedCerts() throws Exception JavaDoc {
175         log.debug(">test03CheckNumberofRevokedCerts()");
176
177         // Get number of last CRL
178 Collection JavaDoc revfp = storeremote.listRevokedCertificates(admin, cadn);
179         log.debug("Number of revoked certificates=" + revfp.size());
180         byte[] crl = storeremote.getLastCRL(admin, cadn);
181         assertNotNull("Could not get CRL", crl);
182
183         X509CRL JavaDoc x509crl = CertTools.getCRLfromByteArray(crl);
184         Set JavaDoc revset = x509crl.getRevokedCertificates();
185         int revsize = 0;
186
187         if (revset != null) {
188             revsize = revset.size();
189             assertEquals(revfp.size(), revsize);
190         }
191         log.debug("<test03CheckNumberofRevokedCerts()");
192     }
193
194     /**
195      * Test revocation and un-revokation of certificates
196      *
197      * @throws Exception error
198      */
199     public void test04RevokeAndUnrevoke() throws Exception JavaDoc {
200         log.debug(">test04RevokeAndUnrevoke()");
201
202         // Make user that we know...
203 boolean userExists = false;
204         try {
205             usersession.addUser(admin,"foo","foo123","C=SE,O=AnaTom,CN=foo",null,"foo@anatom.se",false,SecConst.EMPTY_ENDENTITYPROFILE,SecConst.CERTPROFILE_FIXED_ENDUSER,SecConst.USER_ENDUSER,SecConst.TOKEN_SOFT_PEM,0,caid);
206             log.debug("created user: foo, foo123, C=SE, O=AnaTom, CN=foo");
207         } catch (RemoteException JavaDoc re) {
208             userExists = true;
209         } catch (DuplicateKeyException JavaDoc dke) {
210             userExists = true;
211         }
212         if (userExists) {
213             log.info("User foo already exists, resetting status.");
214             usersession.setUserStatus(admin,"foo",UserDataConstants.STATUS_NEW);
215             log.debug("Reset status to NEW");
216         }
217         KeyPair JavaDoc keys = genKeys();
218
219         // user that we know exists...
220 X509Certificate JavaDoc cert = (X509Certificate JavaDoc)signsession.createCertificate(admin, "foo", "foo123", keys.getPublic());
221         assertNotNull("Misslyckades skapa cert", cert);
222         log.debug("Cert=" + cert.toString());
223
224         // Create a new CRL again...
225 remote.run(admin, cadn);
226         // Check that our newloy signed certificate is not present in a new CRL
227 byte[] crl = storeremote.getLastCRL(admin, cadn);
228         assertNotNull("Could not get CRL", crl);
229         X509CRL JavaDoc x509crl = CertTools.getCRLfromByteArray(crl);
230         Set JavaDoc revset = x509crl.getRevokedCertificates();
231         if (revset != null) {
232             Iterator JavaDoc iter = revset.iterator();
233             while (iter.hasNext()) {
234                 X509CRLEntry JavaDoc ce = (X509CRLEntry JavaDoc)iter.next();
235                 assertTrue(ce.getSerialNumber().compareTo(cert.getSerialNumber()) != 0);
236             }
237         } // If no revoked certificates exist at all, this test passed...
238
239         storeremote.revokeCertificate(admin, cert, null, RevokedCertInfo.REVOKATION_REASON_CERTIFICATEHOLD);
240         // Create a new CRL again...
241 remote.run(admin, cadn);
242         // Check that our newly signed certificate IS present in a new CRL
243 crl = storeremote.getLastCRL(admin, cadn);
244         assertNotNull("Could not get CRL", crl);
245         x509crl = CertTools.getCRLfromByteArray(crl);
246         revset = x509crl.getRevokedCertificates();
247         assertNotNull(revset);
248         Iterator JavaDoc iter = revset.iterator();
249         boolean found = false;
250         while (iter.hasNext()) {
251             X509CRLEntry JavaDoc ce = (X509CRLEntry JavaDoc)iter.next();
252             if (ce.getSerialNumber().compareTo(cert.getSerialNumber()) == 0) {
253                 found = true;
254                 // TODO: verify the reason code
255 }
256         }
257         assertTrue(found);
258         
259         // Unrevoke the certificate that we just revoked
260 storeremote.revokeCertificate(admin, cert, null, RevokedCertInfo.NOT_REVOKED);
261         // Create a new CRL again...
262 remote.run(admin, cadn);
263         // Check that our newly signed certificate IS NOT present in the new CRL.
264 crl = storeremote.getLastCRL(admin, cadn);
265         assertNotNull("Could not get CRL", crl);
266         x509crl = CertTools.getCRLfromByteArray(crl);
267         revset = x509crl.getRevokedCertificates();
268         if (revset != null) {
269             iter = revset.iterator();
270             found = false;
271             while (iter.hasNext()) {
272                 X509CRLEntry JavaDoc ce = (X509CRLEntry JavaDoc)iter.next();
273                 if (ce.getSerialNumber().compareTo(cert.getSerialNumber()) == 0) {
274                     found = true;
275                 }
276             }
277             assertFalse(found);
278         } // If no revoked certificates exist at all, this test passed...
279
280         storeremote.revokeCertificate(admin, cert, null, RevokedCertInfo.REVOKATION_REASON_CACOMPROMISE);
281         // Create a new CRL again...
282 remote.run(admin, cadn);
283         // Check that our newly signed certificate IS present in a new CRL
284 crl = storeremote.getLastCRL(admin, cadn);
285         assertNotNull("Could not get CRL", crl);
286         x509crl = CertTools.getCRLfromByteArray(crl);
287         revset = x509crl.getRevokedCertificates();
288         iter = revset.iterator();
289         found = false;
290         while (iter.hasNext()) {
291             X509CRLEntry JavaDoc ce = (X509CRLEntry JavaDoc)iter.next();
292             if (ce.getSerialNumber().compareTo(cert.getSerialNumber()) == 0) {
293                 found = true;
294                 // TODO: verify the reason code
295 }
296         }
297         assertTrue(found);
298
299         storeremote.revokeCertificate(admin, cert, null, RevokedCertInfo.NOT_REVOKED);
300         // Create a new CRL again...
301 remote.run(admin, cadn);
302         // Check that our newly signed certificate is present in the new CRL, because the revocation reason
303 // was not CERTIFICATE_HOLD, we can olny unrevoke certificates that are on hold.
304 crl = storeremote.getLastCRL(admin, cadn);
305         assertNotNull("Could not get CRL", crl);
306         x509crl = CertTools.getCRLfromByteArray(crl);
307         revset = x509crl.getRevokedCertificates();
308         iter = revset.iterator();
309         found = false;
310         while (iter.hasNext()) {
311             X509CRLEntry JavaDoc ce = (X509CRLEntry JavaDoc)iter.next();
312             if (ce.getSerialNumber().compareTo(cert.getSerialNumber()) == 0) {
313                 found = true;
314             }
315         }
316         assertTrue(found);
317         log.debug("<test04RevokeAndUnrevoke()");
318     }
319
320     //
321 // Helper methods
322 //
323
324     /**
325      * Generates a RSA key pair.
326      *
327      * @return KeyPair the generated key pair
328      *
329      * @throws Exception if en error occurs...
330      */
331     private static KeyPair JavaDoc genKeys() throws Exception JavaDoc {
332         KeyPairGenerator JavaDoc keygen = KeyPairGenerator.getInstance("RSA", "BC");
333         keygen.initialize(512);
334         log.debug("Generating keys, please wait...");
335         KeyPair JavaDoc rsaKeys = keygen.generateKeyPair();
336         log.debug("Generated " + rsaKeys.getPrivate().getAlgorithm() + " keys with length" +
337                 ((RSAPrivateKey JavaDoc) rsaKeys.getPrivate()).getModulus().bitLength());
338
339         return rsaKeys;
340     } // genKeys
341 }
342
Popular Tags