1 13 14 package se.anatom.ejbca.protocol.cmp; 15 16 import java.io.BufferedOutputStream ; 17 import java.io.ByteArrayInputStream ; 18 import java.io.ByteArrayOutputStream ; 19 import java.io.DataInputStream ; 20 import java.io.DataOutputStream ; 21 import java.io.IOException ; 22 import java.io.InputStream ; 23 import java.io.OutputStream ; 24 import java.math.BigInteger ; 25 import java.net.HttpURLConnection ; 26 import java.net.Socket ; 27 import java.net.URL ; 28 import java.security.InvalidKeyException ; 29 import java.security.KeyPair ; 30 import java.security.MessageDigest ; 31 import java.security.NoSuchAlgorithmException ; 32 import java.security.NoSuchProviderException ; 33 import java.security.Signature ; 34 import java.security.SignatureException ; 35 import java.security.cert.CertificateException ; 36 import java.security.cert.X509Certificate ; 37 import java.util.Arrays ; 38 import java.util.Date ; 39 import java.util.Vector ; 40 41 import javax.crypto.Mac; 42 import javax.crypto.SecretKey; 43 import javax.crypto.spec.SecretKeySpec; 44 45 import junit.framework.TestCase; 46 47 import org.apache.log4j.Logger; 48 import org.bouncycastle.asn1.ASN1InputStream; 49 import org.bouncycastle.asn1.ASN1Sequence; 50 import org.bouncycastle.asn1.DERBitString; 51 import org.bouncycastle.asn1.DERGeneralizedTime; 52 import org.bouncycastle.asn1.DERInteger; 53 import org.bouncycastle.asn1.DERNull; 54 import org.bouncycastle.asn1.DERObjectIdentifier; 55 import org.bouncycastle.asn1.DEROctetString; 56 import org.bouncycastle.asn1.DEROutputStream; 57 import org.bouncycastle.asn1.DERUTF8String; 58 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 59 import org.bouncycastle.asn1.x509.AlgorithmIdentifier; 60 import org.bouncycastle.asn1.x509.GeneralName; 61 import org.bouncycastle.asn1.x509.GeneralNames; 62 import org.bouncycastle.asn1.x509.ReasonFlags; 63 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; 64 import org.bouncycastle.asn1.x509.X509CertificateStructure; 65 import org.bouncycastle.asn1.x509.X509Extension; 66 import org.bouncycastle.asn1.x509.X509Extensions; 67 import org.bouncycastle.asn1.x509.X509Name; 68 import org.ejbca.util.CertTools; 69 70 import com.novosec.pkix.asn1.cmp.CMPObjectIdentifiers; 71 import com.novosec.pkix.asn1.cmp.CertConfirmContent; 72 import com.novosec.pkix.asn1.cmp.CertOrEncCert; 73 import com.novosec.pkix.asn1.cmp.CertRepMessage; 74 import com.novosec.pkix.asn1.cmp.CertResponse; 75 import com.novosec.pkix.asn1.cmp.CertifiedKeyPair; 76 import com.novosec.pkix.asn1.cmp.ErrorMsgContent; 77 import com.novosec.pkix.asn1.cmp.PKIBody; 78 import com.novosec.pkix.asn1.cmp.PKIFreeText; 79 import com.novosec.pkix.asn1.cmp.PKIHeader; 80 import com.novosec.pkix.asn1.cmp.PKIMessage; 81 import com.novosec.pkix.asn1.cmp.PKIStatusInfo; 82 import com.novosec.pkix.asn1.cmp.RevDetails; 83 import com.novosec.pkix.asn1.cmp.RevRepContent; 84 import com.novosec.pkix.asn1.cmp.RevReqContent; 85 import com.novosec.pkix.asn1.crmf.AttributeTypeAndValue; 86 import com.novosec.pkix.asn1.crmf.CRMFObjectIdentifiers; 87 import com.novosec.pkix.asn1.crmf.CertReqMessages; 88 import com.novosec.pkix.asn1.crmf.CertReqMsg; 89 import com.novosec.pkix.asn1.crmf.CertRequest; 90 import com.novosec.pkix.asn1.crmf.CertTemplate; 91 import com.novosec.pkix.asn1.crmf.OptionalValidity; 92 import com.novosec.pkix.asn1.crmf.PBMParameter; 93 import com.novosec.pkix.asn1.crmf.POPOSigningKey; 94 import com.novosec.pkix.asn1.crmf.ProofOfPossession; 95 96 102 public class CmpTestCase extends TestCase { 103 104 private static Logger log = Logger.getLogger(CmpTestCase.class); 105 106 private static final String httpReqPath = "http://127.0.0.1:8080/ejbca"; 107 private static final String resourceCmp = "publicweb/cmp"; 108 109 private static final int PORT_NUMBER = 5547; 110 private static final String CMP_HOST = "127.0.0.1"; 111 112 public CmpTestCase(String arg0) { 113 super(arg0); 114 } 115 116 protected PKIMessage genCertReq(String issuerDN, String userDN, KeyPair keys, X509Certificate cacert, byte[] nonce, byte[] transid, boolean raVerifiedPopo) throws NoSuchAlgorithmException , NoSuchProviderException , IOException , InvalidKeyException , SignatureException { 117 OptionalValidity myOptionalValidity = new OptionalValidity(); 118 myOptionalValidity.setNotBefore( new org.bouncycastle.asn1.x509.Time( new DERGeneralizedTime("20030211002120Z") ) ); 119 myOptionalValidity.setNotAfter( new org.bouncycastle.asn1.x509.Time(new Date ()) ); 120 121 CertTemplate myCertTemplate = new CertTemplate(); 122 myCertTemplate.setValidity( myOptionalValidity ); 123 myCertTemplate.setIssuer(new X509Name(issuerDN)); 124 myCertTemplate.setSubject(new X509Name(userDN)); 125 byte[] bytes = keys.getPublic().getEncoded(); 126 ByteArrayInputStream bIn = new ByteArrayInputStream (bytes); 127 ASN1InputStream dIn = new ASN1InputStream(bIn); 128 SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo((ASN1Sequence)dIn.readObject()); 129 myCertTemplate.setPublicKey(keyInfo); 130 GeneralNames san = CertTools.getGeneralNamesFromAltName("UPN=fooupn@bar.com,rfc822Name=fooemail@bar.com"); 132 X509Extensions exts = null; 133 if (san != null) { 134 ByteArrayOutputStream bOut = new ByteArrayOutputStream (); 135 DEROutputStream dOut = new DEROutputStream(bOut); 136 dOut.writeObject(san); 137 byte[] value = bOut.toByteArray(); 138 X509Extension ext = new X509Extension(false, new DEROctetString(value)); 139 Vector values = new Vector (); 140 Vector oids = new Vector (); 141 values.add(ext); 142 oids.add(X509Extensions.SubjectAlternativeName); 143 exts = new X509Extensions(oids, values); 144 } 145 myCertTemplate.setExtensions(exts); 146 147 CertRequest myCertRequest = new CertRequest(new DERInteger(4), myCertTemplate); 148 CertReqMsg myCertReqMsg = new CertReqMsg(myCertRequest); 150 151 167 ProofOfPossession myProofOfPossession = null; 168 if (raVerifiedPopo) { 169 myProofOfPossession = new ProofOfPossession(new DERNull(), 0); 171 } else { 172 ByteArrayOutputStream baos = new ByteArrayOutputStream (); 173 DEROutputStream mout = new DEROutputStream( baos ); 174 mout.writeObject( myCertRequest ); 175 mout.close(); 176 byte[] popoProtectionBytes = baos.toByteArray(); 177 Signature sig = Signature.getInstance( PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "BC"); 178 sig.initSign(keys.getPrivate()); 179 sig.update( popoProtectionBytes ); 180 181 DERBitString bs = new DERBitString(sig.sign()); 182 183 POPOSigningKey myPOPOSigningKey = 184 new POPOSigningKey( 185 new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption), 186 bs); 187 myProofOfPossession = new ProofOfPossession(myPOPOSigningKey, 1); 189 } 190 191 myCertReqMsg.setPop(myProofOfPossession); 192 AttributeTypeAndValue av = new AttributeTypeAndValue(CRMFObjectIdentifiers.regCtrl_regToken, new DERUTF8String("foo123")); 194 myCertReqMsg.addRegInfo(av); 195 196 CertReqMessages myCertReqMessages = new CertReqMessages(myCertReqMsg); 197 199 PKIHeader myPKIHeader = 200 new PKIHeader( 201 new DERInteger(2), 202 new GeneralName(new X509Name(userDN)), 203 new GeneralName(new X509Name(cacert.getSubjectDN().getName()))); 204 myPKIHeader.setMessageTime(new DERGeneralizedTime(new Date ())); 205 myPKIHeader.setSenderNonce(new DEROctetString(nonce)); 207 myPKIHeader.setTransactionID(new DEROctetString(transid)); 209 214 PKIBody myPKIBody = new PKIBody(myCertReqMessages, 0); PKIMessage myPKIMessage = new PKIMessage(myPKIHeader, myPKIBody); 216 return myPKIMessage; 217 } 218 219 protected PKIMessage genRevReq(String issuerDN, String userDN, BigInteger serNo, X509Certificate cacert, byte[] nonce, byte[] transid) throws NoSuchAlgorithmException , NoSuchProviderException , IOException , InvalidKeyException , SignatureException { 220 CertTemplate myCertTemplate = new CertTemplate(); 221 myCertTemplate.setIssuer(new X509Name(issuerDN)); 222 myCertTemplate.setSubject(new X509Name(userDN)); 223 myCertTemplate.setSerialNumber(new DERInteger(serNo)); 224 225 RevDetails myRevDetails = new RevDetails(myCertTemplate); 226 ReasonFlags reasonbits = new ReasonFlags(ReasonFlags.keyCompromise); 227 myRevDetails.setRevocationReason(reasonbits); 228 229 RevReqContent myRevReqContent = new RevReqContent(myRevDetails); 230 231 PKIHeader myPKIHeader = 232 new PKIHeader( 233 new DERInteger(2), 234 new GeneralName(new X509Name(userDN)), 235 new GeneralName(new X509Name(cacert.getSubjectDN().getName()))); 236 myPKIHeader.setMessageTime(new DERGeneralizedTime(new Date ())); 237 myPKIHeader.setSenderNonce(new DEROctetString(nonce)); 239 myPKIHeader.setTransactionID(new DEROctetString(transid)); 241 242 PKIBody myPKIBody = new PKIBody(myRevReqContent, 11); PKIMessage myPKIMessage = new PKIMessage(myPKIHeader, myPKIBody); 244 return myPKIMessage; 245 } 246 247 protected PKIMessage genCertConfirm(String userDN, X509Certificate cacert, byte[] nonce, byte[] transid, String hash, int certReqId) throws NoSuchAlgorithmException , NoSuchProviderException , IOException { 248 249 PKIHeader myPKIHeader = 250 new PKIHeader( 251 new DERInteger(2), 252 new GeneralName(new X509Name(userDN)), 253 new GeneralName(new X509Name(cacert.getSubjectDN().getName()))); 254 myPKIHeader.setMessageTime(new DERGeneralizedTime(new Date ())); 255 myPKIHeader.setSenderNonce(new DEROctetString(nonce)); 257 myPKIHeader.setTransactionID(new DEROctetString(transid)); 259 260 CertConfirmContent cc = new CertConfirmContent(new DEROctetString(hash.getBytes()), new DERInteger(certReqId)); 261 PKIBody myPKIBody = new PKIBody(cc, 24); PKIMessage myPKIMessage = new PKIMessage(myPKIHeader, myPKIBody); 263 return myPKIMessage; 264 } 265 266 protected PKIMessage protectPKIMessage(PKIMessage msg, boolean badObjectId, String password) throws NoSuchAlgorithmException , NoSuchProviderException , InvalidKeyException { 267 PKIHeader head = msg.getHeader(); 269 head.setSenderKID(new DEROctetString("primekey".getBytes())); 270 AlgorithmIdentifier owfAlg = new AlgorithmIdentifier("1.3.14.3.2.26"); 272 int iterationCount = 567; 274 DERInteger iteration = new DERInteger(iterationCount); 275 AlgorithmIdentifier macAlg = new AlgorithmIdentifier("1.2.840.113549.2.7"); 277 byte[] salt = "foo123".getBytes(); 278 DEROctetString derSalt = new DEROctetString(salt); 279 280 String objectId = "1.2.840.113533.7.66.13"; 282 if (badObjectId) { 283 objectId += ".7"; 284 } 285 PBMParameter pp = new PBMParameter(derSalt, owfAlg, iteration, macAlg); 286 AlgorithmIdentifier pAlg = new AlgorithmIdentifier(new DERObjectIdentifier(objectId), pp); 287 head.setProtectionAlg(pAlg); 288 PKIBody body = msg.getBody(); 289 PKIMessage ret = new PKIMessage(head, body); 290 291 byte[] raSecret = password.getBytes(); 293 byte[] basekey = new byte[raSecret.length + salt.length]; 294 for (int i = 0; i < raSecret.length; i++) { 295 basekey[i] = raSecret[i]; 296 } 297 for (int i = 0; i < salt.length; i++) { 298 basekey[raSecret.length+i] = salt[i]; 299 } 300 MessageDigest dig = MessageDigest.getInstance(owfAlg.getObjectId().getId(), "BC"); 302 for (int i = 0; i < iterationCount; i++) { 303 basekey = dig.digest(basekey); 304 dig.reset(); 305 } 306 String macOid = macAlg.getObjectId().getId(); 308 byte[] protectedBytes = ret.getProtectedBytes(); 309 Mac mac = Mac.getInstance(macOid, "BC"); 310 SecretKey key = new SecretKeySpec(basekey, macOid); 311 mac.init(key); 312 mac.reset(); 313 mac.update(protectedBytes, 0, protectedBytes.length); 314 byte[] out = mac.doFinal(); 315 DERBitString bs = new DERBitString(out); 316 317 ret.setProtection(bs); 319 return ret; 320 } 321 322 protected byte[] sendCmpHttp(byte[] message) throws IOException , NoSuchProviderException { 323 String resource = resourceCmp; 326 String urlString = httpReqPath + '/' + resource; 327 HttpURLConnection con = null; 328 URL url = new URL (urlString); 329 con = (HttpURLConnection )url.openConnection(); 330 con.setDoOutput(true); 331 con.setRequestMethod("POST"); 332 con.setRequestProperty("Content-type", "application/pkixcmp"); 333 con.connect(); 334 OutputStream os = con.getOutputStream(); 336 os.write(message); 337 os.close(); 338 339 assertEquals(con.getResponseCode(), 200); 340 assertEquals("application/pkixcmp", con.getContentType()); 341 ByteArrayOutputStream baos = new ByteArrayOutputStream (); 342 InputStream in = con.getInputStream(); 344 int b = in.read(); 345 while (b != -1) { 346 baos.write(b); 347 b = in.read(); 348 } 349 baos.flush(); 350 in.close(); 351 byte[] respBytes = baos.toByteArray(); 352 assertNotNull(respBytes); 353 assertTrue(respBytes.length > 0); 354 return respBytes; 355 } 356 357 358 protected void checkCmpResponseGeneral(byte[] retMsg, String issuerDN, String userDN, X509Certificate cacert, byte[] senderNonce, byte[] transId, boolean signed, boolean pbe) throws Exception { 359 PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream (retMsg)).readObject()); 363 assertNotNull(respObject); 364 365 PKIHeader header = respObject.getHeader(); 367 368 if (signed) { 370 AlgorithmIdentifier algId = header.getProtectionAlg(); 371 assertNotNull(algId); 372 assertEquals(algId.getObjectId().getId(), PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); 373 } 374 if (pbe) { 375 AlgorithmIdentifier algId = header.getProtectionAlg(); 376 assertNotNull(algId); 377 assertEquals(algId.getObjectId().getId(), CMPObjectIdentifiers.passwordBasedMac.getId()); 378 } 379 380 assertEquals(header.getSender().getTagNo(), 4); 382 X509Name name = X509Name.getInstance(header.getSender().getName()); 383 assertEquals(name.toString(), issuerDN); 384 385 if (signed) { 386 byte[] protBytes = respObject.getProtectedBytes(); 388 DERBitString bs = respObject.getProtection(); 389 Signature sig; 390 try { 391 sig = Signature.getInstance(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "BC"); 392 sig.initVerify(cacert); 393 sig.update(protBytes); 394 boolean ret = sig.verify(bs.getBytes()); 395 assertTrue(ret); 396 } catch (NoSuchAlgorithmException e) { 397 e.printStackTrace(); 398 assertTrue(false); 399 } catch (NoSuchProviderException e) { 400 e.printStackTrace(); 401 assertTrue(false); 402 } catch (InvalidKeyException e) { 403 e.printStackTrace(); 404 assertTrue(false); 405 } catch (SignatureException e) { 406 e.printStackTrace(); 407 assertTrue(false); 408 } 409 } 410 if (pbe) { 411 DEROctetString os = header.getSenderKID(); 412 assertNotNull(os); 413 String keyId = new String (os.getOctets()); 414 log.debug("Found a sender keyId: "+keyId); 415 byte[] protectedBytes = respObject.getProtectedBytes(); 417 DERBitString protection = respObject.getProtection(); 418 AlgorithmIdentifier pAlg = header.getProtectionAlg(); 419 log.debug("Protection type is: "+pAlg.getObjectId().getId()); 420 PBMParameter pp = PBMParameter.getInstance(pAlg.getParameters()); 421 int iterationCount = pp.getIterationCount().getPositiveValue().intValue(); 422 log.debug("Iteration count is: "+iterationCount); 423 AlgorithmIdentifier owfAlg = pp.getOwf(); 424 log.debug("Owf type is: "+owfAlg.getObjectId().getId()); 426 AlgorithmIdentifier macAlg = pp.getMac(); 427 log.debug("Mac type is: "+macAlg.getObjectId().getId()); 429 byte[] salt = pp.getSalt().getOctets(); 430 String raAuthenticationSecret = "password"; 432 byte[] raSecret = raAuthenticationSecret.getBytes(); 433 byte[] basekey = new byte[raSecret.length + salt.length]; 434 for (int i = 0; i < raSecret.length; i++) { 435 basekey[i] = raSecret[i]; 436 } 437 for (int i = 0; i < salt.length; i++) { 438 basekey[raSecret.length+i] = salt[i]; 439 } 440 MessageDigest dig = MessageDigest.getInstance(owfAlg.getObjectId().getId(), "BC"); 442 for (int i = 0; i < iterationCount; i++) { 443 basekey = dig.digest(basekey); 444 dig.reset(); 445 } 446 String macOid = macAlg.getObjectId().getId(); 448 Mac mac = Mac.getInstance(macOid, "BC"); 449 SecretKey key = new SecretKeySpec(basekey, macOid); 450 mac.init(key); 451 mac.reset(); 452 mac.update(protectedBytes, 0, protectedBytes.length); 453 byte[] out = mac.doFinal(); 454 byte[] pb = protection.getBytes(); 456 boolean ret = Arrays.equals(out, pb); 457 assertTrue(ret); 458 } 459 460 byte[] nonce = header.getSenderNonce().getOctets(); 463 assertEquals(nonce.length, 16); 464 465 nonce = header.getRecipNonce().getOctets(); 468 assertEquals(new String (nonce), new String (senderNonce)); 469 470 nonce = header.getTransactionID().getOctets(); 473 assertEquals(new String (nonce), new String (transId)); 474 475 } 476 477 485 protected byte[] sendCmpTcp(byte[] message, int type) throws IOException , NoSuchProviderException { 486 byte[] respBytes = null; 487 try { 488 int port = PORT_NUMBER; 489 String host = CMP_HOST; 490 Socket socket = new Socket (host, port); 491 492 byte[] msg = createTcpMessage(message); 493 494 BufferedOutputStream os = new BufferedOutputStream (socket.getOutputStream()); 495 os.write(msg); 496 os.flush(); 497 498 DataInputStream dis = new DataInputStream (socket.getInputStream()); 499 int len = dis.readInt(); 501 System.out.println("Got a message claiming to be of length: " + len); 502 int ver = dis.readByte(); 504 System.out.println("Got a message with version: " + ver); 505 assertEquals(ver, 10); 506 507 byte flags = dis.readByte(); 509 System.out.println("Got a message with flags (1 means close): " + flags); 510 512 int msgType = dis.readByte(); 514 System.out.println("Got a message of type: " +msgType); 515 assertEquals(msgType, type); 516 517 ByteArrayOutputStream baos = new ByteArrayOutputStream (3072); 519 while (dis.available() > 0) { 520 baos.write(dis.read()); 521 } 522 System.out.println("Read "+baos.size()+" bytes"); 523 respBytes = baos.toByteArray(); 524 } catch(Exception e) { 525 e.printStackTrace(); 526 assertTrue(false); 527 } 528 assertNotNull(respBytes); 529 assertTrue(respBytes.length > 0); 530 return respBytes; 531 } 532 533 protected X509Certificate checkCmpCertRepMessage(String userDN, X509Certificate cacert, byte[] retMsg, int requestId) throws IOException , CertificateException { 534 PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream (retMsg)).readObject()); 538 assertNotNull(respObject); 539 540 PKIBody body = respObject.getBody(); 541 int tag = body.getTagNo(); 542 assertEquals(tag, 1); 543 CertRepMessage c = body.getIp(); 544 assertNotNull(c); 545 CertResponse resp = c.getResponse(0); 546 assertNotNull(resp); 547 assertEquals(resp.getCertReqId().getValue().intValue(), requestId); 548 PKIStatusInfo info = resp.getStatus(); 549 assertNotNull(info); 550 assertEquals(0, info.getStatus().getValue().intValue()); 551 CertifiedKeyPair kp = resp.getCertifiedKeyPair(); 552 assertNotNull(kp); 553 CertOrEncCert cc = kp.getCertOrEncCert(); 554 assertNotNull(cc); 555 X509CertificateStructure struct = cc.getCertificate(); 556 assertNotNull(struct); 557 assertEquals(CertTools.stringToBCDNString(struct.getSubject().toString()), CertTools.stringToBCDNString(userDN)); 558 assertEquals(CertTools.stringToBCDNString(struct.getIssuer().toString()), CertTools.stringToBCDNString(cacert.getSubjectDN().getName())); 559 return CertTools.getCertfromByteArray(struct.getEncoded()); 560 } 561 562 protected void checkCmpPKIConfirmMessage(String userDN, X509Certificate cacert, byte[] retMsg) throws IOException { 563 PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream (retMsg)).readObject()); 567 assertNotNull(respObject); 568 PKIHeader header = respObject.getHeader(); 569 assertEquals(header.getSender().getTagNo(), 4); 570 X509Name name = X509Name.getInstance(header.getSender().getName()); 571 assertEquals(name.toString(), cacert.getSubjectDN().getName()); 572 name = X509Name.getInstance(header.getRecipient().getName()); 573 assertEquals(name.toString(), userDN); 574 575 PKIBody body = respObject.getBody(); 576 int tag = body.getTagNo(); 577 assertEquals(tag, 19); 578 DERNull n = body.getConf(); 579 assertNotNull(n); 580 } 581 582 protected void checkCmpRevokeConfirmMessage(String issuerDN, String userDN, BigInteger serno, X509Certificate cacert, byte[] retMsg, boolean success) throws IOException { 583 PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream (retMsg)).readObject()); 587 assertNotNull(respObject); 588 PKIHeader header = respObject.getHeader(); 589 assertEquals(header.getSender().getTagNo(), 4); 590 X509Name name = X509Name.getInstance(header.getSender().getName()); 591 assertEquals(name.toString(), cacert.getSubjectDN().getName()); 592 name = X509Name.getInstance(header.getRecipient().getName()); 593 assertEquals(name.toString(), userDN); 594 595 PKIBody body = respObject.getBody(); 596 int tag = body.getTagNo(); 597 assertEquals(tag, 12); 598 RevRepContent n = body.getRp(); 599 assertNotNull(n); 600 PKIStatusInfo info = n.getPKIStatusInfo(0); 601 if (success) { 602 assertEquals(info.getStatus().getValue().intValue(), 0); 603 } else { 604 assertEquals(info.getStatus().getValue().intValue(), 2); 605 } 606 607 } 608 609 617 protected void checkCmpFailMessage(byte[] retMsg, String failMsg, int exptag, int requestId, int err) throws IOException { 618 PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream (retMsg)).readObject()); 622 assertNotNull(respObject); 623 624 PKIBody body = respObject.getBody(); 625 int tag = body.getTagNo(); 626 assertEquals(tag, exptag); 627 if (exptag == 23) { 628 ErrorMsgContent c = body.getError(); 629 assertNotNull(c); 630 PKIStatusInfo info = c.getPKIStatus(); 631 assertNotNull(info); 632 assertEquals(2, info.getStatus().getValue().intValue()); 633 int i = info.getFailInfo().intValue(); 634 assertEquals(i,1<<err); assertEquals(failMsg, info.getStatusString().getString(0).getString()); 636 } else { 637 CertRepMessage c = null; 638 if (exptag == 1) { 639 c = body.getIp(); 640 } else if (exptag == 3) { 641 c = body.getCp(); 642 } 643 assertNotNull(c); 644 CertResponse resp = c.getResponse(0); 645 assertNotNull(resp); 646 assertEquals(resp.getCertReqId().getValue().intValue(), requestId); 647 PKIStatusInfo info = resp.getStatus(); 648 assertNotNull(info); 649 assertEquals(2, info.getStatus().getValue().intValue()); 650 int i = info.getFailInfo().intValue(); 651 assertEquals(i,1<<7); assertEquals(failMsg, info.getStatusString().getString(0).getString()); 653 } 654 } 655 656 protected void checkCmpPKIErrorMessage(byte[] retMsg, String sender, String recipient, int errorCode, String errorMsg) throws IOException { 657 PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream (retMsg)).readObject()); 661 assertNotNull(respObject); 662 PKIHeader header = respObject.getHeader(); 663 assertEquals(header.getSender().getTagNo(), 4); 664 X509Name name = X509Name.getInstance(header.getSender().getName()); 665 assertEquals(name.toString(), sender); 666 name = X509Name.getInstance(header.getRecipient().getName()); 667 assertEquals(name.toString(), recipient); 668 669 PKIBody body = respObject.getBody(); 670 int tag = body.getTagNo(); 671 assertEquals(tag, 23); 672 ErrorMsgContent n = body.getError(); 673 assertNotNull(n); 674 PKIStatusInfo info = n.getPKIStatus(); 675 assertNotNull(info); 676 DERInteger i = info.getStatus(); 677 assertEquals(i.getValue().intValue(), 2); 678 DERBitString b = info.getFailInfo(); 679 assertEquals(errorCode, b.intValue()); 680 if (errorMsg != null) { 681 PKIFreeText freeText = info.getStatusString(); 682 DERUTF8String utf = freeText.getString(0); 683 assertEquals(errorMsg, utf.getString()); 684 } 685 } 686 687 691 private static byte[] createTcpMessage(byte[] msg) throws IOException { 692 ByteArrayOutputStream bao = new ByteArrayOutputStream (); 693 DataOutputStream dos = new DataOutputStream (bao); 694 int msgType = 0; 696 int len = msg.length; 697 dos.writeInt(len+3); 699 dos.writeByte(10); 700 dos.writeByte(0); dos.writeByte(msgType); 702 dos.write(msg); 703 dos.flush(); 704 return bao.toByteArray(); 705 } 706 707 708 709 } 710 | Popular Tags |