1 13 14 package se.anatom.ejbca.protocol.cmp; 15 16 import java.io.ByteArrayOutputStream ; 17 import java.math.BigInteger ; 18 import java.rmi.RemoteException ; 19 import java.security.KeyPair ; 20 import java.security.cert.CertificateEncodingException ; 21 import java.security.cert.CertificateException ; 22 import java.security.cert.X509Certificate ; 23 import java.util.Collection ; 24 import java.util.Iterator ; 25 26 import javax.ejb.CreateException ; 27 import javax.naming.Context ; 28 import javax.naming.NamingException ; 29 30 import org.apache.commons.lang.StringUtils; 31 import org.apache.log4j.Logger; 32 import org.bouncycastle.asn1.DEROutputStream; 33 import org.ejbca.core.ejb.ServiceLocator; 34 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionHome; 35 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionRemote; 36 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionHome; 37 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote; 38 import org.ejbca.core.ejb.ra.IUserAdminSessionHome; 39 import org.ejbca.core.ejb.ra.IUserAdminSessionRemote; 40 import org.ejbca.core.model.ca.caadmin.CAInfo; 41 import org.ejbca.core.model.ca.catoken.CATokenConstants; 42 import org.ejbca.core.model.ca.crl.RevokedCertInfo; 43 import org.ejbca.core.model.log.Admin; 44 import org.ejbca.core.protocol.cmp.CmpMessageHelper; 45 import org.ejbca.util.Base64; 46 import org.ejbca.util.CertTools; 47 import org.ejbca.util.KeyTools; 48 49 import com.novosec.pkix.asn1.cmp.PKIMessage; 50 51 61 public class CrmfRAPbeRequestTest extends CmpTestCase { 62 63 private static Logger log = Logger.getLogger(CrmfRAPbeRequestTest.class); 64 65 private static final String PBEPASSWORD = "password"; 66 67 private static String userDN = "C=SE,O=PrimeKey,CN=cmptest"; 68 private static String issuerDN = "CN=AdminCA1,O=EJBCA Sample,C=SE"; 69 private KeyPair keys = null; 70 71 private static IUserAdminSessionRemote usersession; 72 private ICertificateStoreSessionRemote storesession = null; 73 private static int caid = 0; 74 private static Admin admin; 75 private static X509Certificate cacert = null; 76 77 public CrmfRAPbeRequestTest(String arg0) throws NamingException , RemoteException , CreateException , CertificateEncodingException , CertificateException { 78 super(arg0); 79 admin = new Admin(Admin.TYPE_BATCHCOMMANDLINE_USER); 80 CertTools.installBCProvider(); 81 Context ctx = getInitialContext(); 82 Object obj = ctx.lookup("CAAdminSession"); 83 ICAAdminSessionHome cahome = (ICAAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, ICAAdminSessionHome.class); 84 ICAAdminSessionRemote casession = cahome.create(); 85 CAInfo adminca1 = casession.getCAInfo(admin, "AdminCA1"); 87 if (adminca1 == null) { 88 Collection caids = casession.getAvailableCAs(admin); 89 Iterator iter = caids.iterator(); 90 while (iter.hasNext()) { 91 caid = ((Integer ) iter.next()).intValue(); 92 } 93 } else { 94 caid = adminca1.getCAId(); 95 } 96 if (caid == 0) { 97 assertTrue("No active CA! Must have at least one active CA to run tests!", false); 98 } 99 CAInfo cainfo = casession.getCAInfo(admin, caid); 100 Collection certs = cainfo.getCertificateChain(); 101 if (certs.size() > 0) { 102 Iterator certiter = certs.iterator(); 103 X509Certificate cert = (X509Certificate ) certiter.next(); 104 String subject = CertTools.getSubjectDN(cert); 105 if (StringUtils.equals(subject, cainfo.getSubjectDN())) { 106 cacert = CertTools.getCertfromByteArray(cert.getEncoded()); 108 } 109 } else { 110 log.error("NO CACERT for caid " + caid); 111 } 112 IUserAdminSessionHome userhome = (IUserAdminSessionHome) ServiceLocator.getInstance().getRemoteHome(IUserAdminSessionHome.JNDI_NAME, IUserAdminSessionHome.class); 113 usersession = userhome.create(); 114 ICertificateStoreSessionHome storeHome = (ICertificateStoreSessionHome) ServiceLocator.getInstance().getRemoteHome(ICertificateStoreSessionHome.JNDI_NAME, ICertificateStoreSessionHome.class); 115 this.storesession = storeHome.create(); 116 117 issuerDN = cacert.getIssuerDN().getName(); 118 } 119 120 private Context getInitialContext() throws NamingException { 121 log.debug(">getInitialContext"); 122 Context ctx = new javax.naming.InitialContext (); 123 log.debug("<getInitialContext"); 124 return ctx; 125 } 126 protected void setUp() throws Exception { 127 super.setUp(); 128 if (keys == null) { 129 keys = KeyTools.genKeys("512", CATokenConstants.KEYALGORITHM_RSA); 130 } 131 } 132 133 protected void tearDown() throws Exception { 134 super.tearDown(); 135 } 136 137 public void test01CrmfHttpOkUser() throws Exception { 138 139 byte[] nonce = CmpMessageHelper.createSenderNonce(); 140 byte[] transid = CmpMessageHelper.createSenderNonce(); 141 142 PKIMessage one = genCertReq(issuerDN, userDN, keys, cacert, nonce, transid, true); 143 PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD); 144 145 int reqId = req.getBody().getIr().getCertReqMsg(0).getCertReq().getCertReqId().getValue().intValue(); 146 assertNotNull(req); 147 ByteArrayOutputStream bao = new ByteArrayOutputStream (); 148 DEROutputStream out = new DEROutputStream(bao); 149 out.writeObject(req); 150 byte[] ba = bao.toByteArray(); 151 byte[] resp = sendCmpHttp(ba); 153 assertNotNull(resp); 154 assertTrue(resp.length > 0); 155 checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, true); 156 X509Certificate cert = checkCmpCertRepMessage(userDN, cacert, resp, reqId); 157 String altNames = CertTools.getSubjectAlternativeName(cert); 158 assertTrue(altNames.indexOf("upn=fooupn@bar.com") != -1); 159 assertTrue(altNames.indexOf("rfc822name=fooemail@bar.com") != -1); 160 161 String hash = "foo123"; 163 PKIMessage confirm = genCertConfirm(userDN, cacert, nonce, transid, hash, reqId); 164 assertNotNull(confirm); 165 PKIMessage req1 = protectPKIMessage(confirm, false, PBEPASSWORD); 166 bao = new ByteArrayOutputStream (); 167 out = new DEROutputStream(bao); 168 out.writeObject(req1); 169 ba = bao.toByteArray(); 170 resp = sendCmpHttp(ba); 172 assertNotNull(resp); 173 assertTrue(resp.length > 0); 174 checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, true); 175 checkCmpPKIConfirmMessage(userDN, cacert, resp); 176 177 PKIMessage rev = genRevReq(issuerDN, userDN, cert.getSerialNumber(), cacert, nonce, transid); 179 PKIMessage revReq = protectPKIMessage(rev, false, PBEPASSWORD); 180 assertNotNull(revReq); 181 bao = new ByteArrayOutputStream (); 182 out = new DEROutputStream(bao); 183 out.writeObject(revReq); 184 ba = bao.toByteArray(); 185 resp = sendCmpHttp(ba); 187 assertNotNull(resp); 188 assertTrue(resp.length > 0); 189 checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, true); 190 checkCmpRevokeConfirmMessage(issuerDN, userDN, cert.getSerialNumber(), cacert, resp, true); 191 int reason = checkRevokeStatus(issuerDN, cert.getSerialNumber()); 192 assertEquals(reason, RevokedCertInfo.REVOKATION_REASON_KEYCOMPROMISE); 193 194 rev = genRevReq(issuerDN, userDN, new BigInteger ("1"), cacert, nonce, transid); 196 revReq = protectPKIMessage(rev, false, PBEPASSWORD); 197 assertNotNull(revReq); 198 bao = new ByteArrayOutputStream (); 199 out = new DEROutputStream(bao); 200 out.writeObject(revReq); 201 ba = bao.toByteArray(); 202 resp = sendCmpHttp(ba); 204 assertNotNull(resp); 205 assertTrue(resp.length > 0); 206 checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, true); 207 checkCmpRevokeConfirmMessage(issuerDN, userDN, cert.getSerialNumber(), cacert, resp, false); 208 209 } 210 211 212 public void test02CrmfTcpOkUser() throws Exception { 213 214 byte[] nonce = CmpMessageHelper.createSenderNonce(); 215 byte[] transid = CmpMessageHelper.createSenderNonce(); 216 217 PKIMessage one = genCertReq(issuerDN, userDN, keys, cacert, nonce, transid, true); 218 PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD); 219 220 int reqId = req.getBody().getIr().getCertReqMsg(0).getCertReq().getCertReqId().getValue().intValue(); 221 assertNotNull(req); 222 ByteArrayOutputStream bao = new ByteArrayOutputStream (); 223 DEROutputStream out = new DEROutputStream(bao); 224 out.writeObject(req); 225 byte[] ba = bao.toByteArray(); 226 byte[] resp = sendCmpTcp(ba, 5); 228 assertNotNull(resp); 229 assertTrue(resp.length > 0); 230 checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, true); 231 checkCmpCertRepMessage(userDN, cacert, resp, reqId); 232 233 String hash = "foo123"; 235 PKIMessage confirm = genCertConfirm(userDN, cacert, nonce, transid, hash, reqId); 236 assertNotNull(confirm); 237 PKIMessage req1 = protectPKIMessage(confirm, false, PBEPASSWORD); 238 bao = new ByteArrayOutputStream (); 239 out = new DEROutputStream(bao); 240 out.writeObject(req1); 241 ba = bao.toByteArray(); 242 resp = sendCmpTcp(ba, 5); 244 assertNotNull(resp); 245 assertTrue(resp.length > 0); 246 checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, true); 247 checkCmpPKIConfirmMessage(userDN, cacert, resp); 248 } 249 250 251 public void test99CleanUp() throws Exception { 252 usersession.deleteUser(admin, "cmptest"); 253 } 254 255 256 260 private int checkRevokeStatus(String issuerDN, BigInteger serno) throws RemoteException { 261 int ret = RevokedCertInfo.NOT_REVOKED; 262 RevokedCertInfo info = storesession.isRevoked(admin, issuerDN, serno); 263 ret = info.getReason(); 264 return ret; 265 } 266 267 static byte[] bluexir = Base64.decode(("MIICIjCB1AIBAqQCMACkVjBUMQswCQYDVQQGEwJOTDEbMBkGA1UEChMSQS5FLlQu"+ 268 "IEV1cm9wZSBCLlYuMRQwEgYDVQQLEwtEZXZlbG9wbWVudDESMBAGA1UEAxMJVGVz"+ 269 "dCBDQSAxoT4wPAYJKoZIhvZ9B0INMC8EEAK/H7Do+55N724Kdvxm7NcwCQYFKw4D"+ 270 "AhoFAAICA+gwDAYIKwYBBQUIAQIFAKILBAlzc2xjbGllbnSkEgQQpFpBsonfhnW8"+ 271 "ia1otGchraUSBBAyzd3nkKAzcJqGFrDw0jkYoIIBLjCCASowggEmMIIBIAIBADCC"+ 272 "ARmkJqARGA8yMDA2MDkxOTE2MTEyNlqhERgPMjAwOTA2MTUxNjExMjZapR0wGzEZ"+ 273 "MBcGA1UEAwwQU29tZSBDb21tb24gTmFtZaaBoDANBgkqhkiG9w0BAQEFAAOBjgAw"+ 274 "gYoCgYEAuBgTGPgXrS3AIPN6iXO6LNf5GzAcb/WZhvebXMdxdrMo9+5hw/Le5St/"+ 275 "Sz4J93rxU95b2LMuHTg8U6njxC2lZarNExZTdEwnI37X6ep7lq1purq80zD9bFXj"+ 276 "ougRD5MHfhDUAQC+btOgEXkanoAo8St3cbtHoYUacAXN2Zs/RVcCBAABAAGpLTAr"+ 277 "BgNVHREEJDAioCAGCisGAQQBgjcUAgOgEgwQdXBuQGFldGV1cm9wZS5ubIAAoBcD"+ 278 "FQAy/vSoNUevcdUxXkCQx3fvxkjh6A==").getBytes()); 279 280 } 281 | Popular Tags |