Java > Open Source Codes > se > anatom > ejbca > protocol > cmp > CrmfRAPbeRequestTest


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13
14 package se.anatom.ejbca.protocol.cmp;
15
16 import java.io.ByteArrayOutputStream ;
17 import java.math.BigInteger ;
18 import java.rmi.RemoteException ;
19 import java.security.KeyPair ;
20 import java.security.cert.CertificateEncodingException ;
21 import java.security.cert.CertificateException ;
22 import java.security.cert.X509Certificate ;
23 import java.util.Collection ;
24 import java.util.Iterator ;
25
26 import javax.ejb.CreateException ;
27 import javax.naming.Context ;
28 import javax.naming.NamingException ;
29
30 import org.apache.commons.lang.StringUtils;
31 import org.apache.log4j.Logger;
32 import org.bouncycastle.asn1.DEROutputStream;
33 import org.ejbca.core.ejb.ServiceLocator;
34 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionHome;
35 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionRemote;
36 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionHome;
37 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote;
38 import org.ejbca.core.ejb.ra.IUserAdminSessionHome;
39 import org.ejbca.core.ejb.ra.IUserAdminSessionRemote;
40 import org.ejbca.core.model.ca.caadmin.CAInfo;
41 import org.ejbca.core.model.ca.catoken.CATokenConstants;
42 import org.ejbca.core.model.ca.crl.RevokedCertInfo;
43 import org.ejbca.core.model.log.Admin;
44 import org.ejbca.core.protocol.cmp.CmpMessageHelper;
45 import org.ejbca.util.Base64;
46 import org.ejbca.util.CertTools;
47 import org.ejbca.util.KeyTools;
48
49 import com.novosec.pkix.asn1.cmp.PKIMessage;
50
51 /**
52  * This test requires:
53  * mode=ra, responseProtection=pbe, authenticationsecret=password, allowraverifypopo=true.
54  * Allow CN, O, C in DN and rfc822Name, UPN in altNames in the end entity profile configured in cmp.properties
55  *
56  * You need a CMP tcp listener configured on port 5547.
57  *
58  * @author tomas
59  * @version $Id: CrmfRAPbeRequestTest.java,v 1.11 2007/01/03 12:28:44 anatom Exp $
60  */
61 public class CrmfRAPbeRequestTest extends CmpTestCase {
62     
63     private static Logger log = Logger.getLogger(CrmfRAPbeRequestTest.class);
64
65     private static final String PBEPASSWORD = "password";
66     
67     private static String userDN = "C=SE,O=PrimeKey,CN=cmptest";
68     private static String issuerDN = "CN=AdminCA1,O=EJBCA Sample,C=SE";
69     private KeyPair keys = null;
70
71     private static IUserAdminSessionRemote usersession;
72     private ICertificateStoreSessionRemote storesession = null;
73     private static int caid = 0;
74     private static Admin admin;
75     private static X509Certificate cacert = null;
76
77     public CrmfRAPbeRequestTest(String arg0) throws NamingException , RemoteException , CreateException , CertificateEncodingException , CertificateException {
78         super(arg0);
79         admin = new Admin(Admin.TYPE_BATCHCOMMANDLINE_USER);
80         CertTools.installBCProvider();
81         Context ctx = getInitialContext();
82         Object obj = ctx.lookup("CAAdminSession");
83         ICAAdminSessionHome cahome = (ICAAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, ICAAdminSessionHome.class);
84         ICAAdminSessionRemote casession = cahome.create();
85         // Try to use AdminCA1 if it exists
86 CAInfo adminca1 = casession.getCAInfo(admin, "AdminCA1");
87         if (adminca1 == null) {
88             Collection caids = casession.getAvailableCAs(admin);
89             Iterator iter = caids.iterator();
90             while (iter.hasNext()) {
91                 caid = ((Integer ) iter.next()).intValue();
92             }
93         } else {
94             caid = adminca1.getCAId();
95         }
96         if (caid == 0) {
97             assertTrue("No active CA! Must have at least one active CA to run tests!", false);
98         }
99         CAInfo cainfo = casession.getCAInfo(admin, caid);
100         Collection certs = cainfo.getCertificateChain();
101         if (certs.size() > 0) {
102             Iterator certiter = certs.iterator();
103             X509Certificate cert = (X509Certificate ) certiter.next();
104             String subject = CertTools.getSubjectDN(cert);
105             if (StringUtils.equals(subject, cainfo.getSubjectDN())) {
106                 // Make sure we have a BC certificate
107 cacert = CertTools.getCertfromByteArray(cert.getEncoded());
108             }
109         } else {
110             log.error("NO CACERT for caid " + caid);
111         }
112         IUserAdminSessionHome userhome = (IUserAdminSessionHome) ServiceLocator.getInstance().getRemoteHome(IUserAdminSessionHome.JNDI_NAME, IUserAdminSessionHome.class);
113         usersession = userhome.create();
114         ICertificateStoreSessionHome storeHome = (ICertificateStoreSessionHome) ServiceLocator.getInstance().getRemoteHome(ICertificateStoreSessionHome.JNDI_NAME, ICertificateStoreSessionHome.class);
115         this.storesession = storeHome.create();
116         
117         issuerDN = cacert.getIssuerDN().getName();
118     }
119     
120     private Context getInitialContext() throws NamingException {
121         log.debug(">getInitialContext");
122         Context ctx = new javax.naming.InitialContext ();
123         log.debug("<getInitialContext");
124         return ctx;
125     }
126     protected void setUp() throws Exception {
127         super.setUp();
128         if (keys == null) {
129             keys = KeyTools.genKeys("512", CATokenConstants.KEYALGORITHM_RSA);
130         }
131     }
132     
133     protected void tearDown() throws Exception {
134         super.tearDown();
135     }
136
137     public void test01CrmfHttpOkUser() throws Exception {
138
139         byte[] nonce = CmpMessageHelper.createSenderNonce();
140         byte[] transid = CmpMessageHelper.createSenderNonce();
141         
142         PKIMessage one = genCertReq(issuerDN, userDN, keys, cacert, nonce, transid, true);
143         PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD);
144
145         int reqId = req.getBody().getIr().getCertReqMsg(0).getCertReq().getCertReqId().getValue().intValue();
146         assertNotNull(req);
147         ByteArrayOutputStream bao = new ByteArrayOutputStream ();
148         DEROutputStream out = new DEROutputStream(bao);
149         out.writeObject(req);
150         byte[] ba = bao.toByteArray();
151         // Send request and receive response
152 byte[] resp = sendCmpHttp(ba);
153         assertNotNull(resp);
154         assertTrue(resp.length > 0);
155         checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, true);
156         X509Certificate cert = checkCmpCertRepMessage(userDN, cacert, resp, reqId);
157         String altNames = CertTools.getSubjectAlternativeName(cert);
158         assertTrue(altNames.indexOf("upn=fooupn@bar.com") != -1);
159         assertTrue(altNames.indexOf("rfc822name=fooemail@bar.com") != -1);
160         
161         // Send a confirm message to the CA
162 String hash = "foo123";
163         PKIMessage confirm = genCertConfirm(userDN, cacert, nonce, transid, hash, reqId);
164         assertNotNull(confirm);
165         PKIMessage req1 = protectPKIMessage(confirm, false, PBEPASSWORD);
166         bao = new ByteArrayOutputStream ();
167         out = new DEROutputStream(bao);
168         out.writeObject(req1);
169         ba = bao.toByteArray();
170         // Send request and receive response
171 resp = sendCmpHttp(ba);
172         assertNotNull(resp);
173         assertTrue(resp.length > 0);
174         checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, true);
175         checkCmpPKIConfirmMessage(userDN, cacert, resp);
176         
177         // Now revoke the bastard!
178 PKIMessage rev = genRevReq(issuerDN, userDN, cert.getSerialNumber(), cacert, nonce, transid);
179         PKIMessage revReq = protectPKIMessage(rev, false, PBEPASSWORD);
180         assertNotNull(revReq);
181         bao = new ByteArrayOutputStream ();
182         out = new DEROutputStream(bao);
183         out.writeObject(revReq);
184         ba = bao.toByteArray();
185         // Send request and receive response
186 resp = sendCmpHttp(ba);
187         assertNotNull(resp);
188         assertTrue(resp.length > 0);
189         checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, true);
190         checkCmpRevokeConfirmMessage(issuerDN, userDN, cert.getSerialNumber(), cacert, resp, true);
191         int reason = checkRevokeStatus(issuerDN, cert.getSerialNumber());
192         assertEquals(reason, RevokedCertInfo.REVOKATION_REASON_KEYCOMPROMISE);
193         
194         // Create a revocation request for a non existing cert, chould fail!
195 rev = genRevReq(issuerDN, userDN, new BigInteger ("1"), cacert, nonce, transid);
196         revReq = protectPKIMessage(rev, false, PBEPASSWORD);
197         assertNotNull(revReq);
198         bao = new ByteArrayOutputStream ();
199         out = new DEROutputStream(bao);
200         out.writeObject(revReq);
201         ba = bao.toByteArray();
202         // Send request and receive response
203 resp = sendCmpHttp(ba);
204         assertNotNull(resp);
205         assertTrue(resp.length > 0);
206         checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, true);
207         checkCmpRevokeConfirmMessage(issuerDN, userDN, cert.getSerialNumber(), cacert, resp, false);
208
209     }
210     
211     
212     public void test02CrmfTcpOkUser() throws Exception {
213
214         byte[] nonce = CmpMessageHelper.createSenderNonce();
215         byte[] transid = CmpMessageHelper.createSenderNonce();
216         
217         PKIMessage one = genCertReq(issuerDN, userDN, keys, cacert, nonce, transid, true);
218         PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD);
219
220         int reqId = req.getBody().getIr().getCertReqMsg(0).getCertReq().getCertReqId().getValue().intValue();
221         assertNotNull(req);
222         ByteArrayOutputStream bao = new ByteArrayOutputStream ();
223         DEROutputStream out = new DEROutputStream(bao);
224         out.writeObject(req);
225         byte[] ba = bao.toByteArray();
226         // Send request and receive response
227 byte[] resp = sendCmpTcp(ba, 5);
228         assertNotNull(resp);
229         assertTrue(resp.length > 0);
230         checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, true);
231         checkCmpCertRepMessage(userDN, cacert, resp, reqId);
232         
233         // Send a confirm message to the CA
234 String hash = "foo123";
235         PKIMessage confirm = genCertConfirm(userDN, cacert, nonce, transid, hash, reqId);
236         assertNotNull(confirm);
237         PKIMessage req1 = protectPKIMessage(confirm, false, PBEPASSWORD);
238         bao = new ByteArrayOutputStream ();
239         out = new DEROutputStream(bao);
240         out.writeObject(req1);
241         ba = bao.toByteArray();
242         // Send request and receive response
243 resp = sendCmpTcp(ba, 5);
244         assertNotNull(resp);
245         assertTrue(resp.length > 0);
246         checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, true);
247         checkCmpPKIConfirmMessage(userDN, cacert, resp);
248     }
249     
250     
251     public void test99CleanUp() throws Exception {
252         usersession.deleteUser(admin, "cmptest");
253     }
254     
255
256     //
257 // Private helper methods
258 //
259
260     private int checkRevokeStatus(String issuerDN, BigInteger serno) throws RemoteException {
261         int ret = RevokedCertInfo.NOT_REVOKED;
262         RevokedCertInfo info = storesession.isRevoked(admin, issuerDN, serno);
263         ret = info.getReason();
264         return ret;
265     }
266
267     static byte[] bluexir = Base64.decode(("MIICIjCB1AIBAqQCMACkVjBUMQswCQYDVQQGEwJOTDEbMBkGA1UEChMSQS5FLlQu"+
268         "IEV1cm9wZSBCLlYuMRQwEgYDVQQLEwtEZXZlbG9wbWVudDESMBAGA1UEAxMJVGVz"+
269         "dCBDQSAxoT4wPAYJKoZIhvZ9B0INMC8EEAK/H7Do+55N724Kdvxm7NcwCQYFKw4D"+
270         "AhoFAAICA+gwDAYIKwYBBQUIAQIFAKILBAlzc2xjbGllbnSkEgQQpFpBsonfhnW8"+
271         "ia1otGchraUSBBAyzd3nkKAzcJqGFrDw0jkYoIIBLjCCASowggEmMIIBIAIBADCC"+
272         "ARmkJqARGA8yMDA2MDkxOTE2MTEyNlqhERgPMjAwOTA2MTUxNjExMjZapR0wGzEZ"+
273         "MBcGA1UEAwwQU29tZSBDb21tb24gTmFtZaaBoDANBgkqhkiG9w0BAQEFAAOBjgAw"+
274         "gYoCgYEAuBgTGPgXrS3AIPN6iXO6LNf5GzAcb/WZhvebXMdxdrMo9+5hw/Le5St/"+
275         "Sz4J93rxU95b2LMuHTg8U6njxC2lZarNExZTdEwnI37X6ep7lq1purq80zD9bFXj"+
276         "ougRD5MHfhDUAQC+btOgEXkanoAo8St3cbtHoYUacAXN2Zs/RVcCBAABAAGpLTAr"+
277         "BgNVHREEJDAioCAGCisGAQQBgjcUAgOgEgwQdXBuQGFldGV1cm9wZS5ubIAAoBcD"+
278         "FQAy/vSoNUevcdUxXkCQx3fvxkjh6A==").getBytes());
279
280 }
281

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags