Java > Open Source Codes > se > anatom > ejbca > protocol > cmp > CrmfRARequestTest


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13
14 package se.anatom.ejbca.protocol.cmp;
15
16 import java.io.ByteArrayOutputStream ;
17 import java.rmi.RemoteException ;
18 import java.security.KeyPair ;
19 import java.security.cert.CertificateEncodingException ;
20 import java.security.cert.CertificateException ;
21 import java.security.cert.X509Certificate ;
22 import java.util.Collection ;
23 import java.util.Iterator ;
24
25 import javax.ejb.CreateException ;
26 import javax.ejb.DuplicateKeyException ;
27 import javax.ejb.FinderException ;
28 import javax.naming.Context ;
29 import javax.naming.NamingException ;
30
31 import org.apache.commons.lang.StringUtils;
32 import org.apache.log4j.Logger;
33 import org.bouncycastle.asn1.DEROutputStream;
34 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionHome;
35 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionRemote;
36 import org.ejbca.core.ejb.ra.IUserAdminSessionHome;
37 import org.ejbca.core.ejb.ra.IUserAdminSessionRemote;
38 import org.ejbca.core.model.SecConst;
39 import org.ejbca.core.model.approval.ApprovalException;
40 import org.ejbca.core.model.approval.WaitingForApprovalException;
41 import org.ejbca.core.model.authorization.AuthorizationDeniedException;
42 import org.ejbca.core.model.ca.caadmin.CAInfo;
43 import org.ejbca.core.model.ca.catoken.CATokenConstants;
44 import org.ejbca.core.model.log.Admin;
45 import org.ejbca.core.model.ra.UserDataConstants;
46 import org.ejbca.core.model.ra.raadmin.UserDoesntFullfillEndEntityProfile;
47 import org.ejbca.core.protocol.cmp.CmpMessageHelper;
48 import org.ejbca.util.Base64;
49 import org.ejbca.util.CertTools;
50 import org.ejbca.util.KeyTools;
51
52 import com.novosec.pkix.asn1.cmp.PKIMessage;
53
54 /**
55  * This test requires:
56  * mode=ra, responseProtection=signature, authenticationsecret=password, allowraverifypopo=true.
57  * @author tomas
58  * @version $Id: CrmfRARequestTest.java,v 1.9 2006/12/13 11:23:51 anatom Exp $
59  */
60 public class CrmfRARequestTest extends CmpTestCase {
61     
62     private static Logger log = Logger.getLogger(CrmfRARequestTest.class);
63
64     private static final String PBEPASSWORD = "password";
65     
66     private static String userDN = "CN=tomas1,UID=tomas2,O=PrimeKey Solutions AB,C=SE";
67     private static String issuerDN = "CN=AdminCA1,O=EJBCA Sample,C=SE";
68     private KeyPair keys = null;
69
70     private static IUserAdminSessionRemote usersession;
71     private static int caid = 0;
72     private static Admin admin;
73     private static X509Certificate cacert = null;
74
75     public CrmfRARequestTest(String arg0) throws NamingException , RemoteException , CreateException , CertificateEncodingException , CertificateException {
76         super(arg0);
77         admin = new Admin(Admin.TYPE_BATCHCOMMANDLINE_USER);
78         CertTools.installBCProvider();
79         Context ctx = getInitialContext();
80         Object obj = ctx.lookup("CAAdminSession");
81         ICAAdminSessionHome cahome = (ICAAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, ICAAdminSessionHome.class);
82         ICAAdminSessionRemote casession = cahome.create();
83         // Try to use AdminCA1 if it exists
84 CAInfo adminca1 = casession.getCAInfo(admin, "AdminCA1");
85         if (adminca1 == null) {
86             Collection caids = casession.getAvailableCAs(admin);
87             Iterator iter = caids.iterator();
88             while (iter.hasNext()) {
89                 caid = ((Integer ) iter.next()).intValue();
90             }
91         } else {
92             caid = adminca1.getCAId();
93         }
94         if (caid == 0) {
95             assertTrue("No active CA! Must have at least one active CA to run tests!", false);
96         }
97         CAInfo cainfo = casession.getCAInfo(admin, caid);
98         Collection certs = cainfo.getCertificateChain();
99         if (certs.size() > 0) {
100             Iterator certiter = certs.iterator();
101             X509Certificate cert = (X509Certificate ) certiter.next();
102             String subject = CertTools.getSubjectDN(cert);
103             if (StringUtils.equals(subject, cainfo.getSubjectDN())) {
104                 // Make sure we have a BC certificate
105 cacert = CertTools.getCertfromByteArray(cert.getEncoded());
106             }
107         } else {
108             log.error("NO CACERT for caid " + caid);
109         }
110         obj = ctx.lookup("UserAdminSession");
111         IUserAdminSessionHome userhome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, IUserAdminSessionHome.class);
112         usersession = userhome.create();
113         
114         issuerDN = cacert.getIssuerDN().getName();
115     }
116     
117     private Context getInitialContext() throws NamingException {
118         log.debug(">getInitialContext");
119         Context ctx = new javax.naming.InitialContext ();
120         log.debug("<getInitialContext");
121         return ctx;
122     }
123     protected void setUp() throws Exception {
124         super.setUp();
125         if (keys == null) {
126             keys = KeyTools.genKeys("512", CATokenConstants.KEYALGORITHM_RSA);
127         }
128     }
129     
130     protected void tearDown() throws Exception {
131         super.tearDown();
132     }
133
134     public void test01CrmfHttpOkUser() throws Exception {
135
136         // Create a new good user
137 createCmpUser();
138
139         byte[] nonce = CmpMessageHelper.createSenderNonce();
140         byte[] transid = CmpMessageHelper.createSenderNonce();
141         
142         PKIMessage one = genCertReq(issuerDN, userDN, keys, cacert, nonce, transid, true);
143         PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD);
144
145         int reqId = req.getBody().getIr().getCertReqMsg(0).getCertReq().getCertReqId().getValue().intValue();
146         assertNotNull(req);
147         ByteArrayOutputStream bao = new ByteArrayOutputStream ();
148         DEROutputStream out = new DEROutputStream(bao);
149         out.writeObject(req);
150         byte[] ba = bao.toByteArray();
151         // Send request and receive response
152 byte[] resp = sendCmpHttp(ba);
153         assertNotNull(resp);
154         assertTrue(resp.length > 0);
155         checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, true, false);
156         checkCmpCertRepMessage(userDN, cacert, resp, reqId);
157         
158         // Send a confirm message to the CA
159 String hash = "foo123";
160         PKIMessage con = genCertConfirm(userDN, cacert, nonce, transid, hash, reqId);
161         assertNotNull(con);
162         PKIMessage confirm = protectPKIMessage(con, false, PBEPASSWORD);
163         bao = new ByteArrayOutputStream ();
164         out = new DEROutputStream(bao);
165         out.writeObject(confirm);
166         ba = bao.toByteArray();
167         // Send request and receive response
168 resp = sendCmpHttp(ba);
169         assertNotNull(resp);
170         assertTrue(resp.length > 0);
171         checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, false);
172         checkCmpPKIConfirmMessage(userDN, cacert, resp);
173     }
174     
175
176     //
177 // Private helper methods
178 //
179 private void createCmpUser() throws RemoteException , AuthorizationDeniedException, FinderException , UserDoesntFullfillEndEntityProfile, ApprovalException, WaitingForApprovalException {
180         // Make user that we know...
181 boolean userExists = false;
182         userDN = "C=SE,O=PrimeKey,CN=cmptest";
183         try {
184             usersession.addUser(admin,"cmptest","foo123",userDN,null,"cmptest@primekey.se",false,SecConst.EMPTY_ENDENTITYPROFILE,SecConst.CERTPROFILE_FIXED_ENDUSER,SecConst.USER_ENDUSER,SecConst.TOKEN_SOFT_PEM,0,caid);
185             log.debug("created user: cmptest, foo123, "+userDN);
186         } catch (RemoteException re) {
187             if (re.detail instanceof DuplicateKeyException ) {
188                 userExists = true;
189             }
190         } catch (DuplicateKeyException dke) {
191             userExists = true;
192         }
193
194         if (userExists) {
195             log.debug("User cmptest already exists.");
196             usersession.setUserStatus(admin,"cmptest",UserDataConstants.STATUS_NEW);
197             log.debug("Reset status to NEW");
198         }
199         
200     }
201
202     static byte[] bluexir = Base64.decode(("MIICIjCB1AIBAqQCMACkVjBUMQswCQYDVQQGEwJOTDEbMBkGA1UEChMSQS5FLlQu"+
203         "IEV1cm9wZSBCLlYuMRQwEgYDVQQLEwtEZXZlbG9wbWVudDESMBAGA1UEAxMJVGVz"+
204         "dCBDQSAxoT4wPAYJKoZIhvZ9B0INMC8EEAK/H7Do+55N724Kdvxm7NcwCQYFKw4D"+
205         "AhoFAAICA+gwDAYIKwYBBQUIAQIFAKILBAlzc2xjbGllbnSkEgQQpFpBsonfhnW8"+
206         "ia1otGchraUSBBAyzd3nkKAzcJqGFrDw0jkYoIIBLjCCASowggEmMIIBIAIBADCC"+
207         "ARmkJqARGA8yMDA2MDkxOTE2MTEyNlqhERgPMjAwOTA2MTUxNjExMjZapR0wGzEZ"+
208         "MBcGA1UEAwwQU29tZSBDb21tb24gTmFtZaaBoDANBgkqhkiG9w0BAQEFAAOBjgAw"+
209         "gYoCgYEAuBgTGPgXrS3AIPN6iXO6LNf5GzAcb/WZhvebXMdxdrMo9+5hw/Le5St/"+
210         "Sz4J93rxU95b2LMuHTg8U6njxC2lZarNExZTdEwnI37X6ep7lq1purq80zD9bFXj"+
211         "ougRD5MHfhDUAQC+btOgEXkanoAo8St3cbtHoYUacAXN2Zs/RVcCBAABAAGpLTAr"+
212         "BgNVHREEJDAioCAGCisGAQQBgjcUAgOgEgwQdXBuQGFldGV1cm9wZS5ubIAAoBcD"+
213         "FQAy/vSoNUevcdUxXkCQx3fvxkjh6A==").getBytes());
214
215 }
216

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags