1 13 14 package se.anatom.ejbca.protocol.cmp; 15 16 import java.io.ByteArrayOutputStream ; 17 import java.rmi.RemoteException ; 18 import java.security.KeyPair ; 19 import java.security.cert.CertificateEncodingException ; 20 import java.security.cert.CertificateException ; 21 import java.security.cert.X509Certificate ; 22 import java.util.Collection ; 23 import java.util.Iterator ; 24 25 import javax.ejb.CreateException ; 26 import javax.ejb.DuplicateKeyException ; 27 import javax.ejb.FinderException ; 28 import javax.naming.Context ; 29 import javax.naming.NamingException ; 30 31 import org.apache.commons.lang.StringUtils; 32 import org.apache.log4j.Logger; 33 import org.bouncycastle.asn1.DEROutputStream; 34 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionHome; 35 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionRemote; 36 import org.ejbca.core.ejb.ra.IUserAdminSessionHome; 37 import org.ejbca.core.ejb.ra.IUserAdminSessionRemote; 38 import org.ejbca.core.model.SecConst; 39 import org.ejbca.core.model.approval.ApprovalException; 40 import org.ejbca.core.model.approval.WaitingForApprovalException; 41 import org.ejbca.core.model.authorization.AuthorizationDeniedException; 42 import org.ejbca.core.model.ca.caadmin.CAInfo; 43 import org.ejbca.core.model.ca.catoken.CATokenConstants; 44 import org.ejbca.core.model.log.Admin; 45 import org.ejbca.core.model.ra.UserDataConstants; 46 import org.ejbca.core.model.ra.raadmin.UserDoesntFullfillEndEntityProfile; 47 import org.ejbca.core.protocol.cmp.CmpMessageHelper; 48 import org.ejbca.util.Base64; 49 import org.ejbca.util.CertTools; 50 import org.ejbca.util.KeyTools; 51 52 import com.novosec.pkix.asn1.cmp.PKIMessage; 53 54 60 public class CrmfRARequestTest extends CmpTestCase { 61 62 private static Logger log = Logger.getLogger(CrmfRARequestTest.class); 63 64 private static final String PBEPASSWORD = "password"; 65 66 private static String userDN = "CN=tomas1,UID=tomas2,O=PrimeKey Solutions AB,C=SE"; 67 private static String issuerDN = "CN=AdminCA1,O=EJBCA Sample,C=SE"; 68 private KeyPair keys = null; 69 70 private static IUserAdminSessionRemote usersession; 71 private static int caid = 0; 72 private static Admin admin; 73 private static X509Certificate cacert = null; 74 75 public CrmfRARequestTest(String arg0) throws NamingException , RemoteException , CreateException , CertificateEncodingException , CertificateException { 76 super(arg0); 77 admin = new Admin(Admin.TYPE_BATCHCOMMANDLINE_USER); 78 CertTools.installBCProvider(); 79 Context ctx = getInitialContext(); 80 Object obj = ctx.lookup("CAAdminSession"); 81 ICAAdminSessionHome cahome = (ICAAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, ICAAdminSessionHome.class); 82 ICAAdminSessionRemote casession = cahome.create(); 83 CAInfo adminca1 = casession.getCAInfo(admin, "AdminCA1"); 85 if (adminca1 == null) { 86 Collection caids = casession.getAvailableCAs(admin); 87 Iterator iter = caids.iterator(); 88 while (iter.hasNext()) { 89 caid = ((Integer ) iter.next()).intValue(); 90 } 91 } else { 92 caid = adminca1.getCAId(); 93 } 94 if (caid == 0) { 95 assertTrue("No active CA! Must have at least one active CA to run tests!", false); 96 } 97 CAInfo cainfo = casession.getCAInfo(admin, caid); 98 Collection certs = cainfo.getCertificateChain(); 99 if (certs.size() > 0) { 100 Iterator certiter = certs.iterator(); 101 X509Certificate cert = (X509Certificate ) certiter.next(); 102 String subject = CertTools.getSubjectDN(cert); 103 if (StringUtils.equals(subject, cainfo.getSubjectDN())) { 104 cacert = CertTools.getCertfromByteArray(cert.getEncoded()); 106 } 107 } else { 108 log.error("NO CACERT for caid " + caid); 109 } 110 obj = ctx.lookup("UserAdminSession"); 111 IUserAdminSessionHome userhome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, IUserAdminSessionHome.class); 112 usersession = userhome.create(); 113 114 issuerDN = cacert.getIssuerDN().getName(); 115 } 116 117 private Context getInitialContext() throws NamingException { 118 log.debug(">getInitialContext"); 119 Context ctx = new javax.naming.InitialContext (); 120 log.debug("<getInitialContext"); 121 return ctx; 122 } 123 protected void setUp() throws Exception { 124 super.setUp(); 125 if (keys == null) { 126 keys = KeyTools.genKeys("512", CATokenConstants.KEYALGORITHM_RSA); 127 } 128 } 129 130 protected void tearDown() throws Exception { 131 super.tearDown(); 132 } 133 134 public void test01CrmfHttpOkUser() throws Exception { 135 136 createCmpUser(); 138 139 byte[] nonce = CmpMessageHelper.createSenderNonce(); 140 byte[] transid = CmpMessageHelper.createSenderNonce(); 141 142 PKIMessage one = genCertReq(issuerDN, userDN, keys, cacert, nonce, transid, true); 143 PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD); 144 145 int reqId = req.getBody().getIr().getCertReqMsg(0).getCertReq().getCertReqId().getValue().intValue(); 146 assertNotNull(req); 147 ByteArrayOutputStream bao = new ByteArrayOutputStream (); 148 DEROutputStream out = new DEROutputStream(bao); 149 out.writeObject(req); 150 byte[] ba = bao.toByteArray(); 151 byte[] resp = sendCmpHttp(ba); 153 assertNotNull(resp); 154 assertTrue(resp.length > 0); 155 checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, true, false); 156 checkCmpCertRepMessage(userDN, cacert, resp, reqId); 157 158 String hash = "foo123"; 160 PKIMessage con = genCertConfirm(userDN, cacert, nonce, transid, hash, reqId); 161 assertNotNull(con); 162 PKIMessage confirm = protectPKIMessage(con, false, PBEPASSWORD); 163 bao = new ByteArrayOutputStream (); 164 out = new DEROutputStream(bao); 165 out.writeObject(confirm); 166 ba = bao.toByteArray(); 167 resp = sendCmpHttp(ba); 169 assertNotNull(resp); 170 assertTrue(resp.length > 0); 171 checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, false); 172 checkCmpPKIConfirmMessage(userDN, cacert, resp); 173 } 174 175 176 private void createCmpUser() throws RemoteException , AuthorizationDeniedException, FinderException , UserDoesntFullfillEndEntityProfile, ApprovalException, WaitingForApprovalException { 180 boolean userExists = false; 182 userDN = "C=SE,O=PrimeKey,CN=cmptest"; 183 try { 184 usersession.addUser(admin,"cmptest","foo123",userDN,null,"cmptest@primekey.se",false,SecConst.EMPTY_ENDENTITYPROFILE,SecConst.CERTPROFILE_FIXED_ENDUSER,SecConst.USER_ENDUSER,SecConst.TOKEN_SOFT_PEM,0,caid); 185 log.debug("created user: cmptest, foo123, "+userDN); 186 } catch (RemoteException re) { 187 if (re.detail instanceof DuplicateKeyException ) { 188 userExists = true; 189 } 190 } catch (DuplicateKeyException dke) { 191 userExists = true; 192 } 193 194 if (userExists) { 195 log.debug("User cmptest already exists."); 196 usersession.setUserStatus(admin,"cmptest",UserDataConstants.STATUS_NEW); 197 log.debug("Reset status to NEW"); 198 } 199 200 } 201 202 static byte[] bluexir = Base64.decode(("MIICIjCB1AIBAqQCMACkVjBUMQswCQYDVQQGEwJOTDEbMBkGA1UEChMSQS5FLlQu"+ 203 "IEV1cm9wZSBCLlYuMRQwEgYDVQQLEwtEZXZlbG9wbWVudDESMBAGA1UEAxMJVGVz"+ 204 "dCBDQSAxoT4wPAYJKoZIhvZ9B0INMC8EEAK/H7Do+55N724Kdvxm7NcwCQYFKw4D"+ 205 "AhoFAAICA+gwDAYIKwYBBQUIAQIFAKILBAlzc2xjbGllbnSkEgQQpFpBsonfhnW8"+ 206 "ia1otGchraUSBBAyzd3nkKAzcJqGFrDw0jkYoIIBLjCCASowggEmMIIBIAIBADCC"+ 207 "ARmkJqARGA8yMDA2MDkxOTE2MTEyNlqhERgPMjAwOTA2MTUxNjExMjZapR0wGzEZ"+ 208 "MBcGA1UEAwwQU29tZSBDb21tb24gTmFtZaaBoDANBgkqhkiG9w0BAQEFAAOBjgAw"+ 209 "gYoCgYEAuBgTGPgXrS3AIPN6iXO6LNf5GzAcb/WZhvebXMdxdrMo9+5hw/Le5St/"+ 210 "Sz4J93rxU95b2LMuHTg8U6njxC2lZarNExZTdEwnI37X6ep7lq1purq80zD9bFXj"+ 211 "ougRD5MHfhDUAQC+btOgEXkanoAo8St3cbtHoYUacAXN2Zs/RVcCBAABAAGpLTAr"+ 212 "BgNVHREEJDAioCAGCisGAQQBgjcUAgOgEgwQdXBuQGFldGV1cm9wZS5ubIAAoBcD"+ 213 "FQAy/vSoNUevcdUxXkCQx3fvxkjh6A==").getBytes()); 214 215 } 216 | Popular Tags |