Java > Open Source Codes > se > anatom > ejbca > protocol > cmp > CrmfRATcpRequestTest


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13
14 package se.anatom.ejbca.protocol.cmp;
15
16 import java.io.ByteArrayInputStream ;
17 import java.io.ByteArrayOutputStream ;
18 import java.rmi.RemoteException ;
19 import java.security.KeyPair ;
20 import java.security.cert.CertificateEncodingException ;
21 import java.security.cert.CertificateException ;
22 import java.security.cert.X509Certificate ;
23 import java.util.Collection ;
24 import java.util.Iterator ;
25
26 import javax.ejb.CreateException ;
27 import javax.ejb.DuplicateKeyException ;
28 import javax.ejb.FinderException ;
29 import javax.naming.Context ;
30 import javax.naming.NamingException ;
31
32 import org.apache.commons.lang.StringUtils;
33 import org.apache.log4j.Logger;
34 import org.bouncycastle.asn1.ASN1InputStream;
35 import org.bouncycastle.asn1.DEROutputStream;
36 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionHome;
37 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionRemote;
38 import org.ejbca.core.ejb.ra.IUserAdminSessionHome;
39 import org.ejbca.core.ejb.ra.IUserAdminSessionRemote;
40 import org.ejbca.core.model.SecConst;
41 import org.ejbca.core.model.approval.ApprovalException;
42 import org.ejbca.core.model.approval.WaitingForApprovalException;
43 import org.ejbca.core.model.authorization.AuthorizationDeniedException;
44 import org.ejbca.core.model.ca.caadmin.CAInfo;
45 import org.ejbca.core.model.ca.catoken.CATokenConstants;
46 import org.ejbca.core.model.log.Admin;
47 import org.ejbca.core.model.ra.UserDataConstants;
48 import org.ejbca.core.model.ra.raadmin.UserDoesntFullfillEndEntityProfile;
49 import org.ejbca.core.protocol.cmp.CmpMessageHelper;
50 import org.ejbca.util.Base64;
51 import org.ejbca.util.CertTools;
52 import org.ejbca.util.KeyTools;
53
54 import com.novosec.pkix.asn1.cmp.PKIMessage;
55
56 /**
57  * requires setup of the CMP with a tcp listener on port 5547
58  * mode=ra, responseProtection=signature, authenticationsecret=password, allowraverifypopo=true.
59  * @author tomas
60  * @version $Id: CrmfRATcpRequestTest.java,v 1.7 2007/01/16 12:40:46 anatom Exp $
61  */
62 public class CrmfRATcpRequestTest extends CmpTestCase {
63     
64     private static Logger log = Logger.getLogger(CrmfRATcpRequestTest.class);
65
66     private static final String PBEPASSWORD = "password";
67     
68     private static String userDN = "CN=tomas1,UID=tomas2,O=PrimeKey Solutions AB,C=SE";
69     private static String issuerDN = "CN=AdminCA1,O=EJBCA Sample,C=SE";
70     private KeyPair keys = null;
71
72     private static IUserAdminSessionRemote usersession;
73     private static int caid = 0;
74     private static Admin admin;
75     private static X509Certificate cacert = null;
76
77     public CrmfRATcpRequestTest(String arg0) throws NamingException , RemoteException , CreateException , CertificateEncodingException , CertificateException {
78         super(arg0);
79         admin = new Admin(Admin.TYPE_BATCHCOMMANDLINE_USER);
80         CertTools.installBCProvider();
81         Context ctx = getInitialContext();
82         Object obj = ctx.lookup("CAAdminSession");
83         ICAAdminSessionHome cahome = (ICAAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, ICAAdminSessionHome.class);
84         ICAAdminSessionRemote casession = cahome.create();
85         // Try to use AdminCA1 if it exists
86 CAInfo adminca1 = casession.getCAInfo(admin, "AdminCA1");
87         if (adminca1 == null) {
88             Collection caids = casession.getAvailableCAs(admin);
89             Iterator iter = caids.iterator();
90             while (iter.hasNext()) {
91                 caid = ((Integer ) iter.next()).intValue();
92             }
93         } else {
94             caid = adminca1.getCAId();
95         }
96         if (caid == 0) {
97             assertTrue("No active CA! Must have at least one active CA to run tests!", false);
98         }
99         CAInfo cainfo = casession.getCAInfo(admin, caid);
100         Collection certs = cainfo.getCertificateChain();
101         if (certs.size() > 0) {
102             Iterator certiter = certs.iterator();
103             X509Certificate cert = (X509Certificate ) certiter.next();
104             String subject = CertTools.getSubjectDN(cert);
105             if (StringUtils.equals(subject, cainfo.getSubjectDN())) {
106                 // Make sure we have a BC certificate
107 cacert = CertTools.getCertfromByteArray(cert.getEncoded());
108             }
109         } else {
110             log.error("NO CACERT for caid " + caid);
111         }
112         obj = ctx.lookup("UserAdminSession");
113         IUserAdminSessionHome userhome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, IUserAdminSessionHome.class);
114         usersession = userhome.create();
115         
116         issuerDN = cacert.getIssuerDN().getName();
117     }
118     
119     private Context getInitialContext() throws NamingException {
120         log.debug(">getInitialContext");
121         Context ctx = new javax.naming.InitialContext ();
122         log.debug("<getInitialContext");
123         return ctx;
124     }
125     protected void setUp() throws Exception {
126         super.setUp();
127         if (keys == null) {
128             keys = KeyTools.genKeys("512", CATokenConstants.KEYALGORITHM_RSA);
129         }
130     }
131     
132     protected void tearDown() throws Exception {
133         super.tearDown();
134     }
135
136     public void test01CrmfHttpUnknowUser() throws Exception {
137         // A name that does not exis
138 userDN = "CN=abc123rry5774466, O=PrimeKey Solutions AB, C=SE";
139
140         byte[] nonce = CmpMessageHelper.createSenderNonce();
141         byte[] transid = CmpMessageHelper.createSenderNonce();
142         
143         PKIMessage one = genCertReq(issuerDN, userDN, keys, cacert, nonce, transid, true);
144         PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD);
145         int reqId = req.getBody().getIr().getCertReqMsg(0).getCertReq().getCertReqId().getValue().intValue();
146         assertNotNull(req);
147         ByteArrayOutputStream bao = new ByteArrayOutputStream ();
148         DEROutputStream out = new DEROutputStream(bao);
149         out.writeObject(req);
150         byte[] ba = bao.toByteArray();
151         // Send request and receive response
152 byte[] resp = sendCmpTcp(ba, 5);
153         assertNotNull(resp);
154         assertTrue(resp.length > 0);
155         checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, true, false);
156         checkCmpCertRepMessage(userDN, cacert, resp, reqId);
157     }
158     
159     
160     public void test02CrmfHttpOkUser() throws Exception {
161
162         // Create a new good user
163 createCmpUser();
164
165         byte[] nonce = CmpMessageHelper.createSenderNonce();
166         byte[] transid = CmpMessageHelper.createSenderNonce();
167         
168         PKIMessage one = genCertReq(issuerDN, userDN, keys, cacert, nonce, transid, true);
169         PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD);
170
171         int reqId = req.getBody().getIr().getCertReqMsg(0).getCertReq().getCertReqId().getValue().intValue();
172         assertNotNull(req);
173         ByteArrayOutputStream bao = new ByteArrayOutputStream ();
174         DEROutputStream out = new DEROutputStream(bao);
175         out.writeObject(req);
176         byte[] ba = bao.toByteArray();
177         // Send request and receive response
178 byte[] resp = sendCmpTcp(ba, 5);
179         assertNotNull(resp);
180         assertTrue(resp.length > 0);
181         checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, true, false);
182         checkCmpCertRepMessage(userDN, cacert, resp, reqId);
183         
184         // Send a confirm message to the CA
185 String hash = "foo123";
186         PKIMessage confirm = genCertConfirm(userDN, cacert, nonce, transid, hash, reqId);
187         assertNotNull(confirm);
188         bao = new ByteArrayOutputStream ();
189         out = new DEROutputStream(bao);
190         out.writeObject(confirm);
191         ba = bao.toByteArray();
192         // Send request and receive response
193 resp = sendCmpTcp(ba, 5);
194         assertNotNull(resp);
195         assertTrue(resp.length > 0);
196         checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, false);
197         checkCmpPKIConfirmMessage(userDN, cacert, resp);
198     }
199     
200     public void test03BlueXCrmf() throws Exception {
201         PKIMessage req = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream (bluexir)).readObject());
202         byte[] resp = sendCmpTcp(bluexir, 5);
203         userDN="CN=Some Common Name"; // we know what it is in this request...
204 assertNotNull(resp);
205         byte[] senderNonce = req.getHeader().getSenderNonce().getOctets();
206         byte[] transId = req.getHeader().getTransactionID().getOctets();
207         int reqId = req.getBody().getIr().getCertReqMsg(0).getCertReq().getCertReqId().getValue().intValue();
208         checkCmpResponseGeneral(resp, issuerDN, "CN=Some Common Name", cacert, senderNonce, transId, true, false);
209         checkCmpCertRepMessage(userDN, cacert, resp, reqId);
210     }
211     
212     public void test04CrmfUnuahtenticated() throws Exception {
213
214         byte[] nonce = CmpMessageHelper.createSenderNonce();
215         byte[] transid = CmpMessageHelper.createSenderNonce();
216         
217         PKIMessage req = genCertReq(issuerDN, userDN, keys, cacert, nonce, transid, true);
218
219         assertNotNull(req);
220         ByteArrayOutputStream bao = new ByteArrayOutputStream ();
221         DEROutputStream out = new DEROutputStream(bao);
222         out.writeObject(req);
223         byte[] ba = bao.toByteArray();
224         // Send request and receive response
225 byte[] resp = sendCmpTcp(ba, 5);
226         assertNotNull(resp);
227         assertTrue(resp.length > 0);
228         checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, false);
229         checkCmpPKIErrorMessage(resp, issuerDN, userDN, 2, "Received an unathenticated message in RA mode.");
230     }
231
232     public void test05CrmfUnknownProtection() throws Exception {
233
234         byte[] nonce = CmpMessageHelper.createSenderNonce();
235         byte[] transid = CmpMessageHelper.createSenderNonce();
236         
237         PKIMessage one = genCertReq(issuerDN, userDN, keys, cacert, nonce, transid, true);
238         PKIMessage req = protectPKIMessage(one, true, PBEPASSWORD);
239
240         assertNotNull(req);
241         ByteArrayOutputStream bao = new ByteArrayOutputStream ();
242         DEROutputStream out = new DEROutputStream(bao);
243         out.writeObject(req);
244         byte[] ba = bao.toByteArray();
245         // Send request and receive response
246 byte[] resp = sendCmpTcp(ba, 5);
247         assertNotNull(resp);
248         assertTrue(resp.length > 0);
249         checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, false);
250         checkCmpPKIErrorMessage(resp, issuerDN, userDN, 2, "Received CMP message with unknown protection alg: 1.2.840.113533.7.66.13.7.");
251     }
252
253     
254     //
255 // Private helper methods
256 //
257 private void createCmpUser() throws RemoteException , AuthorizationDeniedException, FinderException , UserDoesntFullfillEndEntityProfile, ApprovalException, WaitingForApprovalException {
258         // Make user that we know...
259 boolean userExists = false;
260         userDN = "C=SE,O=PrimeKey,CN=cmptest";
261         try {
262             usersession.addUser(admin,"cmptest","foo123",userDN,null,"cmptest@primekey.se",false,SecConst.EMPTY_ENDENTITYPROFILE,SecConst.CERTPROFILE_FIXED_ENDUSER,SecConst.USER_ENDUSER,SecConst.TOKEN_SOFT_PEM,0,caid);
263             log.debug("created user: cmptest, foo123, "+userDN);
264         } catch (RemoteException re) {
265             if (re.detail instanceof DuplicateKeyException ) {
266                 userExists = true;
267             }
268         } catch (DuplicateKeyException dke) {
269             userExists = true;
270         }
271
272         if (userExists) {
273             log.debug("User cmptest already exists.");
274             usersession.setUserStatus(admin,"cmptest",UserDataConstants.STATUS_NEW);
275             log.debug("Reset status to NEW");
276         }
277         
278     }
279
280     static byte[] bluexir = Base64.decode(("MIICIjCB1AIBAqQCMACkVjBUMQswCQYDVQQGEwJOTDEbMBkGA1UEChMSQS5FLlQu"+
281         "IEV1cm9wZSBCLlYuMRQwEgYDVQQLEwtEZXZlbG9wbWVudDESMBAGA1UEAxMJVGVz"+
282         "dCBDQSAxoT4wPAYJKoZIhvZ9B0INMC8EEAK/H7Do+55N724Kdvxm7NcwCQYFKw4D"+
283         "AhoFAAICA+gwDAYIKwYBBQUIAQIFAKILBAlzc2xjbGllbnSkEgQQpFpBsonfhnW8"+
284         "ia1otGchraUSBBAyzd3nkKAzcJqGFrDw0jkYoIIBLjCCASowggEmMIIBIAIBADCC"+
285         "ARmkJqARGA8yMDA2MDkxOTE2MTEyNlqhERgPMjAwOTA2MTUxNjExMjZapR0wGzEZ"+
286         "MBcGA1UEAwwQU29tZSBDb21tb24gTmFtZaaBoDANBgkqhkiG9w0BAQEFAAOBjgAw"+
287         "gYoCgYEAuBgTGPgXrS3AIPN6iXO6LNf5GzAcb/WZhvebXMdxdrMo9+5hw/Le5St/"+
288         "Sz4J93rxU95b2LMuHTg8U6njxC2lZarNExZTdEwnI37X6ep7lq1purq80zD9bFXj"+
289         "ougRD5MHfhDUAQC+btOgEXkanoAo8St3cbtHoYUacAXN2Zs/RVcCBAABAAGpLTAr"+
290         "BgNVHREEJDAioCAGCisGAQQBgjcUAgOgEgwQdXBuQGFldGV1cm9wZS5ubIAAoBcD"+
291         "FQAy/vSoNUevcdUxXkCQx3fvxkjh6A==").getBytes());
292
293 }
294

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags