List of usage examples for org.bouncycastle.asn1 DERBitString intValue
public int intValue()
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getKeyUsageStringValue(byte[] value) throws IOException { // @formatter:off /*/* w w w.j a v a 2s .c om*/ * KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), * keyEncipherment (2), dataEncipherment (3), keyAgreement (4), * keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } */ // @formatter:on DERBitString keyUsage = DERBitString.getInstance(ASN1Primitive.fromByteArray(value)); int keyUsages = keyUsage.intValue(); StringBuilder sb = new StringBuilder(); if (hasKeyUsage(keyUsages, KeyUsage.digitalSignature)) { sb.append(res.getString("DigitalSignatureKeyUsage")); sb.append(NEWLINE); } if (hasKeyUsage(keyUsages, KeyUsage.nonRepudiation)) { sb.append(res.getString("NonRepudiationKeyUsage")); sb.append(NEWLINE); } if (hasKeyUsage(keyUsages, KeyUsage.keyEncipherment)) { sb.append(res.getString("KeyEnciphermentKeyUsage")); sb.append(NEWLINE); } if (hasKeyUsage(keyUsages, KeyUsage.dataEncipherment)) { sb.append(res.getString("DataEnciphermentKeyUsage")); sb.append(NEWLINE); } if (hasKeyUsage(keyUsages, KeyUsage.keyAgreement)) { sb.append(res.getString("KeyAgreementKeyUsage")); sb.append(NEWLINE); } if (hasKeyUsage(keyUsages, KeyUsage.keyCertSign)) { sb.append(res.getString("KeyCertSignKeyUsage")); sb.append(NEWLINE); } if (hasKeyUsage(keyUsages, KeyUsage.cRLSign)) { sb.append(res.getString("CrlSignKeyUsage")); sb.append(NEWLINE); } if (hasKeyUsage(keyUsages, KeyUsage.encipherOnly)) { sb.append(res.getString("EncipherOnlyKeyUsage")); sb.append(NEWLINE); } if (hasKeyUsage(keyUsages, KeyUsage.decipherOnly)) { sb.append(res.getString("DecipherOnlyKeyUsage")); sb.append(NEWLINE); } return sb.toString(); }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getNetscapeCertificateTypeStringValue(byte[] value) throws IOException { // @formatter:off /*/*ww w .ja va 2s. c om*/ * NetscapeCertType ::= BIT STRING { sslClient (0), sslServer (1), smime * (2), objectSigning (3), reserved (4), sslCA (5), smimeCA (6), * objectSigningCA (7) } */ // @formatter:on StringBuilder sb = new StringBuilder(); @SuppressWarnings("resource") // we have a ByteArrayInputStream here which does not need to be closed DERBitString netscapeCertType = DERBitString.getInstance(new ASN1InputStream(value).readObject()); int netscapeCertTypes = netscapeCertType.intValue(); if (isCertType(netscapeCertTypes, NetscapeCertType.sslClient)) { sb.append(res.getString("SslClientNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.sslServer)) { sb.append(res.getString("SslServerNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.smime)) { sb.append(res.getString("SmimeNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.objectSigning)) { sb.append(res.getString("ObjectSigningNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.reserved)) { sb.append(res.getString("ReservedNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.sslCA)) { sb.append(res.getString("SslCaNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.smimeCA)) { sb.append(res.getString("SmimeCaNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.objectSigningCA)) { sb.append(res.getString("ObjectSigningCaNetscapeCertificateType")); sb.append(NEWLINE); } return sb.toString(); }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String[] getReasonFlagsStrings(ReasonFlags reasonFlags) throws IOException { // @formatter:off /*/*ww w .j a v a2 s .c o m*/ * ReasonFlags ::= BIT STRING { unused(0), keyCompromise(1), * cACompromise(2), affiliationChanged(3), superseded(4), * cessationOfOperation(5), certificateHold(6), privilegeWithdrawn(7), * aACompromise(8)} */ // @formatter:on List<String> reasonFlagsList = new ArrayList<String>(); DERBitString reasonFlagsBitString = (DERBitString) reasonFlags.toASN1Primitive(); int reasonFlagsInt = reasonFlagsBitString.intValue(); // Go through bit string adding reason flags found to be true if (hasReasonFlag(reasonFlagsInt, ReasonFlags.unused)) { reasonFlagsList.add(res.getString("UnusedReasonFlag")); } if (hasReasonFlag(reasonFlagsInt, ReasonFlags.keyCompromise)) { reasonFlagsList.add(res.getString("KeyCompromiseReasonFlag")); } if (hasReasonFlag(reasonFlagsInt, ReasonFlags.cACompromise)) { reasonFlagsList.add(res.getString("CaCompromiseReasonFlag")); } if (hasReasonFlag(reasonFlagsInt, ReasonFlags.affiliationChanged)) { reasonFlagsList.add(res.getString("AffiliationChangedReasonFlag")); } if (hasReasonFlag(reasonFlagsInt, ReasonFlags.superseded)) { reasonFlagsList.add(res.getString("SupersededReasonFlag")); } if (hasReasonFlag(reasonFlagsInt, ReasonFlags.cessationOfOperation)) { reasonFlagsList.add(res.getString("CessationOfOperationReasonFlag")); } if (hasReasonFlag(reasonFlagsInt, ReasonFlags.certificateHold)) { reasonFlagsList.add(res.getString("CertificateHoldReasonFlag")); } if (hasReasonFlag(reasonFlagsInt, ReasonFlags.privilegeWithdrawn)) { reasonFlagsList.add(res.getString("PrivilegeWithdrawnReasonFlag")); } if (hasReasonFlag(reasonFlagsInt, ReasonFlags.aACompromise)) { reasonFlagsList.add(res.getString("AaCompromiseReasonFlag")); } return reasonFlagsList.toArray(new String[reasonFlagsList.size()]); }
From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DKeyUsage.java
License:Open Source License
private void prepopulateWithValue(byte[] value) throws IOException { @SuppressWarnings("resource") // we have a ByteArrayInputStream here which does not need to be closed DERBitString keyUsage = DERBitString.getInstance(new ASN1InputStream(value).readObject()); int keyUsageValue = keyUsage.intValue(); jcbDigitalSignature.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.digitalSignature)); jcbNonRepudiation.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.nonRepudiation)); jcbKeyEncipherment.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyEncipherment)); jcbDataEncipherment.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.dataEncipherment)); jcbKeyAgreement.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyAgreement)); jcbCertificateSigning.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyCertSign)); jcbCrlSign.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.cRLSign)); jcbEncipherOnly.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.encipherOnly)); jcbDecipherOnly.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.decipherOnly)); }
From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DNetscapeCertificateType.java
License:Open Source License
private void prepopulateWithValue(byte[] value) throws IOException { @SuppressWarnings("resource") // we have a ByteArrayInputStream here which does not need to be closed DERBitString netscapeCertType = DERBitString.getInstance(new ASN1InputStream(value).readObject()); int netscapeCertTypes = netscapeCertType.intValue(); jcbSslClient.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.sslClient)); jcbSslServer.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.sslServer)); jcbSmime.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.smime)); jcbObjectSigning.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.objectSigning)); jcbReserved.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.reserved)); jcbSslCa.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.sslCA)); jcbSmimeCa.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.smimeCA)); jcbObjectSigningCa.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.objectSigningCA)); }
From source file:org.cesecore.certificates.certificate.CertificateCreateSessionBean.java
License:Open Source License
@Override public CertificateResponseMessage createCertificate(final AuthenticationToken admin, final EndEntityInformation endEntityInformation, final CA ca, final RequestMessage req, final Class<? extends ResponseMessage> responseClass, CertificateGenerationParams certGenParams, final long updateTime) throws CryptoTokenOfflineException, SignRequestSignatureException, IllegalKeyException, IllegalNameException, CustomCertificateSerialNumberException, CertificateCreateException, CertificateRevokeException, CertificateSerialNumberException, AuthorizationDeniedException, IllegalValidityException, CAOfflineException, InvalidAlgorithmException, CertificateExtensionException { if (log.isTraceEnabled()) { log.trace(">createCertificate(IRequestMessage, CA)"); }//w w w. j a va2 s . c o m CertificateResponseMessage ret = null; try { final CAToken catoken = ca.getCAToken(); final CryptoToken cryptoToken = cryptoTokenManagementSession.getCryptoToken(catoken.getCryptoTokenId()); final String alias = catoken.getAliasFromPurpose(CATokenConstants.CAKEYPURPOSE_CERTSIGN); // See if we need some key material to decrypt request if (req.requireKeyInfo()) { // You go figure...scep encrypts message with the public CA-cert req.setKeyInfo(ca.getCACertificate(), cryptoToken.getPrivateKey(alias), cryptoToken.getEncProviderName()); } // Verify the request final PublicKey reqpk; try { if (!req.verify()) { throw new SignRequestSignatureException( intres.getLocalizedMessage("createcert.popverificationfailed")); } reqpk = req.getRequestPublicKey(); if (reqpk == null) { final String msg = intres.getLocalizedMessage("createcert.nokeyinrequest"); throw new InvalidKeyException(msg); } } catch (InvalidKeyException e) { // If we get an invalid key exception here, we should throw an IllegalKeyException to the caller // The catch of InvalidKeyException in the end of this method, catches error from the CA crypto token throw new IllegalKeyException(e); } final Date notBefore = req.getRequestValidityNotBefore(); // Optionally requested validity final Date notAfter = req.getRequestValidityNotAfter(); // Optionally requested validity final Extensions exts = req.getRequestExtensions(); // Optionally requested extensions int keyusage = -1; if (exts != null) { if (log.isDebugEnabled()) { log.debug( "we have extensions, see if we can override KeyUsage by looking for a KeyUsage extension in request"); } final Extension ext = exts.getExtension(Extension.keyUsage); if (ext != null) { final ASN1OctetString os = ext.getExtnValue(); DERBitString bs; try { bs = new DERBitString(os.getEncoded()); } catch (IOException e) { throw new IllegalStateException("Unexpected IOException caught."); } keyusage = bs.intValue(); if (log.isDebugEnabled()) { log.debug("We have a key usage request extension: " + keyusage); } } } String sequence = null; byte[] ki = req.getRequestKeyInfo(); // CVC sequence is only 5 characters, don't fill with a lot of garbage here, it must be a readable string if ((ki != null) && (ki.length > 0) && (ki.length < 10)) { final String str = new String(ki); // A cvc sequence must be ascii printable, otherwise it's some binary data if (StringUtils.isAsciiPrintable(str)) { sequence = new String(ki); } } CertificateDataWrapper certWrapper = createCertificate(admin, endEntityInformation, ca, req, reqpk, keyusage, notBefore, notAfter, exts, sequence, certGenParams, updateTime); // Create the response message with all nonces and checks etc ret = ResponseMessageUtils.createResponseMessage(responseClass, req, ca.getCertificateChain(), cryptoToken.getPrivateKey(alias), cryptoToken.getEncProviderName()); ResponseStatus status = ResponseStatus.SUCCESS; FailInfo failInfo = null; String failText = null; if ((certWrapper == null) && (status == ResponseStatus.SUCCESS)) { status = ResponseStatus.FAILURE; failInfo = FailInfo.BAD_REQUEST; } else { ret.setCertificate(certWrapper.getCertificate()); ret.setCACert(ca.getCACertificate()); ret.setBase64CertData(certWrapper.getBase64CertData()); ret.setCertificateData(certWrapper.getCertificateData()); } ret.setStatus(status); if (failInfo != null) { ret.setFailInfo(failInfo); ret.setFailText(failText); } ret.create(); } catch (InvalidKeyException e) { throw new CertificateCreateException(e); } catch (NoSuchAlgorithmException e) { throw new CertificateCreateException(e); } catch (NoSuchProviderException e) { throw new CertificateCreateException(e); } catch (CertificateEncodingException e) { throw new CertificateCreateException(e); } catch (CRLException e) { throw new CertificateCreateException(e); } if (log.isTraceEnabled()) { log.trace("<createCertificate(IRequestMessage, CA)"); } return ret; }
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * Converts DERBitString ResonFlags to a RevokedCertInfo constant * //from www .ja va 2 s .co m * @param reasonFlags DERBITString received from org.bouncycastle.asn1.x509.ReasonFlags. * @return int according to org.cesecore.certificates.crl.RevokedCertInfo */ public static int bitStringToRevokedCertInfo(DERBitString reasonFlags) { int ret = RevokedCertInfo.REVOCATION_REASON_UNSPECIFIED; if (reasonFlags == null) { return ret; } int val = reasonFlags.intValue(); if (log.isDebugEnabled()) { log.debug("Int value of bitString revocation reason: " + val); } if ((val & ReasonFlags.aACompromise) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_AACOMPROMISE; } if ((val & ReasonFlags.affiliationChanged) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_AFFILIATIONCHANGED; } if ((val & ReasonFlags.cACompromise) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_CACOMPROMISE; } if ((val & ReasonFlags.certificateHold) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_CERTIFICATEHOLD; } if ((val & ReasonFlags.cessationOfOperation) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_CESSATIONOFOPERATION; } if ((val & ReasonFlags.keyCompromise) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE; } if ((val & ReasonFlags.privilegeWithdrawn) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_PRIVILEGESWITHDRAWN; } if ((val & ReasonFlags.superseded) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_SUPERSEDED; } if ((val & ReasonFlags.unused) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_UNSPECIFIED; } return ret; }
From source file:org.ejbca.core.ejb.ca.sign.RSASignSessionBean.java
License:Open Source License
@Override public IResponseMessage createCertificate(Admin admin, IRequestMessage req, Class responseClass, UserDataVO suppliedUserData) throws EjbcaException { if (log.isTraceEnabled()) { log.trace(">createCertificate(IRequestMessage)"); }// w w w . ja v a 2 s . c o m // Get CA that will receive request UserDataVO data = null; IResponseMessage ret = null; CA ca; if (suppliedUserData == null) { ca = getCAFromRequest(admin, req); } else { ca = caSession.getCA(admin, suppliedUserData.getCAId()); // Take the CAId from the supplied userdata, if any } try { CATokenContainer catoken = ca.getCAToken(); // See if we need some key material to decrypt request if (req.requireKeyInfo()) { // You go figure...scep encrypts message with the public CA-cert req.setKeyInfo(ca.getCACertificate(), catoken.getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN), catoken.getJCEProvider()); } // Verify the request if (req.verify() == false) { String msg = intres.getLocalizedMessage("signsession.popverificationfailed"); logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(), req.getUsername(), null, LogConstants.EVENT_ERROR_CREATECERTIFICATE, msg); throw new SignRequestSignatureException(msg); } if (ca.isUseUserStorage() && req.getUsername() == null) { String msg = intres.getLocalizedMessage("signsession.nouserinrequest", req.getRequestDN()); logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(), req.getUsername(), null, LogConstants.EVENT_ERROR_CREATECERTIFICATE, msg); throw new SignRequestException(msg); //ret.setFailInfo(FailInfo.BAD_REQUEST); //ret.setStatus(ResponseStatus.FAILURE); } else if (ca.isUseUserStorage() && req.getPassword() == null) { String msg = intres.getLocalizedMessage("signsession.nopasswordinrequest"); logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(), req.getUsername(), null, LogConstants.EVENT_ERROR_CREATECERTIFICATE, msg); throw new SignRequestException(msg); } else { ResponseStatus status = ResponseStatus.SUCCESS; FailInfo failInfo = null; String failText = null; Certificate cert = null; try { // If we haven't done so yet, authenticate user. (Only if we store UserData for this CA.) if (ca.isUseUserStorage()) { data = authUser(admin, req.getUsername(), req.getPassword()); } else { data = suppliedUserData; } PublicKey reqpk = req.getRequestPublicKey(); if (reqpk == null) { logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(), req.getUsername(), null, LogConstants.EVENT_ERROR_CREATECERTIFICATE, intres.getLocalizedMessage("signsession.nokeyinrequest")); throw new InvalidKeyException("Key is null!"); } // We need to make sure we use the users registered CA here if (data.getCAId() != ca.getCAId()) { failText = intres.getLocalizedMessage("signsession.wrongauthority", Integer.valueOf(ca.getCAId()), Integer.valueOf(data.getCAId())); status = ResponseStatus.FAILURE; failInfo = FailInfo.WRONG_AUTHORITY; logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(), req.getUsername(), null, LogConstants.EVENT_ERROR_CREATECERTIFICATE, failText); } if (status.equals(ResponseStatus.SUCCESS)) { Date notBefore = req.getRequestValidityNotBefore(); // Optionally requested validity Date notAfter = req.getRequestValidityNotAfter(); // Optionally requested validity X509Extensions exts = req.getRequestExtensions(); // Optionally requested extensions int keyusage = -1; if (exts != null) { if (log.isDebugEnabled()) { log.debug( "we have extensions, see if we can override KeyUsage by looking for a KeyUsage extension in request"); } X509Extension ext = exts.getExtension(X509Extensions.KeyUsage); if (ext != null) { ASN1OctetString os = ext.getValue(); ByteArrayInputStream bIs = new ByteArrayInputStream(os.getOctets()); ASN1InputStream dIs = new ASN1InputStream(bIs); DERObject dob = dIs.readObject(); DERBitString bs = DERBitString.getInstance(dob); keyusage = bs.intValue(); if (log.isDebugEnabled()) { log.debug("We have a key usage request extension: " + keyusage); } } } String sequence = null; byte[] ki = req.getRequestKeyInfo(); if ((ki != null) && (ki.length > 0)) { sequence = new String(ki); } cert = createCertificate(admin, data, req.getRequestX509Name(), ca, reqpk, keyusage, notBefore, notAfter, exts, sequence); } } catch (ObjectNotFoundException oe) { // If we didn't find the entity return error message log.error("User not found: ", oe); failText = intres.getLocalizedMessage("signsession.nosuchuser", req.getUsername()); status = ResponseStatus.FAILURE; failInfo = FailInfo.INCORRECT_DATA; logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(), req.getUsername(), null, LogConstants.EVENT_ERROR_CREATECERTIFICATE, failText); } //Create the response message with all nonces and checks etc ret = req.createResponseMessage(responseClass, req, ca.getCACertificate(), catoken.getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN), catoken.getProvider()); if ((cert == null) && (status == ResponseStatus.SUCCESS)) { status = ResponseStatus.FAILURE; failInfo = FailInfo.BAD_REQUEST; } else { ret.setCertificate(cert); } ret.setStatus(status); if (failInfo != null) { ret.setFailInfo(failInfo); ret.setFailText(failText); } } ret.create(); // Call authentication session and tell that we are finished with this user. (Only if we store UserData for this CA.) if (ca.isUseUserStorage() && data != null) { finishUser(ca, data); } } catch (NoUniqueCertSerialNumberIndexException e) { cleanUserCertDataSN(data); throw e.ejbcaException; } catch (IllegalKeyException ke) { log.error("Key is of unknown type: ", ke); throw ke; } catch (CATokenOfflineException ctoe) { String msg = intres.getLocalizedMessage("error.catokenoffline", ca.getSubjectDN()); CATokenOfflineException ex = new CATokenOfflineException(msg); ex.initCause(ctoe); throw ex; //} catch (EjbcaException e) { // throw e; } catch (NoSuchProviderException e) { log.error("NoSuchProvider provider: ", e); } catch (InvalidKeyException e) { log.error("Invalid key in request: ", e); } catch (NoSuchAlgorithmException e) { log.error("No such algorithm: ", e); } catch (IOException e) { log.error("Cannot create response message: ", e); } if (log.isTraceEnabled()) { log.trace("<createCertificate(IRequestMessage)"); } return ret; }
From source file:org.ejbca.core.protocol.cmp.CmpTestCase.java
License:Open Source License
protected static void checkCmpPKIErrorMessage(byte[] retMsg, String sender, X500Name recipient, int errorCode, String errorMsg) throws IOException { //// ww w.j a v a2 s. c o m // Parse response message // PKIMessage respObject = null; ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(retMsg)); try { respObject = PKIMessage.getInstance(asn1InputStream.readObject()); } finally { asn1InputStream.close(); } assertNotNull(respObject); PKIHeader header = respObject.getHeader(); assertEquals(header.getSender().getTagNo(), 4); { final X500Name name = X500Name.getInstance(header.getSender().getName()); assertEquals(name.toString(), sender); } { final X500Name name = X500Name.getInstance(header.getRecipient().getName()); assertArrayEquals(name.getEncoded(), recipient.getEncoded()); } PKIBody body = respObject.getBody(); int tag = body.getType(); assertEquals(tag, 23); ErrorMsgContent n = (ErrorMsgContent) body.getContent(); assertNotNull(n); PKIStatusInfo info = n.getPKIStatusInfo(); assertNotNull(info); BigInteger i = info.getStatus(); assertEquals(i.intValue(), 2); DERBitString b = info.getFailInfo(); assertEquals("Return wrong error code.", errorCode, b.intValue()); if (errorMsg != null) { PKIFreeText freeText = info.getStatusString(); DERUTF8String utf = freeText.getStringAt(0); assertEquals(errorMsg, utf.getString()); } }