Example usage for org.bouncycastle.asn1.icao ICAOObjectIdentifiers id_icao_extensions_namechangekeyrollover

List of usage examples for org.bouncycastle.asn1.icao ICAOObjectIdentifiers id_icao_extensions_namechangekeyrollover

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.icao ICAOObjectIdentifiers id_icao_extensions_namechangekeyrollover.

Prototype

ASN1ObjectIdentifier id_icao_extensions_namechangekeyrollover

To view the source code for org.bouncycastle.asn1.icao ICAOObjectIdentifiers id_icao_extensions_namechangekeyrollover.

Click Source Link

Document

2.23.136.1.1.6.1

Usage

From source file:org.ejbca.core.ejb.ca.caadmin.RenewCANewSubjectDNTest.java

License:Open Source License

@Test
public void testRenewNewSubjectDNNewKeys() throws Exception {
    log.trace(">testRenewNewSubjectDNNewKeys()");
    X509CAInfo info = (X509CAInfo) caSession.getCAInfo(internalAdmin, "TEST");
    X509Certificate orgcert = (X509Certificate) info.getCertificateChain().iterator().next();
    byte[] orgkey = orgcert.getPublicKey().getEncoded();

    caAdminSession.renewCANewSubjectDn(internalAdmin, info.getCAId(), /*regenerateKeys=*/true,
            /*customNotBefore=*/null, /*createLinkCertificates=*/true, newSubjectDN);
    X509CAInfo newinfo2 = (X509CAInfo) caSession.getCAInfo(internalAdmin, newCAName);
    assertTrue("CA Info NameChanged field is not true after CA name-change renewal with same keys",
            newinfo2.getNameChanged());//from w  ww.  j  a  va 2s.c  om
    X509Certificate newcertnewkeys = (X509Certificate) newinfo2.getCertificateChain().iterator().next();
    assertFalse("Serial number hasn't changed for CA certificate after CA name-change renewal with new keys",
            orgcert.getSerialNumber().equals(newcertnewkeys.getSerialNumber()));
    assertFalse("Subject DN hasn't changed for CA certificate after CA name-change renewal with new keys",
            CertTools.getSubjectDN(orgcert).equals(CertTools.getSubjectDN(newcertnewkeys)));
    assertFalse("Issuer DN hasn't changed for CA certificate after CA name-change renewal with new keys",
            CertTools.getIssuerDN(orgcert).equals(CertTools.getIssuerDN(newcertnewkeys)));
    assertFalse("AKI DN hasn't changed for CA certificate after CA name-change renewal with new keys",
            Arrays.equals(CertTools.getAuthorityKeyId(newcertnewkeys), CertTools.getAuthorityKeyId(orgcert)));
    assertFalse("SKI DN hasn't changed for CA certificate after CA name-change renewal with new keys",
            Arrays.equals(CertTools.getSubjectKeyId(newcertnewkeys), CertTools.getSubjectKeyId(orgcert)));
    byte[] newkey = newcertnewkeys.getPublicKey().getEncoded();
    assertFalse("Public Key hasn't changed for CA certificate after CA name-change renewal with new keys",
            Arrays.equals(orgkey, newkey));

    //Link certificate checks
    byte[] latestLinkCertificateRaw = caAdminSession.getLatestLinkCertificate(newinfo2.getCAId());
    assertTrue("There is no available link certificate after CA name-change renewal with new keys",
            latestLinkCertificateRaw != null);
    @SuppressWarnings("deprecation")
    X509Certificate latestLinkCertificate = (X509Certificate) CertTools
            .getCertfromByteArray(latestLinkCertificateRaw);
    assertFalse(
            "Issuer DN and Subject DN are equal of CA link certificate after CA name-change renewal with new keys",
            CertTools.getIssuerDN(latestLinkCertificate).equals(CertTools.getSubjectDN(latestLinkCertificate)));
    assertTrue(
            "Issuer DN of CA link certificate is not equal to Subject DN of old CA certificate after CA name-change renewal with new keys",
            CertTools.getIssuerDN(latestLinkCertificate).equals(CertTools.getSubjectDN(orgcert)));
    assertTrue(
            "Subject DN of CA link certificate is not equal to Subject DN of new CA certificate after CA name-change renewal with new keys",
            CertTools.getSubjectDN(latestLinkCertificate).equals(CertTools.getSubjectDN(newcertnewkeys)));
    assertTrue(
            "AKI of CA link certificate is not equal to SKI of old CA certificate after CA name-change renewal with new keys",
            Arrays.equals(CertTools.getAuthorityKeyId(latestLinkCertificate),
                    CertTools.getSubjectKeyId(orgcert)));
    assertTrue(
            "SKI of CA link certificate is not equal to SKI of new CA certificate after CA name-change renewal with new keys",
            Arrays.equals(CertTools.getSubjectKeyId(latestLinkCertificate),
                    CertTools.getSubjectKeyId(newcertnewkeys)));
    assertTrue("Link certificate doesn't have Name Change extension after CA name-change renewal with new keys",
            latestLinkCertificate.getExtensionValue(
                    ICAOObjectIdentifiers.id_icao_extensions_namechangekeyrollover.getId()) != null);
    log.trace("<testRenewNewSubjectDNNewKeys()");
}

From source file:org.ejbca.core.ejb.ca.caadmin.RenewCANewSubjectDNTest.java

License:Open Source License

@Test
public void testRenewNewSubjectDNSameKeys() throws Exception {
    log.trace(">testRenewNewSubjectDNSameKeys()");
    X509CAInfo info = (X509CAInfo) caSession.getCAInfo(internalAdmin, "TEST");
    X509Certificate orgcert = (X509Certificate) info.getCertificateChain().iterator().next();
    byte[] orgkey = orgcert.getPublicKey().getEncoded();

    caAdminSession.renewCANewSubjectDn(internalAdmin, info.getCAId(), /*regenerateKeys=*/false,
            /*customNotBefore=*/null, /*createLinkCertificates=*/true, newSubjectDN);
    X509CAInfo newinfo2 = (X509CAInfo) caSession.getCAInfo(internalAdmin, newCAName);
    assertTrue("CA Info NameChanged field is not true after CA name-change renewal with same keys",
            newinfo2.getNameChanged());//from w w  w  .  j a v a2  s.c  o  m
    X509Certificate newcertsamekeys = (X509Certificate) newinfo2.getCertificateChain().iterator().next();
    assertFalse("Serial number hasn't changed for CA certificate after CA name-change renewal with same keys",
            orgcert.getSerialNumber().equals(newcertsamekeys.getSerialNumber()));
    assertFalse("Subject DN hasn't changed for CA certificate after CA name-change renewal with same keys",
            CertTools.getSubjectDN(orgcert).equals(CertTools.getSubjectDN(newcertsamekeys)));
    assertFalse("Issuer DN hasn't changed for CA certificate after CA name-change renewal with same keys",
            CertTools.getIssuerDN(orgcert).equals(CertTools.getIssuerDN(newcertsamekeys)));
    assertTrue("AKI DN has changed for CA certificate after CA name-change renewal with same keys",
            Arrays.equals(CertTools.getAuthorityKeyId(newcertsamekeys), CertTools.getAuthorityKeyId(orgcert)));
    assertTrue("SKI DN has changed for CA certificate after CA name-change renewal with same keys",
            Arrays.equals(CertTools.getSubjectKeyId(newcertsamekeys), CertTools.getSubjectKeyId(orgcert)));
    byte[] newkey = newcertsamekeys.getPublicKey().getEncoded();
    assertTrue("Public Key has changed for CA certificate after CA name-change renewal with same keys",
            Arrays.equals(orgkey, newkey));

    //Link certificate checks
    byte[] latestLinkCertificateRaw = caAdminSession.getLatestLinkCertificate(newinfo2.getCAId());
    assertTrue("There is no available link certificate after CA name-change renewal with same keys",
            latestLinkCertificateRaw != null);
    @SuppressWarnings("deprecation")
    X509Certificate latestLinkCertificate = (X509Certificate) CertTools
            .getCertfromByteArray(latestLinkCertificateRaw);
    assertFalse(
            "Issuer DN and Subject DN are equal of CA link certificate after CA name-change renewal with same keys",
            CertTools.getIssuerDN(latestLinkCertificate).equals(CertTools.getSubjectDN(latestLinkCertificate)));
    assertTrue(
            "Issuer DN of CA link certificate is not equal to Subject DN of old CA certificate after CA name-change renewal with same keys",
            CertTools.getIssuerDN(latestLinkCertificate).equals(CertTools.getSubjectDN(orgcert)));
    assertTrue(
            "Subject DN of CA link certificate is not equal to Subject DN of new CA certificate after CA name-change renewal with same keys",
            CertTools.getSubjectDN(latestLinkCertificate).equals(CertTools.getSubjectDN(newcertsamekeys)));
    assertTrue(
            "AKI of CA link certificate is not equal to SKI of old CA certificate after CA name-change renewal with same keys",
            Arrays.equals(CertTools.getAuthorityKeyId(latestLinkCertificate),
                    CertTools.getSubjectKeyId(orgcert)));
    assertTrue(
            "SKI of CA link certificate is not equal to SKI of new CA certificate after CA name-change renewal with same keys",
            Arrays.equals(CertTools.getSubjectKeyId(latestLinkCertificate),
                    CertTools.getSubjectKeyId(newcertsamekeys)));
    assertTrue(
            "Link certificate doesn't have Name Change extension after CA name-change renewal with same keys",
            latestLinkCertificate.getExtensionValue(
                    ICAOObjectIdentifiers.id_icao_extensions_namechangekeyrollover.getId()) != null);
    log.trace("<testRenewNewSubjectDNSameKeys()");
}