List of usage examples for org.bouncycastle.asn1.icao ICAOObjectIdentifiers id_icao_extensions_namechangekeyrollover
ASN1ObjectIdentifier id_icao_extensions_namechangekeyrollover
To view the source code for org.bouncycastle.asn1.icao ICAOObjectIdentifiers id_icao_extensions_namechangekeyrollover.
Click Source Link
From source file:org.ejbca.core.ejb.ca.caadmin.RenewCANewSubjectDNTest.java
License:Open Source License
@Test public void testRenewNewSubjectDNNewKeys() throws Exception { log.trace(">testRenewNewSubjectDNNewKeys()"); X509CAInfo info = (X509CAInfo) caSession.getCAInfo(internalAdmin, "TEST"); X509Certificate orgcert = (X509Certificate) info.getCertificateChain().iterator().next(); byte[] orgkey = orgcert.getPublicKey().getEncoded(); caAdminSession.renewCANewSubjectDn(internalAdmin, info.getCAId(), /*regenerateKeys=*/true, /*customNotBefore=*/null, /*createLinkCertificates=*/true, newSubjectDN); X509CAInfo newinfo2 = (X509CAInfo) caSession.getCAInfo(internalAdmin, newCAName); assertTrue("CA Info NameChanged field is not true after CA name-change renewal with same keys", newinfo2.getNameChanged());//from w ww. j a va 2s.c om X509Certificate newcertnewkeys = (X509Certificate) newinfo2.getCertificateChain().iterator().next(); assertFalse("Serial number hasn't changed for CA certificate after CA name-change renewal with new keys", orgcert.getSerialNumber().equals(newcertnewkeys.getSerialNumber())); assertFalse("Subject DN hasn't changed for CA certificate after CA name-change renewal with new keys", CertTools.getSubjectDN(orgcert).equals(CertTools.getSubjectDN(newcertnewkeys))); assertFalse("Issuer DN hasn't changed for CA certificate after CA name-change renewal with new keys", CertTools.getIssuerDN(orgcert).equals(CertTools.getIssuerDN(newcertnewkeys))); assertFalse("AKI DN hasn't changed for CA certificate after CA name-change renewal with new keys", Arrays.equals(CertTools.getAuthorityKeyId(newcertnewkeys), CertTools.getAuthorityKeyId(orgcert))); assertFalse("SKI DN hasn't changed for CA certificate after CA name-change renewal with new keys", Arrays.equals(CertTools.getSubjectKeyId(newcertnewkeys), CertTools.getSubjectKeyId(orgcert))); byte[] newkey = newcertnewkeys.getPublicKey().getEncoded(); assertFalse("Public Key hasn't changed for CA certificate after CA name-change renewal with new keys", Arrays.equals(orgkey, newkey)); //Link certificate checks byte[] latestLinkCertificateRaw = caAdminSession.getLatestLinkCertificate(newinfo2.getCAId()); assertTrue("There is no available link certificate after CA name-change renewal with new keys", latestLinkCertificateRaw != null); @SuppressWarnings("deprecation") X509Certificate latestLinkCertificate = (X509Certificate) CertTools .getCertfromByteArray(latestLinkCertificateRaw); assertFalse( "Issuer DN and Subject DN are equal of CA link certificate after CA name-change renewal with new keys", CertTools.getIssuerDN(latestLinkCertificate).equals(CertTools.getSubjectDN(latestLinkCertificate))); assertTrue( "Issuer DN of CA link certificate is not equal to Subject DN of old CA certificate after CA name-change renewal with new keys", CertTools.getIssuerDN(latestLinkCertificate).equals(CertTools.getSubjectDN(orgcert))); assertTrue( "Subject DN of CA link certificate is not equal to Subject DN of new CA certificate after CA name-change renewal with new keys", CertTools.getSubjectDN(latestLinkCertificate).equals(CertTools.getSubjectDN(newcertnewkeys))); assertTrue( "AKI of CA link certificate is not equal to SKI of old CA certificate after CA name-change renewal with new keys", Arrays.equals(CertTools.getAuthorityKeyId(latestLinkCertificate), CertTools.getSubjectKeyId(orgcert))); assertTrue( "SKI of CA link certificate is not equal to SKI of new CA certificate after CA name-change renewal with new keys", Arrays.equals(CertTools.getSubjectKeyId(latestLinkCertificate), CertTools.getSubjectKeyId(newcertnewkeys))); assertTrue("Link certificate doesn't have Name Change extension after CA name-change renewal with new keys", latestLinkCertificate.getExtensionValue( ICAOObjectIdentifiers.id_icao_extensions_namechangekeyrollover.getId()) != null); log.trace("<testRenewNewSubjectDNNewKeys()"); }
From source file:org.ejbca.core.ejb.ca.caadmin.RenewCANewSubjectDNTest.java
License:Open Source License
@Test public void testRenewNewSubjectDNSameKeys() throws Exception { log.trace(">testRenewNewSubjectDNSameKeys()"); X509CAInfo info = (X509CAInfo) caSession.getCAInfo(internalAdmin, "TEST"); X509Certificate orgcert = (X509Certificate) info.getCertificateChain().iterator().next(); byte[] orgkey = orgcert.getPublicKey().getEncoded(); caAdminSession.renewCANewSubjectDn(internalAdmin, info.getCAId(), /*regenerateKeys=*/false, /*customNotBefore=*/null, /*createLinkCertificates=*/true, newSubjectDN); X509CAInfo newinfo2 = (X509CAInfo) caSession.getCAInfo(internalAdmin, newCAName); assertTrue("CA Info NameChanged field is not true after CA name-change renewal with same keys", newinfo2.getNameChanged());//from w w w . j a v a2 s.c o m X509Certificate newcertsamekeys = (X509Certificate) newinfo2.getCertificateChain().iterator().next(); assertFalse("Serial number hasn't changed for CA certificate after CA name-change renewal with same keys", orgcert.getSerialNumber().equals(newcertsamekeys.getSerialNumber())); assertFalse("Subject DN hasn't changed for CA certificate after CA name-change renewal with same keys", CertTools.getSubjectDN(orgcert).equals(CertTools.getSubjectDN(newcertsamekeys))); assertFalse("Issuer DN hasn't changed for CA certificate after CA name-change renewal with same keys", CertTools.getIssuerDN(orgcert).equals(CertTools.getIssuerDN(newcertsamekeys))); assertTrue("AKI DN has changed for CA certificate after CA name-change renewal with same keys", Arrays.equals(CertTools.getAuthorityKeyId(newcertsamekeys), CertTools.getAuthorityKeyId(orgcert))); assertTrue("SKI DN has changed for CA certificate after CA name-change renewal with same keys", Arrays.equals(CertTools.getSubjectKeyId(newcertsamekeys), CertTools.getSubjectKeyId(orgcert))); byte[] newkey = newcertsamekeys.getPublicKey().getEncoded(); assertTrue("Public Key has changed for CA certificate after CA name-change renewal with same keys", Arrays.equals(orgkey, newkey)); //Link certificate checks byte[] latestLinkCertificateRaw = caAdminSession.getLatestLinkCertificate(newinfo2.getCAId()); assertTrue("There is no available link certificate after CA name-change renewal with same keys", latestLinkCertificateRaw != null); @SuppressWarnings("deprecation") X509Certificate latestLinkCertificate = (X509Certificate) CertTools .getCertfromByteArray(latestLinkCertificateRaw); assertFalse( "Issuer DN and Subject DN are equal of CA link certificate after CA name-change renewal with same keys", CertTools.getIssuerDN(latestLinkCertificate).equals(CertTools.getSubjectDN(latestLinkCertificate))); assertTrue( "Issuer DN of CA link certificate is not equal to Subject DN of old CA certificate after CA name-change renewal with same keys", CertTools.getIssuerDN(latestLinkCertificate).equals(CertTools.getSubjectDN(orgcert))); assertTrue( "Subject DN of CA link certificate is not equal to Subject DN of new CA certificate after CA name-change renewal with same keys", CertTools.getSubjectDN(latestLinkCertificate).equals(CertTools.getSubjectDN(newcertsamekeys))); assertTrue( "AKI of CA link certificate is not equal to SKI of old CA certificate after CA name-change renewal with same keys", Arrays.equals(CertTools.getAuthorityKeyId(latestLinkCertificate), CertTools.getSubjectKeyId(orgcert))); assertTrue( "SKI of CA link certificate is not equal to SKI of new CA certificate after CA name-change renewal with same keys", Arrays.equals(CertTools.getSubjectKeyId(latestLinkCertificate), CertTools.getSubjectKeyId(newcertsamekeys))); assertTrue( "Link certificate doesn't have Name Change extension after CA name-change renewal with same keys", latestLinkCertificate.getExtensionValue( ICAOObjectIdentifiers.id_icao_extensions_namechangekeyrollover.getId()) != null); log.trace("<testRenewNewSubjectDNSameKeys()"); }