List of usage examples for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers sha1WithRSAEncryption
ASN1ObjectIdentifier sha1WithRSAEncryption
To view the source code for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers sha1WithRSAEncryption.
Click Source Link
From source file:org.ejbca.core.protocol.cmp.CrmfRARequestTest.java
License:Open Source License
@Test public void test03UseKeyID() throws Exception { GlobalConfiguration gc = (GlobalConfiguration) this.globalConfSession .getCachedConfiguration(GlobalConfiguration.GLOBAL_CONFIGURATION_ID); gc.setEnableEndEntityProfileLimitations(true); this.globalConfSession.saveConfiguration(ADMIN, gc); this.cmpConfiguration.setRAEEProfile(cmpAlias, "KeyId"); this.cmpConfiguration.setRACertProfile(cmpAlias, "KeyId"); this.globalConfSession.saveConfiguration(ADMIN, this.cmpConfiguration); try {//w w w .j a v a 2 s . com this.certProfileSession.removeCertificateProfile(ADMIN, "CMPKEYIDTESTPROFILE"); this.endEntityProfileSession.removeEndEntityProfile(ADMIN, "CMPKEYIDTESTPROFILE"); } catch (Exception e) { /*Do nothing.*/} // Configure CMP for this test, we allow custom certificate serial numbers CertificateProfile profile = new CertificateProfile(CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER); try { this.certProfileSession.addCertificateProfile(ADMIN, "CMPKEYIDTESTPROFILE", profile); } catch (CertificateProfileExistsException e) { log.error("Could not create certificate profile.", e); } int cpId = this.certProfileSession.getCertificateProfileId("CMPKEYIDTESTPROFILE"); EndEntityProfile eep = new EndEntityProfile(); eep.setValue(EndEntityProfile.DEFAULTCERTPROFILE, 0, "" + cpId); eep.setValue(EndEntityProfile.AVAILCERTPROFILES, 0, "" + cpId); eep.setValue(EndEntityProfile.DEFAULTCA, 0, "" + this.caid); eep.setValue(EndEntityProfile.AVAILCAS, 0, "" + this.caid); eep.addField(DnComponents.ORGANIZATION); eep.setRequired(DnComponents.ORGANIZATION, 0, true); eep.addField(DnComponents.RFC822NAME); eep.addField(DnComponents.UPN); eep.setModifyable(DnComponents.RFC822NAME, 0, true); eep.setUse(DnComponents.RFC822NAME, 0, false); // Don't use field from "email" data try { this.endEntityProfileSession.addEndEntityProfile(ADMIN, "CMPKEYIDTESTPROFILE", eep); } catch (EndEntityProfileExistsException e) { log.error("Could not create end entity profile.", e); } // Create a new user that does not fulfill the end entity profile X500Name userDN = new X500Name("CN=keyIDTestUser,C=SE"); final KeyPair keys = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA); final byte[] nonce = CmpMessageHelper.createSenderNonce(); final byte[] transid = CmpMessageHelper.createSenderNonce(); final int reqId; try { this.endEntityManagementSession.deleteUser(ADMIN, "keyIDTestUser"); } catch (NotFoundException e) { // NOPMD } try { this.endEntityManagementSession.deleteUser(ADMIN, "keyidtest2"); } catch (NotFoundException e) { // NOPMD } try { final PKIMessage one = genCertReq(ISSUER_DN, userDN, keys, this.cacert, nonce, transid, true, null, null, null, null, null, null); final PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD, "CMPKEYIDTESTPROFILE", 567); CertReqMessages ir = (CertReqMessages) req.getBody().getContent(); reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); Assert.assertNotNull(req); final ByteArrayOutputStream bao = new ByteArrayOutputStream(); final DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); final byte[] ba = bao.toByteArray(); // Send request and receive response final byte[] resp = sendCmpHttp(ba, 200, cmpAlias); // do not check signing if we expect a failure (sFailMessage==null) checkCmpResponseGeneral(resp, ISSUER_DN, userDN, this.cacert, nonce, transid, false, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); checkCmpFailMessage(resp, "Subject DN field 'ORGANIZATION' must exist.", CmpPKIBodyConstants.INITIALIZATIONRESPONSE, reqId, PKIFailureInfo.badRequest, PKIFailureInfo.incorrectData); // Create a new user that fulfills the end entity profile userDN = new X500Name("CN=keyidtest2,O=org"); final KeyPair keys2 = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA); final byte[] nonce2 = CmpMessageHelper.createSenderNonce(); final byte[] transid2 = CmpMessageHelper.createSenderNonce(); final int reqId2; final PKIMessage one2 = genCertReq(ISSUER_DN, userDN, keys2, this.cacert, nonce2, transid2, true, null, null, null, null, null, null); final PKIMessage req2 = protectPKIMessage(one2, false, PBEPASSWORD, "CMPKEYIDTESTPROFILE", 567); ir = (CertReqMessages) req2.getBody().getContent(); reqId2 = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); Assert.assertNotNull(req2); final ByteArrayOutputStream bao2 = new ByteArrayOutputStream(); final DEROutputStream out2 = new DEROutputStream(bao2); out2.writeObject(req2); final byte[] ba2 = bao2.toByteArray(); // Send request and receive response final byte[] resp2 = sendCmpHttp(ba2, 200, cmpAlias); // do not check signing if we expect a failure (sFailMessage==null) checkCmpResponseGeneral(resp2, ISSUER_DN, userDN, this.cacert, nonce2, transid2, true, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); X509Certificate cert = checkCmpCertRepMessage(userDN, this.cacert, resp2, reqId2); BigInteger serialnumber = cert.getSerialNumber(); EndEntityInformation ee = this.eeAccessSession.findUser(ADMIN, "keyidtest2"); Assert.assertEquals("Wrong certificate profile", cpId, ee.getCertificateProfileId()); // Revoke the created certificate and use keyid final PKIMessage con = genRevReq(ISSUER_DN, userDN, serialnumber, this.cacert, nonce2, transid2, false, null, null); Assert.assertNotNull(con); PKIMessage revmsg = protectPKIMessage(con, false, PBEPASSWORD, "CMPKEYIDTESTPROFILE", 567); final ByteArrayOutputStream baorev = new ByteArrayOutputStream(); final DEROutputStream outrev = new DEROutputStream(baorev); outrev.writeObject(revmsg); final byte[] barev = baorev.toByteArray(); // Send request and receive response final byte[] resprev = sendCmpHttp(barev, 200, cmpAlias); checkCmpResponseGeneral(resprev, ISSUER_DN, userDN, this.cacert, nonce2, transid2, true, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); int revstatus = checkRevokeStatus(ISSUER_DN, serialnumber); Assert.assertEquals("Certificate revocation failed.", RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE, revstatus); } finally { try { this.endEntityManagementSession.deleteUser(ADMIN, "keyIDTestUser"); } catch (NotFoundException e) { // NOPMD } try { this.endEntityManagementSession.deleteUser(ADMIN, "keyidtest2"); } catch (NotFoundException e) { // NOPMD } } }
From source file:org.ejbca.core.protocol.cmp.CrmfRARequestTest.java
License:Open Source License
/** * Send a CMP request with SubjectAltName containing OIDs that are not defined by Ejbca. * Expected to pass and a certificate containing the unsupported OIDs is returned. * /*from www .j a va 2s. c om*/ * @throws Exception */ @Test public void test04UsingOtherNameInSubjectAltName() throws Exception { ASN1EncodableVector vec = new ASN1EncodableVector(); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(CertTools.UPN_OBJECTID)); v.add(new DERTaggedObject(true, 0, new DERUTF8String("boo@bar"))); GeneralName gn = GeneralName.getInstance(new DERTaggedObject(false, 0, new DERSequence(v))); vec.add(gn); v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier("2.5.5.6")); v.add(new DERTaggedObject(true, 0, new DERIA5String("2.16.528.1.1007.99.8-1-993000027-N-99300011-00.000-00000000"))); gn = GeneralName.getInstance(new DERTaggedObject(false, 0, new DERSequence(v))); vec.add(gn); GeneralNames san = GeneralNames.getInstance(new DERSequence(vec)); ExtensionsGenerator gen = new ExtensionsGenerator(); gen.addExtension(Extension.subjectAlternativeName, false, san); Extensions exts = gen.generate(); final X500Name userDN = new X500Name("CN=TestAltNameUser"); final KeyPair keys = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA); final byte[] nonce = CmpMessageHelper.createSenderNonce(); final byte[] transid = CmpMessageHelper.createSenderNonce(); final int reqId; String fingerprint = null; try { final PKIMessage one = genCertReq(ISSUER_DN, userDN, keys, this.cacert, nonce, transid, true, exts, null, null, null, null, null); final PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD, "CMPKEYIDTESTPROFILE", 567); CertReqMessages ir = (CertReqMessages) req.getBody().getContent(); reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); Assert.assertNotNull(req); final ByteArrayOutputStream bao = new ByteArrayOutputStream(); final DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); final byte[] ba = bao.toByteArray(); // Send request and receive response final byte[] resp = sendCmpHttp(ba, 200, cmpAlias); // do not check signing if we expect a failure (sFailMessage==null) checkCmpResponseGeneral(resp, ISSUER_DN, userDN, this.cacert, nonce, transid, false, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); X509Certificate cert = checkCmpCertRepMessage(userDN, this.cacert, resp, reqId); fingerprint = CertTools.getFingerprintAsString(cert); } finally { try { this.endEntityManagementSession.revokeAndDeleteUser(ADMIN, "TestAltNameUser", RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE); } catch (NotFoundException e) { /*Do nothing*/} try { this.internalCertStoreSession.removeCertificate(fingerprint); } catch (Exception e) { /*Do nothing*/} } }
From source file:org.ejbca.core.protocol.cmp.CrmfRARequestTest.java
License:Open Source License
@Test public void test05SubjectSerialNumber() throws Exception { // Set requirement of unique subjectDN serialnumber to be true CAInfo cainfo = this.caSession.getCAInfo(ADMIN, this.caid); boolean requiredUniqueSerialnumber = cainfo.isDoEnforceUniqueSubjectDNSerialnumber(); // Set the CA to enforce unique serialnumber cainfo.setDoEnforceUniqueSubjectDNSerialnumber(true); CAAdminSessionRemote caAdminSession = EjbRemoteHelper.INSTANCE.getRemoteSession(CAAdminSessionRemote.class); caAdminSession.editCA(ADMIN, cainfo); // Create a new good user final String username = "subjectsnuser"; X500Name userDN = new X500Name("CN=" + username + ",SN=1234567,C=SE"); try {//w w w . ja v a 2 s .co m KeyPair keys = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA); final byte[] nonce = CmpMessageHelper.createSenderNonce(); final byte[] transid = CmpMessageHelper.createSenderNonce(); int reqId; PKIMessage one = genCertReq(ISSUER_DN, userDN, keys, this.cacert, nonce, transid, true, null, null, null, null, null, null); PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD, null, 567); Assert.assertNotNull(req); CertReqMessages ir = (CertReqMessages) req.getBody().getContent(); reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); ByteArrayOutputStream bao = new ByteArrayOutputStream(); DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); byte[] ba = bao.toByteArray(); // Send request and receive response byte[] resp = sendCmpHttp(ba, 200, cmpAlias); // do not check signing if we expect a failure (sFailMessage==null) checkCmpResponseGeneral(resp, ISSUER_DN, userDN, this.cacert, nonce, transid, true, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); X509Certificate cert = checkCmpCertRepMessage(userDN, this.cacert, resp, reqId); BigInteger serialnumber = cert.getSerialNumber(); // create a second user with the same serialnumber, but spelled "SERIALNUMBER" instead of "SN" userDN = new X500Name("CN=subjectsnuser2,SERIALNUMBER=1234567,C=SE"); keys = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA); one = genCertReq(ISSUER_DN, userDN, keys, this.cacert, nonce, transid, true, null, null, null, null, null, null); req = protectPKIMessage(one, false, PBEPASSWORD, null, 567); Assert.assertNotNull(req); ir = (CertReqMessages) req.getBody().getContent(); reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); bao = new ByteArrayOutputStream(); out = new DEROutputStream(bao); out.writeObject(req); ba = bao.toByteArray(); // Send request and receive response resp = sendCmpHttp(ba, 200, cmpAlias); // do not check signing if we expect a failure (sFailMessage==null) checkCmpResponseGeneral(resp, ISSUER_DN, userDN, this.cacert, nonce, transid, false, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); checkCmpFailMessage(resp, "Error: SubjectDN Serialnumber already exists.", CmpPKIBodyConstants.ERRORMESSAGE, reqId, PKIFailureInfo.badRequest, PKIFailureInfo.incorrectData); // Revoke the created certificate final PKIMessage con = genRevReq(ISSUER_DN, userDN, serialnumber, this.cacert, nonce, transid, false, null, null); Assert.assertNotNull(con); PKIMessage revmsg = protectPKIMessage(con, false, PBEPASSWORD, null, 567); final ByteArrayOutputStream baorev = new ByteArrayOutputStream(); final DEROutputStream outrev = new DEROutputStream(baorev); outrev.writeObject(revmsg); final byte[] barev = baorev.toByteArray(); // Send request and receive response final byte[] resprev = sendCmpHttp(barev, 200, cmpAlias); checkCmpResponseGeneral(resprev, ISSUER_DN, userDN, this.cacert, nonce, transid, false, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); int revstatus = checkRevokeStatus(ISSUER_DN, serialnumber); Assert.assertEquals("Certificate revocation failed.", RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE, revstatus); cainfo.setDoEnforceUniqueSubjectDNSerialnumber(requiredUniqueSerialnumber); caAdminSession.editCA(ADMIN, cainfo); } finally { this.endEntityManagementSession.deleteUser(ADMIN, username); } }
From source file:org.ejbca.core.protocol.cmp.CrmfRARequestTest.java
License:Open Source License
@Test public void test07EscapedCharsInDN() throws Exception { final String username = "another\0nullguy%00<do>"; final String sUserDN = "CN=" + username + ", C=SE"; final X500Name userDN = new X500Name(sUserDN); final byte[] nonce = CmpMessageHelper.createSenderNonce(); final byte[] transid = CmpMessageHelper.createSenderNonce(); final KeyPair keys = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA); final int reqId; try {/*from ww w. j ava 2 s . c om*/ final PKIMessage one = genCertReq(ISSUER_DN, userDN, keys, this.cacert, nonce, transid, true, null, null, null, null, null, null); final PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD, 567); final CertReqMessages ir = (CertReqMessages) req.getBody().getContent(); reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); Assert.assertNotNull(req); final ByteArrayOutputStream bao = new ByteArrayOutputStream(); final DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); final byte[] ba = bao.toByteArray(); {// this strange DN contains forbidden characters and may not be stored a a string in the DB, so it must be transformed by ejbca. final CertificateProfile cp = this.certProfileSession.getCertificateProfile(this.cpDnOverrideId); cp.setAllowDNOverride(false); this.certProfileSession.changeCertificateProfile(ADMIN, CP_DN_OVERRIDE_NAME, cp); } // Send request and receive response final byte[] resp = sendCmpHttp(ba, 200, cmpAlias); // do not check signing if we expect a failure (sFailMessage==null) checkCmpResponseGeneral(resp, ISSUER_DN, userDN, this.cacert, nonce, transid, true, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); checkCmpCertRepMessage(new X500Name(StringTools.strip(sUserDN)), this.cacert, resp, reqId); { final CertificateProfile cp = this.certProfileSession.getCertificateProfile(this.cpDnOverrideId); cp.setAllowDNOverride(true); this.certProfileSession.changeCertificateProfile(ADMIN, CP_DN_OVERRIDE_NAME, cp); } } finally { String escapedName = "another/nullguy/00\\<do\\>"; try { this.endEntityManagementSession.revokeAndDeleteUser(ADMIN, escapedName, RevokedCertInfo.REVOCATION_REASON_UNSPECIFIED); } catch (NotFoundException e) { log.debug("Failed to delete user: " + escapedName); } } }
From source file:org.ejbca.core.protocol.cmp.CrmfRATcpRequestTest.java
License:Open Source License
@Test public void test01CrmfUnknowUser() throws Exception { // A name that does not exis final X500Name dn = new X500Name("CN=abc123rry5774466, O=PrimeKey Solutions AB, C=SE"); byte[] nonce = CmpMessageHelper.createSenderNonce(); byte[] transid = CmpMessageHelper.createSenderNonce(); PKIMessage one = genCertReq(issuerDN, dn, this.keys, this.cacert, nonce, transid, true, null, null, null, null, null, null);// ww w . j a va 2s . c o m PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD, 567); CertReqMessages ir = (CertReqMessages) req.getBody().getContent(); int reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); assertNotNull(req); ByteArrayOutputStream bao = new ByteArrayOutputStream(); DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); byte[] ba = bao.toByteArray(); // Send request and receive response byte[] resp = sendCmpTcp(ba, 5); checkCmpResponseGeneral(resp, issuerDN, dn, this.cacert, nonce, transid, true, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); checkCmpCertRepMessage(dn, this.cacert, resp, reqId); }
From source file:org.ejbca.core.protocol.cmp.CrmfRATcpRequestTest.java
License:Open Source License
@Test public void test02CrmfOkUser() throws Exception { // Create a new good user final X500Name dn = new X500Name("C=SE,O=PrimeKey,CN=cmptest"); createCmpUser(CMP_USERNAME, dn.toString()); try {/*www. j a v a 2 s .c o m*/ byte[] nonce = CmpMessageHelper.createSenderNonce(); byte[] transid = CmpMessageHelper.createSenderNonce(); PKIMessage one = genCertReq(issuerDN, dn, this.keys, this.cacert, nonce, transid, true, null, null, null, null, null, null); PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD, 567); CertReqMessages ir = (CertReqMessages) req.getBody().getContent(); int reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); assertNotNull(req); ByteArrayOutputStream bao = new ByteArrayOutputStream(); DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); byte[] ba = bao.toByteArray(); // Send request and receive response byte[] resp = sendCmpTcp(ba, 5); checkCmpResponseGeneral(resp, issuerDN, dn, this.cacert, nonce, transid, true, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); checkCmpCertRepMessage(dn, this.cacert, resp, reqId); // Send a confirm message to the CA String hash = "foo123"; PKIMessage confirm = genCertConfirm(dn, this.cacert, nonce, transid, hash, reqId); assertNotNull(confirm); bao = new ByteArrayOutputStream(); out = new DEROutputStream(bao); out.writeObject(confirm); ba = bao.toByteArray(); // Send request and receive response resp = sendCmpTcp(ba, 5); checkCmpResponseGeneral(resp, issuerDN, dn, this.cacert, nonce, transid, false, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); checkCmpPKIConfirmMessage(dn, this.cacert, resp); } finally { this.endEntityManagementSession.deleteUser(ADMIN, CMP_USERNAME); } }
From source file:org.ejbca.core.protocol.cmp.CrmfRATcpRequestTest.java
License:Open Source License
@Test public void test03BlueXCrmf() throws Exception { PKIMessage req = null;//from ww w . j a v a2 s . co m ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(bluexir)); try { req = PKIMessage.getInstance(asn1InputStream.readObject()); } finally { asn1InputStream.close(); } byte[] resp = sendCmpTcp(bluexir, 5); assertNotNull(resp); byte[] senderNonce = req.getHeader().getSenderNonce().getOctets(); byte[] transId = req.getHeader().getTransactionID().getOctets(); CertReqMessages ir = (CertReqMessages) req.getBody().getContent(); int reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); checkCmpResponseGeneral(resp, issuerDN, userDN, this.cacert, senderNonce, transId, true, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); checkCmpCertRepMessage(userDN, this.cacert, resp, reqId); }
From source file:org.ejbca.core.protocol.cmp.CrmfRATcpRequestTest.java
License:Open Source License
@Test public void test04CrmfUnauthenticated() throws Exception { byte[] nonce = CmpMessageHelper.createSenderNonce(); byte[] transid = CmpMessageHelper.createSenderNonce(); PKIMessage req = genCertReq(issuerDN, userDN, this.keys, this.cacert, nonce, transid, true, null, null, null, null, null, null);/*from ww w . ja v a 2 s .c o m*/ assertNotNull(req); ByteArrayOutputStream bao = new ByteArrayOutputStream(); DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); byte[] ba = bao.toByteArray(); // Send request and receive response byte[] resp = sendCmpTcp(ba, 5); checkCmpResponseGeneral(resp, issuerDN, userDN, this.cacert, nonce, transid, false, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); checkCmpPKIErrorMessage(resp, issuerDN, userDN, PKIFailureInfo.badMessageCheck, "PKI Message is not athenticated properly. No HMAC protection was found."); }
From source file:org.ejbca.core.protocol.cmp.CrmfRATcpRequestTest.java
License:Open Source License
@Test public void test05CrmfUnknownProtection() throws Exception { byte[] nonce = CmpMessageHelper.createSenderNonce(); byte[] transid = CmpMessageHelper.createSenderNonce(); PKIMessage one = genCertReq(issuerDN, userDN, this.keys, this.cacert, nonce, transid, true, null, null, null, null, null, null);//from w w w .j a v a 2 s .c o m PKIMessage req = protectPKIMessage(one, true, PBEPASSWORD, 567); assertNotNull(req); ByteArrayOutputStream bao = new ByteArrayOutputStream(); DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); byte[] ba = bao.toByteArray(); // Send request and receive response byte[] resp = sendCmpTcp(ba, 5); checkCmpResponseGeneral(resp, issuerDN, userDN, this.cacert, nonce, transid, false, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); checkCmpPKIErrorMessage(resp, issuerDN, userDN, PKIFailureInfo.badMessageCheck, "Could not create CmpPbeVerifyer. Protection algorithm id expected '1.2.840.113533.7.66.13' (passwordBasedMac) but was '1.2.840.113533.7.66.13.7'."); }
From source file:org.ejbca.core.protocol.cmp.CrmfRATcpRequestTest.java
License:Open Source License
/** * Try a request with SubjectDN email and special characters. * //from w w w .j a v a 2 s . co m * @throws Exception */ @Test public void test06DnEmail() throws Exception { try { final X500Name subjectDN = new X500Name("C=SE,CN=Gran Strmfrare,E=adam@eva.se"); // createCmpUser("cmptest2", subjectDN); byte[] nonce = CmpMessageHelper.createSenderNonce(); byte[] transid = CmpMessageHelper.createSenderNonce(); PKIMessage one = genCertReq(issuerDN, subjectDN, null, this.keys, this.cacert, nonce, transid, true, null, null, null, null, null, null); PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD, 567); CertReqMessages ir = (CertReqMessages) req.getBody().getContent(); int reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); assertNotNull(req); ByteArrayOutputStream bao = new ByteArrayOutputStream(); DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); byte[] ba = bao.toByteArray(); // Send request and receive response byte[] resp = sendCmpTcp(ba, 5); checkCmpResponseGeneral(resp, issuerDN, subjectDN, this.cacert, nonce, transid, true, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); checkCmpCertRepMessage(subjectDN, this.cacert, resp, reqId); // Send a confirm message to the CA String hash = "foo123"; PKIMessage confirm = genCertConfirm(subjectDN, this.cacert, nonce, transid, hash, reqId); assertNotNull(confirm); bao = new ByteArrayOutputStream(); out = new DEROutputStream(bao); out.writeObject(confirm); ba = bao.toByteArray(); // Send request and receive response resp = sendCmpTcp(ba, 5); checkCmpResponseGeneral(resp, issuerDN, subjectDN, this.cacert, nonce, transid, false, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); checkCmpPKIConfirmMessage(subjectDN, this.cacert, resp); } finally { this.endEntityManagementSession.deleteUser(ADMIN, "Gran Strmfrare"); } }