Java tutorial
/************************************************************************* * * * EJBCA: The OpenSource Certificate Authority * * * * This software is free software; you can redistribute it and/or * * modify it under the terms of the GNU Lesser General Public * * License as published by the Free Software Foundation; either * * version 2.1 of the License, or any later version. * * * * See terms of license at gnu.org. * * * *************************************************************************/ package org.ejbca.extra.ra; import java.io.ByteArrayInputStream; import java.math.BigInteger; import java.security.KeyPair; import java.security.KeyStore; import java.security.cert.CertStore; import java.security.cert.X509Certificate; import java.util.Collection; import java.util.Iterator; import java.util.Random; import javax.persistence.Persistence; import junit.framework.TestCase; import org.apache.log4j.Logger; import org.bouncycastle.cms.CMSSignedData; import org.bouncycastle.cms.SignerId; import org.bouncycastle.cms.SignerInformation; import org.bouncycastle.cms.SignerInformationStore; import org.bouncycastle.jce.PKCS10CertificationRequest; import org.ejbca.core.model.AlgorithmConstants; import org.ejbca.core.model.SecConst; import org.ejbca.extra.db.CardRenewalRequest; import org.ejbca.extra.db.CertificateRequestRequest; import org.ejbca.extra.db.CertificateRequestResponse; import org.ejbca.extra.db.Constants; import org.ejbca.extra.db.EditUserRequest; import org.ejbca.extra.db.ExtRAMessagesTest; import org.ejbca.extra.db.ExtRAResponse; import org.ejbca.extra.db.KeyStoreRetrievalRequest; import org.ejbca.extra.db.KeyStoreRetrievalResponse; import org.ejbca.extra.db.Message; import org.ejbca.extra.db.MessageHome; import org.ejbca.extra.db.PKCS10Response; import org.ejbca.extra.db.PKCS12Response; import org.ejbca.extra.db.RevocationRequest; import org.ejbca.extra.db.SubMessages; import org.ejbca.util.Base64; import org.ejbca.util.CertTools; import org.ejbca.util.CryptoProviderTools; import org.ejbca.util.NonEjbTestTools; import org.ejbca.util.keystore.KeyTools; /** * JUnit test used to test the ExtRA API in a similar environment as used in production. Will connect to a RA message database and * sent messages that should be pulled and processed by the CA. * * The test makes a full scale tests of sending PKCS10 and PKCS12 request to the CA and waits * for proper responses. May take some time and check the server log for errors. Revocation of * some of the generated certificates is also tested. * * The following requirements should be set in order to run the tests. * - Properly configured database * - External RA CA-service worker installed on EJBCA machine * * @author philip * @version $Id: RAApiTest.java 11793 2011-04-21 07:10:20Z netmackan $ */ public class RAApiTest extends TestCase { private static final Logger log = Logger.getLogger(RAApiTest.class); public void setUp() throws Exception { super.setUp(); CryptoProviderTools.installBCProvider(); } private static X509Certificate firstCertificate = null; private static X509Certificate secondCertificate = null; private static MessageHome msghome = new MessageHome(Persistence.createEntityManagerFactory("external-ra-test"), MessageHome.MESSAGETYPE_EXTRA, true); public void test01GenerateSimplePKCS10Request() throws Exception { SubMessages smgs = new SubMessages(null, null, null); smgs.addSubMessage(ExtRAMessagesTest.genExtRAPKCS10Request(100, "SimplePKCS10Test1", Constants.pkcs10_1)); smgs.addSubMessage(ExtRAMessagesTest.genExtRAPKCS10Request(101, "SimplePKCS10Test1", Constants.pkcs10_2)); msghome.create("SimplePKCS10Test1", smgs); Message msg = waitForUser("SimplePKCS10Test1"); assertNotNull("No response.", msg); SubMessages submessagesresp = msg.getSubMessages(null, null, null); assertTrue(submessagesresp.getSubMessages().size() == 2); Iterator iter = submessagesresp.getSubMessages().iterator(); PKCS10Response resp = (PKCS10Response) iter.next(); assertTrue(resp.getRequestId() == 100); assertTrue(resp.isSuccessful() == true); assertTrue(resp.getCertificate().getSubjectDN().toString().equals("CN=PKCS10REQ")); firstCertificate = resp.getCertificate(); assertNotNull(firstCertificate); // Check the pkcs7 response byte[] pkcs7 = resp.getCertificateAsPKCS7(); assertNotNull(pkcs7); CMSSignedData s = new CMSSignedData(pkcs7); // The signer, i.e. the CA, check it's the right CA SignerInformationStore signers = s.getSignerInfos(); Collection col = signers.getSigners(); assertTrue(col.size() > 0); Iterator siter = col.iterator(); SignerInformation signerInfo = (SignerInformation) siter.next(); SignerId sinfo = signerInfo.getSID(); // Check that the signer is the expected CA assertEquals(CertTools.stringToBCDNString(firstCertificate.getIssuerDN().getName()), CertTools.stringToBCDNString(sinfo.getIssuerAsString())); CertStore certstore = s.getCertificatesAndCRLs("Collection", "BC"); Collection certs = certstore.getCertificates(null); assertEquals(certs.size(), 2); Iterator it = certs.iterator(); boolean found = false; while (it.hasNext()) { X509Certificate retcert = (X509Certificate) it.next(); if (retcert.getSubjectDN().equals(firstCertificate.getSubjectDN())) { found = true; } } assertTrue(found); resp = (PKCS10Response) iter.next(); assertTrue(resp.getRequestId() == 101); assertTrue(resp.isSuccessful() == true); assertTrue(resp.getCertificate().getSubjectDN().toString().equals("CN=PKCS10REQ")); secondCertificate = resp.getCertificate(); assertNotNull(secondCertificate); pkcs7 = resp.getCertificateAsPKCS7(); assertNotNull(pkcs7); // TODO: test with createUser = false } public void test02GenerateSimplePKCS10RequestNoCreateUser() throws Exception { // First test with a user that does not exist or has status generated, when the user it not created the request will fail SubMessages smgs = new SubMessages(null, null, null); smgs.addSubMessage( ExtRAMessagesTest.genExtRAPKCS10Request(100, "SimplePKCS10Test1", Constants.pkcs10_1, false)); msghome.create("SimplePKCS10Test1", smgs); Message msg = waitForUser("SimplePKCS10Test1"); assertNotNull("No response", msg); SubMessages submessagesresp = msg.getSubMessages(null, null, null); assertTrue(submessagesresp.getSubMessages().size() == 1); Iterator iter = submessagesresp.getSubMessages().iterator(); PKCS10Response resp = (PKCS10Response) iter.next(); assertTrue(resp.getRequestId() == 100); assertTrue(resp.isSuccessful() == false); // if we create the user first, with correct status, the request should be ok smgs = new SubMessages(null, null, null); smgs.addSubMessage(ExtRAMessagesTest.genExtRAPKCS10UserRequest(101, "SimplePKCS10Test1", "foo123")); msghome.create("SimplePKCS10Test1", smgs); msg = waitForUser("SimplePKCS10Test1"); assertNotNull(msg); submessagesresp = msg.getSubMessages(null, null, null); assertTrue("Number of submessages " + submessagesresp.getSubMessages().size(), submessagesresp.getSubMessages().size() == 1); ExtRAResponse editresp = (ExtRAResponse) submessagesresp.getSubMessages().iterator().next(); assertTrue("Wrong Request ID" + editresp.getRequestId(), editresp.getRequestId() == 101); assertTrue("External RA CA Service was not successful.", editresp.isSuccessful() == true); // Create a new request, now it should be ok smgs = new SubMessages(null, null, null); smgs.addSubMessage( ExtRAMessagesTest.genExtRAPKCS10Request(102, "SimplePKCS10Test1", Constants.pkcs10_1, false)); msghome.create("SimplePKCS10Test1", smgs); msg = waitForUser("SimplePKCS10Test1"); assertNotNull(msg); submessagesresp = msg.getSubMessages(null, null, null); assertTrue(submessagesresp.getSubMessages().size() == 1); iter = submessagesresp.getSubMessages().iterator(); resp = (PKCS10Response) iter.next(); assertTrue(resp.getRequestId() == 102); assertTrue(resp.isSuccessful() == true); assertTrue(resp.getCertificate().getSubjectDN().toString().equals("CN=PKCS10REQ")); firstCertificate = resp.getCertificate(); assertNotNull(firstCertificate); // Check the pkcs7 response byte[] pkcs7 = resp.getCertificateAsPKCS7(); assertNotNull(pkcs7); CMSSignedData s = new CMSSignedData(pkcs7); // The signer, i.e. the CA, check it's the right CA SignerInformationStore signers = s.getSignerInfos(); Collection col = signers.getSigners(); assertTrue(col.size() > 0); Iterator siter = col.iterator(); SignerInformation signerInfo = (SignerInformation) siter.next(); SignerId sinfo = signerInfo.getSID(); // Check that the signer is the expected CA assertEquals(CertTools.stringToBCDNString(firstCertificate.getIssuerDN().getName()), CertTools.stringToBCDNString(sinfo.getIssuerAsString())); CertStore certstore = s.getCertificatesAndCRLs("Collection", "BC"); Collection certs = certstore.getCertificates(null); assertEquals(certs.size(), 2); Iterator it = certs.iterator(); boolean found = false; while (it.hasNext()) { X509Certificate retcert = (X509Certificate) it.next(); if (retcert.getSubjectDN().equals(firstCertificate.getSubjectDN())) { found = true; } } assertTrue(found); } public void test03GenerateSimplePKCS12Request() throws Exception { SubMessages smgs = new SubMessages(null, null, null); smgs.addSubMessage(ExtRAMessagesTest.genExtRAPKCS12Request(200, "SimplePKCS12Test1", false)); msghome.create("SimplePKCS12Test1", smgs); Message msg = waitForUser("SimplePKCS12Test1"); assertNotNull("No response.", msg); SubMessages submessagesresp = msg.getSubMessages(null, null, null); assertTrue(submessagesresp.getSubMessages().size() == 1); PKCS12Response resp = (PKCS12Response) submessagesresp.getSubMessages().iterator().next(); assertTrue(resp.getRequestId() == 200); assertTrue(resp.isSuccessful() == true); assertNotNull(resp.getKeyStore("foo123")); KeyStore ks = resp.getKeyStore("foo123"); String alias = ks.aliases().nextElement(); assertTrue(((X509Certificate) resp.getKeyStore("foo123").getCertificate(alias)).getSubjectDN().toString() .equals("CN=PKCS12REQ")); } /** This test requires that keyrecovery is enabled in the EJBCA Admin-GUI */ public void test04GenerateSimpleKeyRecoveryRequest() throws Exception { // First generate keystore SubMessages smgs = new SubMessages(null, null, null); smgs.addSubMessage(ExtRAMessagesTest.genExtRAPKCS12Request(300, "SimplePKCS12Test1", true)); msghome.create("SimplePKCS12Test1", smgs); Message msg = waitForUser("SimplePKCS12Test1"); assertNotNull("No response.", msg); SubMessages submessagesresp = msg.getSubMessages(null, null, null); assertTrue(submessagesresp.getSubMessages().size() == 1); PKCS12Response resp = (PKCS12Response) submessagesresp.getSubMessages().iterator().next(); assertTrue(resp.getRequestId() == 300); assertTrue(resp.isSuccessful() == true); assertNotNull(resp.getKeyStore("foo123")); //KeyStore ks = resp.getKeyStore("foo123"); X509Certificate orgCert = (X509Certificate) resp.getKeyStore("foo123").getCertificate("PKCS12REQ"); assertTrue(orgCert.getSubjectDN().toString().equals("CN=PKCS12REQ")); // Generate Key Recovery request with original cert. smgs = new SubMessages(null, null, null); smgs.addSubMessage(ExtRAMessagesTest.genExtRAKeyRecoveryRequest(301, "SimplePKCS12Test1", true, orgCert)); msghome.create("SimplePKCS12Test1", smgs); msg = waitForUser("SimplePKCS12Test1"); assertNotNull(msg); submessagesresp = msg.getSubMessages(null, null, null); assertTrue(submessagesresp.getSubMessages().size() == 1); resp = (PKCS12Response) submessagesresp.getSubMessages().iterator().next(); assertEquals(301, resp.getRequestId()); assertTrue(resp.isSuccessful()); X509Certificate keyRecCert = (X509Certificate) resp.getKeyStore("foo123").getCertificate("PKCS12REQ"); assertTrue(keyRecCert.getSerialNumber().equals(orgCert.getSerialNumber())); // Generate Key Recovery Request with new cert smgs = new SubMessages(null, null, null); smgs.addSubMessage(ExtRAMessagesTest.genExtRAKeyRecoveryRequest(302, "SimplePKCS12Test1", false, orgCert)); msghome.create("SimplePKCS12Test1", smgs); msg = waitForUser("SimplePKCS12Test1"); assertNotNull(msg); submessagesresp = msg.getSubMessages(null, null, null); assertTrue(submessagesresp.getSubMessages().size() == 1); resp = (PKCS12Response) submessagesresp.getSubMessages().iterator().next(); assertTrue(resp.getRequestId() == 302); assertTrue(resp.isSuccessful() == true); keyRecCert = (X509Certificate) resp.getKeyStore("foo123").getCertificate("KEYRECREQ"); assertFalse(keyRecCert.getSerialNumber().equals(orgCert.getSerialNumber())); } public void test05GenerateSimpleRevokationRequest() throws Exception { // revoke first certificate SubMessages smgs = new SubMessages(null, null, null); assertNotNull("Missing certificate from previous test.", firstCertificate); smgs.addSubMessage(new RevocationRequest(10, CertTools.getIssuerDN(firstCertificate), firstCertificate.getSerialNumber(), RevocationRequest.REVOKATION_REASON_UNSPECIFIED)); msghome.create("SimpleRevocationTest", smgs); Message msg = waitForUser("SimpleRevocationTest"); assertNotNull("No response.", msg); SubMessages submessagesresp = msg.getSubMessages(null, null, null); assertTrue("Number of submessages " + submessagesresp.getSubMessages().size(), submessagesresp.getSubMessages().size() == 1); ExtRAResponse resp = (ExtRAResponse) submessagesresp.getSubMessages().iterator().next(); assertTrue("Wrong Request ID" + resp.getRequestId(), resp.getRequestId() == 10); assertTrue(resp.isSuccessful() == true); // revoke second certificate SubMessages smgs2 = new SubMessages(null, null, null); assertNotNull("Missing certificate from previous test.", secondCertificate); smgs2.addSubMessage(new RevocationRequest(6, CertTools.getIssuerDN(secondCertificate), secondCertificate.getSerialNumber(), RevocationRequest.REVOKATION_REASON_UNSPECIFIED)); msghome.create("SimpleRevocationTest", smgs2); Message msg2 = waitForUser("SimpleRevocationTest"); assertNotNull(msg2); SubMessages submessagesresp2 = msg2.getSubMessages(null, null, null); assertTrue("Number of submessages " + submessagesresp2.getSubMessages().size(), submessagesresp2.getSubMessages().size() == 1); ExtRAResponse resp2 = (ExtRAResponse) submessagesresp2.getSubMessages().iterator().next(); assertTrue(resp2.getRequestId() == 6); assertTrue(resp2.isSuccessful() == true); // try to revoke nonexisting certificate SubMessages smgs3 = new SubMessages(null, null, null); smgs3.addSubMessage(new RevocationRequest(7, CertTools.getIssuerDN(secondCertificate), new BigInteger("1234"), RevocationRequest.REVOKATION_REASON_UNSPECIFIED)); msghome.create("SimpleRevocationTest", smgs3); Message msg3 = waitForUser("SimpleRevocationTest"); assertNotNull(msg3); SubMessages submessagesresp3 = msg3.getSubMessages(null, null, null); assertTrue(submessagesresp3.getSubMessages().size() == 1); ExtRAResponse resp3 = (ExtRAResponse) submessagesresp3.getSubMessages().iterator().next(); assertTrue(resp3.getRequestId() == 7); assertTrue(resp3.isSuccessful() == false); // try to revoke a users all certificates SubMessages smgs4 = new SubMessages(null, null, null); smgs4.addSubMessage(new RevocationRequest(8, CertTools.getIssuerDN(secondCertificate), secondCertificate.getSerialNumber(), RevocationRequest.REVOKATION_REASON_UNSPECIFIED, false, true)); msghome.create("SimpleRevocationTest", smgs4); Message msg4 = waitForUser("SimpleRevocationTest"); assertNotNull(msg4); SubMessages submessagesresp4 = msg4.getSubMessages(null, null, null); assertTrue(submessagesresp4.getSubMessages().size() == 1); ExtRAResponse resp4 = (ExtRAResponse) submessagesresp4.getSubMessages().iterator().next(); assertTrue(resp4.getRequestId() == 8); assertTrue(resp4.isSuccessful() == true); // try to revoke a users all certificates by giving the username SubMessages smgs5 = new SubMessages(null, null, null); smgs5.addSubMessage(new RevocationRequest(9, "SimplePKCS10Test1", RevocationRequest.REVOKATION_REASON_UNSPECIFIED, false)); msghome.create("SimpleRevocationTest", smgs5); Message msg5 = waitForUser("SimpleRevocationTest"); assertNotNull(msg5); SubMessages submessagesresp5 = msg5.getSubMessages(null, null, null); assertTrue(submessagesresp5.getSubMessages().size() == 1); ExtRAResponse resp5 = (ExtRAResponse) submessagesresp5.getSubMessages().iterator().next(); assertTrue(resp5.getRequestId() == 9); assertTrue(resp5.isSuccessful() == true); // Try some error cases // First a message with null as parameters SubMessages smgs6 = new SubMessages(null, null, null); smgs6.addSubMessage( new RevocationRequest(10, null, RevocationRequest.REVOKATION_REASON_UNSPECIFIED, false)); msghome.create("SimpleRevocationTest", smgs6); Message msg6 = waitForUser("SimpleRevocationTest"); assertNotNull(msg6); SubMessages submessagesresp6 = msg6.getSubMessages(null, null, null); assertTrue(submessagesresp6.getSubMessages().size() == 1); ExtRAResponse resp6 = (ExtRAResponse) submessagesresp6.getSubMessages().iterator().next(); assertTrue(resp6.getRequestId() == 10); assertTrue(resp6.isSuccessful() == false); assertEquals(resp6.getFailInfo(), "Either username or issuer/serno is required"); // Then a message with a suername that does not exist SubMessages smgs7 = new SubMessages(null, null, null); smgs7.addSubMessage(new RevocationRequest(11, "184hjeyyydvv88q", RevocationRequest.REVOKATION_REASON_UNSPECIFIED, false)); msghome.create("SimpleRevocationTest", smgs7); Message msg7 = waitForUser("SimpleRevocationTest"); assertNotNull(msg7); SubMessages submessagesresp7 = msg7.getSubMessages(null, null, null); assertTrue(submessagesresp7.getSubMessages().size() == 1); ExtRAResponse resp7 = (ExtRAResponse) submessagesresp7.getSubMessages().iterator().next(); assertTrue(resp7.getRequestId() == 11); assertTrue(resp7.isSuccessful() == false); assertEquals(resp7.getFailInfo(), "User not found from username: username=184hjeyyydvv88q"); // Then a message with a issuer/serno that does not exist SubMessages smgs8 = new SubMessages(null, null, null); smgs8.addSubMessage(new RevocationRequest(12, "CN=ffo558444,O=338qqwaa,C=qq", new BigInteger("123"), RevocationRequest.REVOKATION_REASON_UNSPECIFIED, false, false)); msghome.create("SimpleRevocationTest", smgs8); Message msg8 = waitForUser("SimpleRevocationTest"); assertNotNull(msg8); SubMessages submessagesresp8 = msg8.getSubMessages(null, null, null); assertTrue(submessagesresp8.getSubMessages().size() == 1); ExtRAResponse resp8 = (ExtRAResponse) submessagesresp8.getSubMessages().iterator().next(); assertTrue(resp8.getRequestId() == 12); assertTrue(resp8.isSuccessful() == false); assertEquals(resp8.getFailInfo(), "User not found from issuer/serno: issuer='CN=ffo558444,O=338qqwaa,C=qq', serno=123"); } public void test06GenerateSimpleEditUserRequest() throws Exception { // edit a user SubMessages smgs = new SubMessages(null, null, null); smgs.addSubMessage(ExtRAMessagesTest.genExtRAEditUserRequest(11, "SimpleEditUserTest")); msghome.create("SimpleEditUserTest", smgs); Message msg = waitForUser("SimpleEditUserTest"); assertNotNull("No response.", msg); SubMessages submessagesresp = msg.getSubMessages(null, null, null); assertTrue("Number of submessages " + submessagesresp.getSubMessages().size(), submessagesresp.getSubMessages().size() == 1); ExtRAResponse resp = (ExtRAResponse) submessagesresp.getSubMessages().iterator().next(); assertTrue("Wrong Request ID" + resp.getRequestId(), resp.getRequestId() == 11); assertTrue(resp.isSuccessful() == true); } public void test07GenerateComplexRequest() throws Exception { SubMessages smgs = new SubMessages(null, null, null); smgs.addSubMessage(ExtRAMessagesTest.genExtRAPKCS10Request(1, "SimplePKCS10Test1", Constants.pkcs10_1)); smgs.addSubMessage(ExtRAMessagesTest.genExtRAPKCS12Request(2, "SimplePKCS12Test1", false)); smgs.addSubMessage(ExtRAMessagesTest.genExtRAPKCS12Request(3, "SimplePKCS12Test1", false)); msghome.create("COMPLEXREQ_1", smgs); Message msg = waitForUser("COMPLEXREQ_1"); assertNotNull("No response.", msg); SubMessages submessagesresp = msg.getSubMessages(null, null, null); assertTrue(submessagesresp.getSubMessages().size() == 3); Iterator iter = submessagesresp.getSubMessages().iterator(); PKCS10Response resp1 = (PKCS10Response) iter.next(); PKCS12Response resp2 = (PKCS12Response) iter.next(); PKCS12Response resp3 = (PKCS12Response) iter.next(); assertTrue(resp1.getRequestId() == 1); assertTrue(resp1.isSuccessful() == true); assertTrue(resp2.getRequestId() == 2); assertTrue(resp2.isSuccessful() == true); assertTrue(resp3.getRequestId() == 3); assertTrue(resp3.isSuccessful() == true); } public void test08GenerateLotsOfRequest() throws Exception { int numberOfRequests = 10; for (int i = 0; i < numberOfRequests; i++) { SubMessages smgs = new SubMessages(null, null, null); smgs.addSubMessage(ExtRAMessagesTest.genExtRAPKCS10Request(1, "SimplePKCS10Test1", Constants.pkcs10_1)); msghome.create("LotsOfReq" + i, smgs); } Message[] resps = new Message[numberOfRequests]; for (int i = 0; i < numberOfRequests; i++) { resps[i] = waitForUser("LotsOfReq" + i); assertNotNull("No response.", resps[i]); SubMessages submessagesresp = resps[i].getSubMessages(null, null, null); PKCS10Response resp = (PKCS10Response) submessagesresp.getSubMessages().iterator().next(); assertTrue(resp.isSuccessful() == true); } } public void test09GenerateSimpleCardRenewalRequest() throws Exception { // First fail message SubMessages smgs = new SubMessages(null, null, null); assertNotNull("Missing certificate from previous test.", firstCertificate); String cert1 = new String(Base64.encode(firstCertificate.getEncoded())); assertNotNull("Missing certificate from previous test.", secondCertificate); String cert2 = new String(Base64.encode(secondCertificate.getEncoded())); smgs.addSubMessage(new CardRenewalRequest(10, cert1, cert1, null, null)); msghome.create("SimpleCardRenewalTest", smgs); Message msg = waitForUser("SimpleCardRenewalTest"); assertNotNull("No response.", msg); SubMessages submessagesresp = msg.getSubMessages(null, null, null); assertTrue("Number of submessages " + submessagesresp.getSubMessages().size(), submessagesresp.getSubMessages().size() == 1); ExtRAResponse resp = (ExtRAResponse) submessagesresp.getSubMessages().iterator().next(); assertTrue("Wrong Request ID" + resp.getRequestId(), resp.getRequestId() == 10); assertTrue(resp.isSuccessful() == false); assertEquals(resp.getFailInfo(), "An authentication cert, a signature cert, an authentication request and a signature request are required"); // Second fail message smgs = new SubMessages(null, null, null); smgs.addSubMessage(new CardRenewalRequest(11, null, null, Constants.pkcs10_1, Constants.pkcs10_2)); msghome.create("SimpleCardRenewalTest", smgs); msg = waitForUser("SimpleCardRenewalTest"); assertNotNull(msg); submessagesresp = msg.getSubMessages(null, null, null); assertTrue("Number of submessages " + submessagesresp.getSubMessages().size(), submessagesresp.getSubMessages().size() == 1); resp = (ExtRAResponse) submessagesresp.getSubMessages().iterator().next(); assertTrue("Wrong Request ID" + resp.getRequestId(), resp.getRequestId() == 11); assertTrue(resp.isSuccessful() == false); assertEquals(resp.getFailInfo(), "An authentication cert, a signature cert, an authentication request and a signature request are required"); // Third fail message smgs = new SubMessages(null, null, null); smgs.addSubMessage(new CardRenewalRequest(12, cert1, cert1, Constants.pkcs10_1, Constants.pkcs10_2)); msghome.create("SimpleCardRenewalTest", smgs); msg = waitForUser("SimpleCardRenewalTest"); assertNotNull(msg); submessagesresp = msg.getSubMessages(null, null, null); assertTrue("Number of submessages " + submessagesresp.getSubMessages().size(), submessagesresp.getSubMessages().size() == 1); resp = (ExtRAResponse) submessagesresp.getSubMessages().iterator().next(); assertTrue("Wrong Request ID" + resp.getRequestId(), resp.getRequestId() == 12); assertTrue(resp.isSuccessful() == false); assertEquals(resp.getFailInfo(), "Verify failed for signature request"); // Fourth fail message smgs = new SubMessages(null, null, null); smgs.addSubMessage(new CardRenewalRequest(12, cert1, cert2, Constants.pkcs10_1, Constants.pkcs10_2)); msghome.create("SimpleCardRenewalTest", smgs); msg = waitForUser("SimpleCardRenewalTest"); assertNotNull(msg); submessagesresp = msg.getSubMessages(null, null, null); assertTrue("Number of submessages " + submessagesresp.getSubMessages().size(), submessagesresp.getSubMessages().size() == 1); resp = (ExtRAResponse) submessagesresp.getSubMessages().iterator().next(); assertTrue("Wrong Request ID" + resp.getRequestId(), resp.getRequestId() == 12); assertTrue(resp.isSuccessful() == false); log.debug("resp.getFailInfo: " + resp.getFailInfo()); assertEquals("Wrong error message.", resp.getFailInfo(), "User status must be new for SimplePKCS10Test1"); // TODO: make a successful message, but user status must be set to new then } /** * Add a user and retrieve a keystore for this user. */ public void test10KeyStoreRetrieval() throws Exception { Random random = new Random(); long requestId = random.nextLong(); String username = "ExtRA-ksret-" + random.nextInt(); String password = "foo123"; // Add a new user EditUserRequest editUserRequest = new EditUserRequest(requestId, username, "CN=" + username, null, null, null, "EMPTY", "ENDUSER", "AdminCA1", password, 10, 1, EditUserRequest.SOFTTOKENNAME_P12, null); SubMessages smgs = new SubMessages(null, null, null); smgs.addSubMessage(editUserRequest); msghome.create(username, smgs); Message msg = waitForUser(username); assertNotNull("No response.", msg); SubMessages submessagesresp = msg.getSubMessages(null, null, null); assertTrue("Number of submessages " + submessagesresp.getSubMessages().size(), submessagesresp.getSubMessages().size() == 1); ExtRAResponse resp = (ExtRAResponse) submessagesresp.getSubMessages().iterator().next(); assertTrue("Wrong Request ID: " + resp.getRequestId(), resp.getRequestId() == requestId); assertTrue("Edit user failed", resp.isSuccessful() == true); // Try to retrieve keystore requestId = random.nextLong(); KeyStoreRetrievalRequest keyStoreRetrievalRequest = new KeyStoreRetrievalRequest(requestId, username, password); smgs = new SubMessages(null, null, null); smgs.addSubMessage(keyStoreRetrievalRequest); msghome.create(username + "ks", smgs); msg = waitForUser(username + "ks"); assertNotNull("No response.", msg); submessagesresp = msg.getSubMessages(null, null, null); assertTrue("Number of submessages " + submessagesresp.getSubMessages().size(), submessagesresp.getSubMessages().size() == 1); resp = (ExtRAResponse) submessagesresp.getSubMessages().iterator().next(); assertTrue("Wrong Request ID: " + resp.getRequestId(), resp.getRequestId() == requestId); assertTrue("KeyStoreRetrieval failed", resp.isSuccessful() == true); assertTrue("Wrong response type.", resp instanceof KeyStoreRetrievalResponse); KeyStoreRetrievalResponse ksResp = (KeyStoreRetrievalResponse) resp; assertTrue("Wrong keystore type.", ksResp.getKeyStoreType() == SecConst.TOKEN_SOFT_P12); KeyStore ks = KeyStore.getInstance("PKCS12", "BC"); try { ks.load(new ByteArrayInputStream(ksResp.getKeyStoreData()), password.toCharArray()); } catch (Exception e) { assertTrue("Could not recreate keystore from response.", false); } } /** * Add a user and fetch a certificate for this user. */ public void test11CertificateFromCSR() throws Exception { Random random = new Random(); long requestId = random.nextLong(); String username = "ExtRA-ksret-" + random.nextInt(); String password = "foo123"; // Add a new user EditUserRequest editUserRequest = new EditUserRequest(requestId, username, "CN=" + username, null, null, null, "EMPTY", "ENDUSER", "AdminCA1", password, 10, 1, EditUserRequest.SOFTTOKENNAME_USERGENERATED, null); SubMessages smgs = new SubMessages(null, null, null); smgs.addSubMessage(editUserRequest); msghome.create(username, smgs); Message msg = waitForUser(username); assertNotNull("No response.", msg); SubMessages submessagesresp = msg.getSubMessages(null, null, null); assertTrue("Number of submessages " + submessagesresp.getSubMessages().size(), submessagesresp.getSubMessages().size() == 1); ExtRAResponse resp = (ExtRAResponse) submessagesresp.getSubMessages().iterator().next(); assertTrue("Wrong Request ID" + resp.getRequestId(), resp.getRequestId() == requestId); assertTrue("Edit user failed", resp.isSuccessful() == true); // Try to retrieve keystore requestId = random.nextLong(); byte[] requestData = NonEjbTestTools.generatePKCS10Req("CN=dummyname", password); CertificateRequestRequest certificateRequestRequest = new CertificateRequestRequest(requestId, username, password, CertificateRequestRequest.REQUEST_TYPE_PKCS10, requestData, CertificateRequestRequest.RESPONSE_TYPE_ENCODED); smgs = new SubMessages(null, null, null); smgs.addSubMessage(certificateRequestRequest); msghome.create(username + "csr", smgs); msg = waitForUser(username + "csr"); assertNotNull("No response.", msg); submessagesresp = msg.getSubMessages(null, null, null); assertTrue("Number of submessages " + submessagesresp.getSubMessages().size(), submessagesresp.getSubMessages().size() == 1); resp = (ExtRAResponse) submessagesresp.getSubMessages().iterator().next(); assertTrue("Wrong Request ID" + resp.getRequestId(), resp.getRequestId() == requestId); assertTrue("KeyStoreRetrieval failed", resp.isSuccessful() == true); assertTrue("Wrong response type.", resp instanceof CertificateRequestResponse); CertificateRequestResponse certResp = (CertificateRequestResponse) resp; assertTrue("Wrong keystore type.", certResp.getResponseType() == CertificateRequestRequest.RESPONSE_TYPE_ENCODED); assertTrue("Wrong certificate in response", CertTools .getSubjectDN(CertTools.getCertfromByteArray(certResp.getResponseData())).equals("CN=" + username)); } /** * Request certificate for a new user using the OneshotCertReqRequest. */ public void test12OneshotCertReq() throws Exception { final Random random = new Random(); final long requestId = random.nextLong(); final String username = "ExtRA-oneshot-" + random.nextInt(); final String password = "foo12345"; // Create request final KeyPair keys = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA); final byte[] requestData = new String("-----BEGIN CERTIFICATE REQUEST-----\n" + new String(Base64.encode( new PKCS10CertificationRequest("SHA1WithRSA", CertTools.stringToBcX509Name("CN=oneshot-dummyname"), keys.getPublic(), null, keys.getPrivate()).getEncoded())) + "\n-----END CERTIFICATE REQUEST-----").getBytes(); final CertificateRequestRequest request = new CertificateRequestRequest(requestId, username, "CN=" + username, null, null, null, "EMPTY", "ENDUSER", "AdminCA1", null, password, CertificateRequestRequest.REQUEST_TYPE_PKCS10, requestData, CertificateRequestRequest.RESPONSE_TYPE_CERTIFICATE); request.setCreateOrEditUser(true); final SubMessages smgs = new SubMessages(null, null, null); smgs.addSubMessage(request); msghome.create(username + "csr", smgs); final Message msg = waitForUser(username + "csr"); assertNotNull("No response.", msg); final SubMessages submessagesresp = msg.getSubMessages(null, null, null); assertEquals("Number of submessages " + submessagesresp.getSubMessages().size(), 1, submessagesresp.getSubMessages().size()); final ExtRAResponse resp = (ExtRAResponse) submessagesresp.getSubMessages().iterator().next(); assertEquals("Wrong Request ID" + resp.getRequestId(), requestId, resp.getRequestId()); assertTrue("KeyStoreRetrieval failed: " + resp.getFailInfo(), resp.isSuccessful()); assertTrue("Wrong response type.", resp instanceof CertificateRequestResponse); final CertificateRequestResponse certResp = (CertificateRequestResponse) resp; assertEquals("Wrong keystore type.", CertificateRequestRequest.RESPONSE_TYPE_CERTIFICATE, certResp.getResponseType()); assertEquals("Wrong certificate in response", "CN=" + username, CertTools.getSubjectDN(CertTools.getCertfromByteArray(certResp.getResponseData()))); } private Message waitForUser(String user) throws InterruptedException { int waittime = 30; // Wait a maximum of 30 seconds boolean processed = false; Message msg = null; do { msg = msghome.findByMessageId(user); assertNotNull(msg); if (msg.getStatus().equals(Message.STATUS_PROCESSED)) { processed = true; break; } Thread.sleep(1000); } while (waittime-- >= 0); if (!processed) { msg = null; } return msg; } }