0001: /*************************************************************************
0002: * *
0003: * EJBCA: The OpenSource Certificate Authority *
0004: * *
0005: * This software is free software; you can redistribute it and/or *
0006: * modify it under the terms of the GNU Lesser General Public *
0007: * License as published by the Free Software Foundation; either *
0008: * version 2.1 of the License, or any later version. *
0009: * *
0010: * See terms of license at gnu.org. *
0011: * *
0012: *************************************************************************/package org.ejbca.core.protocol.xkms;
0013:
0014: import java.math.BigInteger;
0015: import java.security.KeyPair;
0016: import java.security.KeyPairGenerator;
0017: import java.security.cert.X509CRL;
0018: import java.security.cert.X509Certificate;
0019: import java.security.interfaces.RSAPrivateKey;
0020: import java.security.interfaces.RSAPublicKey;
0021: import java.util.ArrayList;
0022: import java.util.GregorianCalendar;
0023: import java.util.Iterator;
0024: import java.util.List;
0025: import java.util.Random;
0026:
0027: import javax.naming.Context;
0028: import javax.naming.NamingException;
0029: import javax.xml.bind.JAXBElement;
0030: import javax.xml.datatype.XMLGregorianCalendar;
0031:
0032: import junit.framework.TestCase;
0033:
0034: import org.apache.log4j.Logger;
0035: import org.ejbca.core.ejb.ca.sign.ISignSessionHome;
0036: import org.ejbca.core.ejb.ca.sign.ISignSessionRemote;
0037: import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionHome;
0038: import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote;
0039: import org.ejbca.core.ejb.ra.IUserAdminSessionHome;
0040: import org.ejbca.core.ejb.ra.IUserAdminSessionRemote;
0041: import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionHome;
0042: import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionRemote;
0043: import org.ejbca.core.model.SecConst;
0044: import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile;
0045: import org.ejbca.core.model.ca.certificateprofiles.CertificateProfileExistsException;
0046: import org.ejbca.core.model.ca.certificateprofiles.EndUserCertificateProfile;
0047: import org.ejbca.core.model.ca.crl.RevokedCertInfo;
0048: import org.ejbca.core.model.log.Admin;
0049: import org.ejbca.core.model.ra.raadmin.EndEntityProfile;
0050: import org.ejbca.core.model.ra.raadmin.EndEntityProfileExistsException;
0051: import org.ejbca.core.protocol.xkms.client.XKMSInvoker;
0052: import org.ejbca.core.protocol.xkms.common.XKMSConstants;
0053: import org.ejbca.util.Base64;
0054: import org.ejbca.util.CertTools;
0055: import org.w3._2000._09.xmldsig_.KeyInfoType;
0056: import org.w3._2000._09.xmldsig_.KeyValueType;
0057: import org.w3._2000._09.xmldsig_.RSAKeyValueType;
0058: import org.w3._2000._09.xmldsig_.X509DataType;
0059: import org.w3._2002._03.xkms_.LocateRequestType;
0060: import org.w3._2002._03.xkms_.LocateResultType;
0061: import org.w3._2002._03.xkms_.ObjectFactory;
0062: import org.w3._2002._03.xkms_.OpaqueClientDataType;
0063: import org.w3._2002._03.xkms_.QueryKeyBindingType;
0064: import org.w3._2002._03.xkms_.TimeInstantType;
0065: import org.w3._2002._03.xkms_.UnverifiedKeyBindingType;
0066: import org.w3._2002._03.xkms_.UseKeyWithType;
0067: import org.w3._2002._03.xkms_.ValidateRequestType;
0068: import org.w3._2002._03.xkms_.ValidateResultType;
0069:
0070: /**
0071: * To Run this test, there must be a CA with DN "CN=AdminCA1,O=EJBCA Sample,C=SE", and it must have XKMS service enabled.
0072: *
0073: *
0074: * @author Philip Vendil 2006 sep 27
0075: *
0076: * @version $Id: TestXKMSKISS.java,v 1.5 2007/11/20 08:45:52 anatom Exp $
0077: */
0078:
0079: public class TestXKMSKISS extends TestCase {
0080:
0081: private static Logger log = Logger.getLogger(TestXKMSKISS.class);
0082:
0083: static {
0084: org.apache.xml.security.Init.init();
0085: }
0086:
0087: private XKMSInvoker xKMSInvoker = new XKMSInvoker(
0088: "http://localhost:8080/ejbca/xkms/xkms", null);
0089:
0090: private ObjectFactory xKMSObjectFactory = new ObjectFactory();
0091: private org.w3._2000._09.xmldsig_.ObjectFactory sigFactory = new org.w3._2000._09.xmldsig_.ObjectFactory();
0092:
0093: private static String baseUsername;
0094: private IUserAdminSessionRemote cacheAdmin;
0095: private IUserAdminSessionHome cacheHome;
0096: private ISignSessionRemote rsaremote;
0097: private ICertificateStoreSessionRemote certStore;
0098: private IRaAdminSessionRemote raAdmin;
0099:
0100: private int caid;
0101: private static String username1 = null;
0102: private static String username2 = null;
0103: private static String username3 = null;
0104:
0105: private static String issuerdn = null;
0106:
0107: private int userNo;
0108:
0109: private static X509Certificate cert1;
0110: private static X509Certificate cert2;
0111:
0112: private static String dn1;
0113: private static String dn2;
0114: private static String dn3;
0115:
0116: protected void setUp() throws Exception {
0117: log.debug(">setUp()");
0118: CertTools.installBCProvider();
0119:
0120: if (cacheAdmin == null) {
0121: if (cacheHome == null) {
0122: Context jndiContext = getInitialContext();
0123: Object obj1 = jndiContext.lookup("UserAdminSession");
0124: cacheHome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject
0125: .narrow(obj1, IUserAdminSessionHome.class);
0126:
0127: Object obj = jndiContext.lookup("RSASignSession");
0128: ISignSessionHome rsahome = (ISignSessionHome) javax.rmi.PortableRemoteObject
0129: .narrow(obj, ISignSessionHome.class);
0130: rsaremote = rsahome.create();
0131:
0132: Object obj2 = jndiContext
0133: .lookup("CertificateStoreSession");
0134: ICertificateStoreSessionHome certhome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject
0135: .narrow(obj2,
0136: ICertificateStoreSessionHome.class);
0137: certStore = certhome.create();
0138:
0139: Object obj3 = jndiContext.lookup("RaAdminSession");
0140: IRaAdminSessionHome raAdminHome = (IRaAdminSessionHome) javax.rmi.PortableRemoteObject
0141: .narrow(obj3, IRaAdminSessionHome.class);
0142: raAdmin = raAdminHome.create();
0143:
0144: issuerdn = "CN=AdminCA1,O=EJBCA Sample,C=SE";
0145: caid = issuerdn.hashCode();
0146:
0147: }
0148:
0149: cacheAdmin = cacheHome.create();
0150: }
0151:
0152: Random ran = new Random();
0153: if (baseUsername == null) {
0154: baseUsername = "xkmstestuser" + (ran.nextInt() % 1000)
0155: + "-";
0156: }
0157:
0158: log.debug("<setUp()");
0159: }
0160:
0161: protected void tearDown() throws Exception {
0162: }
0163:
0164: public void test00SetupDatabase() throws Exception {
0165: Admin administrator = new Admin(Admin.TYPE_RA_USER);
0166:
0167: // Setup with two new Certificate profiles.
0168: EndUserCertificateProfile profile1 = new EndUserCertificateProfile();
0169: profile1
0170: .setKeyUsage(CertificateProfile.DIGITALSIGNATURE, false);
0171: profile1.setKeyUsage(CertificateProfile.KEYENCIPHERMENT, false);
0172: profile1.setKeyUsage(CertificateProfile.NONREPUDIATION, true);
0173:
0174: EndUserCertificateProfile profile2 = new EndUserCertificateProfile();
0175: profile2.setKeyUsage(CertificateProfile.DATAENCIPHERMENT, true);
0176:
0177: try {
0178: certStore.addCertificateProfile(administrator,
0179: "XKMSTESTSIGN", profile1);
0180: } catch (CertificateProfileExistsException e) {
0181: System.out
0182: .println("Certificateprofile XKMSTESTSIGN already exists.");
0183: }
0184: try {
0185: certStore.addCertificateProfile(administrator,
0186: "XKMSTESTEXCHANDENC", profile2);
0187: } catch (CertificateProfileExistsException e) {
0188: System.out
0189: .println("Certificateprofile XKMSTESTSIGN already exists.");
0190: }
0191:
0192: int profile1Id = certStore.getCertificateProfileId(
0193: administrator, "XKMSTESTSIGN");
0194: int profile2Id = certStore.getCertificateProfileId(
0195: administrator, "XKMSTESTEXCHANDENC");
0196:
0197: EndEntityProfile endentityprofile = new EndEntityProfile(true);
0198: endentityprofile.setValue(EndEntityProfile.AVAILCAS, 0, ""
0199: + caid);
0200: endentityprofile.setValue(EndEntityProfile.AVAILCERTPROFILES,
0201: 0, "" + SecConst.CERTPROFILE_FIXED_ENDUSER + ";"
0202: + profile1Id + ";" + profile2Id);
0203:
0204: try {
0205: raAdmin.addEndEntityProfile(administrator,
0206: "XKMSTESTPROFILE", endentityprofile);
0207: } catch (EndEntityProfileExistsException e) {
0208: System.out
0209: .println("Endentityprofile XKMSTESTPROFILE already exists.");
0210: }
0211: int endEntityProfileId = raAdmin.getEndEntityProfileId(
0212: administrator, "XKMSTESTPROFILE");
0213:
0214: username1 = genUserName();
0215: String pwd = "foo123";
0216: int type = SecConst.USER_ENDUSER;
0217: int token = SecConst.TOKEN_SOFT_P12;
0218: int certificatetypeid = SecConst.CERTPROFILE_FIXED_ENDUSER;
0219: int hardtokenissuerid = SecConst.NO_HARDTOKENISSUER;
0220: dn1 = "C=SE, O=AnaTom, CN=" + username1;
0221: String subjectaltname1 = "RFC822NAME=" + username1 + "@foo.se";
0222: String email1 = username1 + "@foo.se";
0223: if (cacheAdmin.findUser(administrator, username1) != null) {
0224: System.out
0225: .println("Error : User already exists in the database.");
0226: }
0227: cacheAdmin.addUser(administrator, username1, pwd, CertTools
0228: .stringToBCDNString(dn1), subjectaltname1, email1,
0229: false, endEntityProfileId, certificatetypeid, type,
0230: token, hardtokenissuerid, caid);
0231: cacheAdmin.setClearTextPassword(administrator, username1, pwd);
0232: KeyPair keys1 = genKeys();
0233: cert1 = (X509Certificate) rsaremote.createCertificate(
0234: administrator, username1, "foo123", keys1.getPublic());
0235:
0236: username2 = genUserName();
0237: dn2 = "C=SE, O=AnaTom, CN=" + username2;
0238: String subjectaltname2 = "RFC822NAME="
0239: + username2
0240: + "@foo.se,UNIFORMRESOURCEIDENTIFIER=http://www.test.com/"
0241: + username2 + ",IPADDRESS=10.0.0.1,DNSNAME="
0242: + username2 + ".test.com";
0243: String email2 = username2 + "@foo.se";
0244: if (cacheAdmin.findUser(administrator, username2) != null) {
0245: System.out
0246: .println("Error : User already exists in the database.");
0247: }
0248: cacheAdmin.addUser(administrator, username2, pwd, CertTools
0249: .stringToBCDNString(dn2), subjectaltname2, email2,
0250: false, endEntityProfileId, profile1Id, type, token,
0251: hardtokenissuerid, caid);
0252: cacheAdmin.setClearTextPassword(administrator, username2, pwd);
0253: KeyPair keys2 = genKeys();
0254: cert2 = (X509Certificate) rsaremote.createCertificate(
0255: administrator, username2, "foo123", keys2.getPublic());
0256:
0257: username3 = genUserName();
0258: dn3 = "C=SE, O=AnaTom, CN=" + username3;
0259: String subjectaltname3 = "RFC822NAME=" + username3 + "@foo.se";
0260: String email3 = username3 + "@foo.se";
0261: if (cacheAdmin.findUser(administrator, username3) != null) {
0262: System.out
0263: .println("Error : User already exists in the database.");
0264: }
0265: cacheAdmin.addUser(administrator, username3, pwd, CertTools
0266: .stringToBCDNString(dn3), subjectaltname3, email3,
0267: false, endEntityProfileId, profile2Id, type, token,
0268: hardtokenissuerid, caid);
0269: cacheAdmin.setClearTextPassword(administrator, username3, pwd);
0270: KeyPair keys3 = genKeys();
0271: rsaremote.createCertificate(administrator, username3, "foo123",
0272: keys3.getPublic());
0273:
0274: }
0275:
0276: public void test01AbstractType() throws Exception {
0277: LocateRequestType abstractRequestType = xKMSObjectFactory
0278: .createLocateRequestType();
0279: abstractRequestType.setId("123");
0280: OpaqueClientDataType opaqueClientDataType = new OpaqueClientDataType();
0281: opaqueClientDataType.getOpaqueData().add("TEST".getBytes());
0282: opaqueClientDataType.getOpaqueData().add("TEST2".getBytes());
0283: QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory
0284: .createQueryKeyBindingType();
0285: abstractRequestType.setQueryKeyBinding(queryKeyBindingType);
0286:
0287: abstractRequestType.setOpaqueClientData(opaqueClientDataType);
0288: LocateResultType abstractResultType = xKMSInvoker.locate(
0289: abstractRequestType, null, null);
0290: assertTrue(abstractResultType.getRequestId().equals("123"));
0291: assertTrue(!abstractResultType.getId().equals("123"));
0292:
0293: OpaqueClientDataType opaqueClientDataTypeResult = abstractResultType
0294: .getOpaqueClientData();
0295: assertTrue(opaqueClientDataTypeResult.getOpaqueData().size() == 2);
0296: assertTrue(new String(opaqueClientDataTypeResult
0297: .getOpaqueData().get(0)).equals("TEST"));
0298: assertTrue(new String(opaqueClientDataTypeResult
0299: .getOpaqueData().get(1)).equals("TEST2"));
0300:
0301: }
0302:
0303: public void test02TimeInstantNotSupported() throws Exception {
0304: LocateRequestType localteRequestType = xKMSObjectFactory
0305: .createLocateRequestType();
0306: localteRequestType.setId("124");
0307:
0308: QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory
0309: .createQueryKeyBindingType();
0310: TimeInstantType timeInstantType = xKMSObjectFactory
0311: .createTimeInstantType();
0312: GregorianCalendar caledar = new GregorianCalendar();
0313: XMLGregorianCalendar xMLGregorianCalendar = javax.xml.datatype.DatatypeFactory
0314: .newInstance().newXMLGregorianCalendar(caledar);
0315: xMLGregorianCalendar.normalize();
0316: timeInstantType.setTime(xMLGregorianCalendar);
0317: queryKeyBindingType.setTimeInstant(timeInstantType);
0318: localteRequestType.setQueryKeyBinding(queryKeyBindingType);
0319:
0320: LocateResultType abstractResultType = xKMSInvoker.locate(
0321: localteRequestType, null, null);
0322: abstractResultType.getResultMajor().equals(
0323: XKMSConstants.RESULTMAJOR_RECIEVER);
0324: abstractResultType.getResultMajor().equals(
0325: XKMSConstants.RESULTMINOR_TIMEINSTANTNOTSUPPORTED);
0326:
0327: }
0328:
0329: public void test03Locate() throws Exception {
0330:
0331: // Test simple locate
0332: LocateRequestType locateRequestType = xKMSObjectFactory
0333: .createLocateRequestType();
0334: locateRequestType.setId("125");
0335:
0336: UseKeyWithType useKeyWithType = xKMSObjectFactory
0337: .createUseKeyWithType();
0338: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
0339: useKeyWithType.setIdentifier(username1);
0340:
0341: locateRequestType.getRespondWith().add(
0342: XKMSConstants.RESPONDWITH_X509CHAIN);
0343:
0344: QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory
0345: .createQueryKeyBindingType();
0346: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0347: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0348:
0349: LocateResultType locateResultType = xKMSInvoker.locate(
0350: locateRequestType, null, null);
0351:
0352: assertTrue(locateResultType.getUnverifiedKeyBinding().size() > 0);
0353: }
0354:
0355: public void test04LocateAndUseKeyWith() throws Exception {
0356:
0357: // Locate by URI
0358: LocateRequestType locateRequestType = xKMSObjectFactory
0359: .createLocateRequestType();
0360: locateRequestType.setId("126");
0361: UseKeyWithType useKeyWithType = xKMSObjectFactory
0362: .createUseKeyWithType();
0363: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLS);
0364: useKeyWithType
0365: .setIdentifier("http://www.test.com/" + username2);
0366:
0367: locateRequestType.getRespondWith().add(
0368: XKMSConstants.RESPONDWITH_X509CERT);
0369:
0370: QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory
0371: .createQueryKeyBindingType();
0372: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0373: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0374:
0375: LocateResultType locateResultType = xKMSInvoker.locate(
0376: locateRequestType, null, null);
0377: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
0378:
0379: // Locate by DNS Name
0380: locateRequestType = xKMSObjectFactory.createLocateRequestType();
0381: locateRequestType.setId("127");
0382: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
0383: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
0384: useKeyWithType.setIdentifier(username2 + ".test.com");
0385:
0386: locateRequestType.getRespondWith().add(
0387: XKMSConstants.RESPONDWITH_X509CERT);
0388:
0389: queryKeyBindingType = xKMSObjectFactory
0390: .createQueryKeyBindingType();
0391: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0392: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0393:
0394: locateResultType = xKMSInvoker.locate(locateRequestType, null,
0395: null);
0396: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
0397:
0398: // Locate by IP Name
0399: locateRequestType = xKMSObjectFactory.createLocateRequestType();
0400: locateRequestType.setId("128");
0401: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
0402: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_IPSEC);
0403: useKeyWithType.setIdentifier("10.0.0.1");
0404:
0405: locateRequestType.getRespondWith().add(
0406: XKMSConstants.RESPONDWITH_X509CERT);
0407:
0408: queryKeyBindingType = xKMSObjectFactory
0409: .createQueryKeyBindingType();
0410: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0411: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0412:
0413: locateResultType = xKMSInvoker.locate(locateRequestType, null,
0414: null);
0415: assertTrue(locateResultType.getUnverifiedKeyBinding().size() > 0);
0416:
0417: // Locate by Subject DN
0418: locateRequestType = xKMSObjectFactory.createLocateRequestType();
0419: locateRequestType.setId("129");
0420: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
0421: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
0422: useKeyWithType.setIdentifier(dn1);
0423:
0424: locateRequestType.getRespondWith().add(
0425: XKMSConstants.RESPONDWITH_X509CERT);
0426:
0427: queryKeyBindingType = xKMSObjectFactory
0428: .createQueryKeyBindingType();
0429: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0430: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0431:
0432: locateResultType = xKMSInvoker.locate(locateRequestType, null,
0433: null);
0434: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
0435:
0436: // Locate by With a more complicated query
0437: locateRequestType = xKMSObjectFactory.createLocateRequestType();
0438: locateRequestType.setId("129");
0439: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
0440: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
0441: useKeyWithType.setIdentifier(dn1);
0442:
0443: UseKeyWithType useKeyWithType2 = xKMSObjectFactory
0444: .createUseKeyWithType();
0445: useKeyWithType2
0446: .setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
0447: useKeyWithType2.setIdentifier(username2 + ".test.com");
0448:
0449: locateRequestType.getRespondWith().add(
0450: XKMSConstants.RESPONDWITH_X509CERT);
0451:
0452: queryKeyBindingType = xKMSObjectFactory
0453: .createQueryKeyBindingType();
0454: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0455: queryKeyBindingType.getUseKeyWith().add(useKeyWithType2);
0456: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0457:
0458: locateResultType = xKMSInvoker.locate(locateRequestType, null,
0459: null);
0460: // Should return the cert of username1 and username2
0461: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 2);
0462:
0463: // Locate by With a more complicated query but results in only one cert
0464: locateRequestType = xKMSObjectFactory.createLocateRequestType();
0465: locateRequestType.setId("129");
0466: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
0467: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
0468: useKeyWithType.setIdentifier(dn2);
0469:
0470: useKeyWithType2 = xKMSObjectFactory.createUseKeyWithType();
0471: useKeyWithType2
0472: .setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
0473: useKeyWithType2.setIdentifier(username2 + ".test.com");
0474:
0475: locateRequestType.getRespondWith().add(
0476: XKMSConstants.RESPONDWITH_X509CERT);
0477:
0478: queryKeyBindingType = xKMSObjectFactory
0479: .createQueryKeyBindingType();
0480: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0481: queryKeyBindingType.getUseKeyWith().add(useKeyWithType2);
0482: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0483:
0484: locateResultType = xKMSInvoker.locate(locateRequestType, null,
0485: null);
0486: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
0487:
0488: // Locate by With a more complicated query with one subquery doesn't match
0489: locateRequestType = xKMSObjectFactory.createLocateRequestType();
0490: locateRequestType.setId("129");
0491: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
0492: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
0493: useKeyWithType.setIdentifier("CN=nomatch");
0494:
0495: useKeyWithType2 = xKMSObjectFactory.createUseKeyWithType();
0496: useKeyWithType2
0497: .setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
0498: useKeyWithType2.setIdentifier(username2 + ".test.com");
0499:
0500: locateRequestType.getRespondWith().add(
0501: XKMSConstants.RESPONDWITH_X509CERT);
0502:
0503: queryKeyBindingType = xKMSObjectFactory
0504: .createQueryKeyBindingType();
0505: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0506: queryKeyBindingType.getUseKeyWith().add(useKeyWithType2);
0507: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0508:
0509: locateResultType = xKMSInvoker.locate(locateRequestType, null,
0510: null);
0511: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
0512:
0513: // Test with certificate
0514: locateRequestType = xKMSObjectFactory.createLocateRequestType();
0515: locateRequestType.setId("130");
0516: queryKeyBindingType = xKMSObjectFactory
0517: .createQueryKeyBindingType();
0518: X509DataType x509DataType = sigFactory.createX509DataType();
0519: x509DataType
0520: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0521: .add(
0522: sigFactory
0523: .createX509DataTypeX509Certificate(cert1
0524: .getEncoded()));
0525: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
0526: keyInfoType.getContent().add(
0527: sigFactory.createX509Data(x509DataType));
0528: queryKeyBindingType.setKeyInfo(keyInfoType);
0529: locateRequestType.getRespondWith().add(
0530: XKMSConstants.RESPONDWITH_X509CERT);
0531: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0532:
0533: locateResultType = xKMSInvoker.locate(locateRequestType, null,
0534: null);
0535: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
0536: }
0537:
0538: public void test05LocateAndReturnWith() throws Exception {
0539: // Test with returnwith values, first check that certificate is returning
0540: LocateRequestType locateRequestType = xKMSObjectFactory
0541: .createLocateRequestType();
0542: locateRequestType.setId("131");
0543: QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory
0544: .createQueryKeyBindingType();
0545: UseKeyWithType useKeyWithType = xKMSObjectFactory
0546: .createUseKeyWithType();
0547: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
0548: useKeyWithType.setIdentifier(username2 + ".test.com");
0549: locateRequestType.getRespondWith().add(
0550: XKMSConstants.RESPONDWITH_X509CERT);
0551:
0552: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0553: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0554:
0555: LocateResultType locateResultType = xKMSInvoker.locate(
0556: locateRequestType, null, null);
0557: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
0558: List<UnverifiedKeyBindingType> numberOfUnverifiedKeyBindings = locateResultType
0559: .getUnverifiedKeyBinding();
0560: Iterator<UnverifiedKeyBindingType> iter = numberOfUnverifiedKeyBindings
0561: .iterator();
0562: KeyInfoType keyInfoType;
0563: while (iter.hasNext()) {
0564: UnverifiedKeyBindingType nextKeyBinding = iter.next();
0565: keyInfoType = nextKeyBinding.getKeyInfo();
0566: assertTrue(keyInfoType.getContent().size() > 0);
0567: JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType
0568: .getContent().get(0);
0569: Iterator iter2 = jAXBX509Data.getValue()
0570: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0571: .iterator();
0572: while (iter2.hasNext()) {
0573: JAXBElement next = (JAXBElement) iter2.next();
0574: assertTrue(next.getName().getLocalPart().equals(
0575: "X509Certificate"));
0576: byte[] encoded = (byte[]) next.getValue();
0577: X509Certificate nextCert = CertTools
0578: .getCertfromByteArray(encoded);
0579: assertTrue(CertTools.stringToBCDNString(
0580: nextCert.getSubjectDN().toString()).equals(
0581: CertTools.stringToBCDNString(dn2)));
0582: }
0583:
0584: }
0585: // Test with returnwith values, first check that certificate chain is returning
0586: locateRequestType = xKMSObjectFactory.createLocateRequestType();
0587: locateRequestType.setId("132");
0588: queryKeyBindingType = xKMSObjectFactory
0589: .createQueryKeyBindingType();
0590: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
0591: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
0592: useKeyWithType.setIdentifier(username2 + ".test.com");
0593: locateRequestType.getRespondWith().add(
0594: XKMSConstants.RESPONDWITH_X509CHAIN);
0595:
0596: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0597: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0598:
0599: locateResultType = xKMSInvoker.locate(locateRequestType, null,
0600: null);
0601: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
0602: numberOfUnverifiedKeyBindings = locateResultType
0603: .getUnverifiedKeyBinding();
0604: iter = numberOfUnverifiedKeyBindings.iterator();
0605: while (iter.hasNext()) {
0606: UnverifiedKeyBindingType nextKeyBinding = iter.next();
0607: keyInfoType = nextKeyBinding.getKeyInfo();
0608: assertTrue(keyInfoType.getContent().size() > 1);
0609: JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType
0610: .getContent().get(0);
0611: assertTrue(jAXBX509Data.getValue()
0612: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0613: .size() == 2);
0614: Iterator iter2 = jAXBX509Data.getValue()
0615: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0616: .iterator();
0617: while (iter2.hasNext()) {
0618: JAXBElement next = (JAXBElement) iter2.next();
0619: assertTrue(next.getName().getLocalPart().equals(
0620: "X509Certificate"));
0621: byte[] encoded = (byte[]) next.getValue();
0622: X509Certificate nextCert = CertTools
0623: .getCertfromByteArray(encoded);
0624: assertTrue(CertTools.stringToBCDNString(
0625: nextCert.getSubjectDN().toString()).equals(
0626: CertTools.stringToBCDNString(dn2))
0627: || CertTools
0628: .stringToBCDNString(
0629: nextCert.getSubjectDN()
0630: .toString())
0631: .equals(
0632: CertTools
0633: .stringToBCDNString(issuerdn)));
0634: }
0635:
0636: }
0637:
0638: // Test with returnwith values, require both cert and chain in answer check that just chain is returned
0639: locateRequestType = xKMSObjectFactory.createLocateRequestType();
0640: locateRequestType.setId("133");
0641: queryKeyBindingType = xKMSObjectFactory
0642: .createQueryKeyBindingType();
0643: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
0644: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
0645: useKeyWithType.setIdentifier(username2 + ".test.com");
0646: locateRequestType.getRespondWith().add(
0647: XKMSConstants.RESPONDWITH_X509CHAIN);
0648: locateRequestType.getRespondWith().add(
0649: XKMSConstants.RESPONDWITH_X509CERT);
0650:
0651: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0652: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0653:
0654: locateResultType = xKMSInvoker.locate(locateRequestType, null,
0655: null);
0656: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
0657: numberOfUnverifiedKeyBindings = locateResultType
0658: .getUnverifiedKeyBinding();
0659: iter = numberOfUnverifiedKeyBindings.iterator();
0660: while (iter.hasNext()) {
0661: UnverifiedKeyBindingType nextKeyBinding = iter.next();
0662: keyInfoType = nextKeyBinding.getKeyInfo();
0663: assertTrue(keyInfoType.getContent().size() > 1);
0664: JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType
0665: .getContent().get(0);
0666: assertTrue(jAXBX509Data.getValue()
0667: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0668: .size() == 2);
0669: Iterator iter2 = jAXBX509Data.getValue()
0670: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0671: .iterator();
0672: while (iter2.hasNext()) {
0673: JAXBElement next = (JAXBElement) iter2.next();
0674: assertTrue(next.getName().getLocalPart().equals(
0675: "X509Certificate"));
0676: byte[] encoded = (byte[]) next.getValue();
0677: X509Certificate nextCert = CertTools
0678: .getCertfromByteArray(encoded);
0679: assertTrue(CertTools.stringToBCDNString(
0680: nextCert.getSubjectDN().toString()).equals(
0681: CertTools.stringToBCDNString(dn2))
0682: || CertTools
0683: .stringToBCDNString(
0684: nextCert.getSubjectDN()
0685: .toString())
0686: .equals(
0687: CertTools
0688: .stringToBCDNString(issuerdn)));
0689: }
0690:
0691: }
0692:
0693: // Test with returnwith values, require crl in answer
0694: locateRequestType = xKMSObjectFactory.createLocateRequestType();
0695: locateRequestType.setId("134");
0696: queryKeyBindingType = xKMSObjectFactory
0697: .createQueryKeyBindingType();
0698: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
0699: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
0700: useKeyWithType.setIdentifier(username2 + ".test.com");
0701: locateRequestType.getRespondWith().add(
0702: XKMSConstants.RESPONDWITH_X509CRL);
0703:
0704: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0705: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0706:
0707: locateResultType = xKMSInvoker.locate(locateRequestType, null,
0708: null);
0709: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
0710: numberOfUnverifiedKeyBindings = locateResultType
0711: .getUnverifiedKeyBinding();
0712: iter = numberOfUnverifiedKeyBindings.iterator();
0713: while (iter.hasNext()) {
0714: UnverifiedKeyBindingType nextKeyBinding = iter.next();
0715: keyInfoType = nextKeyBinding.getKeyInfo();
0716: assertTrue(keyInfoType.getContent().size() > 1);
0717: JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType
0718: .getContent().get(0);
0719: assertTrue(jAXBX509Data.getValue()
0720: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0721: .size() == 1);
0722: Iterator iter2 = jAXBX509Data.getValue()
0723: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0724: .iterator();
0725: while (iter2.hasNext()) {
0726: JAXBElement next = (JAXBElement) iter2.next();
0727: assertTrue(next.getName().getLocalPart().equals(
0728: "X509CRL"));
0729: byte[] encoded = (byte[]) next.getValue();
0730: X509CRL nextCRL = CertTools
0731: .getCRLfromByteArray(encoded);
0732: assertTrue(CertTools.stringToBCDNString(
0733: nextCRL.getIssuerDN().toString()).equals(
0734: CertTools.stringToBCDNString(issuerdn)));
0735: }
0736: }
0737:
0738: // Test with returnwith values, require certchain and crl in answer
0739: locateRequestType = xKMSObjectFactory.createLocateRequestType();
0740: locateRequestType.setId("135");
0741: queryKeyBindingType = xKMSObjectFactory
0742: .createQueryKeyBindingType();
0743: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
0744: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
0745: useKeyWithType.setIdentifier(username2 + ".test.com");
0746: locateRequestType.getRespondWith().add(
0747: XKMSConstants.RESPONDWITH_X509CRL);
0748: locateRequestType.getRespondWith().add(
0749: XKMSConstants.RESPONDWITH_X509CHAIN);
0750:
0751: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0752: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0753:
0754: locateResultType = xKMSInvoker.locate(locateRequestType, null,
0755: null);
0756: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
0757: numberOfUnverifiedKeyBindings = locateResultType
0758: .getUnverifiedKeyBinding();
0759: iter = numberOfUnverifiedKeyBindings.iterator();
0760: while (iter.hasNext()) {
0761: UnverifiedKeyBindingType nextKeyBinding = iter.next();
0762: keyInfoType = nextKeyBinding.getKeyInfo();
0763: assertTrue(keyInfoType.getContent().size() > 1);
0764: JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType
0765: .getContent().get(0);
0766: assertTrue(jAXBX509Data.getValue()
0767: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0768: .size() == 3);
0769: Iterator iter2 = jAXBX509Data.getValue()
0770: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0771: .iterator();
0772: while (iter2.hasNext()) {
0773: JAXBElement next = (JAXBElement) iter2.next();
0774: if (next.getName().getLocalPart().equals("X509CRL")) {
0775: byte[] encoded = (byte[]) next.getValue();
0776: X509CRL nextCRL = CertTools
0777: .getCRLfromByteArray(encoded);
0778: assertTrue(CertTools.stringToBCDNString(
0779: nextCRL.getIssuerDN().toString()).equals(
0780: CertTools.stringToBCDNString(issuerdn)));
0781: }
0782: if (next.getName().getLocalPart().equals(
0783: "X509Certificate")) {
0784: byte[] encoded = (byte[]) next.getValue();
0785: X509Certificate nextCert = CertTools
0786: .getCertfromByteArray(encoded);
0787: assertTrue(CertTools.stringToBCDNString(
0788: nextCert.getSubjectDN().toString()).equals(
0789: CertTools.stringToBCDNString(dn2))
0790: || CertTools
0791: .stringToBCDNString(
0792: nextCert.getSubjectDN()
0793: .toString())
0794: .equals(
0795: CertTools
0796: .stringToBCDNString(issuerdn)));
0797: }
0798: }
0799: }
0800:
0801: // Test with returnwith values, require keyname in answer
0802: locateRequestType = xKMSObjectFactory.createLocateRequestType();
0803: locateRequestType.setId("135");
0804: queryKeyBindingType = xKMSObjectFactory
0805: .createQueryKeyBindingType();
0806: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
0807: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
0808: useKeyWithType.setIdentifier(username2 + ".test.com");
0809: locateRequestType.getRespondWith().add(
0810: XKMSConstants.RESPONDWITH_KEYNAME);
0811:
0812: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0813: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0814:
0815: locateResultType = xKMSInvoker.locate(locateRequestType, null,
0816: null);
0817: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
0818: numberOfUnverifiedKeyBindings = locateResultType
0819: .getUnverifiedKeyBinding();
0820: iter = numberOfUnverifiedKeyBindings.iterator();
0821: while (iter.hasNext()) {
0822: UnverifiedKeyBindingType nextKeyBinding = iter.next();
0823: keyInfoType = nextKeyBinding.getKeyInfo();
0824: assertTrue(keyInfoType.getContent().size() > 1);
0825: JAXBElement<String> jAXBString = (JAXBElement<String>) keyInfoType
0826: .getContent().get(0);
0827: assertTrue(jAXBString.getName().getLocalPart().equals(
0828: "KeyName"));
0829: assertTrue(CertTools.stringToBCDNString(jAXBString
0830: .getValue())
0831: + " = " + CertTools.stringToBCDNString(dn2),
0832: CertTools.stringToBCDNString(jAXBString.getValue())
0833: .equals(CertTools.stringToBCDNString(dn2)));
0834: }
0835:
0836: // Test with returnwith values, require public key in answer
0837: locateRequestType = xKMSObjectFactory.createLocateRequestType();
0838: locateRequestType.setId("135");
0839: queryKeyBindingType = xKMSObjectFactory
0840: .createQueryKeyBindingType();
0841: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
0842: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
0843: useKeyWithType.setIdentifier(username2 + ".test.com");
0844: locateRequestType.getRespondWith().add(
0845: XKMSConstants.RESPONDWITH_KEYVALUE);
0846:
0847: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0848: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0849:
0850: locateResultType = xKMSInvoker.locate(locateRequestType, null,
0851: null);
0852: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
0853: numberOfUnverifiedKeyBindings = locateResultType
0854: .getUnverifiedKeyBinding();
0855: iter = numberOfUnverifiedKeyBindings.iterator();
0856: while (iter.hasNext()) {
0857: UnverifiedKeyBindingType nextKeyBinding = iter.next();
0858: keyInfoType = nextKeyBinding.getKeyInfo();
0859: assertTrue("" + keyInfoType.getContent().size(),
0860: keyInfoType.getContent().size() > 0);
0861: JAXBElement<KeyValueType> jAXBKeyValue = (JAXBElement<KeyValueType>) keyInfoType
0862: .getContent().get(0);
0863: assertTrue(jAXBKeyValue.getName().getLocalPart(),
0864: jAXBKeyValue.getName().getLocalPart().equals(
0865: "KeyValue"));
0866: assertTrue(
0867: "" + jAXBKeyValue.getValue().getContent().size(),
0868: jAXBKeyValue.getValue().getContent().size() > 1);
0869: JAXBElement<RSAKeyValueType> rSAKeyValueType = (JAXBElement<RSAKeyValueType>) jAXBKeyValue
0870: .getValue().getContent().get(0);
0871: assertTrue(rSAKeyValueType.getName().getLocalPart(),
0872: rSAKeyValueType.getName().getLocalPart().equals(
0873: "RSAKeyValue"));
0874: BigInteger exp = new BigInteger(rSAKeyValueType.getValue()
0875: .getExponent());
0876: BigInteger modulus = new BigInteger(rSAKeyValueType
0877: .getValue().getModulus());
0878: assertTrue(((RSAPublicKey) cert2.getPublicKey())
0879: .getModulus().equals(modulus));
0880: assertTrue(((RSAPublicKey) cert2.getPublicKey())
0881: .getPublicExponent().equals(exp));
0882: }
0883:
0884: // Test with returnwith one invalid values
0885: locateRequestType = xKMSObjectFactory.createLocateRequestType();
0886: locateRequestType.setId("136");
0887: queryKeyBindingType = xKMSObjectFactory
0888: .createQueryKeyBindingType();
0889: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
0890: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
0891: useKeyWithType.setIdentifier(username2 + ".test.com");
0892: locateRequestType.getRespondWith().add(
0893: XKMSConstants.RESPONDWITH_RETRIEVALMETHOD);
0894:
0895: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0896: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0897:
0898: locateResultType = xKMSInvoker.locate(locateRequestType, null,
0899: null);
0900: assertTrue(locateResultType.getResultMajor().equals(
0901: XKMSConstants.RESULTMAJOR_SENDER));
0902: assertTrue(locateResultType.getResultMinor().equals(
0903: XKMSConstants.RESULTMINOR_MESSAGENOTSUPPORTED));
0904:
0905: // Test with returnwith many invalid values
0906: locateRequestType = xKMSObjectFactory.createLocateRequestType();
0907: locateRequestType.setId("137");
0908: queryKeyBindingType = xKMSObjectFactory
0909: .createQueryKeyBindingType();
0910: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
0911: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
0912: useKeyWithType.setIdentifier(username2 + ".test.com");
0913: locateRequestType.getRespondWith().add(
0914: XKMSConstants.RESPONDWITH_RETRIEVALMETHOD);
0915: locateRequestType.getRespondWith().add(
0916: XKMSConstants.RESPONDWITH_PGP);
0917: locateRequestType.getRespondWith().add(
0918: XKMSConstants.RESPONDWITH_PGPWEB);
0919: locateRequestType.getRespondWith().add(
0920: XKMSConstants.RESPONDWITH_SPKI);
0921: locateRequestType.getRespondWith().add(
0922: XKMSConstants.RESPONDWITH_PRIVATEKEY);
0923:
0924: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0925: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0926:
0927: locateResultType = xKMSInvoker.locate(locateRequestType, null,
0928: null);
0929: assertTrue(locateResultType.getResultMajor().equals(
0930: XKMSConstants.RESULTMAJOR_SENDER));
0931: assertTrue(locateResultType.getResultMinor().equals(
0932: XKMSConstants.RESULTMINOR_MESSAGENOTSUPPORTED));
0933:
0934: // Test with many invalid values and one certificate
0935: locateRequestType = xKMSObjectFactory.createLocateRequestType();
0936: locateRequestType.setId("138");
0937: queryKeyBindingType = xKMSObjectFactory
0938: .createQueryKeyBindingType();
0939: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
0940: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
0941: useKeyWithType.setIdentifier(username2 + ".test.com");
0942: locateRequestType.getRespondWith().add(
0943: XKMSConstants.RESPONDWITH_X509CERT);
0944: locateRequestType.getRespondWith().add(
0945: XKMSConstants.RESPONDWITH_RETRIEVALMETHOD);
0946: locateRequestType.getRespondWith().add(
0947: XKMSConstants.RESPONDWITH_PGP);
0948: locateRequestType.getRespondWith().add(
0949: XKMSConstants.RESPONDWITH_PGPWEB);
0950: locateRequestType.getRespondWith().add(
0951: XKMSConstants.RESPONDWITH_SPKI);
0952: locateRequestType.getRespondWith().add(
0953: XKMSConstants.RESPONDWITH_PRIVATEKEY);
0954:
0955: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
0956: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
0957:
0958: locateResultType = xKMSInvoker.locate(locateRequestType, null,
0959: null);
0960: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
0961: numberOfUnverifiedKeyBindings = locateResultType
0962: .getUnverifiedKeyBinding();
0963: iter = numberOfUnverifiedKeyBindings.iterator();
0964:
0965: while (iter.hasNext()) {
0966: UnverifiedKeyBindingType nextKeyBinding = iter.next();
0967: keyInfoType = nextKeyBinding.getKeyInfo();
0968: assertTrue(keyInfoType.getContent().size() > 0);
0969: JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyInfoType
0970: .getContent().get(0);
0971: Iterator iter2 = jAXBX509Data.getValue()
0972: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0973: .iterator();
0974: while (iter2.hasNext()) {
0975: JAXBElement next = (JAXBElement) iter2.next();
0976: assertTrue(next.getName().getLocalPart().equals(
0977: "X509Certificate"));
0978: byte[] encoded = (byte[]) next.getValue();
0979: X509Certificate nextCert = CertTools
0980: .getCertfromByteArray(encoded);
0981: assertTrue(CertTools.stringToBCDNString(
0982: nextCert.getSubjectDN().toString()).equals(
0983: CertTools.stringToBCDNString(dn2)));
0984: }
0985: }
0986:
0987: }
0988:
0989: public void test06LocateAndKeyUsage() throws Exception {
0990: // request with Signature and expect signature
0991: LocateRequestType locateRequestType = xKMSObjectFactory
0992: .createLocateRequestType();
0993: locateRequestType.setId("139");
0994: QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory
0995: .createQueryKeyBindingType();
0996: UseKeyWithType useKeyWithType = xKMSObjectFactory
0997: .createUseKeyWithType();
0998: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
0999: useKeyWithType.setIdentifier(username2 + ".test.com");
1000:
1001: locateRequestType.getRespondWith().add(
1002: XKMSConstants.RESPONDWITH_X509CERT);
1003: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
1004: queryKeyBindingType.getKeyUsage().add(
1005: XKMSConstants.KEYUSAGE_SIGNATURE);
1006: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
1007:
1008: LocateResultType locateResultType = xKMSInvoker.locate(
1009: locateRequestType, null, null);
1010: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
1011: List<UnverifiedKeyBindingType> numberOfUnverifiedKeyBindings = locateResultType
1012: .getUnverifiedKeyBinding();
1013: Iterator<UnverifiedKeyBindingType> iter = numberOfUnverifiedKeyBindings
1014: .iterator();
1015: while (iter.hasNext()) {
1016: UnverifiedKeyBindingType nextKeyBinding = iter.next();
1017: assertTrue(nextKeyBinding.getKeyUsage().size() == 1);
1018: assertTrue(nextKeyBinding.getKeyUsage().contains(
1019: XKMSConstants.KEYUSAGE_SIGNATURE));
1020: }
1021:
1022: // request with Signature and receive noMatch
1023: locateRequestType = xKMSObjectFactory.createLocateRequestType();
1024: locateRequestType.setId("140");
1025: queryKeyBindingType = xKMSObjectFactory
1026: .createQueryKeyBindingType();
1027: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
1028: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
1029: useKeyWithType.setIdentifier(dn1);
1030: locateRequestType.getRespondWith().add(
1031: XKMSConstants.RESPONDWITH_X509CERT);
1032: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
1033: queryKeyBindingType.getKeyUsage().add(
1034: XKMSConstants.KEYUSAGE_SIGNATURE);
1035: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
1036:
1037: locateResultType = xKMSInvoker.locate(locateRequestType, null,
1038: null);
1039: assertTrue(locateResultType.getResultMajor().equals(
1040: XKMSConstants.RESULTMAJOR_SUCCESS));
1041: assertTrue(locateResultType.getResultMinor().equals(
1042: XKMSConstants.RESULTMINOR_NOMATCH));
1043:
1044: // request Exchange or Signature and receive Signature expect Nomatch
1045: locateRequestType = xKMSObjectFactory.createLocateRequestType();
1046: locateRequestType.setId("141");
1047: queryKeyBindingType = xKMSObjectFactory
1048: .createQueryKeyBindingType();
1049: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
1050: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSSMTP);
1051: useKeyWithType.setIdentifier(username2 + ".test.com");
1052:
1053: locateRequestType.getRespondWith().add(
1054: XKMSConstants.RESPONDWITH_X509CERT);
1055: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
1056: queryKeyBindingType.getKeyUsage().add(
1057: XKMSConstants.KEYUSAGE_SIGNATURE);
1058: queryKeyBindingType.getKeyUsage().add(
1059: XKMSConstants.KEYUSAGE_EXCHANGE);
1060: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
1061:
1062: locateResultType = xKMSInvoker.locate(locateRequestType, null,
1063: null);
1064: assertTrue(locateResultType.getResultMajor().equals(
1065: XKMSConstants.RESULTMAJOR_SUCCESS));
1066: assertTrue(locateResultType.getResultMinor().equals(
1067: XKMSConstants.RESULTMINOR_NOMATCH));
1068:
1069: // request Exchange and that response can be used for both exchange and encryption.
1070: locateRequestType = xKMSObjectFactory.createLocateRequestType();
1071: locateRequestType.setId("142");
1072: queryKeyBindingType = xKMSObjectFactory
1073: .createQueryKeyBindingType();
1074: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
1075: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
1076: useKeyWithType.setIdentifier(dn3);
1077:
1078: locateRequestType.getRespondWith().add(
1079: XKMSConstants.RESPONDWITH_X509CERT);
1080: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
1081: queryKeyBindingType.getKeyUsage().add(
1082: XKMSConstants.KEYUSAGE_ENCRYPTION);
1083: queryKeyBindingType.getKeyUsage().add(
1084: XKMSConstants.KEYUSAGE_EXCHANGE);
1085: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
1086:
1087: locateResultType = xKMSInvoker.locate(locateRequestType, null,
1088: null);
1089: assertTrue(locateResultType.getResultMajor().equals(
1090: XKMSConstants.RESULTMAJOR_SUCCESS));
1091: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 1);
1092: numberOfUnverifiedKeyBindings = locateResultType
1093: .getUnverifiedKeyBinding();
1094: iter = numberOfUnverifiedKeyBindings.iterator();
1095: while (iter.hasNext()) {
1096: UnverifiedKeyBindingType nextKeyBinding = iter.next();
1097: assertTrue(nextKeyBinding.getKeyUsage().size() == 2);
1098: assertTrue(nextKeyBinding.getKeyUsage().contains(
1099: XKMSConstants.KEYUSAGE_ENCRYPTION));
1100: assertTrue(nextKeyBinding.getKeyUsage().contains(
1101: XKMSConstants.KEYUSAGE_EXCHANGE));
1102: }
1103:
1104: }
1105:
1106: public void test07LocateAndResponseLimit() throws Exception {
1107: // request with 3 and expect 3
1108: LocateRequestType locateRequestType = xKMSObjectFactory
1109: .createLocateRequestType();
1110: locateRequestType.setId("300");
1111: QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory
1112: .createQueryKeyBindingType();
1113: UseKeyWithType useKeyWithType = xKMSObjectFactory
1114: .createUseKeyWithType();
1115: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
1116: useKeyWithType.setIdentifier(baseUsername);
1117: locateRequestType.getRespondWith().add(
1118: XKMSConstants.RESPONDWITH_X509CERT);
1119: locateRequestType.setResponseLimit(new BigInteger("3"));
1120:
1121: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
1122: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
1123:
1124: LocateResultType locateResultType = xKMSInvoker.locate(
1125: locateRequestType, null, null);
1126: assertTrue(locateResultType.getUnverifiedKeyBinding().size() == 3);
1127:
1128: // request with 2 and expect 2
1129: locateRequestType = xKMSObjectFactory.createLocateRequestType();
1130: locateRequestType.setId("301");
1131: queryKeyBindingType = xKMSObjectFactory
1132: .createQueryKeyBindingType();
1133: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
1134: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
1135: useKeyWithType.setIdentifier(baseUsername);
1136: locateRequestType.getRespondWith().add(
1137: XKMSConstants.RESPONDWITH_X509CERT);
1138: locateRequestType.setResponseLimit(new BigInteger("2"));
1139:
1140: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
1141: locateRequestType.setQueryKeyBinding(queryKeyBindingType);
1142:
1143: locateResultType = xKMSInvoker.locate(locateRequestType, null,
1144: null);
1145: assertTrue(locateResultType.getResultMajor().equals(
1146: XKMSConstants.RESULTMAJOR_SUCCESS));
1147: assertTrue(locateResultType.getResultMinor().equals(
1148: XKMSConstants.RESULTMINOR_TOOMANYRESPONSES));
1149: }
1150:
1151: //unknown testcert
1152: static byte[] certbytes = Base64
1153: .decode(("MIICNzCCAaCgAwIBAgIIIOqiVwJHz+8wDQYJKoZIhvcNAQEFBQAwKzENMAsGA1UE"
1154: + "AxMEVGVzdDENMAsGA1UEChMEVGVzdDELMAkGA1UEBhMCU0UwHhcNMDQwNTA4MDkx"
1155: + "ODMwWhcNMDUwNTA4MDkyODMwWjArMQ0wCwYDVQQDEwRUZXN0MQ0wCwYDVQQKEwRU"
1156: + "ZXN0MQswCQYDVQQGEwJTRTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgbf2"
1157: + "Sv34lsY43C8WJjbUd57TNuHJ6p2Es7ojS3D2yxtzQg/A8wL1OfXes344PPNGHkDd"
1158: + "QPBaaWYQrvLvqpjKwx/vA1835L3I92MsGs+uivq5L5oHfCxEh8Kwb9J2p3xjgeWX"
1159: + "YdZM5dBj3zzyu+Jer4iU4oCAnnyG+OlVnPsFt6ECAwEAAaNkMGIwDwYDVR0TAQH/"
1160: + "BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBQArVZXuGqbb9yhBLbu"
1161: + "XfzjSuXfHTAfBgNVHSMEGDAWgBQArVZXuGqbb9yhBLbuXfzjSuXfHTANBgkqhkiG"
1162: + "9w0BAQUFAAOBgQA1cB6wWzC2rUKBjFAzfkLvDUS3vEMy7ntYMqqQd6+5s1LHCoPw"
1163: + "eaR42kMWCxAbdSRgv5ATM0JU3Q9jWbLO54FkJDzq+vw2TaX+Y5T+UL1V0o4TPKxp"
1164: + "nKuay+xl5aoUcVEs3h3uJDjcpgMAtyusMEyv4d+RFYvWJWFzRTKDueyanw==")
1165: .getBytes());
1166:
1167: public void test09Validate() throws Exception {
1168:
1169: // Test simple validate
1170: ValidateRequestType validateRequestType = xKMSObjectFactory
1171: .createValidateRequestType();
1172: validateRequestType.setId("200");
1173:
1174: UseKeyWithType useKeyWithType = xKMSObjectFactory
1175: .createUseKeyWithType();
1176: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
1177: useKeyWithType.setIdentifier(username1);
1178:
1179: validateRequestType.getRespondWith().add(
1180: XKMSConstants.RESPONDWITH_X509CHAIN);
1181:
1182: QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory
1183: .createQueryKeyBindingType();
1184: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
1185: validateRequestType.setQueryKeyBinding(queryKeyBindingType);
1186:
1187: ValidateResultType validateResultType = xKMSInvoker.validate(
1188: validateRequestType, null, null);
1189:
1190: assertTrue(validateResultType.getKeyBinding().size() > 0);
1191: assertTrue(validateResultType.getKeyBinding().get(0)
1192: .getStatus().getValidReason().contains(
1193: XKMSConstants.STATUSREASON_VALIDITYINTERVAL));
1194: assertTrue(validateResultType.getKeyBinding().get(0)
1195: .getStatus().getValidReason().contains(
1196: XKMSConstants.STATUSREASON_ISSUERTRUST));
1197: assertTrue(validateResultType.getKeyBinding().get(0)
1198: .getStatus().getValidReason().contains(
1199: XKMSConstants.STATUSREASON_SIGNATURE));
1200: assertTrue(validateResultType.getKeyBinding().get(0)
1201: .getStatus().getValidReason().contains(
1202: XKMSConstants.STATUSREASON_REVOCATIONSTATUS));
1203:
1204: // Test with known certificate.
1205: validateRequestType = xKMSObjectFactory
1206: .createValidateRequestType();
1207: validateRequestType.setId("201");
1208:
1209: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
1210: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
1211: useKeyWithType.setIdentifier(username1);
1212:
1213: validateRequestType.getRespondWith().add(
1214: XKMSConstants.RESPONDWITH_X509CERT);
1215:
1216: queryKeyBindingType = xKMSObjectFactory
1217: .createQueryKeyBindingType();
1218: X509DataType x509DataType = sigFactory.createX509DataType();
1219: x509DataType
1220: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
1221: .add(
1222: sigFactory
1223: .createX509DataTypeX509Certificate(cert1
1224: .getEncoded()));
1225: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
1226: keyInfoType.getContent().add(
1227: sigFactory.createX509Data(x509DataType));
1228: queryKeyBindingType.setKeyInfo(keyInfoType);
1229: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
1230: validateRequestType.setQueryKeyBinding(queryKeyBindingType);
1231:
1232: validateResultType = xKMSInvoker.validate(validateRequestType,
1233: null, null);
1234:
1235: assertTrue(validateResultType.getKeyBinding().size() > 0);
1236: assertTrue(validateResultType.getKeyBinding().get(0)
1237: .getStatus().getValidReason().contains(
1238: XKMSConstants.STATUSREASON_VALIDITYINTERVAL));
1239: assertTrue(validateResultType.getKeyBinding().get(0)
1240: .getStatus().getValidReason().contains(
1241: XKMSConstants.STATUSREASON_ISSUERTRUST));
1242: assertTrue(validateResultType.getKeyBinding().get(0)
1243: .getStatus().getValidReason().contains(
1244: XKMSConstants.STATUSREASON_SIGNATURE));
1245: assertTrue(validateResultType.getKeyBinding().get(0)
1246: .getStatus().getValidReason().contains(
1247: XKMSConstants.STATUSREASON_REVOCATIONSTATUS));
1248:
1249: // Test with unknown certificate.
1250: validateRequestType = xKMSObjectFactory
1251: .createValidateRequestType();
1252: validateRequestType.setId("202");
1253:
1254: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
1255: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
1256: useKeyWithType.setIdentifier(username1);
1257:
1258: validateRequestType.getRespondWith().add(
1259: XKMSConstants.RESPONDWITH_X509CERT);
1260:
1261: queryKeyBindingType = xKMSObjectFactory
1262: .createQueryKeyBindingType();
1263: x509DataType = sigFactory.createX509DataType();
1264: x509DataType
1265: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
1266: .add(
1267: sigFactory
1268: .createX509DataTypeX509Certificate(certbytes));
1269: keyInfoType = sigFactory.createKeyInfoType();
1270: keyInfoType.getContent().add(
1271: sigFactory.createX509Data(x509DataType));
1272: queryKeyBindingType.setKeyInfo(keyInfoType);
1273: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
1274: validateRequestType.setQueryKeyBinding(queryKeyBindingType);
1275:
1276: validateResultType = xKMSInvoker.validate(validateRequestType,
1277: null, null);
1278:
1279: assertTrue(validateResultType.getResultMajor().equals(
1280: XKMSConstants.RESULTMAJOR_SUCCESS));
1281: assertTrue(validateResultType.getResultMinor().equals(
1282: XKMSConstants.RESULTMINOR_NOMATCH));
1283:
1284: // Revoke certificate
1285: Admin administrator = new Admin(Admin.TYPE_RA_USER);
1286: certStore.revokeCertificate(administrator, cert1,
1287: new ArrayList(),
1288: RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED);
1289: // Validate with revoked certificate
1290: validateRequestType = xKMSObjectFactory
1291: .createValidateRequestType();
1292: validateRequestType.setId("203");
1293:
1294: useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
1295: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
1296: useKeyWithType.setIdentifier(username1);
1297:
1298: validateRequestType.getRespondWith().add(
1299: XKMSConstants.RESPONDWITH_X509CERT);
1300:
1301: queryKeyBindingType = xKMSObjectFactory
1302: .createQueryKeyBindingType();
1303: x509DataType = sigFactory.createX509DataType();
1304: x509DataType
1305: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
1306: .add(
1307: sigFactory
1308: .createX509DataTypeX509Certificate(cert1
1309: .getEncoded()));
1310: keyInfoType = sigFactory.createKeyInfoType();
1311: keyInfoType.getContent().add(
1312: sigFactory.createX509Data(x509DataType));
1313: queryKeyBindingType.setKeyInfo(keyInfoType);
1314: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
1315: validateRequestType.setQueryKeyBinding(queryKeyBindingType);
1316:
1317: validateResultType = xKMSInvoker.validate(validateRequestType,
1318: null, null);
1319:
1320: assertTrue(validateResultType.getKeyBinding().size() > 0);
1321: assertTrue(validateResultType.getKeyBinding().get(0)
1322: .getStatus().getValidReason().contains(
1323: XKMSConstants.STATUSREASON_VALIDITYINTERVAL));
1324: assertTrue(validateResultType.getKeyBinding().get(0)
1325: .getStatus().getValidReason().contains(
1326: XKMSConstants.STATUSREASON_ISSUERTRUST));
1327: assertTrue(validateResultType.getKeyBinding().get(0)
1328: .getStatus().getValidReason().contains(
1329: XKMSConstants.STATUSREASON_SIGNATURE));
1330: assertTrue(validateResultType.getKeyBinding().get(0)
1331: .getStatus().getInvalidReason().contains(
1332: XKMSConstants.STATUSREASON_REVOCATIONSTATUS));
1333:
1334: }
1335:
1336: public void test99CleanDatabase() throws Exception {
1337: Admin administrator = new Admin(Admin.TYPE_RA_USER);
1338: cacheAdmin.deleteUser(administrator, username1);
1339: cacheAdmin.deleteUser(administrator, username2);
1340: cacheAdmin.deleteUser(administrator, username3);
1341:
1342: raAdmin
1343: .removeEndEntityProfile(administrator,
1344: "XKMSTESTPROFILE");
1345:
1346: certStore.removeCertificateProfile(administrator,
1347: "XKMSTESTSIGN");
1348: certStore.removeCertificateProfile(administrator,
1349: "XKMSTESTEXCHANDENC");
1350: }
1351:
1352: private Context getInitialContext() throws NamingException {
1353: log.debug(">getInitialContext");
1354:
1355: Context ctx = new javax.naming.InitialContext();
1356: log.debug("<getInitialContext");
1357:
1358: return ctx;
1359: }
1360:
1361: private String genUserName() throws Exception {
1362: // Gen new user
1363: userNo++;
1364:
1365: return baseUsername + userNo;
1366: } // genRandomUserName
1367:
1368: private static KeyPair genKeys() throws Exception {
1369: KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA",
1370: "BC");
1371: keygen.initialize(1024);
1372: log.debug("Generating keys, please wait...");
1373: KeyPair rsaKeys = keygen.generateKeyPair();
1374: log.debug("Generated "
1375: + rsaKeys.getPrivate().getAlgorithm()
1376: + " keys with length"
1377: + ((RSAPrivateKey) rsaKeys.getPrivate()).getModulus()
1378: .bitLength());
1379:
1380: return rsaKeys;
1381: } // genKeys
1382: }
|