0001: /*************************************************************************
0002: * *
0003: * EJBCA: The OpenSource Certificate Authority *
0004: * *
0005: * This software is free software; you can redistribute it and/or *
0006: * modify it under the terms of the GNU Lesser General Public *
0007: * License as published by the Free Software Foundation; either *
0008: * version 2.1 of the License, or any later version. *
0009: * *
0010: * See terms of license at gnu.org. *
0011: * *
0012: *************************************************************************/package org.ejbca.core.protocol.xkms;
0013:
0014: import java.security.KeyPair;
0015: import java.security.KeyPairGenerator;
0016: import java.security.PrivateKey;
0017: import java.security.cert.X509Certificate;
0018: import java.security.interfaces.RSAPrivateKey;
0019: import java.security.interfaces.RSAPublicKey;
0020: import java.util.Arrays;
0021: import java.util.Collection;
0022: import java.util.Date;
0023: import java.util.Iterator;
0024: import java.util.Random;
0025:
0026: import javax.naming.Context;
0027: import javax.naming.NamingException;
0028: import javax.xml.bind.JAXBContext;
0029: import javax.xml.bind.JAXBElement;
0030: import javax.xml.bind.JAXBException;
0031: import javax.xml.bind.Marshaller;
0032: import javax.xml.bind.PropertyException;
0033: import javax.xml.parsers.DocumentBuilderFactory;
0034:
0035: import junit.framework.TestCase;
0036:
0037: import org.apache.log4j.Logger;
0038: import org.ejbca.core.ejb.approval.IApprovalSessionHome;
0039: import org.ejbca.core.ejb.approval.IApprovalSessionRemote;
0040: import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionHome;
0041: import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionRemote;
0042: import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionHome;
0043: import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote;
0044: import org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionHome;
0045: import org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionRemote;
0046: import org.ejbca.core.ejb.ra.IUserAdminSessionHome;
0047: import org.ejbca.core.ejb.ra.IUserAdminSessionRemote;
0048: import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionHome;
0049: import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionRemote;
0050: import org.ejbca.core.model.SecConst;
0051: import org.ejbca.core.model.approval.ApprovalDataVO;
0052: import org.ejbca.core.model.approval.approvalrequests.TestRevocationApproval;
0053: import org.ejbca.core.model.ca.caadmin.CAInfo;
0054: import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile;
0055: import org.ejbca.core.model.ca.certificateprofiles.EndUserCertificateProfile;
0056: import org.ejbca.core.model.ca.crl.RevokedCertInfo;
0057: import org.ejbca.core.model.log.Admin;
0058: import org.ejbca.core.model.ra.UserDataConstants;
0059: import org.ejbca.core.model.ra.UserDataVO;
0060: import org.ejbca.core.model.ra.raadmin.EndEntityProfile;
0061: import org.ejbca.core.model.ra.raadmin.GlobalConfiguration;
0062: import org.ejbca.core.protocol.xkms.client.XKMSInvoker;
0063: import org.ejbca.core.protocol.xkms.common.XKMSConstants;
0064: import org.ejbca.core.protocol.xkms.common.XKMSNamespacePrefixMapper;
0065: import org.ejbca.core.protocol.xkms.common.XKMSUtil;
0066: import org.ejbca.util.CertTools;
0067: import org.w3._2000._09.xmldsig_.KeyInfoType;
0068: import org.w3._2000._09.xmldsig_.RSAKeyValueType;
0069: import org.w3._2000._09.xmldsig_.X509DataType;
0070: import org.w3._2002._03.xkms_.AuthenticationType;
0071: import org.w3._2002._03.xkms_.KeyBindingType;
0072: import org.w3._2002._03.xkms_.NotBoundAuthenticationType;
0073: import org.w3._2002._03.xkms_.ObjectFactory;
0074: import org.w3._2002._03.xkms_.PrototypeKeyBindingType;
0075: import org.w3._2002._03.xkms_.RecoverRequestType;
0076: import org.w3._2002._03.xkms_.RecoverResultType;
0077: import org.w3._2002._03.xkms_.RegisterRequestType;
0078: import org.w3._2002._03.xkms_.RegisterResultType;
0079: import org.w3._2002._03.xkms_.ReissueRequestType;
0080: import org.w3._2002._03.xkms_.ReissueResultType;
0081: import org.w3._2002._03.xkms_.RevokeRequestType;
0082: import org.w3._2002._03.xkms_.RevokeResultType;
0083: import org.w3._2002._03.xkms_.UseKeyWithType;
0084:
0085: /**
0086: * To Run this test, there must be a CA with DN "CN=AdminCA1,O=EJBCA Sample,C=SE", and it must have XKMS service enabled.
0087: *
0088: *
0089: * @author Philip Vendil 2006 sep 27
0090: *
0091: * @version $Id: TestXKMSKRSS.java,v 1.5 2007/11/20 08:45:52 anatom Exp $
0092: */
0093:
0094: public class TestXKMSKRSS extends TestCase {
0095:
0096: private static Logger log = Logger.getLogger(TestXKMSKRSS.class);
0097:
0098: static {
0099: org.apache.xml.security.Init.init();
0100: }
0101:
0102: private XKMSInvoker xKMSInvoker = new XKMSInvoker(
0103: "http://localhost:8080/ejbca/xkms/xkms", null);
0104:
0105: private ObjectFactory xKMSObjectFactory = new ObjectFactory();
0106: private org.w3._2000._09.xmldsig_.ObjectFactory sigFactory = new org.w3._2000._09.xmldsig_.ObjectFactory();
0107:
0108: private static String baseUsername;
0109: private IUserAdminSessionRemote userAdminSession;
0110: private IUserAdminSessionHome userAdminSessionHome;
0111: private ICertificateStoreSessionRemote certificateStoreSession;
0112: private IRaAdminSessionRemote raAdminSession;
0113: private IKeyRecoverySessionRemote keyRecoverySession;
0114: private IApprovalSessionRemote approvalSession;
0115: private ICAAdminSessionRemote caAdminSession;
0116:
0117: private static Admin administrator = new Admin(Admin.TYPE_RA_USER);
0118:
0119: private int caid;
0120: private static String username1 = null;
0121: private static String username2 = null;
0122: private static String username3 = null;
0123:
0124: private static String issuerdn = null;
0125:
0126: private int userNo;
0127:
0128: private static String dn1;
0129: private static String dn2;
0130: private static String dn3;
0131:
0132: private static KeyPair keys1;
0133: private static KeyPair keys3;
0134:
0135: private static X509Certificate cert1;
0136: private static X509Certificate cert2;
0137:
0138: private static String certprofilename1 = null;
0139: private static String certprofilename2 = null;
0140: private static String endentityprofilename = null;
0141:
0142: private static GlobalConfiguration orgGlobalConfig = null;
0143:
0144: private static int endEntityProfileId;
0145:
0146: private static JAXBContext jAXBContext = null;
0147: private static Marshaller marshaller = null;
0148: //private static Unmarshaller unmarshaller = null;
0149: private static DocumentBuilderFactory dbf = null;
0150:
0151: static {
0152: try {
0153: CertTools.installBCProvider();
0154: org.apache.xml.security.Init.init();
0155:
0156: jAXBContext = JAXBContext
0157: .newInstance("org.w3._2002._03.xkms_:org.w3._2001._04.xmlenc_:org.w3._2000._09.xmldsig_");
0158: marshaller = jAXBContext.createMarshaller();
0159: try {
0160: marshaller.setProperty(
0161: "com.sun.xml.bind.namespacePrefixMapper",
0162: new XKMSNamespacePrefixMapper());
0163: } catch (PropertyException e) {
0164: log.error(
0165: "Error registering namespace mapper property",
0166: e);
0167: }
0168: dbf = DocumentBuilderFactory.newInstance();
0169: dbf.setNamespaceAware(true);
0170: //unmarshaller = jAXBContext.createUnmarshaller();
0171:
0172: } catch (JAXBException e) {
0173: log
0174: .error(
0175: "Error initializing RequestAbstractTypeResponseGenerator",
0176: e);
0177: }
0178:
0179: }
0180:
0181: protected void setUp() throws Exception {
0182: log.debug(">setUp()");
0183: CertTools.installBCProvider();
0184: if (userAdminSession == null) {
0185: if (userAdminSessionHome == null) {
0186: Context jndiContext = getInitialContext();
0187: Object obj1 = jndiContext
0188: .lookup(IUserAdminSessionHome.JNDI_NAME);
0189: userAdminSessionHome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject
0190: .narrow(obj1, IUserAdminSessionHome.class);
0191:
0192: Object obj2 = jndiContext
0193: .lookup(ICertificateStoreSessionHome.JNDI_NAME);
0194: ICertificateStoreSessionHome certhome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject
0195: .narrow(obj2,
0196: ICertificateStoreSessionHome.class);
0197: certificateStoreSession = certhome.create();
0198:
0199: Object obj3 = jndiContext
0200: .lookup(IRaAdminSessionHome.JNDI_NAME);
0201: IRaAdminSessionHome raAdminHome = (IRaAdminSessionHome) javax.rmi.PortableRemoteObject
0202: .narrow(obj3, IRaAdminSessionHome.class);
0203: raAdminSession = raAdminHome.create();
0204:
0205: Object obj4 = jndiContext
0206: .lookup(IKeyRecoverySessionHome.JNDI_NAME);
0207: IKeyRecoverySessionHome keyAdminHome = (IKeyRecoverySessionHome) javax.rmi.PortableRemoteObject
0208: .narrow(obj4, IKeyRecoverySessionHome.class);
0209: keyRecoverySession = keyAdminHome.create();
0210:
0211: Object obj5 = jndiContext
0212: .lookup(IApprovalSessionHome.JNDI_NAME);
0213: IApprovalSessionHome approvalSessionHome = (IApprovalSessionHome) javax.rmi.PortableRemoteObject
0214: .narrow(obj5, IApprovalSessionHome.class);
0215: approvalSession = approvalSessionHome.create();
0216:
0217: Object obj6 = jndiContext
0218: .lookup(ICAAdminSessionHome.JNDI_NAME);
0219: ICAAdminSessionHome caAdminSessionHome = (ICAAdminSessionHome) javax.rmi.PortableRemoteObject
0220: .narrow(obj6, ICAAdminSessionHome.class);
0221: caAdminSession = caAdminSessionHome.create();
0222:
0223: issuerdn = "CN=AdminCA1,O=EJBCA Sample,C=SE";
0224: caid = issuerdn.hashCode();
0225: }
0226: userAdminSession = userAdminSessionHome.create();
0227: }
0228:
0229: Random ran = new Random();
0230: if (baseUsername == null) {
0231: baseUsername = "xkmstestuser" + (ran.nextInt() % 1000)
0232: + "-";
0233: }
0234:
0235: log.debug("<setUp()");
0236: }
0237:
0238: protected void tearDown() throws Exception {
0239: }
0240:
0241: public void test00SetupDatabase() throws Exception {
0242:
0243: certprofilename1 = "XKMSTESTSIGN" + baseUsername;
0244: certprofilename2 = "XKMSTESTEXCHANDENC" + baseUsername;
0245: endentityprofilename = "XKMSTESTPROFILE" + baseUsername;
0246:
0247: orgGlobalConfig = raAdminSession
0248: .loadGlobalConfiguration(administrator);
0249:
0250: GlobalConfiguration newGlobalConfig = raAdminSession
0251: .loadGlobalConfiguration(administrator);
0252: newGlobalConfig.setEnableKeyRecovery(true);
0253: raAdminSession.saveGlobalConfiguration(administrator,
0254: newGlobalConfig);
0255:
0256: // Setup with two new Certificate profiles.
0257: EndUserCertificateProfile profile1 = new EndUserCertificateProfile();
0258: profile1
0259: .setKeyUsage(CertificateProfile.DIGITALSIGNATURE, false);
0260: profile1.setKeyUsage(CertificateProfile.KEYENCIPHERMENT, false);
0261: profile1.setKeyUsage(CertificateProfile.NONREPUDIATION, true);
0262:
0263: EndUserCertificateProfile profile2 = new EndUserCertificateProfile();
0264: profile2.setKeyUsage(CertificateProfile.DATAENCIPHERMENT, true);
0265:
0266: certificateStoreSession.addCertificateProfile(administrator,
0267: certprofilename1, profile1);
0268: certificateStoreSession.addCertificateProfile(administrator,
0269: certprofilename2, profile2);
0270:
0271: int profile1Id = certificateStoreSession
0272: .getCertificateProfileId(administrator,
0273: certprofilename1);
0274: int profile2Id = certificateStoreSession
0275: .getCertificateProfileId(administrator,
0276: certprofilename2);
0277:
0278: EndEntityProfile endentityprofile = new EndEntityProfile(true);
0279:
0280: endentityprofile.setValue(EndEntityProfile.AVAILCAS, 0, ""
0281: + caid);
0282: endentityprofile.setValue(EndEntityProfile.AVAILCERTPROFILES,
0283: 0, "" + SecConst.CERTPROFILE_FIXED_ENDUSER + ";"
0284: + profile1Id + ";" + profile2Id);
0285:
0286: endentityprofile.setUse(EndEntityProfile.KEYRECOVERABLE, 0,
0287: true);
0288:
0289: raAdminSession.addEndEntityProfile(administrator,
0290: endentityprofilename, endentityprofile);
0291: endEntityProfileId = raAdminSession.getEndEntityProfileId(
0292: administrator, endentityprofilename);
0293:
0294: username1 = genUserName();
0295: String pwd = "foo123";
0296: int type = SecConst.USER_ENDUSER;
0297: int token = SecConst.TOKEN_SOFT_BROWSERGEN;
0298: int certificatetypeid = SecConst.CERTPROFILE_FIXED_ENDUSER;
0299: int hardtokenissuerid = SecConst.NO_HARDTOKENISSUER;
0300: dn1 = "C=SE, O=AnaTom, CN=" + username1;
0301: String subjectaltname1 = "RFC822NAME=" + username1 + "@foo.se";
0302: String email1 = username1 + "@foo.se";
0303: if (userAdminSession.findUser(administrator, username1) != null) {
0304: System.out
0305: .println("Error : User already exists in the database.");
0306: }
0307: userAdminSession.addUser(administrator, username1, pwd,
0308: CertTools.stringToBCDNString(dn1), subjectaltname1,
0309: email1, false, endEntityProfileId, certificatetypeid,
0310: type, token, hardtokenissuerid, caid);
0311: userAdminSession.setClearTextPassword(administrator, username1,
0312: pwd);
0313:
0314: username2 = genUserName();
0315: dn2 = "C=SE, O=AnaTom, CN=" + username2;
0316: type = SecConst.USER_ENDUSER | SecConst.USER_KEYRECOVERABLE;
0317: token = SecConst.TOKEN_SOFT_P12;
0318: String subjectaltname2 = "RFC822NAME="
0319: + username2
0320: + "@foo.se,UNIFORMRESOURCEIDENTIFIER=http://www.test.com/"
0321: + username2 + ",IPADDRESS=10.0.0.1,DNSNAME="
0322: + username2 + ".test.com";
0323: String email2 = username2 + "@foo.se";
0324: if (userAdminSession.findUser(administrator, username2) != null) {
0325: System.out
0326: .println("Error : User already exists in the database.");
0327: }
0328: userAdminSession.addUser(administrator, username2, pwd,
0329: CertTools.stringToBCDNString(dn2), subjectaltname2,
0330: email2, false, endEntityProfileId, profile1Id, type,
0331: token, hardtokenissuerid, caid);
0332: userAdminSession.setClearTextPassword(administrator, username2,
0333: pwd);
0334:
0335: username3 = genUserName();
0336: dn3 = "C=SE, O=AnaTom, CN=" + username3;
0337: String subjectaltname3 = "RFC822NAME=" + username3 + "@foo.se";
0338: String email3 = username3 + "@foo.se";
0339: if (userAdminSession.findUser(administrator, username3) != null) {
0340: System.out
0341: .println("Error : User already exists in the database.");
0342: }
0343: userAdminSession.addUser(administrator, username3, pwd,
0344: CertTools.stringToBCDNString(dn3), subjectaltname3,
0345: email3, false, endEntityProfileId, profile2Id, type,
0346: token, hardtokenissuerid, caid);
0347: userAdminSession.setClearTextPassword(administrator, username3,
0348: pwd);
0349:
0350: }
0351:
0352: public void test01SimpleRegistration() throws Exception {
0353:
0354: keys1 = genKeys();
0355: RegisterRequestType registerRequestType = xKMSObjectFactory
0356: .createRegisterRequestType();
0357: registerRequestType.setId("600");
0358:
0359: UseKeyWithType useKeyWithType = xKMSObjectFactory
0360: .createUseKeyWithType();
0361: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
0362: useKeyWithType.setIdentifier(dn1);
0363:
0364: registerRequestType.getRespondWith().add(
0365: XKMSConstants.RESPONDWITH_X509CHAIN);
0366:
0367: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
0368: RSAKeyValueType rsaKeyValueType = sigFactory
0369: .createRSAKeyValueType();
0370: rsaKeyValueType.setExponent(((RSAPublicKey) keys1.getPublic())
0371: .getPublicExponent().toByteArray());
0372: rsaKeyValueType.setModulus(((RSAPublicKey) keys1.getPublic())
0373: .getModulus().toByteArray());
0374: JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory
0375: .createRSAKeyValue(rsaKeyValueType);
0376: keyInfoType.getContent().add(rsaKeyValue);
0377: PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory
0378: .createPrototypeKeyBindingType();
0379: prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType);
0380: prototypeKeyBindingType.setKeyInfo(keyInfoType);
0381: prototypeKeyBindingType.setId("100231");
0382: registerRequestType
0383: .setPrototypeKeyBinding(prototypeKeyBindingType);
0384:
0385: byte[] first = XKMSUtil.getSecretKeyFromPassphrase(
0386: "UsersRevokationCodeIdentifier", true, 20,
0387: XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1)
0388: .getEncoded();
0389: byte[] second = XKMSUtil.getSecretKeyFromPassphrase(
0390: new String(first, "ISO8859-1"), false, 20,
0391: XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS2)
0392: .getEncoded();
0393: prototypeKeyBindingType.setRevocationCodeIdentifier(second);
0394:
0395: RegisterResultType registerResultType = xKMSInvoker.register(
0396: registerRequestType, null, null, "foo123", keys1
0397: .getPrivate(), prototypeKeyBindingType.getId());
0398:
0399: assertTrue(registerResultType.getResultMajor().equals(
0400: XKMSConstants.RESULTMAJOR_SUCCESS));
0401:
0402: assertTrue(registerResultType.getKeyBinding().size() == 1);
0403: KeyBindingType keyBindingType = registerResultType
0404: .getKeyBinding().get(0);
0405: assertTrue(keyBindingType.getStatus().getValidReason().size() == 4);
0406:
0407: JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyBindingType
0408: .getKeyInfo().getContent().get(0);
0409: assertTrue(jAXBX509Data.getValue()
0410: .getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 2);
0411: Iterator iter2 = jAXBX509Data.getValue()
0412: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0413: .iterator();
0414: while (iter2.hasNext()) {
0415: JAXBElement next = (JAXBElement) iter2.next();
0416: assertTrue(next.getName().getLocalPart().equals(
0417: "X509Certificate"));
0418: byte[] encoded = (byte[]) next.getValue();
0419: X509Certificate nextCert = CertTools
0420: .getCertfromByteArray(encoded);
0421:
0422: assertTrue(CertTools.stringToBCDNString(
0423: nextCert.getSubjectDN().toString()).equals(
0424: CertTools.stringToBCDNString(dn1))
0425: || CertTools.stringToBCDNString(
0426: nextCert.getSubjectDN().toString()).equals(
0427: CertTools.stringToBCDNString(issuerdn)));
0428: if (CertTools.getSubjectDN(nextCert).equals(
0429: CertTools.stringToBCDNString(dn1))) {
0430: assertTrue(Arrays.equals(
0431: keys1.getPublic().getEncoded(), nextCert
0432: .getPublicKey().getEncoded()));
0433: cert1 = nextCert;
0434: }
0435: }
0436: }
0437:
0438: public void test02ServerGenRegistration() throws Exception {
0439: RegisterRequestType registerRequestType = xKMSObjectFactory
0440: .createRegisterRequestType();
0441: registerRequestType.setId("601");
0442:
0443: UseKeyWithType useKeyWithType = xKMSObjectFactory
0444: .createUseKeyWithType();
0445: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
0446: useKeyWithType.setIdentifier(dn2);
0447:
0448: registerRequestType.getRespondWith().add(
0449: XKMSConstants.RESPONDWITH_X509CERT);
0450:
0451: PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory
0452: .createPrototypeKeyBindingType();
0453: prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType);
0454:
0455: prototypeKeyBindingType.setId("100231");
0456: registerRequestType
0457: .setPrototypeKeyBinding(prototypeKeyBindingType);
0458:
0459: byte[] first = XKMSUtil.getSecretKeyFromPassphrase(
0460: "UsersRevokationCodeId1234", true, 20,
0461: XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1)
0462: .getEncoded();
0463: byte[] second = XKMSUtil.getSecretKeyFromPassphrase(
0464: new String(first, "ISO8859-1"), false, 20,
0465: XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS2)
0466: .getEncoded();
0467: prototypeKeyBindingType.setRevocationCodeIdentifier(second);
0468:
0469: RegisterResultType registerResultType = xKMSInvoker.register(
0470: registerRequestType, null, null, "foo123", null,
0471: prototypeKeyBindingType.getId());
0472:
0473: assertTrue(registerResultType.getResultMajor().equals(
0474: XKMSConstants.RESULTMAJOR_SUCCESS));
0475:
0476: assertTrue(registerResultType.getKeyBinding().size() == 1);
0477: KeyBindingType keyBindingType = registerResultType
0478: .getKeyBinding().get(0);
0479: assertTrue(keyBindingType.getStatus().getValidReason().size() == 4);
0480:
0481: JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyBindingType
0482: .getKeyInfo().getContent().get(0);
0483: assertTrue(jAXBX509Data.getValue()
0484: .getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 1);
0485: Iterator iter2 = jAXBX509Data.getValue()
0486: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0487: .iterator();
0488:
0489: while (iter2.hasNext()) {
0490: JAXBElement next = (JAXBElement) iter2.next();
0491: assertTrue(next.getName().getLocalPart().equals(
0492: "X509Certificate"));
0493: byte[] encoded = (byte[]) next.getValue();
0494: X509Certificate nextCert = CertTools
0495: .getCertfromByteArray(encoded);
0496:
0497: assertTrue(CertTools.stringToBCDNString(
0498: nextCert.getSubjectDN().toString()).equals(
0499: CertTools.stringToBCDNString(dn2)));
0500: if (CertTools.getSubjectDN(nextCert).equals(
0501: CertTools.stringToBCDNString(dn2))) {
0502: cert2 = nextCert;
0503:
0504: }
0505: }
0506:
0507: assertTrue(registerResultType.getPrivateKey() != null);
0508: PrivateKey privateKey = XKMSUtil.getPrivateKeyFromEncryptedXML(
0509: registerResultType.getPrivateKey(), "foo123");
0510:
0511: X509Certificate testCert = CertTools.genSelfCert("CN=sdf", 12,
0512: null, privateKey, cert2.getPublicKey(), "SHA1WithRSA",
0513: false);
0514: testCert.verify(cert2.getPublicKey());
0515:
0516: }
0517:
0518: public void test03RegisterWithWrongDN() throws Exception {
0519: keys3 = genKeys();
0520: RegisterRequestType registerRequestType = xKMSObjectFactory
0521: .createRegisterRequestType();
0522: registerRequestType.setId("602");
0523:
0524: UseKeyWithType useKeyWithType = xKMSObjectFactory
0525: .createUseKeyWithType();
0526: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
0527: useKeyWithType.setIdentifier("CN=wrong");
0528:
0529: registerRequestType.getRespondWith().add(
0530: XKMSConstants.RESPONDWITH_X509CHAIN);
0531:
0532: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
0533: RSAKeyValueType rsaKeyValueType = sigFactory
0534: .createRSAKeyValueType();
0535: rsaKeyValueType.setExponent(((RSAPublicKey) keys3.getPublic())
0536: .getPublicExponent().toByteArray());
0537: rsaKeyValueType.setModulus(((RSAPublicKey) keys3.getPublic())
0538: .getModulus().toByteArray());
0539: JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory
0540: .createRSAKeyValue(rsaKeyValueType);
0541: keyInfoType.getContent().add(rsaKeyValue);
0542: PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory
0543: .createPrototypeKeyBindingType();
0544: prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType);
0545: prototypeKeyBindingType.setKeyInfo(keyInfoType);
0546: prototypeKeyBindingType.setId("100231");
0547: registerRequestType
0548: .setPrototypeKeyBinding(prototypeKeyBindingType);
0549:
0550: RegisterResultType registerResultType = xKMSInvoker.register(
0551: registerRequestType, null, null, "foo123", keys3
0552: .getPrivate(), prototypeKeyBindingType.getId());
0553:
0554: assertTrue(registerResultType.getResultMajor().equals(
0555: XKMSConstants.RESULTMAJOR_SENDER));
0556: assertTrue(registerResultType.getResultMinor().equals(
0557: XKMSConstants.RESULTMINOR_NOMATCH));
0558:
0559: }
0560:
0561: public void test04RegisterWithWrongStatus() throws Exception {
0562: KeyPair keys = genKeys();
0563: RegisterRequestType registerRequestType = xKMSObjectFactory
0564: .createRegisterRequestType();
0565: registerRequestType.setId("603");
0566:
0567: UseKeyWithType useKeyWithType = xKMSObjectFactory
0568: .createUseKeyWithType();
0569: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
0570: useKeyWithType.setIdentifier(dn1);
0571:
0572: registerRequestType.getRespondWith().add(
0573: XKMSConstants.RESPONDWITH_X509CHAIN);
0574:
0575: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
0576: RSAKeyValueType rsaKeyValueType = sigFactory
0577: .createRSAKeyValueType();
0578: rsaKeyValueType.setExponent(((RSAPublicKey) keys.getPublic())
0579: .getPublicExponent().toByteArray());
0580: rsaKeyValueType.setModulus(((RSAPublicKey) keys.getPublic())
0581: .getModulus().toByteArray());
0582: JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory
0583: .createRSAKeyValue(rsaKeyValueType);
0584: keyInfoType.getContent().add(rsaKeyValue);
0585: PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory
0586: .createPrototypeKeyBindingType();
0587: prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType);
0588: prototypeKeyBindingType.setKeyInfo(keyInfoType);
0589: prototypeKeyBindingType.setId("100231");
0590: registerRequestType
0591: .setPrototypeKeyBinding(prototypeKeyBindingType);
0592:
0593: RegisterResultType registerResultType = xKMSInvoker.register(
0594: registerRequestType, null, null, "foo123", keys
0595: .getPrivate(), prototypeKeyBindingType.getId());
0596:
0597: assertTrue(registerResultType.getResultMajor().equals(
0598: XKMSConstants.RESULTMAJOR_SENDER));
0599: assertTrue(registerResultType.getResultMinor().equals(
0600: XKMSConstants.RESULTMINOR_REFUSED));
0601:
0602: }
0603:
0604: public void test05RegisterWithWrongPassword() throws Exception {
0605: KeyPair keys = genKeys();
0606: RegisterRequestType registerRequestType = xKMSObjectFactory
0607: .createRegisterRequestType();
0608: registerRequestType.setId("604");
0609:
0610: UseKeyWithType useKeyWithType = xKMSObjectFactory
0611: .createUseKeyWithType();
0612: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
0613: useKeyWithType.setIdentifier(dn3);
0614:
0615: registerRequestType.getRespondWith().add(
0616: XKMSConstants.RESPONDWITH_X509CHAIN);
0617:
0618: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
0619: RSAKeyValueType rsaKeyValueType = sigFactory
0620: .createRSAKeyValueType();
0621: rsaKeyValueType.setExponent(((RSAPublicKey) keys.getPublic())
0622: .getPublicExponent().toByteArray());
0623: rsaKeyValueType.setModulus(((RSAPublicKey) keys.getPublic())
0624: .getModulus().toByteArray());
0625: JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory
0626: .createRSAKeyValue(rsaKeyValueType);
0627: keyInfoType.getContent().add(rsaKeyValue);
0628: PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory
0629: .createPrototypeKeyBindingType();
0630: prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType);
0631: prototypeKeyBindingType.setKeyInfo(keyInfoType);
0632: prototypeKeyBindingType.setId("100231");
0633: registerRequestType
0634: .setPrototypeKeyBinding(prototypeKeyBindingType);
0635:
0636: RegisterResultType registerResultType = xKMSInvoker.register(
0637: registerRequestType, null, null, "foo124", keys
0638: .getPrivate(), prototypeKeyBindingType.getId());
0639:
0640: assertTrue(registerResultType.getResultMajor().equals(
0641: XKMSConstants.RESULTMAJOR_SENDER));
0642: assertTrue(registerResultType.getResultMinor().equals(
0643: XKMSConstants.RESULTMINOR_NOAUTHENTICATION));
0644:
0645: }
0646:
0647: public void test06RegisterWithNoPOP() throws Exception {
0648: KeyPair keys = genKeys();
0649: RegisterRequestType registerRequestType = xKMSObjectFactory
0650: .createRegisterRequestType();
0651: registerRequestType.setId("605");
0652:
0653: UseKeyWithType useKeyWithType = xKMSObjectFactory
0654: .createUseKeyWithType();
0655: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
0656: useKeyWithType.setIdentifier(dn3);
0657:
0658: registerRequestType.getRespondWith().add(
0659: XKMSConstants.RESPONDWITH_X509CHAIN);
0660:
0661: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
0662: RSAKeyValueType rsaKeyValueType = sigFactory
0663: .createRSAKeyValueType();
0664: rsaKeyValueType.setExponent(((RSAPublicKey) keys.getPublic())
0665: .getPublicExponent().toByteArray());
0666: rsaKeyValueType.setModulus(((RSAPublicKey) keys.getPublic())
0667: .getModulus().toByteArray());
0668: JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory
0669: .createRSAKeyValue(rsaKeyValueType);
0670: keyInfoType.getContent().add(rsaKeyValue);
0671: PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory
0672: .createPrototypeKeyBindingType();
0673: prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType);
0674: prototypeKeyBindingType.setKeyInfo(keyInfoType);
0675: prototypeKeyBindingType.setId("100231");
0676: registerRequestType
0677: .setPrototypeKeyBinding(prototypeKeyBindingType);
0678:
0679: RegisterResultType registerResultType = xKMSInvoker.register(
0680: registerRequestType, null, null, "foo123", null,
0681: prototypeKeyBindingType.getId());
0682:
0683: assertTrue(registerResultType.getResultMajor().equals(
0684: XKMSConstants.RESULTMAJOR_SENDER));
0685: assertTrue(registerResultType.getResultMinor().equals(
0686: XKMSConstants.RESULTMINOR_POPREQUIRED));
0687:
0688: }
0689:
0690: public void test07RegisterWithBasicAuthentication()
0691: throws Exception {
0692: KeyPair keys = genKeys();
0693: RegisterRequestType registerRequestType = xKMSObjectFactory
0694: .createRegisterRequestType();
0695: registerRequestType.setId("606");
0696:
0697: UseKeyWithType useKeyWithType = xKMSObjectFactory
0698: .createUseKeyWithType();
0699: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
0700: useKeyWithType.setIdentifier(dn3);
0701:
0702: registerRequestType.getRespondWith().add(
0703: XKMSConstants.RESPONDWITH_X509CHAIN);
0704:
0705: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
0706: RSAKeyValueType rsaKeyValueType = sigFactory
0707: .createRSAKeyValueType();
0708: rsaKeyValueType.setExponent(((RSAPublicKey) keys.getPublic())
0709: .getPublicExponent().toByteArray());
0710: rsaKeyValueType.setModulus(((RSAPublicKey) keys.getPublic())
0711: .getModulus().toByteArray());
0712: JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory
0713: .createRSAKeyValue(rsaKeyValueType);
0714: keyInfoType.getContent().add(rsaKeyValue);
0715: PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory
0716: .createPrototypeKeyBindingType();
0717: prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType);
0718: prototypeKeyBindingType.setKeyInfo(keyInfoType);
0719: prototypeKeyBindingType.setId("100231");
0720: registerRequestType
0721: .setPrototypeKeyBinding(prototypeKeyBindingType);
0722:
0723: AuthenticationType authenticationType = xKMSObjectFactory
0724: .createAuthenticationType();
0725: NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory
0726: .createNotBoundAuthenticationType();
0727: notBoundAuthenticationType.setProtocol("NOTUSED");
0728: notBoundAuthenticationType.setValue("foo123".getBytes());
0729: authenticationType
0730: .setNotBoundAuthentication(notBoundAuthenticationType);
0731: registerRequestType.setAuthentication(authenticationType);
0732:
0733: RegisterResultType registerResultType = xKMSInvoker.register(
0734: registerRequestType, null, null, null, keys
0735: .getPrivate(), prototypeKeyBindingType.getId());
0736:
0737: assertTrue(registerResultType.getResultMajor().equals(
0738: XKMSConstants.RESULTMAJOR_SUCCESS));
0739:
0740: assertTrue(registerResultType.getKeyBinding().size() == 1);
0741: KeyBindingType keyBindingType = registerResultType
0742: .getKeyBinding().get(0);
0743: assertTrue(keyBindingType.getStatus().getValidReason().size() == 4);
0744:
0745: }
0746:
0747: public void test08SimpleReissue() throws Exception {
0748: userAdminSession.setUserStatus(administrator, username1, 10);
0749: userAdminSession.setClearTextPassword(administrator, username1,
0750: "ReissuePassword");
0751: ReissueRequestType reissueRequestType = xKMSObjectFactory
0752: .createReissueRequestType();
0753: reissueRequestType.setId("607");
0754:
0755: reissueRequestType.getRespondWith().add(
0756: XKMSConstants.RESPONDWITH_X509CHAIN);
0757:
0758: X509DataType x509DataType = sigFactory.createX509DataType();
0759: x509DataType
0760: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0761: .add(
0762: sigFactory
0763: .createX509DataTypeX509Certificate(cert1
0764: .getEncoded()));
0765: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
0766: keyInfoType.getContent().add(
0767: sigFactory.createX509Data(x509DataType));
0768:
0769: KeyBindingType keyBindingType = xKMSObjectFactory
0770: .createKeyBindingType();
0771: keyBindingType.setKeyInfo(keyInfoType);
0772: keyBindingType.setId("100123122");
0773: reissueRequestType.setReissueKeyBinding(keyBindingType);
0774:
0775: AuthenticationType authenticationType = xKMSObjectFactory
0776: .createAuthenticationType();
0777: NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory
0778: .createNotBoundAuthenticationType();
0779: notBoundAuthenticationType.setProtocol("NOTUSED");
0780: notBoundAuthenticationType.setValue("ReissuePassword"
0781: .getBytes());
0782: authenticationType
0783: .setNotBoundAuthentication(notBoundAuthenticationType);
0784: reissueRequestType.setAuthentication(authenticationType);
0785:
0786: ReissueResultType reissueResultType = xKMSInvoker.reissue(
0787: reissueRequestType, null, null, null, keys1
0788: .getPrivate(), keyBindingType.getId());
0789:
0790: assertTrue(reissueResultType.getResultMajor().equals(
0791: XKMSConstants.RESULTMAJOR_SUCCESS));
0792: assertTrue(reissueResultType.getResultMinor() == null);
0793:
0794: assertTrue(reissueResultType.getKeyBinding().size() == 1);
0795: keyBindingType = reissueResultType.getKeyBinding().get(0);
0796: assertTrue(keyBindingType.getStatus().getValidReason().size() == 4);
0797:
0798: JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyBindingType
0799: .getKeyInfo().getContent().get(0);
0800: assertTrue(jAXBX509Data.getValue()
0801: .getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 2);
0802: Iterator iter2 = jAXBX509Data.getValue()
0803: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0804: .iterator();
0805: while (iter2.hasNext()) {
0806: JAXBElement next = (JAXBElement) iter2.next();
0807: assertTrue(next.getName().getLocalPart().equals(
0808: "X509Certificate"));
0809: byte[] encoded = (byte[]) next.getValue();
0810: X509Certificate nextCert = CertTools
0811: .getCertfromByteArray(encoded);
0812:
0813: assertTrue(CertTools.stringToBCDNString(
0814: nextCert.getSubjectDN().toString()).equals(
0815: CertTools.stringToBCDNString(dn1))
0816: || CertTools.stringToBCDNString(
0817: nextCert.getSubjectDN().toString()).equals(
0818: CertTools.stringToBCDNString(issuerdn)));
0819: if (CertTools.getSubjectDN(nextCert).equals(
0820: CertTools.stringToBCDNString(dn1))) {
0821: assertTrue(Arrays.equals(
0822: keys1.getPublic().getEncoded(), nextCert
0823: .getPublicKey().getEncoded()));
0824: assertFalse(cert1.getSerialNumber().equals(
0825: nextCert.getSerialNumber()));
0826: }
0827: }
0828: }
0829:
0830: public void test09ReissueWrongPassword() throws Exception {
0831: userAdminSession.setUserStatus(administrator, username1, 10);
0832: userAdminSession.setClearTextPassword(administrator, username1,
0833: "ReissuePassword");
0834: ReissueRequestType reissueRequestType = xKMSObjectFactory
0835: .createReissueRequestType();
0836: reissueRequestType.setId("608");
0837:
0838: reissueRequestType.getRespondWith().add(
0839: XKMSConstants.RESPONDWITH_X509CHAIN);
0840:
0841: X509DataType x509DataType = sigFactory.createX509DataType();
0842: x509DataType
0843: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0844: .add(
0845: sigFactory
0846: .createX509DataTypeX509Certificate(cert1
0847: .getEncoded()));
0848: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
0849: keyInfoType.getContent().add(
0850: sigFactory.createX509Data(x509DataType));
0851:
0852: KeyBindingType keyBindingType = xKMSObjectFactory
0853: .createKeyBindingType();
0854: keyBindingType.setKeyInfo(keyInfoType);
0855: keyBindingType.setId("100123122");
0856: reissueRequestType.setReissueKeyBinding(keyBindingType);
0857:
0858: AuthenticationType authenticationType = xKMSObjectFactory
0859: .createAuthenticationType();
0860: NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory
0861: .createNotBoundAuthenticationType();
0862: notBoundAuthenticationType.setProtocol("NOTUSED");
0863: notBoundAuthenticationType.setValue("Wrong".getBytes());
0864: authenticationType
0865: .setNotBoundAuthentication(notBoundAuthenticationType);
0866: reissueRequestType.setAuthentication(authenticationType);
0867:
0868: ReissueResultType reissueResultType = xKMSInvoker.reissue(
0869: reissueRequestType, null, null, null, keys1
0870: .getPrivate(), keyBindingType.getId());
0871:
0872: assertTrue(reissueResultType.getResultMajor().equals(
0873: XKMSConstants.RESULTMAJOR_SENDER));
0874: assertTrue(reissueResultType.getResultMinor().equals(
0875: XKMSConstants.RESULTMINOR_NOAUTHENTICATION));
0876:
0877: }
0878:
0879: public void test10ReissueWrongStatus() throws Exception {
0880: userAdminSession.setUserStatus(administrator, username1, 40);
0881: userAdminSession.setClearTextPassword(administrator, username1,
0882: "ReissuePassword");
0883: ReissueRequestType reissueRequestType = xKMSObjectFactory
0884: .createReissueRequestType();
0885: reissueRequestType.setId("609");
0886:
0887: reissueRequestType.getRespondWith().add(
0888: XKMSConstants.RESPONDWITH_X509CHAIN);
0889:
0890: X509DataType x509DataType = sigFactory.createX509DataType();
0891: x509DataType
0892: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0893: .add(
0894: sigFactory
0895: .createX509DataTypeX509Certificate(cert1
0896: .getEncoded()));
0897: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
0898: keyInfoType.getContent().add(
0899: sigFactory.createX509Data(x509DataType));
0900:
0901: KeyBindingType keyBindingType = xKMSObjectFactory
0902: .createKeyBindingType();
0903: keyBindingType.setKeyInfo(keyInfoType);
0904: keyBindingType.setId("100123122");
0905: reissueRequestType.setReissueKeyBinding(keyBindingType);
0906:
0907: AuthenticationType authenticationType = xKMSObjectFactory
0908: .createAuthenticationType();
0909: NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory
0910: .createNotBoundAuthenticationType();
0911: notBoundAuthenticationType.setProtocol("NOTUSED");
0912: notBoundAuthenticationType.setValue("ReissuePassword"
0913: .getBytes());
0914: authenticationType
0915: .setNotBoundAuthentication(notBoundAuthenticationType);
0916: reissueRequestType.setAuthentication(authenticationType);
0917:
0918: ReissueResultType reissueResultType = xKMSInvoker.reissue(
0919: reissueRequestType, null, null, null, keys1
0920: .getPrivate(), keyBindingType.getId());
0921:
0922: assertTrue(reissueResultType.getResultMajor().equals(
0923: XKMSConstants.RESULTMAJOR_SENDER));
0924: assertTrue(reissueResultType.getResultMinor().equals(
0925: XKMSConstants.RESULTMINOR_REFUSED));
0926: }
0927:
0928: public void test11ReissueWrongCert() throws Exception {
0929:
0930: userAdminSession.setUserStatus(administrator, username1, 10);
0931: userAdminSession.setClearTextPassword(administrator, username1,
0932: "ReissuePassword");
0933: ReissueRequestType reissueRequestType = xKMSObjectFactory
0934: .createReissueRequestType();
0935: reissueRequestType.setId("610");
0936:
0937: reissueRequestType.getRespondWith().add(
0938: XKMSConstants.RESPONDWITH_X509CHAIN);
0939:
0940: X509DataType x509DataType = sigFactory.createX509DataType();
0941: x509DataType
0942: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0943: .add(
0944: sigFactory
0945: .createX509DataTypeX509Certificate(Constants
0946: .getUserCert().getEncoded()));
0947: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
0948: keyInfoType.getContent().add(
0949: sigFactory.createX509Data(x509DataType));
0950:
0951: KeyBindingType keyBindingType = xKMSObjectFactory
0952: .createKeyBindingType();
0953: keyBindingType.setKeyInfo(keyInfoType);
0954: keyBindingType.setId("100123122");
0955: reissueRequestType.setReissueKeyBinding(keyBindingType);
0956:
0957: AuthenticationType authenticationType = xKMSObjectFactory
0958: .createAuthenticationType();
0959: NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory
0960: .createNotBoundAuthenticationType();
0961: notBoundAuthenticationType.setProtocol("NOTUSED");
0962: notBoundAuthenticationType.setValue("ReissuePassword"
0963: .getBytes());
0964: authenticationType
0965: .setNotBoundAuthentication(notBoundAuthenticationType);
0966: reissueRequestType.setAuthentication(authenticationType);
0967:
0968: ReissueResultType reissueResultType = xKMSInvoker.reissue(
0969: reissueRequestType, null, null, null, keys1
0970: .getPrivate(), keyBindingType.getId());
0971:
0972: assertTrue(reissueResultType.getResultMajor().equals(
0973: XKMSConstants.RESULTMAJOR_SENDER));
0974: assertTrue(reissueResultType.getResultMinor().equals(
0975: XKMSConstants.RESULTMINOR_REFUSED));
0976: }
0977:
0978: public void test12SimpleRecover() throws Exception {
0979: keyRecoverySession.markAsRecoverable(administrator, cert2,
0980: endEntityProfileId);
0981: userAdminSession.setClearTextPassword(administrator, username2,
0982: "RerecoverPassword");
0983: RecoverRequestType recoverRequestType = xKMSObjectFactory
0984: .createRecoverRequestType();
0985: recoverRequestType.setId("700");
0986:
0987: recoverRequestType.getRespondWith().add(
0988: XKMSConstants.RESPONDWITH_X509CHAIN);
0989: recoverRequestType.getRespondWith().add(
0990: XKMSConstants.RESPONDWITH_PRIVATEKEY);
0991:
0992: X509DataType x509DataType = sigFactory.createX509DataType();
0993: x509DataType
0994: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
0995: .add(
0996: sigFactory
0997: .createX509DataTypeX509Certificate(cert2
0998: .getEncoded()));
0999: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
1000: keyInfoType.getContent().add(
1001: sigFactory.createX509Data(x509DataType));
1002:
1003: KeyBindingType keyBindingType = xKMSObjectFactory
1004: .createKeyBindingType();
1005: keyBindingType.setKeyInfo(keyInfoType);
1006: keyBindingType.setId("100123123422");
1007: recoverRequestType.setRecoverKeyBinding(keyBindingType);
1008:
1009: AuthenticationType authenticationType = xKMSObjectFactory
1010: .createAuthenticationType();
1011: NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory
1012: .createNotBoundAuthenticationType();
1013: notBoundAuthenticationType.setProtocol("NOTUSED");
1014: notBoundAuthenticationType.setValue("RerecoverPassword"
1015: .getBytes());
1016: authenticationType
1017: .setNotBoundAuthentication(notBoundAuthenticationType);
1018: recoverRequestType.setAuthentication(authenticationType);
1019:
1020: RecoverResultType recoverResultType = xKMSInvoker.recover(
1021: recoverRequestType, null, null, null, keyBindingType
1022: .getId());
1023:
1024: assertTrue(recoverResultType.getResultMajor().equals(
1025: XKMSConstants.RESULTMAJOR_SUCCESS));
1026: assertTrue(recoverResultType.getResultMinor() == null);
1027:
1028: assertTrue(recoverResultType.getKeyBinding().size() == 1);
1029: keyBindingType = recoverResultType.getKeyBinding().get(0);
1030: assertTrue(keyBindingType.getStatus().getValidReason().size() == 4);
1031:
1032: JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyBindingType
1033: .getKeyInfo().getContent().get(0);
1034: assertTrue(jAXBX509Data.getValue()
1035: .getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 2);
1036: Iterator iter2 = jAXBX509Data.getValue()
1037: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
1038: .iterator();
1039:
1040: while (iter2.hasNext()) {
1041: JAXBElement next = (JAXBElement) iter2.next();
1042: assertTrue(next.getName().getLocalPart().equals(
1043: "X509Certificate"));
1044: byte[] encoded = (byte[]) next.getValue();
1045: X509Certificate nextCert = CertTools
1046: .getCertfromByteArray(encoded);
1047:
1048: if (CertTools.getSubjectDN(nextCert).equals(
1049: CertTools.stringToBCDNString(dn2))) {
1050: cert2 = nextCert;
1051:
1052: }
1053: }
1054:
1055: assertTrue(recoverResultType.getPrivateKey() != null);
1056: PrivateKey privateKey = XKMSUtil.getPrivateKeyFromEncryptedXML(
1057: recoverResultType.getPrivateKey(), "RerecoverPassword");
1058:
1059: X509Certificate testCert = CertTools.genSelfCert("CN=sdf", 12,
1060: null, privateKey, cert2.getPublicKey(), "SHA1WithRSA",
1061: false);
1062: testCert.verify(cert2.getPublicKey());
1063:
1064: }
1065:
1066: public void test13RecoverWrongPassword() throws Exception {
1067: keyRecoverySession.markAsRecoverable(administrator, cert2,
1068: endEntityProfileId);
1069: userAdminSession.setClearTextPassword(administrator, username2,
1070: "RerecoverPassword");
1071: RecoverRequestType recoverRequestType = xKMSObjectFactory
1072: .createRecoverRequestType();
1073: recoverRequestType.setId("701");
1074:
1075: recoverRequestType.getRespondWith().add(
1076: XKMSConstants.RESPONDWITH_X509CHAIN);
1077: recoverRequestType.getRespondWith().add(
1078: XKMSConstants.RESPONDWITH_PRIVATEKEY);
1079:
1080: X509DataType x509DataType = sigFactory.createX509DataType();
1081: x509DataType
1082: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
1083: .add(
1084: sigFactory
1085: .createX509DataTypeX509Certificate(cert2
1086: .getEncoded()));
1087: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
1088: keyInfoType.getContent().add(
1089: sigFactory.createX509Data(x509DataType));
1090:
1091: KeyBindingType keyBindingType = xKMSObjectFactory
1092: .createKeyBindingType();
1093: keyBindingType.setKeyInfo(keyInfoType);
1094: keyBindingType.setId("100123123422");
1095: recoverRequestType.setRecoverKeyBinding(keyBindingType);
1096:
1097: AuthenticationType authenticationType = xKMSObjectFactory
1098: .createAuthenticationType();
1099: NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory
1100: .createNotBoundAuthenticationType();
1101: notBoundAuthenticationType.setProtocol("NOTUSED");
1102: notBoundAuthenticationType.setValue("Wrong".getBytes());
1103: authenticationType
1104: .setNotBoundAuthentication(notBoundAuthenticationType);
1105: recoverRequestType.setAuthentication(authenticationType);
1106:
1107: RecoverResultType recoverResultType = xKMSInvoker.recover(
1108: recoverRequestType, null, null, null, keyBindingType
1109: .getId());
1110:
1111: assertTrue(recoverResultType.getResultMajor().equals(
1112: XKMSConstants.RESULTMAJOR_SENDER));
1113: assertTrue(recoverResultType.getResultMinor().equals(
1114: XKMSConstants.RESULTMINOR_NOAUTHENTICATION));
1115:
1116: }
1117:
1118: public void test14RecoverWrongStatus() throws Exception {
1119: userAdminSession.setUserStatus(administrator, username2, 10);
1120: userAdminSession.setClearTextPassword(administrator, username2,
1121: "RerecoverPassword");
1122: RecoverRequestType recoverRequestType = xKMSObjectFactory
1123: .createRecoverRequestType();
1124: recoverRequestType.setId("702");
1125:
1126: recoverRequestType.getRespondWith().add(
1127: XKMSConstants.RESPONDWITH_X509CHAIN);
1128: recoverRequestType.getRespondWith().add(
1129: XKMSConstants.RESPONDWITH_PRIVATEKEY);
1130:
1131: X509DataType x509DataType = sigFactory.createX509DataType();
1132: x509DataType
1133: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
1134: .add(
1135: sigFactory
1136: .createX509DataTypeX509Certificate(cert2
1137: .getEncoded()));
1138: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
1139: keyInfoType.getContent().add(
1140: sigFactory.createX509Data(x509DataType));
1141:
1142: KeyBindingType keyBindingType = xKMSObjectFactory
1143: .createKeyBindingType();
1144: keyBindingType.setKeyInfo(keyInfoType);
1145: keyBindingType.setId("100123123422");
1146: recoverRequestType.setRecoverKeyBinding(keyBindingType);
1147:
1148: AuthenticationType authenticationType = xKMSObjectFactory
1149: .createAuthenticationType();
1150: NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory
1151: .createNotBoundAuthenticationType();
1152: notBoundAuthenticationType.setProtocol("NOTUSED");
1153: notBoundAuthenticationType.setValue("RerecoverPassword"
1154: .getBytes());
1155: authenticationType
1156: .setNotBoundAuthentication(notBoundAuthenticationType);
1157: recoverRequestType.setAuthentication(authenticationType);
1158:
1159: RecoverResultType recoverResultType = xKMSInvoker.recover(
1160: recoverRequestType, null, null, null, keyBindingType
1161: .getId());
1162:
1163: assertTrue(recoverResultType.getResultMajor().equals(
1164: XKMSConstants.RESULTMAJOR_SENDER));
1165: assertTrue(recoverResultType.getResultMinor().equals(
1166: XKMSConstants.RESULTMINOR_REFUSED));
1167:
1168: }
1169:
1170: public void test15RecoverWrongCert() throws Exception {
1171: userAdminSession.setUserStatus(administrator, username2,
1172: UserDataConstants.STATUS_KEYRECOVERY);
1173: userAdminSession.setClearTextPassword(administrator, username2,
1174: "RerecoverPassword");
1175: RecoverRequestType recoverRequestType = xKMSObjectFactory
1176: .createRecoverRequestType();
1177: recoverRequestType.setId("703");
1178:
1179: recoverRequestType.getRespondWith().add(
1180: XKMSConstants.RESPONDWITH_X509CHAIN);
1181: recoverRequestType.getRespondWith().add(
1182: XKMSConstants.RESPONDWITH_PRIVATEKEY);
1183:
1184: X509DataType x509DataType = sigFactory.createX509DataType();
1185: x509DataType
1186: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
1187: .add(
1188: sigFactory
1189: .createX509DataTypeX509Certificate(Constants
1190: .getUserCert().getEncoded()));
1191: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
1192: keyInfoType.getContent().add(
1193: sigFactory.createX509Data(x509DataType));
1194:
1195: KeyBindingType keyBindingType = xKMSObjectFactory
1196: .createKeyBindingType();
1197: keyBindingType.setKeyInfo(keyInfoType);
1198: keyBindingType.setId("100123123422");
1199: recoverRequestType.setRecoverKeyBinding(keyBindingType);
1200:
1201: AuthenticationType authenticationType = xKMSObjectFactory
1202: .createAuthenticationType();
1203: NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory
1204: .createNotBoundAuthenticationType();
1205: notBoundAuthenticationType.setProtocol("NOTUSED");
1206: notBoundAuthenticationType.setValue("RerecoverPassword"
1207: .getBytes());
1208: authenticationType
1209: .setNotBoundAuthentication(notBoundAuthenticationType);
1210: recoverRequestType.setAuthentication(authenticationType);
1211:
1212: RecoverResultType recoverResultType = xKMSInvoker.recover(
1213: recoverRequestType, null, null, null, keyBindingType
1214: .getId());
1215:
1216: assertTrue(recoverResultType.getResultMajor().equals(
1217: XKMSConstants.RESULTMAJOR_SENDER));
1218: assertTrue(recoverResultType.getResultMinor().equals(
1219: XKMSConstants.RESULTMINOR_NOMATCH));
1220:
1221: }
1222:
1223: public void test16CertNotMarked() throws Exception {
1224: keyRecoverySession.unmarkUser(administrator, username2);
1225: userAdminSession.setUserStatus(administrator, username2, 40);
1226: userAdminSession.setClearTextPassword(administrator, username2,
1227: "RerecoverPassword");
1228: RecoverRequestType recoverRequestType = xKMSObjectFactory
1229: .createRecoverRequestType();
1230: recoverRequestType.setId("704");
1231:
1232: recoverRequestType.getRespondWith().add(
1233: XKMSConstants.RESPONDWITH_X509CHAIN);
1234: recoverRequestType.getRespondWith().add(
1235: XKMSConstants.RESPONDWITH_PRIVATEKEY);
1236:
1237: X509DataType x509DataType = sigFactory.createX509DataType();
1238: x509DataType
1239: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
1240: .add(
1241: sigFactory
1242: .createX509DataTypeX509Certificate(cert2
1243: .getEncoded()));
1244: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
1245: keyInfoType.getContent().add(
1246: sigFactory.createX509Data(x509DataType));
1247:
1248: KeyBindingType keyBindingType = xKMSObjectFactory
1249: .createKeyBindingType();
1250: keyBindingType.setKeyInfo(keyInfoType);
1251: keyBindingType.setId("100123123422");
1252: recoverRequestType.setRecoverKeyBinding(keyBindingType);
1253:
1254: AuthenticationType authenticationType = xKMSObjectFactory
1255: .createAuthenticationType();
1256: NotBoundAuthenticationType notBoundAuthenticationType = xKMSObjectFactory
1257: .createNotBoundAuthenticationType();
1258: notBoundAuthenticationType.setProtocol("NOTUSED");
1259: notBoundAuthenticationType.setValue("RerecoverPassword"
1260: .getBytes());
1261: authenticationType
1262: .setNotBoundAuthentication(notBoundAuthenticationType);
1263: recoverRequestType.setAuthentication(authenticationType);
1264:
1265: RecoverResultType recoverResultType = xKMSInvoker.recover(
1266: recoverRequestType, null, null, null, keyBindingType
1267: .getId());
1268:
1269: assertTrue(recoverResultType.getResultMajor().equals(
1270: XKMSConstants.RESULTMAJOR_SENDER));
1271: assertTrue(recoverResultType.getResultMinor().equals(
1272: XKMSConstants.RESULTMINOR_REFUSED));
1273:
1274: }
1275:
1276: public void test17SimpleRevoke() throws Exception {
1277: RevokeRequestType revokeRequestType = xKMSObjectFactory
1278: .createRevokeRequestType();
1279: revokeRequestType.setId("800");
1280:
1281: X509DataType x509DataType = sigFactory.createX509DataType();
1282: x509DataType
1283: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
1284: .add(
1285: sigFactory
1286: .createX509DataTypeX509Certificate(cert1
1287: .getEncoded()));
1288: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
1289: keyInfoType.getContent().add(
1290: sigFactory.createX509Data(x509DataType));
1291:
1292: KeyBindingType keyBindingType = xKMSObjectFactory
1293: .createKeyBindingType();
1294: keyBindingType.setKeyInfo(keyInfoType);
1295: keyBindingType.setId("100123123422");
1296: revokeRequestType.setRevokeKeyBinding(keyBindingType);
1297:
1298: byte[] first = XKMSUtil.getSecretKeyFromPassphrase(
1299: "UsersRevokationCodeIdentifier", true, 20,
1300: XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1)
1301: .getEncoded();
1302: revokeRequestType.setRevocationCode(first);
1303:
1304: RevokeResultType revokeResultType = xKMSInvoker.revoke(
1305: revokeRequestType, null, null, null, keyBindingType
1306: .getId());
1307:
1308: assertTrue(revokeResultType.getResultMajor().equals(
1309: XKMSConstants.RESULTMAJOR_SUCCESS));
1310: assertTrue(revokeResultType.getResultMinor() == null);
1311:
1312: }
1313:
1314: public void test18RevokeWrongPassword() throws Exception {
1315: RevokeRequestType revokeRequestType = xKMSObjectFactory
1316: .createRevokeRequestType();
1317: revokeRequestType.setId("801");
1318:
1319: X509DataType x509DataType = sigFactory.createX509DataType();
1320: x509DataType
1321: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
1322: .add(
1323: sigFactory
1324: .createX509DataTypeX509Certificate(cert2
1325: .getEncoded()));
1326: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
1327: keyInfoType.getContent().add(
1328: sigFactory.createX509Data(x509DataType));
1329:
1330: KeyBindingType keyBindingType = xKMSObjectFactory
1331: .createKeyBindingType();
1332: keyBindingType.setKeyInfo(keyInfoType);
1333: keyBindingType.setId("100123123422");
1334: revokeRequestType.setRevokeKeyBinding(keyBindingType);
1335:
1336: revokeRequestType.getRespondWith().add(
1337: XKMSConstants.RESPONDWITH_X509CERT);
1338:
1339: byte[] first = XKMSUtil.getSecretKeyFromPassphrase("Wrong",
1340: true, 20, XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1)
1341: .getEncoded();
1342: revokeRequestType.setRevocationCode(first);
1343:
1344: RevokeResultType revokeResultType = xKMSInvoker.revoke(
1345: revokeRequestType, null, null, null, keyBindingType
1346: .getId());
1347:
1348: assertTrue(revokeResultType.getResultMajor().equals(
1349: XKMSConstants.RESULTMAJOR_SENDER));
1350: assertTrue(revokeResultType.getResultMinor().equals(
1351: XKMSConstants.RESULTMINOR_NOAUTHENTICATION));
1352: }
1353:
1354: public void test19RevokeWithResult() throws Exception {
1355: RevokeRequestType revokeRequestType = xKMSObjectFactory
1356: .createRevokeRequestType();
1357: revokeRequestType.setId("802");
1358:
1359: X509DataType x509DataType = sigFactory.createX509DataType();
1360: x509DataType
1361: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
1362: .add(
1363: sigFactory
1364: .createX509DataTypeX509Certificate(cert2
1365: .getEncoded()));
1366: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
1367: keyInfoType.getContent().add(
1368: sigFactory.createX509Data(x509DataType));
1369:
1370: KeyBindingType keyBindingType = xKMSObjectFactory
1371: .createKeyBindingType();
1372: keyBindingType.setKeyInfo(keyInfoType);
1373: keyBindingType.setId("100123123422");
1374: revokeRequestType.setRevokeKeyBinding(keyBindingType);
1375:
1376: revokeRequestType.getRespondWith().add(
1377: XKMSConstants.RESPONDWITH_X509CERT);
1378:
1379: byte[] first = XKMSUtil.getSecretKeyFromPassphrase(
1380: "UsersRevokationCodeId1234", true, 20,
1381: XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1)
1382: .getEncoded();
1383: revokeRequestType.setRevocationCode(first);
1384:
1385: RevokeResultType revokeResultType = xKMSInvoker.revoke(
1386: revokeRequestType, null, null, null, keyBindingType
1387: .getId());
1388:
1389: assertTrue(revokeResultType.getResultMajor().equals(
1390: XKMSConstants.RESULTMAJOR_SUCCESS));
1391: assertTrue(revokeResultType.getResultMinor() == null);
1392:
1393: assertTrue(revokeResultType.getKeyBinding().size() == 1);
1394: keyBindingType = revokeResultType.getKeyBinding().get(0);
1395: assertTrue(keyBindingType.getStatus().getValidReason().size() == 3);
1396: assertTrue(keyBindingType.getStatus().getInvalidReason().size() == 1);
1397:
1398: JAXBElement<X509DataType> jAXBX509Data = (JAXBElement<X509DataType>) keyBindingType
1399: .getKeyInfo().getContent().get(0);
1400: assertTrue(jAXBX509Data.getValue()
1401: .getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 1);
1402: Iterator iter2 = jAXBX509Data.getValue()
1403: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
1404: .iterator();
1405:
1406: while (iter2.hasNext()) {
1407: JAXBElement next = (JAXBElement) iter2.next();
1408: assertTrue(next.getName().getLocalPart().equals(
1409: "X509Certificate"));
1410: byte[] encoded = (byte[]) next.getValue();
1411: X509Certificate nextCert = CertTools
1412: .getCertfromByteArray(encoded);
1413:
1414: assertTrue(CertTools.stringToBCDNString(
1415: nextCert.getSubjectDN().toString()).equals(
1416: CertTools.stringToBCDNString(dn2)));
1417:
1418: }
1419: }
1420:
1421: public void test20RevokeAlreadyRevoked() throws Exception {
1422: RevokeRequestType revokeRequestType = xKMSObjectFactory
1423: .createRevokeRequestType();
1424: revokeRequestType.setId("804");
1425:
1426: X509DataType x509DataType = sigFactory.createX509DataType();
1427: x509DataType
1428: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
1429: .add(
1430: sigFactory
1431: .createX509DataTypeX509Certificate(cert2
1432: .getEncoded()));
1433: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
1434: keyInfoType.getContent().add(
1435: sigFactory.createX509Data(x509DataType));
1436:
1437: KeyBindingType keyBindingType = xKMSObjectFactory
1438: .createKeyBindingType();
1439: keyBindingType.setKeyInfo(keyInfoType);
1440: keyBindingType.setId("100123123422");
1441: revokeRequestType.setRevokeKeyBinding(keyBindingType);
1442:
1443: revokeRequestType.getRespondWith().add(
1444: XKMSConstants.RESPONDWITH_X509CERT);
1445:
1446: byte[] first = XKMSUtil.getSecretKeyFromPassphrase(
1447: "UsersRevokationCodeId1234", true, 20,
1448: XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1)
1449: .getEncoded();
1450: revokeRequestType.setRevocationCode(first);
1451:
1452: RevokeResultType revokeResultType = xKMSInvoker.revoke(
1453: revokeRequestType, null, null, null, keyBindingType
1454: .getId());
1455:
1456: assertTrue(revokeResultType.getResultMajor().equals(
1457: XKMSConstants.RESULTMAJOR_SENDER));
1458: assertTrue(revokeResultType.getResultMinor().equals(
1459: XKMSConstants.RESULTMINOR_REFUSED));
1460: }
1461:
1462: public void test21RevocationApprovals() throws Exception {
1463: final String APPROVINGADMINNAME = "superadmin";
1464: final String ERRORNOTSENTFORAPPROVAL = "The request was never sent for approval.";
1465: final String ERRORNOTSUPPORTEDSUCCEEDED = "Reactivation of users is not supported, but succeeded anyway.";
1466: String randomPostfix = Integer.toString((new Random(new Date()
1467: .getTime() + 4711)).nextInt(999999));
1468: String caname = "xkmsRevocationCA" + randomPostfix;
1469: String username = "xkmsRevocationUser" + randomPostfix;
1470: int caID = -1;
1471: try {
1472: caID = TestRevocationApproval.createApprovalCA(
1473: administrator, caname,
1474: CAInfo.REQ_APPROVAL_REVOCATION, caAdminSession);
1475: X509Certificate adminCert = (X509Certificate) certificateStoreSession
1476: .findCertificatesByUsername(administrator,
1477: APPROVINGADMINNAME).iterator().next();
1478: Admin approvingAdmin = new Admin(adminCert);
1479: try {
1480: // Create new user
1481: UserDataVO userdata = new UserDataVO(username, "CN="
1482: + username, caID, null, null, 1,
1483: SecConst.EMPTY_ENDENTITYPROFILE,
1484: SecConst.CERTPROFILE_FIXED_ENDUSER,
1485: SecConst.TOKEN_SOFT_P12, 0, null);
1486: userdata.setPassword("foo123");
1487: userAdminSession.addUser(administrator, userdata, true);
1488: // Register user
1489: RegisterRequestType registerRequestType = xKMSObjectFactory
1490: .createRegisterRequestType();
1491: registerRequestType.setId("806");
1492: UseKeyWithType useKeyWithType = xKMSObjectFactory
1493: .createUseKeyWithType();
1494: useKeyWithType
1495: .setApplication(XKMSConstants.USEKEYWITH_PKIX);
1496: useKeyWithType.setIdentifier("CN=" + username);
1497: registerRequestType.getRespondWith().add(
1498: XKMSConstants.RESPONDWITH_X509CERT);
1499: PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory
1500: .createPrototypeKeyBindingType();
1501: prototypeKeyBindingType.getUseKeyWith().add(
1502: useKeyWithType);
1503: prototypeKeyBindingType.setId("424242");
1504: registerRequestType
1505: .setPrototypeKeyBinding(prototypeKeyBindingType);
1506: byte[] first = XKMSUtil.getSecretKeyFromPassphrase(
1507: "foo123", true, 20,
1508: XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1)
1509: .getEncoded();
1510: byte[] second = XKMSUtil.getSecretKeyFromPassphrase(
1511: new String(first, "ISO8859-1"), false, 20,
1512: XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS2)
1513: .getEncoded();
1514: prototypeKeyBindingType
1515: .setRevocationCodeIdentifier(second);
1516: RegisterResultType registerResultType = xKMSInvoker
1517: .register(registerRequestType, null, null,
1518: "foo123", null, prototypeKeyBindingType
1519: .getId());
1520: assertTrue(registerResultType.getResultMajor().equals(
1521: XKMSConstants.RESULTMAJOR_SUCCESS));
1522: // Get user's certificate
1523: Collection userCerts = certificateStoreSession
1524: .findCertificatesByUsername(administrator,
1525: username);
1526: assertTrue(userCerts.size() == 1);
1527: X509Certificate cert = (X509Certificate) userCerts
1528: .iterator().next();
1529: // Revoke via XKMS and verify response
1530: RevokeRequestType revokeRequestType = xKMSObjectFactory
1531: .createRevokeRequestType();
1532: revokeRequestType.setId("808");
1533: X509DataType x509DataType = sigFactory
1534: .createX509DataType();
1535: x509DataType
1536: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
1537: .add(
1538: sigFactory
1539: .createX509DataTypeX509Certificate(cert
1540: .getEncoded()));
1541: KeyInfoType keyInfoType = sigFactory
1542: .createKeyInfoType();
1543: keyInfoType.getContent().add(
1544: sigFactory.createX509Data(x509DataType));
1545: KeyBindingType keyBindingType = xKMSObjectFactory
1546: .createKeyBindingType();
1547: keyBindingType.setKeyInfo(keyInfoType);
1548: keyBindingType.setId("424242");
1549: revokeRequestType.setRevokeKeyBinding(keyBindingType);
1550: first = XKMSUtil.getSecretKeyFromPassphrase("foo123",
1551: true, 20,
1552: XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1)
1553: .getEncoded();
1554: revokeRequestType.setRevocationCode(first);
1555: RevokeResultType revokeResultType = xKMSInvoker.revoke(
1556: revokeRequestType, null, null, null,
1557: keyBindingType.getId());
1558: assertTrue(ERRORNOTSENTFORAPPROVAL, revokeResultType
1559: .getResultMajor().equals(
1560: XKMSConstants.RESULTMAJOR_SUCCESS));
1561: assertTrue(ERRORNOTSENTFORAPPROVAL, revokeResultType
1562: .getResultMinor().equals(
1563: XKMSConstants.RESULTMINOR_INCOMPLETE));
1564: // Try to revoke via XKMS and verify failure
1565: revokeRequestType = xKMSObjectFactory
1566: .createRevokeRequestType();
1567: revokeRequestType.setId("810");
1568: x509DataType = sigFactory.createX509DataType();
1569: x509DataType
1570: .getX509IssuerSerialOrX509SKIOrX509SubjectName()
1571: .add(
1572: sigFactory
1573: .createX509DataTypeX509Certificate(cert
1574: .getEncoded()));
1575: keyInfoType = sigFactory.createKeyInfoType();
1576: keyInfoType.getContent().add(
1577: sigFactory.createX509Data(x509DataType));
1578: keyBindingType = xKMSObjectFactory
1579: .createKeyBindingType();
1580: keyBindingType.setKeyInfo(keyInfoType);
1581: keyBindingType.setId("424242");
1582: revokeRequestType.setRevokeKeyBinding(keyBindingType);
1583: first = XKMSUtil.getSecretKeyFromPassphrase("foo123",
1584: true, 20,
1585: XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1)
1586: .getEncoded();
1587: revokeRequestType.setRevocationCode(first);
1588: revokeResultType = xKMSInvoker.revoke(
1589: revokeRequestType, null, null, null,
1590: keyBindingType.getId());
1591: assertTrue(ERRORNOTSENTFORAPPROVAL, revokeResultType
1592: .getResultMajor().equals(
1593: XKMSConstants.RESULTMAJOR_RECIEVER));
1594: assertTrue(ERRORNOTSENTFORAPPROVAL, revokeResultType
1595: .getResultMinor().equals(
1596: XKMSConstants.RESULTMINOR_REFUSED));
1597: // Approve revocation and verify success
1598: TestRevocationApproval.approveRevocation(administrator,
1599: approvingAdmin, username,
1600: RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED,
1601: ApprovalDataVO.APPROVALTYPE_REVOKECERTIFICATE,
1602: certificateStoreSession, approvalSession);
1603: // Try to reactivate user
1604: } finally {
1605: userAdminSession.deleteUser(administrator, username);
1606: }
1607: } finally {
1608: // Nuke CA
1609: try {
1610: caAdminSession.revokeCA(administrator, caID,
1611: RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED);
1612: } finally {
1613: caAdminSession.removeCA(administrator, caID);
1614: }
1615: }
1616: } // test21RevocationApprovals
1617:
1618: public void test99CleanDatabase() throws Exception {
1619: Admin administrator = new Admin(Admin.TYPE_RA_USER);
1620: userAdminSession.deleteUser(administrator, username1);
1621: userAdminSession.deleteUser(administrator, username2);
1622: userAdminSession.deleteUser(administrator, username3);
1623:
1624: raAdminSession.removeEndEntityProfile(administrator,
1625: endentityprofilename);
1626:
1627: certificateStoreSession.removeCertificateProfile(administrator,
1628: certprofilename1);
1629: certificateStoreSession.removeCertificateProfile(administrator,
1630: certprofilename2);
1631:
1632: raAdminSession.saveGlobalConfiguration(administrator,
1633: orgGlobalConfig);
1634: }
1635:
1636: private Context getInitialContext() throws NamingException {
1637: log.debug(">getInitialContext");
1638:
1639: Context ctx = new javax.naming.InitialContext();
1640: log.debug("<getInitialContext");
1641:
1642: return ctx;
1643: }
1644:
1645: private String genUserName() throws Exception {
1646: // Gen new user
1647: userNo++;
1648:
1649: return baseUsername + userNo;
1650: } // genRandomUserName
1651:
1652: private static KeyPair genKeys() throws Exception {
1653: KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA",
1654: "BC");
1655: keygen.initialize(1024);
1656: log.debug("Generating keys, please wait...");
1657: KeyPair rsaKeys = keygen.generateKeyPair();
1658: log.debug("Generated "
1659: + rsaKeys.getPrivate().getAlgorithm()
1660: + " keys with length"
1661: + ((RSAPrivateKey) rsaKeys.getPrivate()).getModulus()
1662: .bitLength());
1663:
1664: return rsaKeys;
1665: } // genKeys
1666: }
|