public void test02CrmfHttpOkUserKeyId1() throws Exception {
byte[] nonce = CmpMessageHelper.createSenderNonce();
byte[] transid = CmpMessageHelper.createSenderNonce();
PKIMessage one = genCertReq(issuerDN1, userDN1, keys, cacert1, nonce, transid, true, null, null, null, null);
PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD, "KeyId1", 567);
int reqId = req.getBody().getIr().getCertReqMsg(0).getCertReq().getCertReqId().getValue().intValue();
assertNotNull(req);
ByteArrayOutputStream bao = new ByteArrayOutputStream();
DEROutputStream out = new DEROutputStream(bao);
out.writeObject(req);
byte[] ba = bao.toByteArray();
// Send request and receive response
byte[] resp = sendCmpHttp(ba, 200);
checkCmpResponseGeneral(resp, issuerDN1, userDN1, cacert1, nonce, transid, false, PBEPASSWORD);
X509Certificate cert = checkCmpCertRepMessage(userDN1, cacert1, resp, reqId);
String altNames = CertTools.getSubjectAlternativeName(cert);
assertTrue(altNames.indexOf("upn=fooupn@bar.com") != -1);
assertTrue(altNames.indexOf("rfc822name=fooemail@bar.com") != -1);
// Check key usage that it is digitalSignature for KeyId1 and
// nonRepudiation for KeyId2
boolean[] ku = cert.getKeyUsage();
assertTrue(ku[0]);
assertFalse(ku[1]);
assertFalse(ku[2]);
assertFalse(ku[3]);
assertFalse(ku[4]);
assertFalse(ku[5]);
assertFalse(ku[6]);
assertFalse(ku[7]);
assertFalse(ku[8]);
// Check DN that must be SE for KeyId1
assertEquals("SE", CertTools.getPartFromDN(cert.getSubjectDN().getName(), "C"));
// Send a confirm message to the CA
String hash = "foo123";
PKIMessage confirm = genCertConfirm(userDN1, cacert1, nonce, transid, hash, reqId);
assertNotNull(confirm);
PKIMessage req1 = protectPKIMessage(confirm, false, PBEPASSWORD, 567);
bao = new ByteArrayOutputStream();
out = new DEROutputStream(bao);
out.writeObject(req1);
ba = bao.toByteArray();
// Send request and receive response
resp = sendCmpHttp(ba, 200);
checkCmpResponseGeneral(resp, issuerDN1, userDN1, cacert1, nonce, transid, false, PBEPASSWORD);
checkCmpPKIConfirmMessage(userDN1, cacert1, resp);
// Now revoke the bastard!
PKIMessage rev = genRevReq(issuerDN1, userDN1, cert.getSerialNumber(), cacert1, nonce, transid, true);
PKIMessage revReq = protectPKIMessage(rev, false, PBEPASSWORD, 567);
assertNotNull(revReq);
bao = new ByteArrayOutputStream();
out = new DEROutputStream(bao);
out.writeObject(revReq);
ba = bao.toByteArray();