// In this we also test validity override using notBefore and notAfter
// from above
// In this test userDN contains special, escaped characters to verify
// that that works with CMP RA as well
PKIMessage one = genCertReq(issuerDN, userDN, keys, cacert, nonce, transid, true, null, notBefore, notAfter, null);
PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD, 567);
assertNotNull(req);
int reqId = req.getBody().getIr().getCertReqMsg(0).getCertReq().getCertReqId().getValue().intValue();
ByteArrayOutputStream bao = new ByteArrayOutputStream();
DEROutputStream out = new DEROutputStream(bao);
out.writeObject(req);
byte[] ba = bao.toByteArray();
// Send request and receive response
byte[] resp = sendCmpHttp(ba, 200);
checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, PBEPASSWORD);
X509Certificate cert = checkCmpCertRepMessage(userDN, cacert, resp, reqId);
// Check that validity override works
assertTrue(cert.getNotBefore().equals(notBefore));
assertTrue(cert.getNotAfter().equals(notAfter));
String altNames = CertTools.getSubjectAlternativeName(cert);
assertTrue(altNames.indexOf("upn=fooupn@bar.com") != -1);
assertTrue(altNames.indexOf("rfc822name=fooemail@bar.com") != -1);
// Send a confirm message to the CA
String hash = "foo123";
PKIMessage confirm = genCertConfirm(userDN, cacert, nonce, transid, hash, reqId);
assertNotNull(confirm);
PKIMessage req1 = protectPKIMessage(confirm, false, PBEPASSWORD, 567);
bao = new ByteArrayOutputStream();
out = new DEROutputStream(bao);
out.writeObject(req1);
ba = bao.toByteArray();
// Send request and receive response
resp = sendCmpHttp(ba, 200);
checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, PBEPASSWORD);
checkCmpPKIConfirmMessage(userDN, cacert, resp);
// Now revoke the bastard using the CMPv1 reason code!
PKIMessage rev = genRevReq(issuerDN, userDN, cert.getSerialNumber(), cacert, nonce, transid, false);
PKIMessage revReq = protectPKIMessage(rev, false, PBEPASSWORD, 567);
assertNotNull(revReq);
bao = new ByteArrayOutputStream();
out = new DEROutputStream(bao);
out.writeObject(revReq);
ba = bao.toByteArray();