Examples of CVCRequestMessage

Examples of org.ejbca.core.protocol.CVCRequestMessage

208
209
210
211
212
213
214
215
216
217
218
219
220
     * @param password password of requesting user
     * @return Base64 encoded byte[]
     * @throws Exception
     */
    public byte[] cvcCertRequest(SignSessionLocal signsession, byte[] b64Encoded, String username, String password) throws Exception {           
      CVCRequestMessage req = RequestMessageUtils.genCVCRequestMessage(b64Encoded);
        req.setUsername(username);
            req.setPassword(password);
            // Yes it says X509ResponseMessage, but for CVC it means it just contains the binary certificate blob
            IResponseMessage resp = signsession.createCertificate(administrator, req, X509ResponseMessage.class, null);
            Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
            byte[] result = cert.getEncoded();
            log.debug("Created CV certificate for " + username);
View Full Code Here

Examples of org.ejbca.core.protocol.CVCRequestMessage

977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
          CVCAuthenticatedRequest cvcreq = (CVCAuthenticatedRequest)parsedObject;
          cvccert = cvcreq.getRequest();
        } else {
          cvccert = (CVCertificate)parsedObject;
        }
        CVCRequestMessage reqmsg = new CVCRequestMessage(cvccert.getDEREncoded());
        reqmsg.setUsername(username);
        reqmsg.setPassword(password);
        // Popo is really actually verified by the CA (in RSASignSessionBean) as well
        if (reqmsg.verify() == false) {
          log.debug("CVC POPO verification Failed");
          throw new SignRequestSignatureException("Invalid inner signature in CVCRequest, popo-verification failed.");
        } else {
          log.debug("POPO verification successful");         
        }
View Full Code Here

Examples of org.ejbca.core.protocol.CVCRequestMessage

115
116
117
118
119
120
121
  public static CVCRequestMessage genCVCRequestMessage(byte[] bytes) {
    byte[] buffer = getDecodedBytes(bytes);
    if (buffer == null) {
      return null;
    }   
    return new CVCRequestMessage(buffer);
  } // genCvcRequestMessageFromPEM
View Full Code Here

Examples of org.ejbca.core.protocol.CVCRequestMessage

2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
        cachain.add(cvcacert.getEncoded());
        // Create the request with WS API
        request = ejbcaraws.caRenewCertRequest(caname, cachain, false, false, false, pwd);
        // make the mandatory junit checks...
        assertNotNull(request);
        CVCRequestMessage cvcreq = RequestMessageUtils.genCVCRequestMessage(request);
        assertNotNull(cvcreq);
        assertEquals(dvinfo.getSubjectDN(), cvcreq.getRequestDN());
        CVCObject obj = CertificateParser.parseCVCObject(request);
        // System.out.println(obj.getAsText());
        CVCertificate cert = (CVCertificate) obj;
        assertEquals(cvcacert.getCVCertificate().getCertificateBody().getAuthorityReference().getConcatenated(), cert.getCertificateBody()
                .getAuthorityReference().getConcatenated());

        // Receive the response so the DV CA is activated
        HolderReferenceField dvholderref = cert.getCertificateBody().getHolderReference();
        CVCertificate dvretcert = CertificateGenerator.createTestCertificate(cert.getCertificateBody().getPublicKey(), cvcakeypair.getPrivate(), caRef,
                dvholderref, signalg, AuthorizationRoleEnum.DV_D);
        ejbcaraws.caCertResponse(caname, dvretcert.getDEREncoded(), cachain, pwd);
        // Check that the cert was received and the CA activated
        dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
        assertEquals(SecConst.CA_ACTIVE, dvinfo.getStatus());
        Collection<java.security.cert.Certificate> dvcerts = dvinfo.getCertificateChain();
        assertEquals(2, dvcerts.size());
        CardVerifiableCertificate dvcertactive = (CardVerifiableCertificate)dvcerts.iterator().next();
        obj = CertificateParser.parseCVCObject(dvcertactive.getEncoded());
        // System.out.println(obj.getAsText());
        dvcertactive.verify(cvcakeypair.getPublic());
        // Check to see that is really the same keypair
        String pubk1 = new String(Base64.encode(dvcertactive.getPublicKey().getEncoded(), false));
        String pubk2 = new String(Base64.encode(cert.getCertificateBody().getPublicKey().getEncoded(), false));
        assertTrue(pubk1.compareTo(pubk2) == 0);
        String sequence1 = dvcertactive.getCVCertificate().getCertificateBody().getHolderReference().getSequence();

        /*
         * Second test is to renew a CA signed by an external CA *with renewing
         * the keys*, and activating them. This creates a new key pair and a
         * certificate request. Status is set to
         * "waiting for certificate response" because the new keys can not be
         * used until we have receive a certificate.
         */
        // Now we want to renew a DVCA signed by an external CVCA, generating
        // new keys
        // Create the request with WS API, cachain is our CVCA cert from
        // previously created CVCA, we use the previously created DV as well.
        pwd = "foo123";
        request = ejbcaraws.caRenewCertRequest(caname, cachain, true, false, true, pwd);
        // make the mandatory junit checks...
        assertNotNull(request);
        cvcreq = RequestMessageUtils.genCVCRequestMessage(request);
        assertNotNull(cvcreq);
        assertEquals(dvinfo.getSubjectDN(), cvcreq.getRequestDN());
        obj = CertificateParser.parseCVCObject(request);
        // System.out.println(obj.getAsText());
        // We should have created an authenticated request signed by the old
        // certificate
        CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest) obj;
        assertEquals(dvcertactive.getCVCertificate().getCertificateBody().getHolderReference().getConcatenated(), authreq.getAuthorityReference()
                .getConcatenated());
        cert = authreq.getRequest();
    // The request should be targeted for the CVCA, i.e. ca_ref in request should be the same as the CVCAs ref
        assertEquals(cvcacert.getCVCertificate().getCertificateBody().getAuthorityReference().getConcatenated(), cert.getCertificateBody()
                .getAuthorityReference().getConcatenated());
        // Now test our WS API that it has set status to "WAITING_FOR_CERTIFICATE_RESPONSE"
        dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
        assertEquals(SecConst.CA_WAITING_CERTIFICATE_RESPONSE, dvinfo.getStatus());
        assertEquals ("DV should not be available", ejbcaraws.getLastCAChain(caname).size (),0);
        // Check to see that is really is a new keypair
        pubk1 = new String(Base64.encode(dvcertactive.getPublicKey().getEncoded(), false));
        pubk2 = new String(Base64.encode(cert.getCertificateBody().getPublicKey().getEncoded(), false));
        assertTrue(pubk1.compareTo(pubk2) != 0);

        // Receive the response so the DV CA is activated
        dvholderref = cert.getCertificateBody().getHolderReference();
        dvretcert = CertificateGenerator.createTestCertificate(cert.getCertificateBody().getPublicKey(), cvcakeypair.getPrivate(), caRef, dvholderref, signalg,
                AuthorizationRoleEnum.DV_D);
        ejbcaraws.caCertResponse(caname, dvretcert.getDEREncoded(), cachain, pwd);
        // Check that the cert was received and the CA activated
        dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
        assertEquals(SecConst.CA_ACTIVE, dvinfo.getStatus());
        dvcerts = dvinfo.getCertificateChain();
        assertEquals(2, dvcerts.size());
        dvcertactive = (CardVerifiableCertificate)dvcerts.iterator().next();
        obj = CertificateParser.parseCVCObject(dvcertactive.getEncoded());
        // System.out.println(obj.getAsText());
        dvcertactive.verify(cvcakeypair.getPublic());
        String sequence2 = dvcertactive.getCVCertificate().getCertificateBody().getHolderReference().getSequence();
        int s1 = Integer.parseInt(sequence1);
        int s2 = Integer.parseInt(sequence2);
        assertEquals(s1 + 1, s2); // sequence in new certificate should be old
        // sequence + 1

        /*
         * Third test is to renew a CA signed by an external CA *with renewing
         * the keys* saying to *not* activate the key now. This creates a new
         * key pair and a certificate request, but the new key pair is not used
         * by the CA for issuing certificates. Status is not set to
         * "waiting for certificate response" because the old keys can still be
         * used until we have received a certificate and activated the new keys.
         */
        request = ejbcaraws.caRenewCertRequest(caname, cachain, true, false, false, pwd);
        // make the mandatory junit checks...
        assertNotNull(request);
        cvcreq = RequestMessageUtils.genCVCRequestMessage(request);
        assertNotNull(request);
        assertEquals(dvinfo.getSubjectDN(), cvcreq.getRequestDN());
        obj = CertificateParser.parseCVCObject(request);
        // System.out.println(obj.getAsText());
        // We should have created an authenticated request signed by the old
        // certificate
        authreq = (CVCAuthenticatedRequest) obj;
View Full Code Here

Examples of org.ejbca.core.protocol.CVCRequestMessage

2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
     * certificate should be found automatically (by CAAdminSessionBean.makeRequest).
     */
        byte[] request = ejbcaraws.caRenewCertRequest(caname, new ArrayList<byte[]>(), false, false, false, null);
        // make the mandatory junit checks...
        assertNotNull(request);
        CVCRequestMessage cvcreq = RequestMessageUtils.genCVCRequestMessage(request);
        assertNotNull(cvcreq);
        CAInfo dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
        assertEquals(dvinfo.getSubjectDN(), cvcreq.getRequestDN());
        CVCObject obj = CertificateParser.parseCVCObject(request);
        //System.out.println(obj.getAsText());
        // We should have created an authenticated request signed by the old certificate
    CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest)obj;
    CVCertificate cert = authreq.getRequest();
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.