PKIMessage req = genCertReq(issuerDN, userDN, keys, cacert, nonce, transid, false, null, null, null, null);
assertNotNull(req);
int reqId = req.getBody().getIr().getCertReqMsg(0).getCertReq().getCertReqId().getValue().intValue();
ByteArrayOutputStream bao = new ByteArrayOutputStream();
DEROutputStream out = new DEROutputStream(bao);
out.writeObject(req);
byte[] ba = bao.toByteArray();
// Send request and receive response
byte[] resp = sendCmpHttp(ba, 200);
checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, true, null);
X509Certificate cert = checkCmpCertRepMessage(userDN, cacert, resp, reqId);
String altNames = CertTools.getSubjectAlternativeName(cert);
assertNull("AltNames was not null (" + altNames + ").", altNames);
// Send a confirm message to the CA
String hash = "foo123";
PKIMessage confirm = genCertConfirm(userDN, cacert, nonce, transid, hash, reqId);
assertNotNull(confirm);
bao = new ByteArrayOutputStream();
out = new DEROutputStream(bao);
out.writeObject(confirm);
ba = bao.toByteArray();
// Send request and receive response
resp = sendCmpHttp(ba, 200);
checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, null);
checkCmpPKIConfirmMessage(userDN, cacert, resp);
// Now revoke the bastard!
PKIMessage rev = genRevReq(issuerDN, userDN, cert.getSerialNumber(), cacert, nonce, transid, true);
assertNotNull(rev);
bao = new ByteArrayOutputStream();
out = new DEROutputStream(bao);
out.writeObject(rev);
ba = bao.toByteArray();
// Send request and receive response
resp = sendCmpHttp(ba, 200);
checkCmpResponseGeneral(resp, issuerDN, userDN, cacert, nonce, transid, false, null);
checkCmpFailMessage(resp, "No PKI protection to verify.", 23, reqId, 1);