// user that we know exists...
ocspTestCert = (X509Certificate) signSession.createCertificate(admin, "ocsptest", "foo123", keys.getPublic());
assertNotNull("Failed to create a certificate", ocspTestCert);
// And an OCSP request
OCSPReqGenerator gen = new OCSPReqGenerator();
gen.addRequest(new CertificateID(CertificateID.HASH_SHA1, cacert, ocspTestCert.getSerialNumber()));
Hashtable<DERObjectIdentifier, X509Extension> exts = new Hashtable<DERObjectIdentifier, X509Extension>();
X509Extension ext = new X509Extension(false, new DEROctetString("123456789".getBytes()));
exts.put(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, ext);
gen.setRequestExtensions(new X509Extensions(exts));
X509Certificate chain[] = new X509Certificate[2];
chain[0] = ocspTestCert;
chain[1] = cacert;
gen.setRequestorName(ocspTestCert.getSubjectX500Principal());
OCSPReq req = gen.generate("SHA1WithRSA", keys.getPrivate(), chain, "BC");
//OCSPReq req = gen.generate();
// Send the request and receive a singleResponse
SingleResp[] singleResps = helper.sendOCSPPost(req.getEncoded(), "123456789", OCSPResponseStatus.SUCCESSFUL, 200);
assertEquals("Number of of SingResps should be 1.", 1, singleResps.length);
SingleResp singleResp = singleResps[0];
CertificateID certId = singleResp.getCertID();
assertEquals("Serno in response does not match serno in request.", certId.getSerialNumber(), ocspTestCert.getSerialNumber());
Object status = singleResp.getCertStatus();
assertEquals("Status is not null (good)", status, null);
// Try with an unsigned request, we should get a status code 5 back from the server (signature required)
req = gen.generate();
// Send the request and receive a singleResponse, this response should have error code SIGNATURE_REQUIRED
singleResps = helper.sendOCSPPost(req.getEncoded(), "123456789", OCSPResponseStatus.SIG_REQUIRED, 200);
assertNull(singleResps);
// sign with a keystore where the CA-certificate is not known
KeyStore store = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream fis = new ByteArrayInputStream(ks3);
store.load(fis, "foo123".toCharArray());
Certificate[] certs = KeyTools.getCertChain(store, "privateKey");
chain[0] = (X509Certificate)certs[0];
chain[1] = (X509Certificate)certs[1];
PrivateKey pk = (PrivateKey)store.getKey("privateKey", "foo123".toCharArray());
req = gen.generate("SHA1WithRSA", pk, chain, "BC");
// Send the request and receive a singleResponse, this response should have error code UNAUTHORIZED (6)
singleResps = helper.sendOCSPPost(req.getEncoded(), "123456789", OCSPResponseStatus.UNAUTHORIZED, 200);
assertNull(singleResps);
log.trace("<test01OcspGood()");