Package org.ejbca.core.model.ca.caadmin

Examples of org.ejbca.core.model.ca.caadmin.CAInfo

107
108
109
110
111
112
113
114
115
116
     */
    public CreateCRLSessionTest(String name) throws Exception {
        super(name);
        CryptoProviderTools.installBCProviderIfNotAvailable();
        assertTrue("Could not create TestCA.", createTestCA());
        CAInfo inforsa = caAdminSession.getCAInfo(admin, "TEST");
        assertTrue("No active RSA CA! Must have at least one active CA to run tests!", inforsa != null);
        caid = inforsa.getCAId();
        ca = caSession.getCA(admin, caid);
    }
View Full Code Here
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
     *             error
     */
    public void test05CRLPeriodOverflow() throws Exception {
        log.trace(">test05CRLPeriodOverflow()");
        // Fetch CAInfo and save CRLPeriod
        CAInfo cainfo = ca.getCAInfo();
        long tempCRLPeriod = cainfo.getCRLPeriod();
        try {
            // Create a user that Should be revoked
            boolean userExists = false;
            final String userDN = "CN=" + TESTUSERNAME;
            try {
                int certprofileid = 0;
                // add a Certificate Profile with overridable validity
                try {
                    CertificateProfile certProfile = new CertificateProfile();
                    certProfile.setAllowValidityOverride(true);
                    certificateProfileSession.addCertificateProfile(admin, TESTPROFILE, certProfile);
                } catch (CertificateProfileExistsException cpeee) {
                }
                certprofileid = certificateProfileSession.getCertificateProfileId(admin, TESTPROFILE);
                assertTrue(certprofileid != 0);
                // add End Entity Profile with validity limitations
                EndEntityProfile profile;
                try {
                    endEntityProfileSession.removeEndEntityProfile(admin, TESTPROFILE);
                    profile = new EndEntityProfile();
                    profile.setUse(EndEntityProfile.ENDTIME, 0, true);
                    profile.setUse(EndEntityProfile.CLEARTEXTPASSWORD, 0, false);
                    profile.setValue(EndEntityProfile.CLEARTEXTPASSWORD, 0, EndEntityProfile.FALSE);
                    profile.setValue(EndEntityProfile.AVAILCAS, 0, Integer.valueOf(caid).toString());
                    profile.setUse(EndEntityProfile.STARTTIME, 0, true);
                    profile.setValue(EndEntityProfile.AVAILCERTPROFILES, 0, Integer.valueOf(certprofileid).toString());
                    profile.setValue(EndEntityProfile.DEFAULTCERTPROFILE, 0, Integer.valueOf(certprofileid).toString());
                    endEntityProfileSession.addEndEntityProfile(admin, TESTPROFILE, profile);
                } catch (EndEntityProfileExistsException pee) {
                }
                // Create a new user
                ExtendedInformation ei = new ExtendedInformation();
                ei.setCustomData(EndEntityProfile.STARTTIME, "0:00:00");
                ei.setCustomData(EndEntityProfile.ENDTIME, "0:00:50");
                UserDataVO userdata = new UserDataVO(TESTUSERNAME, userDN, caid, "", "foo@bar.se", UserDataConstants.STATUS_NEW, SecConst.USER_ENDUSER,
                        endEntityProfileSession.getEndEntityProfileId(admin, TESTPROFILE), certprofileid, new Date(), new Date(), SecConst.TOKEN_SOFT_PEM, 0, ei);
                userdata.setPassword("foo123");
                try {
                    userAdminSession.revokeAndDeleteUser(admin, TESTUSERNAME, RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE);
                } catch (NotFoundException nfe) {
                }
                userAdminSession.addUser(admin, userdata, false);
                log.debug("created user");
            } catch (EJBException e) {
              if (e.getCause() instanceof PersistenceException) {
                userExists = true;
              }
            }
            if (userExists) {
                log.info("User testCRLPeriod already exists, resetting status.");
                userAdminSession.setUserStatus(admin, TESTUSERNAME, UserDataConstants.STATUS_NEW);
                log.debug("Reset status to NEW");
            }
            KeyPair keys = genKeys();
            // user that we know exists...
            X509Certificate cert = (X509Certificate) signSession.createCertificate(admin, TESTUSERNAME, "foo123", keys.getPublic());
            assertNotNull("Failed to create certificate", cert);
            log.debug("Cert=" + cert.toString());
            // Revoke the user
            certificateStoreSession.revokeCertificate(admin, cert, null, RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE, userDN);
            // Change CRLPeriod
            cainfo.setCRLPeriod(Long.MAX_VALUE);
            caAdminSession.editCA(admin, cainfo);
            ca = caSession.getCA(admin, caid);
            // Create new CRL's
            crlCreateSession.run(admin, ca);
            // Verify that status is not archived
            CertificateInfo certinfo = certificateStoreSession.getCertificateInfo(admin, CertTools.getFingerprintAsString(cert));
            assertFalse("Non Expired Revoked Certificate was archived", certinfo.getStatus() == SecConst.CERT_ARCHIVED);
        } finally {
            // Restore CRL Period
            cainfo.setCRLPeriod(tempCRLPeriod);
            caAdminSession.editCA(admin, cainfo);
            ca = caSession.getCA(admin, caid);
            // Delete and revoke User
            userAdminSession.revokeAndDeleteUser(admin, TESTUSERNAME, RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE);
            // Delete end entity profile
View Full Code Here
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
                    true, // useUserStorage
                    true // useCertificateStorage
            );

            caAdminSessionRemote.createCA(intAdmin, cvcdvinfo);
            CAInfo info = caAdminSessionRemote.getCAInfo(intAdmin, dvcaname);
            assertEquals(CAInfo.CATYPE_CVC, info.getCAType());
            // It is signed by external so no certificates exists yet
            Collection<java.security.cert.Certificate> col = info.getCertificateChain();
            assertEquals(0, col.size());
            return info.getName();
        } catch (CAExistsException pee) {
            pee.printStackTrace();
        }
        return null;
    }
View Full Code Here
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
  public CmpRAUnidTest(String arg0) throws Exception {
    super(arg0);
    CryptoProviderTools.installBCProvider();
    // Try to use AdminCA1 if it exists
    final CAInfo adminca1 = this.caAdminSession.getCAInfo(this.admin, "AdminCA1");
    if (adminca1 == null) {
      final Collection<Integer> caids = this.caSession.getAvailableCAs(this.admin);
      final Iterator<Integer> iter = caids.iterator();
      int tmp = 0;
      while (iter.hasNext()) {
        tmp = iter.next().intValue();
        if ( tmp!=0 ) {
          break;
        }
      }
      this.caid = tmp;
    } else {
      this.caid = adminca1.getCAId();
    }
    if (this.caid == 0) {
      assertTrue("No active CA! Must have at least one active CA to run tests!", false);
    }
    final CAInfo cainfo = this.caAdminSession.getCAInfo(this.admin, this.caid);
    final Collection<Certificate> certs = cainfo.getCertificateChain();
    if (certs.size() > 0) {
      final Iterator<Certificate> certiter = certs.iterator();
      final Certificate cert = certiter.next();
      final String subject = CertTools.getSubjectDN(cert);
      if (StringUtils.equals(subject, cainfo.getSubjectDN())) {
        // Make sure we have a BC certificate
        this.cacert = (X509Certificate) CertTools.getCertfromByteArray(cert.getEncoded());
      } else {
        this.cacert = null;
      }
    } else {
      this.cacert = null;
      log.error("NO CACERT for caid " + this.caid);
    }
    this.issuerDN = this.cacert.getIssuerDN().getName();
    // Configure CMP for this test
    updatePropertyOnServer(CmpConfiguration.CONFIG_OPERATIONMODE, "ra");
    updatePropertyOnServer(CmpConfiguration.CONFIG_ALLOWRAVERIFYPOPO, "true");
    updatePropertyOnServer(CmpConfiguration.CONFIG_RESPONSEPROTECTION, "pbe");
    updatePropertyOnServer(CmpConfiguration.CONFIG_RA_AUTHENTICATIONSECRET, PBEPASSWORD);
    updatePropertyOnServer(CmpConfiguration.CONFIG_RA_CERTIFICATEPROFILE, "KeyId");
    updatePropertyOnServer(CmpConfiguration.CONFIG_RA_ENDENTITYPROFILE, "KeyId");
    updatePropertyOnServer(CmpConfiguration.CONFIG_RACANAME, cainfo.getName());
    updatePropertyOnServer(CmpConfiguration.CONFIG_CERTREQHANDLER_CLASS, UnidFnrHandler.class.getName());
    // Configure a Certificate profile (CmpRA) using ENDUSER as template
    if (this.certificateProfileSession.getCertificateProfile(this.admin, CPNAME) == null) {
      final CertificateProfile cp = new EndUserCertificateProfile();
      try { // TODO: Fix this better
View Full Code Here
166
167
168
169
170
171
172
173
174
175
    LOG.trace("<testIssueConfirmRevoke");
  }

  /** Assert that the CA is configured to store things as expected. */
  private void assertCAConfig(boolean useCertReqHistory, boolean useUserStorage, boolean useCertificateStorage) {
    CAInfo caInfo = InterfaceCache.getCAAdminSession().getCAInfo(ADMIN, TESTCA_NAME);
    assertEquals("CA has wrong useCertReqHistory setting: ", useCertReqHistory, caInfo.isUseCertReqHistory());
    assertEquals("CA has wrong useUserStorage setting: ", useUserStorage, caInfo.isUseUserStorage());
    assertEquals("CA has wrong useCertificateStorage setting: ", useCertificateStorage, caInfo.isUseCertificateStorage());
  }
View Full Code Here
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
    assertEquals("CA has wrong useCertificateStorage setting: ", useCertificateStorage, caInfo.isUseCertificateStorage());
  }

  /** Change CA configuration for what to store and assert that the changes were made. */
  private void reconfigureCA(boolean useCertReqHistory, boolean useUserStorage, boolean useCertificateStorage) throws AuthorizationDeniedException {
    CAInfo caInfo = InterfaceCache.getCAAdminSession().getCAInfo(ADMIN, TESTCA_NAME);
    caInfo.setUseCertReqHistory(useCertReqHistory);
    caInfo.setUseUserStorage(useUserStorage);
    caInfo.setUseCertificateStorage(useCertificateStorage);
    assertEquals("CAInfo did not store useCertReqHistory setting correctly: ", useCertReqHistory, caInfo.isUseCertReqHistory());
    assertEquals("CAInfo did not store useUserStorage setting correctly: ", useUserStorage, caInfo.isUseUserStorage());
    assertEquals("CAInfo did not store useCertificateStorage setting correctly: ", useCertificateStorage, caInfo.isUseCertificateStorage());
    InterfaceCache.getCAAdminSession().editCA(ADMIN, caInfo);
    assertCAConfig(useCertReqHistory, useUserStorage, useCertificateStorage);
  }
View Full Code Here
142
143
144
145
146
147
148
149
150
151
152
153
154
155
    }
    return ret;
  }
 
  public boolean getOcspEnabled() {
    CAInfo caInfo = getCAInfo();
    boolean active = false;
    if (caInfo != null) {
      Iterator<ExtendedCAServiceInfo> iter = caInfo.getExtendedCAServiceInfos().iterator();
      while(iter.hasNext()){
          ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter.next();
          if(next instanceof OCSPCAServiceInfo){
            active = next.getStatus() == ExtendedCAServiceInfo.STATUS_ACTIVE;
          }
View Full Code Here
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
                    null //cmpRaAuthSecret
            );

            caAdminSession.createCA(admin, cainfo);

            CAInfo info = caAdminSession.getCAInfo(admin, dn);

            X509Certificate cert = (X509Certificate) info.getCertificateChain().iterator().next();
            assertTrue("Error in created ca certificate", cert.getSubjectDN().toString().equals(dn));
            assertTrue("Creating CA failed", info.getSubjectDN().equals(dn));
            PublicKey pk = cert.getPublicKey();
            if (pk instanceof JCEECPublicKey) {
                JCEECPublicKey ecpk = (JCEECPublicKey) pk;
                assertEquals(ecpk.getAlgorithm(), "EC");
                org.bouncycastle.jce.spec.ECParameterSpec spec = ecpk.getParameters();
                if (StringUtils.equals(keySpec, "implicitlyCA")) {
                    assertNull("ImplicitlyCA must have null spec", spec);
                } else {
                    assertNotNull("prime192v1 must not have null spec", spec);
                }
            } else {
                assertTrue("Public key is not EC", false);
            }

            ret = true;
            Collection coll = info.getCertificateChain();
            Object[] certs = coll.toArray();
            cacert = (X509Certificate) certs[0];
        } catch (CAExistsException pee) {
            log.info("CA exists.");
        }
View Full Code Here
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
                    null //cmpRaAuthSecret
            );

            caAdminSession.createCA(admin, cainfo);

            CAInfo info = caAdminSession.getCAInfo(admin, dn);

            X509Certificate cert = (X509Certificate) info.getCertificateChain().iterator().next();
            assertTrue("Error in created ca certificate", cert.getSubjectDN().toString().equals(dn));
            assertTrue("Creating CA failed", info.getSubjectDN().equals(dn));
            assertTrue(cert.getPublicKey() instanceof DSAPublicKey);

            ret = true;
            Collection<Certificate> coll = info.getCertificateChain();
            Object[] certs = coll.toArray();
            cacert = (X509Certificate) certs[0];
        } catch (CAExistsException pee) {
            log.info("CA exists.");
        }
View Full Code Here
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
    public CrmfRAPbeMultipleKeyIdRequestTest(String arg0) throws CertificateEncodingException, CertificateException {
        super(arg0);
        admin = new Admin(Admin.TYPE_BATCHCOMMANDLINE_USER);
        CryptoProviderTools.installBCProvider();
        // Try to get caIds
        CAInfo adminca1 = caAdminSession.getCAInfo(admin, "CmpCA1");
        caid1 = adminca1.getCAId();
        CAInfo adminca2 = caAdminSession.getCAInfo(admin, "CmpCA2");
        caid2 = adminca2.getCAId();
        if ((caid1 == 0) || (caid2 == 0)) {
            assertTrue("No active CA! Must have CmpCA1 and CmpCA2 to run tests!", false);
        }
        CAInfo cainfo = caAdminSession.getCAInfo(admin, caid1);
        Collection<Certificate> certs = cainfo.getCertificateChain();
        if (certs.size() > 0) {
            Iterator<Certificate> certiter = certs.iterator();
            Certificate cert = certiter.next();
            String subject = CertTools.getSubjectDN(cert);
            if (StringUtils.equals(subject, cainfo.getSubjectDN())) {
                // Make sure we have a BC certificate
                cacert1 = CertTools.getCertfromByteArray(cert.getEncoded());
            }
        } else {
            log.error("NO CACERT for CmpCA1: " + caid1);
        }
        cainfo = caAdminSession.getCAInfo(admin, caid2);
        certs = cainfo.getCertificateChain();
        if (certs.size() > 0) {
            Iterator<Certificate> certiter = certs.iterator();
            Certificate cert = certiter.next();
            String subject = CertTools.getSubjectDN(cert);
            if (StringUtils.equals(subject, cainfo.getSubjectDN())) {
                // Make sure we have a BC certificate
                cacert2 = (X509Certificate) CertTools.getCertfromByteArray(cert.getEncoded());
            }
        } else {
            log.error("NO CACERT for CmpCA2: " + caid2);
View Full Code Here
TOP

Related Classes of org.ejbca.core.model.ca.caadmin.CAInfo

  • org.cesecore.core.ejb.ca.crl.CrlCreateSessionBean
  • org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
  • org.ejbca.core.ejb.ca.caadmin.CAKeystoreExportRemoveRestoreTest
  • org.ejbca.core.ejb.ca.caadmin.CAsTest
  • org.ejbca.core.ejb.ca.CaTestCase
  • org.ejbca.core.ejb.ca.crl.CreateCRLSessionTest
  • org.ejbca.core.ejb.ca.sign.CustomCertSerialnumberTest
  • org.ejbca.core.ejb.ca.sign.ExtendedKeyUsageTest
  • org.ejbca.core.ejb.ca.sign.SignLotsOfCertsTest
  • org.ejbca.core.ejb.ca.sign.SignSessionTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.