Package org.ejbca.core.model.ca.caadmin

Examples of org.ejbca.core.model.ca.caadmin.CAInfo


        assertTrue("Creating DSA CA failed", ret);
    } // test12AddDSACA

    public void test13RenewCA() throws Exception {
        // Test renew cacert
        CAInfo info = caAdminSession.getCAInfo(admin, getTestCAId());
        Collection<Certificate> certs = info.getCertificateChain();
        X509Certificate cacert1 = (X509Certificate) certs.iterator().next();
        caAdminSession.renewCA(admin, getTestCAId(), "foo123", false);
        info = caAdminSession.getCAInfo(admin, getTestCAId());
        certs = info.getCertificateChain();
        X509Certificate cacert2 = (X509Certificate) certs.iterator().next();
        assertFalse(cacert1.getSerialNumber().equals(cacert2.getSerialNumber()));
        assertEquals(new String(CertTools.getSubjectKeyId(cacert1)), new String(CertTools.getSubjectKeyId(cacert2)));
        cacert2.verify(cacert1.getPublicKey()); // throws if it fails

        // Test renew CA keys
        caAdminSession.renewCA(admin, getTestCAId(), "foo123", true);
        info = caAdminSession.getCAInfo(admin, getTestCAId());
        certs = info.getCertificateChain();
        X509Certificate cacert3 = (X509Certificate) certs.iterator().next();
        assertFalse(cacert2.getSerialNumber().equals(cacert3.getSerialNumber()));
        String keyid1 = new String(CertTools.getSubjectKeyId(cacert2));
        String keyid2 = new String(CertTools.getSubjectKeyId(cacert3));
        assertFalse(keyid1.equals(keyid2));

        // Test create X.509 link certificate (NewWithOld rollover cert)
        // We have cacert3 that we want to sign with the old keys from cacert2,
        // create a link certificate.
        // That link certificate should have the same subjetcKeyId as cert3, but
        // be possible to verify with cert2.
        byte[] bytes = caAdminSession.signRequest(admin, getTestCAId(), cacert3.getEncoded(), true, true);
        X509Certificate cacert4 = (X509Certificate) CertTools.getCertfromByteArray(bytes);
        // Same public key as in cacert3 -> same subject key id
        keyid1 = new String(CertTools.getSubjectKeyId(cacert3));
        keyid2 = new String(CertTools.getSubjectKeyId(cacert4));
        assertTrue(keyid1.equals(keyid2));
        // Same signer as for cacert2 -> same auth key id in cacert4 as subject
        // key id in cacert2
        keyid1 = new String(CertTools.getSubjectKeyId(cacert2));
        keyid2 = new String(CertTools.getAuthorityKeyId(cacert4));
        assertTrue(keyid1.equals(keyid2));
        cacert4.verify(cacert2.getPublicKey());

        // Test make request just making a request using the old keys
        byte[] request = caAdminSession.makeRequest(admin, getTestCAId(), new ArrayList<Certificate>(), false, false, false, "foo123");
        assertNotNull(request);
        PKCS10RequestMessage msg = RequestMessageUtils.genPKCS10RequestMessage(request);
        PublicKey pk1 = cacert3.getPublicKey();
        PublicKey pk2 = msg.getRequestPublicKey();
        String key1 = new String(Base64.encode(pk1.getEncoded()));
        String key2 = new String(Base64.encode(pk2.getEncoded()));
        // A plain request using the CAs key will have the same public key
        assertEquals(key1, key2);
        // Test make request generating new keys
        request = caAdminSession.makeRequest(admin, getTestCAId(), new ArrayList<Certificate>(), true, false, true, "foo123");
        assertNotNull(request);
        msg = RequestMessageUtils.genPKCS10RequestMessage(request);
        pk1 = cacert3.getPublicKey();
        pk2 = msg.getRequestPublicKey();
        key1 = new String(Base64.encode(pk1.getEncoded()));
        key2 = new String(Base64.encode(pk2.getEncoded()));
        // A plain request using new CAs key can not have the same keys
        assertFalse(key1.equals(key2));
        // After this (new keys activated but no cert response received) status
        // should be waiting...
        info = caAdminSession.getCAInfo(admin, getTestCAId());
        assertEquals(SecConst.CA_WAITING_CERTIFICATE_RESPONSE, info.getStatus());

        // To clean up after us so the active key is not out of sync with the
        // active certificate, we should simply renew the CA
        info.setStatus(SecConst.CA_ACTIVE);
        caAdminSession.editCA(admin, info); // need active status in order
        // to do renew
        caAdminSession.renewCA(admin, getTestCAId(), "foo123", false);
    } // test13RenewCA
View Full Code Here


    public void test14RevokeCA() throws Exception {
        final String caname = "TestRevokeCA";
        removeTestCA(caname);
        createTestCA(caname);
        CAInfo info = caAdminSession.getCAInfo(admin, caname);
        assertEquals(SecConst.CA_ACTIVE, info.getStatus());
        assertEquals(RevokedCertInfo.NOT_REVOKED, info.getRevocationReason());
        assertNull(info.getRevocationDate());

        // Revoke the CA
        caAdminSession.revokeCA(admin, info.getCAId(), RevokedCertInfo.REVOCATION_REASON_CACOMPROMISE);
        info = caAdminSession.getCAInfo(admin, caname);
        assertEquals(SecConst.CA_REVOKED, info.getStatus());
        assertEquals(RevokedCertInfo.REVOCATION_REASON_CACOMPROMISE, info.getRevocationReason());
        assertTrue(info.getRevocationDate().getTime() > 0);
    } // test14RevokeCA
View Full Code Here

        certs.add(cert);

        try {
          // Import the CA certificate
          caAdminSession.importCACertificate(admin, caname, certs);
          CAInfo info = caAdminSession.getCAInfo(admin, caname);
          // The CA must not get stats SecConst.CA_EXPIRED when it is an external CA
          assertEquals(SecConst.CA_EXTERNAL, info.getStatus());
        } finally {
          removeOldCa(caname); // for the test         
        }
    } // test15ExternalExpiredCA
View Full Code Here

          assertTrue("Was able to create CA with reserved CA Id.", false);
        } catch (CAExistsException e) {
          // Expected
        }
        // Try to create a CA where the CA Id already exists (but not the name)
        CAInfo caInfoTest = caAdminSession.getCAInfo(admin, "TEST");
        setPrivateFieldInSuper(cainfo, "caid", caInfoTest.getCAId());
        try {
          caAdminSession.createCA(admin, cainfo);
          assertTrue("Was able to create CA with CA Id of already existing CA.", false);
        } catch (CAExistsException e) {
          // Expected
View Full Code Here

        log.trace("<test16InvalidCreateCaActions()");
    }

    public void test17InvalidEditCaActions() throws Exception {
        log.trace(">test17InvalidEditCaActions()");
        CAInfo caInfoTest = caAdminSession.getCAInfo(admin, "TEST");
        // Try to edit the CA as an unprivileged user
        try {
            caAdminSession.editCA(new Admin(Admin.TYPE_PUBLIC_WEB_USER), caInfoTest);
          assertTrue("Was able to edit CA as unprivileged user.", false);
        } catch (AuthorizationDeniedException e) {
          // Expected
        }
        // Try to edit the CA with 'null' authentication code
        CATokenInfo caTokenInfoTest = caInfoTest.getCATokenInfo();
        caTokenInfoTest.setAuthenticationCode(null);
        caInfoTest.setCATokenInfo(caTokenInfoTest);
        try {
            caAdminSession.editCA(new Admin(Admin.TYPE_PUBLIC_WEB_USER), caInfoTest);
          assertTrue("Was able to edit CA with null authentication code.", false);
        } catch (AuthorizationDeniedException e) {
          // Expected
        }
        // Try to edit the CA with wrong authentication code
        caInfoTest.getCATokenInfo().setAuthenticationCode("wrong code");
        caInfoTest.setCATokenInfo(caTokenInfoTest);
        try {
            caAdminSession.editCA(new Admin(Admin.TYPE_PUBLIC_WEB_USER), caInfoTest);
          assertTrue("Was able to edit CA with null authentication code.", false);
        } catch (AuthorizationDeniedException e) {
          // Expected
View Full Code Here

        } catch (CADoesntExistsException ignored) {
          // OK
        }
        // Try to get CAInfo pretending to be an privileged user using remote EJB
        try {
            CAInfo info = caAdminSession.getCAInfoOrThrowException(new Admin(Admin.TYPE_INTERNALUSER), "TEST");
            System.out.println("info: " + info);
            fail("Was able to get CA info from remote EJB/CLI pretending to be INTERNALUSER");
        } catch (CADoesntExistsException ignored) {
          // OK
        }
View Full Code Here

        log.trace("<test20BadCaReceiveResponse()");
    }

    public void test21UnprivilegedCaProcessRequest() throws Exception {
        log.trace(">test21UnprivilegedCaProcessRequest()");
        CAInfo caInfo = caAdminSession.getCAInfo(admin, "TEST");
        try {
            // Try to process a request for a CA with an unprivileged user.
            caAdminSession.processRequest(new Admin(Admin.TYPE_PUBLIC_WEB_USER), caInfo, null);
          assertTrue("Was able to process request to CA as unprivileged user.", false);
        } catch (AuthorizationDeniedException e) {
View Full Code Here

        // batch..
        assertTrue("Could not create TestCA.", createTestCA());
        inforsa = caAdminSession.getCAInfo(admin, "TEST");
        assertTrue("No active RSA CA! Must have at least one active CA to run tests!", inforsa != null);
        rsacaid = inforsa.getCAId();
        CAInfo inforsareverse = caAdminSession.getCAInfo(admin, "TESTRSAREVERSE");
        assertTrue("No active RSA Reverse CA! Must have at least one active reverse CA to run tests!", inforsareverse != null);
        rsareversecaid = inforsareverse.getCAId();
        CAInfo infoecdsa = caAdminSession.getCAInfo(admin, "TESTECDSA");
        assertTrue("No active ECDSA CA! Must have at least one active CA to run tests!", infoecdsa != null);
        ecdsacaid = infoecdsa.getCAId();
        CAInfo infoecdsaimplicitlyca = caAdminSession.getCAInfo(admin, "TESTECDSAImplicitlyCA");
        assertTrue("No active ECDSA ImplicitlyCA CA! Must have at least one active CA to run tests!", infoecdsaimplicitlyca != null);
        ecdsaimplicitlycacaid = infoecdsaimplicitlyca.getCAId();
        CAInfo inforsamgf1ca = caAdminSession.getCAInfo(admin, "TESTSha256WithMGF1");
        assertTrue("No active RSA MGF1 CA! Must have at least one active CA to run tests!", inforsamgf1ca != null);
        rsamgf1cacaid = inforsamgf1ca.getCAId();
        CAInfo infocvcca = caAdminSession.getCAInfo(admin, "TESTDV-D");
        assertTrue("No active CVC CA! Must have at least one active CA to run tests!", infocvcca != null);
        cvccaid = infocvcca.getCAId();
        CAInfo infocvccaec = caAdminSession.getCAInfo(admin, "TESTDVECC-D");
        assertTrue("No active CVC EC CA! Must have at least one active CA to run tests!", infocvccaec != null);
        cvccaecid = infocvccaec.getCAId();
        CAInfo infodsa = caAdminSession.getCAInfo(admin, "TESTDSA");
        assertTrue("No active DSA CA! Must have at least one active CA to run tests!", infodsa != null);
        dsacaid = infodsa.getCAId();
        Collection<Certificate> coll = inforsa.getCertificateChain();
        Object[] objs = coll.toArray();
        rsacacert = (X509Certificate) objs[0];
        coll = inforsareverse.getCertificateChain();
        objs = coll.toArray();
        rsarevcacert = (X509Certificate) objs[0];
        coll = infoecdsa.getCertificateChain();
        objs = coll.toArray();
        ecdsacacert = (X509Certificate) objs[0];
        coll = infoecdsaimplicitlyca.getCertificateChain();
        objs = coll.toArray();
        ecdsaimplicitlycacacert = (X509Certificate) objs[0];
        coll = inforsamgf1ca.getCertificateChain();
        objs = coll.toArray();
        rsamgf1cacacert = (X509Certificate) objs[0];
        coll = infocvcca.getCertificateChain();
        objs = coll.toArray();
        cvccacert = (Certificate) objs[0];
        coll = infocvccaec.getCertificateChain();
        objs = coll.toArray();
        cvcdveccert = (Certificate) objs[0];
        cvcaeccert = (Certificate) objs[1];
        coll = infodsa.getCertificateChain();
        objs = coll.toArray();
        dsacacert = (X509Certificate) objs[0];
    }
View Full Code Here

        // user that we know exists...
        userAdminSession.setUserStatus(admin, "foo", UserDataConstants.STATUS_NEW);
        X509Certificate cert = (X509Certificate) signSession.createCertificate(admin, "foo", "foo123", rsakeys.getPublic());
        assertNotNull("Failed to create certificate", cert);
        // Set CA to offline
        CAInfo inforsa = caAdminSession.getCAInfo(admin, rsacaid);
        inforsa.setStatus(SecConst.CA_OFFLINE);
        caAdminSession.editCA(admin, inforsa);

        userAdminSession.setUserStatus(admin, "foo", UserDataConstants.STATUS_NEW);
        boolean thrown = false;
        try {
            cert = (X509Certificate) signSession.createCertificate(admin, "foo", "foo123", rsakeys.getPublic());
        } catch (Exception e) {
            thrown = true;
        }
        assertTrue(thrown);

        inforsa.setStatus(SecConst.CA_ACTIVE);
        caAdminSession.editCA(admin, inforsa);
    }
View Full Code Here

    } // test31TestProfileSignatureAlgorithm

    public void test32TestCertReqHistory() throws Exception {

        // Configure CA not to store certreq history
        CAInfo cainfo = caAdminSession.getCAInfo(admin, rsacaid);
        cainfo.setUseCertReqHistory(true);
        cainfo.setDoEnforceUniquePublicKeys(false);
        caAdminSession.editCA(admin, cainfo);

        // New random username and create cert
        String username = genRandomUserName();
        userAdminSession.addUser(admin, username, "foo123", "C=SE,O=AnaTom,CN=" + username, null, "foo@anatom.se", false, SecConst.EMPTY_ENDENTITYPROFILE,
                SecConst.CERTPROFILE_FIXED_ENDUSER, SecConst.USER_ENDUSER, SecConst.TOKEN_SOFT_PEM, 0, rsacaid);
        X509Certificate cert = (X509Certificate) signSession.createCertificate(admin, username, "foo123", rsakeys.getPublic());
        assertNotNull("Failed to create certificate", cert);

        // Check that certreq history was created
        List history = certificateStoreSession.getCertReqHistory(admin, username);
        assertEquals(1, history.size());

        userAdminSession.deleteUser(admin, username);

        // Configure CA not to store certreq history
        cainfo.setUseCertReqHistory(false);
        caAdminSession.editCA(admin, cainfo);
        // New random username and create cert
        username = genRandomUserName();
        userAdminSession.addUser(admin, username, "foo123", "C=SE,O=AnaTom,CN=" + username, null, "foo@anatom.se", false, SecConst.EMPTY_ENDENTITYPROFILE,
                SecConst.CERTPROFILE_FIXED_ENDUSER, SecConst.USER_ENDUSER, SecConst.TOKEN_SOFT_PEM, 0, rsacaid);
        cert = (X509Certificate) signSession.createCertificate(admin, username, "foo123", rsakeys.getPublic());
        assertNotNull("Failed to create certificate", cert);

        // Check that certreq history was not created
        history = certificateStoreSession.getCertReqHistory(admin, username);
        assertEquals(0, history.size());

        userAdminSession.deleteUser(admin, username);

        // Reset CA info
        cainfo.setUseCertReqHistory(true);
        caAdminSession.editCA(admin, cainfo);
    } // test32TestCertReqHistory
View Full Code Here

TOP

Related Classes of org.ejbca.core.model.ca.caadmin.CAInfo

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.