ArrayList<ExtendedCAServiceInfo> extendedcaservices = new ArrayList<ExtendedCAServiceInfo>();
extendedcaservices.add(new OCSPCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE));
extendedcaservices.add(new XKMSCAServiceInfo(ExtendedCAServiceInfo.STATUS_INACTIVE, "CN=XKMSCertificate, " + "CN=TEST", "", "1024",
AlgorithmConstants.KEYALGORITHM_RSA));
X509CAInfo cainfo = new X509CAInfo("CN=TEST", "TEST", SecConst.CA_ACTIVE, new Date(), "", SecConst.CERTPROFILE_FIXED_ROOTCA, 3650, null, // Expiretime
CAInfo.CATYPE_X509, CAInfo.SELFSIGNED, (Collection<Certificate>) null, catokeninfo, "JUnit RSA CA", -1, null, null, // PolicyId
24, // CRLPeriod
0, // CRLIssueInterval
10, // CRLOverlapTime
10, // Delta CRL period
new ArrayList<Integer>(), true, // Authority Key Identifier
false, // Authority Key Identifier Critical
true, // CRL Number
false, // CRL Number Critical
null, // defaultcrldistpoint
null, // defaultcrlissuer
null, // defaultocsplocator
null, // defaultfreshestcrl
true, // Finish User
extendedcaservices, false, // use default utf8 settings
new ArrayList<Integer>(), // Approvals Settings
1, // Number of Req approvals
false, // Use UTF8 subject DN by default
true, // Use LDAP DN order by default
false, // Use CRL Distribution Point on CRL
false, // CRL Distribution Point on CRL critical
true, true, // isDoEnforceUniquePublicKeys
true, // isDoEnforceUniqueDistinguishedName
false, // isDoEnforceUniqueSubjectDNSerialnumber
true, // useCertReqHistory
true, // useUserStorage
true, // useCertificateStorage
null //cmpRaAuthSecret
);
caAdminSession.createCA(admin, cainfo);
CAInfo info = caAdminSession.getCAInfo(admin, "TEST");
rootcacertchain = info.getCertificateChain();
X509Certificate cert = (X509Certificate) rootcacertchain.iterator().next();
String sigAlg = CertTools.getSignatureAlgorithm(cert);
assertEquals(AlgorithmConstants.SIGALG_SHA1_WITH_RSA, sigAlg);
assertTrue("Error in created ca certificate", cert.getSubjectDN().toString().equals("CN=TEST"));
assertTrue("Creating CA failed", info.getSubjectDN().equals("CN=TEST"));
PublicKey pk = cert.getPublicKey();
if (pk instanceof RSAPublicKey) {
RSAPublicKey rsapk = (RSAPublicKey) pk;
assertEquals(rsapk.getAlgorithm(), "RSA");
} else {
assertTrue("Public key is not EC", false);
}
assertTrue("CA is not valid for the specified duration.", cert.getNotAfter().after(
new Date(new Date().getTime() + 10 * 364 * 24 * 60 * 60 * 1000L))
&& cert.getNotAfter().before(new Date(new Date().getTime() + 10 * 366 * 24 * 60 * 60 * 1000L)));
ret = true;
// Test to generate a certificate request from the CA
Collection<Certificate> cachain = info.getCertificateChain();
byte[] request = caAdminSession.makeRequest(admin, info.getCAId(), cachain, false, false, false, null);
PKCS10RequestMessage msg = new PKCS10RequestMessage(request);
assertEquals("CN=TEST", msg.getRequestDN());
// Check CMP RA secret, default value empty string
X509CAInfo xinfo = (X509CAInfo)info;
assertNotNull(xinfo.getCmpRaAuthSecret());
assertEquals("", xinfo.getCmpRaAuthSecret());
} catch (CAExistsException pee) {
log.info("CA exists.");
}
assertTrue("Creating RSA CA failed", ret);