cachain.add(cvcacert.getEncoded());
// Create the request with WS API
request = ejbcaraws.caRenewCertRequest(caname, cachain, false, false, false, pwd);
// make the mandatory junit checks...
assertNotNull(request);
CVCRequestMessage cvcreq = RequestMessageUtils.genCVCRequestMessage(request);
assertNotNull(cvcreq);
assertEquals(dvinfo.getSubjectDN(), cvcreq.getRequestDN());
CVCObject obj = CertificateParser.parseCVCObject(request);
// System.out.println(obj.getAsText());
CVCertificate cert = (CVCertificate) obj;
assertEquals(cvcacert.getCVCertificate().getCertificateBody().getAuthorityReference().getConcatenated(), cert.getCertificateBody()
.getAuthorityReference().getConcatenated());
// Receive the response so the DV CA is activated
HolderReferenceField dvholderref = cert.getCertificateBody().getHolderReference();
CVCertificate dvretcert = CertificateGenerator.createTestCertificate(cert.getCertificateBody().getPublicKey(), cvcakeypair.getPrivate(), caRef,
dvholderref, signalg, AuthorizationRoleEnum.DV_D);
ejbcaraws.caCertResponse(caname, dvretcert.getDEREncoded(), cachain, pwd);
// Check that the cert was received and the CA activated
dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
assertEquals(SecConst.CA_ACTIVE, dvinfo.getStatus());
Collection<java.security.cert.Certificate> dvcerts = dvinfo.getCertificateChain();
assertEquals(2, dvcerts.size());
CardVerifiableCertificate dvcertactive = (CardVerifiableCertificate)dvcerts.iterator().next();
obj = CertificateParser.parseCVCObject(dvcertactive.getEncoded());
// System.out.println(obj.getAsText());
dvcertactive.verify(cvcakeypair.getPublic());
// Check to see that is really the same keypair
String pubk1 = new String(Base64.encode(dvcertactive.getPublicKey().getEncoded(), false));
String pubk2 = new String(Base64.encode(cert.getCertificateBody().getPublicKey().getEncoded(), false));
assertTrue(pubk1.compareTo(pubk2) == 0);
String sequence1 = dvcertactive.getCVCertificate().getCertificateBody().getHolderReference().getSequence();
/*
* Second test is to renew a CA signed by an external CA *with renewing
* the keys*, and activating them. This creates a new key pair and a
* certificate request. Status is set to
* "waiting for certificate response" because the new keys can not be
* used until we have receive a certificate.
*/
// Now we want to renew a DVCA signed by an external CVCA, generating
// new keys
// Create the request with WS API, cachain is our CVCA cert from
// previously created CVCA, we use the previously created DV as well.
pwd = "foo123";
request = ejbcaraws.caRenewCertRequest(caname, cachain, true, false, true, pwd);
// make the mandatory junit checks...
assertNotNull(request);
cvcreq = RequestMessageUtils.genCVCRequestMessage(request);
assertNotNull(cvcreq);
assertEquals(dvinfo.getSubjectDN(), cvcreq.getRequestDN());
obj = CertificateParser.parseCVCObject(request);
// System.out.println(obj.getAsText());
// We should have created an authenticated request signed by the old
// certificate
CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest) obj;
assertEquals(dvcertactive.getCVCertificate().getCertificateBody().getHolderReference().getConcatenated(), authreq.getAuthorityReference()
.getConcatenated());
cert = authreq.getRequest();
// The request should be targeted for the CVCA, i.e. ca_ref in request should be the same as the CVCAs ref
assertEquals(cvcacert.getCVCertificate().getCertificateBody().getAuthorityReference().getConcatenated(), cert.getCertificateBody()
.getAuthorityReference().getConcatenated());
// Now test our WS API that it has set status to "WAITING_FOR_CERTIFICATE_RESPONSE"
dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
assertEquals(SecConst.CA_WAITING_CERTIFICATE_RESPONSE, dvinfo.getStatus());
assertEquals ("DV should not be available", ejbcaraws.getLastCAChain(caname).size (),0);
// Check to see that is really is a new keypair
pubk1 = new String(Base64.encode(dvcertactive.getPublicKey().getEncoded(), false));
pubk2 = new String(Base64.encode(cert.getCertificateBody().getPublicKey().getEncoded(), false));
assertTrue(pubk1.compareTo(pubk2) != 0);
// Receive the response so the DV CA is activated
dvholderref = cert.getCertificateBody().getHolderReference();
dvretcert = CertificateGenerator.createTestCertificate(cert.getCertificateBody().getPublicKey(), cvcakeypair.getPrivate(), caRef, dvholderref, signalg,
AuthorizationRoleEnum.DV_D);
ejbcaraws.caCertResponse(caname, dvretcert.getDEREncoded(), cachain, pwd);
// Check that the cert was received and the CA activated
dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
assertEquals(SecConst.CA_ACTIVE, dvinfo.getStatus());
dvcerts = dvinfo.getCertificateChain();
assertEquals(2, dvcerts.size());
dvcertactive = (CardVerifiableCertificate)dvcerts.iterator().next();
obj = CertificateParser.parseCVCObject(dvcertactive.getEncoded());
// System.out.println(obj.getAsText());
dvcertactive.verify(cvcakeypair.getPublic());
String sequence2 = dvcertactive.getCVCertificate().getCertificateBody().getHolderReference().getSequence();
int s1 = Integer.parseInt(sequence1);
int s2 = Integer.parseInt(sequence2);
assertEquals(s1 + 1, s2); // sequence in new certificate should be old
// sequence + 1
/*
* Third test is to renew a CA signed by an external CA *with renewing
* the keys* saying to *not* activate the key now. This creates a new
* key pair and a certificate request, but the new key pair is not used
* by the CA for issuing certificates. Status is not set to
* "waiting for certificate response" because the old keys can still be
* used until we have received a certificate and activated the new keys.
*/
request = ejbcaraws.caRenewCertRequest(caname, cachain, true, false, false, pwd);
// make the mandatory junit checks...
assertNotNull(request);
cvcreq = RequestMessageUtils.genCVCRequestMessage(request);
assertNotNull(request);
assertEquals(dvinfo.getSubjectDN(), cvcreq.getRequestDN());
obj = CertificateParser.parseCVCObject(request);
// System.out.println(obj.getAsText());
// We should have created an authenticated request signed by the old
// certificate
authreq = (CVCAuthenticatedRequest) obj;