// Generate a certificate request from the CA and send to the TEST
// CA
byte[] request = caAdminSession.makeRequest(admin, info.getCAId(), rootcacertchain, false, false, false, null);
info = caAdminSession.getCAInfo(admin, "TESTSIGNEDBYEXTERNAL");
assertEquals(SecConst.CA_WAITING_CERTIFICATE_RESPONSE, info.getStatus());
PKCS10RequestMessage msg = new PKCS10RequestMessage(request);
assertEquals("CN=TESTSIGNEDBYEXTERNAL", msg.getRequestDN());
// Receive the certificate request on the TEST CA
info.setSignedBy("CN=TEST".hashCode());
IResponseMessage resp = caAdminSession.processRequest(admin, info, msg);
// Receive the signed certificate back on our SubCA
caAdminSession.receiveResponse(admin, info.getCAId(), resp, null, null);
// Check that the CA has the correct certificate chain now
info = caAdminSession.getCAInfo(admin, "TESTSIGNEDBYEXTERNAL");
assertEquals(SecConst.CA_ACTIVE, info.getStatus());
Iterator<Certificate> iter = info.getCertificateChain().iterator();
Certificate cert = iter.next();
String sigAlg = CertTools.getSignatureAlgorithm(cert);
assertEquals(AlgorithmConstants.SIGALG_SHA1_WITH_RSA, sigAlg);
assertTrue("Error in created ca certificate", CertTools.getSubjectDN(cert).equals("CN=TESTSIGNEDBYEXTERNAL"));
assertTrue("Error in created ca certificate", CertTools.getIssuerDN(cert).equals("CN=TEST"));
assertTrue("Creating CA failed", info.getSubjectDN().equals("CN=TESTSIGNEDBYEXTERNAL"));
PublicKey pk = cert.getPublicKey();
if (pk instanceof RSAPublicKey) {
RSAPublicKey rsapk = (RSAPublicKey) pk;
assertEquals(rsapk.getAlgorithm(), "RSA");
} else {
assertTrue("Public key is not EC", false);
}
cert = (X509Certificate) iter.next();
assertTrue("Error in root ca certificate", CertTools.getSubjectDN(cert).equals("CN=TEST"));
assertTrue("Error in root ca certificate", CertTools.getIssuerDN(cert).equals("CN=TEST"));
ret = true;
} catch (CAExistsException pee) {
log.info("CA exists: ", pee);
}
// Make a certificate request from the CA
Collection<Certificate> cachain = info.getCertificateChain();
byte[] request = caAdminSession.makeRequest(admin, info.getCAId(), cachain, false, false, false, null);
info = caAdminSession.getCAInfo(admin, "TESTSIGNEDBYEXTERNAL");
assertEquals(SecConst.CA_ACTIVE, info.getStatus()); // No new keys
// generated, still
// active
PKCS10RequestMessage msg = new PKCS10RequestMessage(request);
assertEquals("CN=TESTSIGNEDBYEXTERNAL", msg.getRequestDN());
assertTrue("Creating RSA CA (signed by external) failed", ret);
} // test10RSASignedByExternal