Package org.ejbca.cvc

Examples of org.ejbca.cvc.CVCAuthenticatedRequest


          throw new AuthorizationDeniedException("User '"+username+"' is revoked.");
        }
        CVCObject parsedObject = CertificateParser.parseCVCObject(Base64.decode(cvcreq.getBytes()));
        if (parsedObject instanceof CVCAuthenticatedRequest) {
          log.debug("Received an authenticated request, could be an initial DV request signed by CVCA or a renewal for DV or IS.");
          CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest)parsedObject;
          CVCPublicKey cvcKey = authreq.getRequest().getCertificateBody().getPublicKey();
          String algorithm = AlgorithmUtil.getAlgorithmName(cvcKey.getObjectIdentifier());
          log.debug("Received request has a public key with algorithm: "+algorithm);
          HolderReferenceField holderRef = authreq.getRequest().getCertificateBody().getHolderReference();
          CAReferenceField caRef = authreq.getAuthorityReference();

          // Check to see that the inner signature does not also verify using an old certificate
          // because that means the same keys were used, and that is not allowed according to the EU policy
          // This must be done whether it is signed by CVCA or a renewal request
          Collection<java.security.cert.Certificate> oldcerts = certificateStoreSession.findCertificatesByUsername(admin, username);
          if (oldcerts != null) {
            log.debug("Found "+oldcerts.size()+" old certificates for user "+username);
            Iterator<java.security.cert.Certificate> iterator = oldcerts.iterator();
            while (iterator.hasNext()) {
              java.security.cert.Certificate cert = iterator.next();
              PublicKey pk = getCVPublicKey(admin, cert);
              CVCertificate innerreq = authreq.getRequest();
              checkInnerCollision(pk, innerreq, holderRef.getConcatenated()); // Throws AuthorizationDeniedException
            }
          }

          boolean verifiedOuter = false; // So we can throw an error if we could not verify
          if (StringUtils.equals(holderRef.getMnemonic(), caRef.getMnemonic()) && StringUtils.equals(holderRef.getCountry(), caRef.getCountry())) {
            log.debug("Authenticated request is self signed, we will try to verify it using user's old certificate.");
            Collection<java.security.cert.Certificate> certs = certificateStoreSession.findCertificatesByUsername(admin, username);
            // certs contains certificates ordered with last expire date first. Last expire date should be last issued cert
            // We have to iterate over available user certificates, because we don't know which on signed the old one
            // and cv certificates have very coarse grained validity periods so we can't really know which one is the latest one
            // if 2 certificates are issued the same day.
            if (certs != null) {
              log.debug("Found "+certs.size()+" old certificates for user "+username);
              Iterator<java.security.cert.Certificate> iterator = certs.iterator();
              while (iterator.hasNext()) {
                java.security.cert.Certificate cert = iterator.next();
                try {
                  // Only allow renewal if the old certificate is valid
                  PublicKey pk = getCVPublicKey(admin, cert);
                  if (log.isDebugEnabled()) {
                    log.debug("Trying to verify the outer signature with an old certificate, fp: "+CertTools.getFingerprintAsString(cert));                   
                  }
                  authreq.verify(pk);
                  log.debug("Verified outer signature");
                  // Yes we did it, we can move on to the next step because the outer signature was actually created with some old certificate
                  verifiedOuter = true;
                  if (ejbhelper.checkValidityAndSetUserPassword(admin, cert, username, password)) {
                    // If we managed to verify the certificate we will break out of the loop                 
                    break;
                  }
                 
                  // If verification of outer signature fails because the signature is invalid we will break and deny the request...with a message
                } catch (InvalidKeyException e) {
                  String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                  log.warn(msg, e);
                } catch (CertificateExpiredException e) { // thrown by checkValidityAndSetUserPassword
                  String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                  // Only log this with DEBUG since it will be a common case that happens, nothing that should cause any alerts
                  log.debug(msg);
                  // This exception we want to throw on, because we want to give this error if there was a certificate suitable for
                  // verification, but it had expired. This is thrown by checkValidityAndSetUserPassword after the request has already been
                  // verified using the public key of the certificate.
                  throw e;
                } catch (CertificateException e) {
                  String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                  log.warn(msg, e);
                } catch (NoSuchAlgorithmException e) {
                  String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                  log.info(msg, e);
                } catch (NoSuchProviderException e) {
                  String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                  log.warn(msg, e);
                } catch (SignatureException e) {
                  // Failing to verify the outer signature will be normal, since we must try all old certificates
                  if (log.isDebugEnabled()) {
                    String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                    log.debug(msg);                 
                  }
                }
              } // while (iterator.hasNext()) {
              // if verification failed because the old cert was not yet valid, continue processing as usual, using the sent in username/password hoping the
              // status is NEW and password is correct. If old certificate was expired a CertificateExpiredException is thrown above.

            } // if (certs != null) {
           
            // If there are no old certificate, continue processing as usual, using the sent in username/password hoping the
            // status is NEW and password is correct.
          } else { // if (StringUtils.equals(holderRef, caRef))
            // Subject and issuerDN is CN=Mnemonic,C=Country
            String dn = "CN="+caRef.getMnemonic()+",C="+caRef.getCountry();
            log.debug("Authenticated request is not self signed, we will try to verify it using a CVCA certificate: "+dn);
            CAInfo info = caAdminSession.getCAInfoOrThrowException(admin, CertTools.stringToBCDNString(dn).hashCode());
            if (info != null) {
              Collection<java.security.cert.Certificate> certs = info.getCertificateChain();
              if (certs != null) {
                log.debug("Found "+certs.size()+" certificates in chain for CA with DN: "+dn);             
                Iterator<java.security.cert.Certificate> iterator = certs.iterator();
                if (iterator.hasNext()) {
                  // The CA certificate is first in chain
                  java.security.cert.Certificate cert = iterator.next();
                  if (log.isDebugEnabled()) {
                    log.debug("Trying to verify the outer signature with a CVCA certificate, fp: "+CertTools.getFingerprintAsString(cert));                   
                  }
                  try {
                    // The CVCA certificate always contains the full key parameters, no need to du any EC curve parameter magic here
                    authreq.verify(cert.getPublicKey());
                    log.debug("Verified outer signature");
                    verifiedOuter = true;
                    // Yes we did it, we can move on to the next step because the outer signature was actually created with some old certificate
                    if (!ejbhelper.checkValidityAndSetUserPassword(admin, cert, username, password)) {
                      // If the CA certificate was not valid, we are not happy                 
View Full Code Here


        CVCObject parsedObject = CertificateParser.parseCVCObject(Base64.decode(req.getBytes()));
        // We will handle both the case if the request is an authenticated request, i.e. with an outer signature
        // and when the request is missing the (optional) outer signature.
        CVCertificate cvccert = null;
        if (parsedObject instanceof CVCAuthenticatedRequest) {
          CVCAuthenticatedRequest cvcreq = (CVCAuthenticatedRequest)parsedObject;
          cvccert = cvcreq.getRequest();
        } else {
          cvccert = (CVCertificate)parsedObject;
        }
        CVCRequestMessage reqmsg = new CVCRequestMessage(cvccert.getDEREncoded());
        reqmsg.setUsername(username);
View Full Code Here

        // Simple self signed request
        CVCertificate request = CertificateGenerator.createRequest(keyPair, signalg, caRef, holderRef);

        // A renew request with an outer signature created with the same keys as
        // the old one
        CVCAuthenticatedRequest authRequestSameKeys = CertificateGenerator.createAuthenticatedRequest(request, keyPair, signalg, caRef);

        // An renew request with an inner request with new keys and an outer
        // request with the same keys as in the last request
        CVCertificate request1 = CertificateGenerator.createRequest(keyPair1, signalg, caRef, holderRef);
        CVCAuthenticatedRequest authRequestRenew = CertificateGenerator.createAuthenticatedRequest(request1, keyPair, signalg, caRef);

        // A false renew request with new keys all over, both for inner ant
        // outer signatures
        CVCertificate request2 = CertificateGenerator.createRequest(keyPair2, signalg, caRef, holderRef);
        CVCAuthenticatedRequest authRequestRenewFalse = CertificateGenerator.createAuthenticatedRequest(request2, keyPair2, signalg, caRef);

        //
        // First test that we register a new user (like in admin GUI) and gets a
        // certificate for that. This should work fine.
        //

        // Edit our favorite test user
        UserDataVOWS user1 = new UserDataVOWS();
        user1.setUsername(username);
        user1.setPassword("foo123");
        user1.setClearPwd(true);
        user1.setSubjectDN("CN=" + username + ",C=SE");
        user1.setCaName(subcaname);
        user1.setStatus(UserDataVOWS.STATUS_NEW);
        user1.setTokenType(UserDataVOWS.TOKEN_TYPE_USERGENERATED);
        user1.setEndEntityProfileName("EMPTY");
        user1.setCertificateProfileName("ENDUSER");
        // editUser and set status to new
        ejbcaraws.editUser(user1);

        List<Certificate> certenv = ejbcaraws.cvcRequest(user1.getUsername(), user1.getPassword(), new String(Base64.encode(request.getDEREncoded())));

        assertNotNull(certenv);

        Certificate wscert = certenv.get(0);
        byte[] b64cert = wscert.getCertificateData();
        CVCObject parsedObject = CertificateParser.parseCertificate(Base64.decode(b64cert));
        CVCertificate cert = (CVCertificate) parsedObject;
        CardVerifiableCertificate cvcert = new CardVerifiableCertificate(cert);

        assertNotNull(cert);
        assertEquals("CN=" + username + ",C=SE", CertTools.getSubjectDN(cvcert));
        assertEquals("00111", CertTools.getSerialNumberAsString(cvcert));
        PublicKey pk = cvcert.getPublicKey();
        assertEquals("CVC", pk.getFormat());
        // Verify that we have the complete chain
        assertEquals(3, certenv.size());
        Certificate wsdvcert = certenv.get(1);
        Certificate wscvcacert = certenv.get(2);
        b64cert = wsdvcert.getCertificateData();
        parsedObject = CertificateParser.parseCertificate(Base64.decode(b64cert));
        CVCertificate dvcert = (CVCertificate) parsedObject;
        b64cert = wscvcacert.getCertificateData();
        assertTrue ("CVCA", Arrays.equals(wscvcacert.getRawCertificateData(), ca_path.get(1).getRawCertificateData()));
        assertTrue ("DVCA", Arrays.equals(wsdvcert.getRawCertificateData(), ca_path.get(0).getRawCertificateData()));
        parsedObject = CertificateParser.parseCertificate(Base64.decode(b64cert));
        CVCertificate cvcacert = (CVCertificate) parsedObject;
        assertEquals(AuthorizationRoleEnum.DV_D, dvcert.getCertificateBody().getAuthorizationTemplate().getAuthorizationField().getRole());
        assertEquals(AuthorizationRoleEnum.CVCA, cvcacert.getCertificateBody().getAuthorizationTemplate().getAuthorizationField().getRole());
        PublicKey cvcapubk = cvcacert.getCertificateBody().getPublicKey();
        PublicKey dvpubk = dvcert.getCertificateBody().getPublicKey();
        dvpubk = KeyTools.getECPublicKeyWithParams(dvpubk, cvcapubk);
        cvcert.verify(dvpubk);
        CardVerifiableCertificate dvjavacert = new CardVerifiableCertificate(dvcert);
        dvjavacert.verify(cvcapubk);

        //
        // Second test that we try to get a new certificate for this user
        // without outer (renewal) signature. This should fail.
        //
        boolean thrown = false;
        try {
            certenv = ejbcaraws.cvcRequest(user1.getUsername(), user1.getPassword(), new String(Base64.encode(request.getDEREncoded())));
        } catch (EjbcaException_Exception e) {
            thrown = true;
            String msg = e.getMessage();
            assertTrue(msg.contains("NEW, FAILED or INPROCESS required"));
        }
        assertTrue(thrown);

        //
        // Third test that we can not renew a certificate with the same keys as
        // the old request. This should fail.
        //
        thrown = false;
        try {
            certenv = ejbcaraws.cvcRequest(user1.getUsername(), user1.getPassword(), new String(Base64.encode(authRequestSameKeys.getDEREncoded())));
        } catch (AuthorizationDeniedException_Exception e) {
            thrown = true;
            String msg = e.getMessage();
            assertTrue(msg.contains("Trying to renew a certificate using the same key"));
        }
        assertTrue(thrown);

        //
        // Fourth test that we can renew a certificate using an outer signature
        // made with the old keys. This should succeed.
        //
        certenv = ejbcaraws.cvcRequest(user1.getUsername(), user1.getPassword(), new String(Base64.encode(authRequestRenew.getDEREncoded())));
        assertNotNull(certenv);
        wscert = certenv.get(0);
        b64cert = wscert.getCertificateData();
        parsedObject = CertificateParser.parseCertificate(Base64.decode(b64cert));
        cert = (CVCertificate) parsedObject;
        cvcert = new CardVerifiableCertificate(cert);
        assertNotNull(cert);
        assertEquals("CN=" + username + ",C=SE", CertTools.getSubjectDN(cvcert));
        assertEquals("00111", CertTools.getSerialNumberAsString(cvcert));

        //
        // Fifth test try to renew with an outer signature which is not by the
        // last issued cert (false renew request). This should fail.
        //
        thrown = false;
        try {
            certenv = ejbcaraws.cvcRequest(user1.getUsername(), user1.getPassword(), new String(Base64.encode(authRequestRenewFalse.getDEREncoded())));
        } catch (AuthorizationDeniedException_Exception e) {
            thrown = true;
            String msg = e.getMessage();
            assertTrue(msg.contains("No certificate found that could authenticate request"));
        }
View Full Code Here

        assertEquals(dvinfo.getSubjectDN(), cvcreq.getRequestDN());
        obj = CertificateParser.parseCVCObject(request);
        // System.out.println(obj.getAsText());
        // We should have created an authenticated request signed by the old
        // certificate
        CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest) obj;
        assertEquals(dvcertactive.getCVCertificate().getCertificateBody().getHolderReference().getConcatenated(), authreq.getAuthorityReference()
                .getConcatenated());
        cert = authreq.getRequest();
    // The request should be targeted for the CVCA, i.e. ca_ref in request should be the same as the CVCAs ref
        assertEquals(cvcacert.getCVCertificate().getCertificateBody().getAuthorityReference().getConcatenated(), cert.getCertificateBody()
                .getAuthorityReference().getConcatenated());
        // Now test our WS API that it has set status to "WAITING_FOR_CERTIFICATE_RESPONSE"
        dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
        assertEquals(SecConst.CA_WAITING_CERTIFICATE_RESPONSE, dvinfo.getStatus());
        assertEquals ("DV should not be available", ejbcaraws.getLastCAChain(caname).size (),0);
        // Check to see that is really is a new keypair
        pubk1 = new String(Base64.encode(dvcertactive.getPublicKey().getEncoded(), false));
        pubk2 = new String(Base64.encode(cert.getCertificateBody().getPublicKey().getEncoded(), false));
        assertTrue(pubk1.compareTo(pubk2) != 0);

        // Receive the response so the DV CA is activated
        dvholderref = cert.getCertificateBody().getHolderReference();
        dvretcert = CertificateGenerator.createTestCertificate(cert.getCertificateBody().getPublicKey(), cvcakeypair.getPrivate(), caRef, dvholderref, signalg,
                AuthorizationRoleEnum.DV_D);
        ejbcaraws.caCertResponse(caname, dvretcert.getDEREncoded(), cachain, pwd);
        // Check that the cert was received and the CA activated
        dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
        assertEquals(SecConst.CA_ACTIVE, dvinfo.getStatus());
        dvcerts = dvinfo.getCertificateChain();
        assertEquals(2, dvcerts.size());
        dvcertactive = (CardVerifiableCertificate)dvcerts.iterator().next();
        obj = CertificateParser.parseCVCObject(dvcertactive.getEncoded());
        // System.out.println(obj.getAsText());
        dvcertactive.verify(cvcakeypair.getPublic());
        String sequence2 = dvcertactive.getCVCertificate().getCertificateBody().getHolderReference().getSequence();
        int s1 = Integer.parseInt(sequence1);
        int s2 = Integer.parseInt(sequence2);
        assertEquals(s1 + 1, s2); // sequence in new certificate should be old
        // sequence + 1

        /*
         * Third test is to renew a CA signed by an external CA *with renewing
         * the keys* saying to *not* activate the key now. This creates a new
         * key pair and a certificate request, but the new key pair is not used
         * by the CA for issuing certificates. Status is not set to
         * "waiting for certificate response" because the old keys can still be
         * used until we have received a certificate and activated the new keys.
         */
        request = ejbcaraws.caRenewCertRequest(caname, cachain, true, false, false, pwd);
        // make the mandatory junit checks...
        assertNotNull(request);
        cvcreq = RequestMessageUtils.genCVCRequestMessage(request);
        assertNotNull(request);
        assertEquals(dvinfo.getSubjectDN(), cvcreq.getRequestDN());
        obj = CertificateParser.parseCVCObject(request);
        // System.out.println(obj.getAsText());
        // We should have created an authenticated request signed by the old
        // certificate
        authreq = (CVCAuthenticatedRequest) obj;
        assertEquals(dvcertactive.getCVCertificate().getCertificateBody().getHolderReference().getConcatenated(), authreq.getAuthorityReference()
                .getConcatenated());
        cert = authreq.getRequest();
        assertEquals(cvcacert.getCVCertificate().getCertificateBody().getAuthorityReference().getConcatenated(), cert.getCertificateBody()
                .getAuthorityReference().getConcatenated());
        String sequence3 = cert.getCertificateBody().getHolderReference().getSequence();
        int s3 = Integer.parseInt(sequence3);
        assertEquals(s2 + 1, s3); // sequence in new certificate request should
View Full Code Here

        CAInfo dvinfo = caAdminSessionRemote.getCAInfo(intAdmin, caname);
        assertEquals(dvinfo.getSubjectDN(), cvcreq.getRequestDN());
        CVCObject obj = CertificateParser.parseCVCObject(request);
        //System.out.println(obj.getAsText());
        // We should have created an authenticated request signed by the old certificate
    CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest)obj;
    CVCertificate cert = authreq.getRequest();
    // The request should be targeted for the CVCA, i.e. ca_ref in request should be the same as the CVCAs ref
    String cvcaref = cvcacert.getCVCertificate().getCertificateBody().getAuthorityReference().getConcatenated();
    String caref = cert.getCertificateBody().getAuthorityReference().getConcatenated();
    // In this first case however, we did not have any CVCA certificate, so the CA_ref will then simply be the DV's own ref
        assertEquals(caref, caref);
       
        // Now we have to import the CVCA certificate as an external CA, and do it again, then it should find the CVCA certificate
        Collection<java.security.cert.Certificate> cvcacerts = new ArrayList<java.security.cert.Certificate>();
        cvcacerts.add(cvcacert);
        caAdminSessionRemote.importCACertificate(intAdmin, "WSTESTCVCAIMPORTED", cvcacerts);
        request = ejbcaraws.caRenewCertRequest(caname, new ArrayList<byte[]>(), false, false, false, null);
        assertNotNull(request);
        obj = CertificateParser.parseCVCObject(request);
    authreq = (CVCAuthenticatedRequest)obj;
    cert = authreq.getRequest();
    // The request should be targeted for the CVCA, i.e. ca_ref in request should be the same as the CVCAs ref
    caref = cert.getCertificateBody().getAuthorityReference().getConcatenated();
        assertEquals(cvcaref, caref);
  } // caMakeRequestAndFindCA
View Full Code Here

                    // We will handle both the case if the request is an
                    // authenticated request, i.e. with an outer signature
                    // and when the request is missing the (optional) outer
                    // signature.
                    if (parsedObject instanceof CVCAuthenticatedRequest) {
                        CVCAuthenticatedRequest cvcreq = (CVCAuthenticatedRequest) parsedObject;
                        cvccert = cvcreq.getRequest();
                    } else {
                        cvccert = (CVCertificate) parsedObject;
                    }
                    HolderReferenceField chrf = cvccert.getCertificateBody().getHolderReference();
                    if (chrf != null) {
View Full Code Here

    int len = modulus.bitLength();
    assertEquals(1024, len);

    // Test verification of an authenticated request
    parsedObject = CertificateParser.parseCVCObject(cvcreqrenew);
    CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest)parsedObject;
    try {
      authreq.verify(pubKey);
    } catch (Exception e) {
      assertTrue(false);
    }   
    // Test verification of an authenticated request that fails
    parsedObject = CertificateParser.parseCVCObject(cvcreqrenew);
    authreq = (CVCAuthenticatedRequest)parsedObject;
    req = authreq.getRequest();
    try {
      authreq.verify(req.getCertificateBody().getPublicKey());
      assertTrue(false);
    } catch (Exception e) {
    }   
  }
View Full Code Here

              String c = authCert.getCertificateBody().getHolderReference().getCountry();
              String m = authCert.getCertificateBody().getHolderReference().getMnemonic();
              String s = authCert.getCertificateBody().getHolderReference().getSequence();
              authCaRef = new CAReferenceField(c, m, s);
            }
            CVCAuthenticatedRequest authRequest = CertificateGenerator.createAuthenticatedRequest(request, authKeyPair, signatureAlg, authCaRef);
            // Test to verify it yourself first
            if (authCert != null) {
              getPrintStream().println("Verifying the request before sending it...");
              PublicKey pk = KeyTools.getECPublicKeyWithParams(authCert.getCertificateBody().getPublicKey(), keySpec);
              authRequest.verify(pk);             
            }
            der = authRequest.getDEREncoded();           
          }
          cvcreq = new String(Base64.encode(der));
          // Print the generated request to file
          FileOutputStream fos = new FileOutputStream(basefilename+".cvreq");
          fos.write(der);
View Full Code Here

      getPrintStream().println("converting CV Certificate ("+inform+"): "+infile+" to "+outform);
      // Read file to a buffer and use the toString functions in the cvc-lib
      CVCObject parsedObject = getCVCObject(infile);
      byte[] bytes = null;
      if (parsedObject instanceof CVCAuthenticatedRequest) {
        CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest)parsedObject;
        bytes = authreq.getDEREncoded();
      } else {
        CVCertificate cert1 = (CVCertificate)parsedObject;
        CardVerifiableCertificate cvcert = new CardVerifiableCertificate(cert1);
        bytes = cvcert.getEncoded();
      }
View Full Code Here

        CVCObject obj = CertificateParser.parseCVCObject(request);
        // We should have created an authenticated request signed by the default
        // key, we intended to have it signed by the old key,
        // but since the CVCA is not renewed, and no old key exists, it will be
        // the "defaultKey", but we won't know the difference in this test.
        CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest) obj;
        CVCertificate reqcert = authreq.getRequest();
        assertEquals("SETESTCVCA00001", reqcert.getCertificateBody().getHolderReference().getConcatenated());
        assertEquals("SETESTCVCA00001", reqcert.getCertificateBody().getAuthorityReference().getConcatenated());

        // Make a certificate request from a DV, regenerating keys
        cachain = dvdcainfo.getCertificateChain();
        request = caAdminSession.makeRequest(admin, dvdcainfo.getCAId(), cachain, true, false, true, "foo123");
        obj = CertificateParser.parseCVCObject(request);
        // We should have created an authenticated request signed by the old
        // certificate
        authreq = (CVCAuthenticatedRequest) obj;
        reqcert = authreq.getRequest();
        assertEquals("SETESTDV-D00002", reqcert.getCertificateBody().getHolderReference().getConcatenated());
        // This request is made from the DV targeted for the DV, so the old DV
        // certificate will be the holder ref.
        // Normally you would target an external CA, and thus send in it's
        // cachain. The caRef would be the external CAs holderRef.
        assertEquals("SETESTDV-D00001", reqcert.getCertificateBody().getAuthorityReference().getConcatenated());

        // Get the DVs certificate request signed by the CVCA
        byte[] authrequest = caAdminSession.signRequest(admin, cvcainfo.getCAId(), request, false, false);
        CVCObject parsedObject = CertificateParser.parseCVCObject(authrequest);
        authreq = (CVCAuthenticatedRequest) parsedObject;
        assertEquals("SETESTDV-D00002", authreq.getRequest().getCertificateBody().getHolderReference().getConcatenated());
        assertEquals("SETESTDV-D00001", authreq.getRequest().getCertificateBody().getAuthorityReference().getConcatenated());
        assertEquals("SETESTCVCA00001", authreq.getAuthorityReference().getConcatenated());

        // Get the DVs certificate request signed by the CVCA creating a link
        // certificate.
        // Passing in a request without authrole should return a regular
        // authenticated request though.
View Full Code Here

TOP

Related Classes of org.ejbca.cvc.CVCAuthenticatedRequest

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.