byte[] request = caAdminSession.makeRequest(admin, dvdcainfo.getCAId(), cachain, true, false, true, "foo123");
CVCObject obj = CertificateParser.parseCVCObject(request);
// We should have created an authenticated request signed by the old
// certificate
CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest) obj;
CVCertificate reqcert = authreq.getRequest();
assertEquals("SETDVEC-D00002", reqcert.getCertificateBody().getHolderReference().getConcatenated());
// This request is made from the DV targeted for the DV, so the old DV
// certificate will be the holder ref.
// Normally you would target an external CA, and thus send in it's
// cachain. The caRef would be the external CAs holderRef.
assertEquals("SETDVEC-D00001", reqcert.getCertificateBody().getAuthorityReference().getConcatenated());
// Get the DVs certificate request signed by the CVCA
byte[] authrequest = caAdminSession.signRequest(admin, cvcainfo.getCAId(), request, false, false);
CVCObject parsedObject = CertificateParser.parseCVCObject(authrequest);
authreq = (CVCAuthenticatedRequest) parsedObject;
assertEquals("SETDVEC-D00002", authreq.getRequest().getCertificateBody().getHolderReference().getConcatenated());
assertEquals("SETDVEC-D00001", authreq.getRequest().getCertificateBody().getAuthorityReference().getConcatenated());
assertEquals("SETCVCAEC00001", authreq.getAuthorityReference().getConcatenated());
// Get the DVs certificate request signed by the CVCA creating a link
// certificate.
// Passing in a request without authrole should return a regular
// authenticated request though.
authrequest = caAdminSession.signRequest(admin, cvcainfo.getCAId(), request, false, true);
parsedObject = CertificateParser.parseCVCObject(authrequest);
authreq = (CVCAuthenticatedRequest) parsedObject;
// Pass in a certificate instead
CardVerifiableCertificate dvdcert = (CardVerifiableCertificate) cachain.iterator().next();
authrequest = caAdminSession.signRequest(admin, cvcainfo.getCAId(), dvdcert.getEncoded(), false, true);
parsedObject = CertificateParser.parseCVCObject(authrequest);
CVCertificate linkcert = (CVCertificate) parsedObject;
assertEquals("SETCVCAEC00001", linkcert.getCertificateBody().getAuthorityReference().getConcatenated());
assertEquals("SETDVEC-D00001", linkcert.getCertificateBody().getHolderReference().getConcatenated());
// Renew again but regenerate keys this time to make sure sequence is
// updated
caid = dvdcainfo.getCAId();
caAdminSession.renewCA(admin, caid, "foo123", true);
dvdcainfo = caAdminSession.getCAInfo(admin, dvdcaname);
assertEquals(CAInfo.CATYPE_CVC, dvdcainfo.getCAType());
cert = (Certificate) dvdcainfo.getCertificateChain().iterator().next();
assertEquals("CVC", cert.getType());
assertEquals(CertTools.getSubjectDN(cert), dvddn);
assertEquals(CertTools.getIssuerDN(cert), rootcadn);
assertEquals(dvdcainfo.getSubjectDN(), dvddn);
cvcert = (CardVerifiableCertificate) cert;
role = cvcert.getCVCertificate().getCertificateBody().getAuthorizationTemplate().getAuthorizationField().getRole().name();
assertEquals("DV_D", role);
String holderRef = cvcert.getCVCertificate().getCertificateBody().getHolderReference().getConcatenated();
// Sequence must have been updated with 1
assertEquals("SETDVEC-D00003", holderRef);
// Make a certificate request from a CVCA
cachain = cvcainfo.getCertificateChain();
assertEquals(1, cachain.size());
Certificate cert1 = (Certificate) cachain.iterator().next();
CardVerifiableCertificate cvcert1 = (CardVerifiableCertificate) cert1;
assertEquals("SETCVCAEC00001", cvcert1.getCVCertificate().getCertificateBody().getHolderReference().getConcatenated());
request = caAdminSession.makeRequest(admin, cvcainfo.getCAId(), cachain, false, false, false, null);
obj = CertificateParser.parseCVCObject(request);
// We should have created an un-authenticated request, because there
// does not exist any old key
CVCertificate cvcertreq = (CVCertificate) obj;
assertEquals("SETCVCAEC00001", cvcertreq.getCertificateBody().getHolderReference().getConcatenated());
assertEquals("SETCVCAEC00001", cvcertreq.getCertificateBody().getAuthorityReference().getConcatenated());
// Renew the CVCA, generating new keys
caAdminSession.renewCA(admin, cvcainfo.getCAId(), "foo123", true);
// Make a certificate request from a CVCA again
cvcainfo = caAdminSession.getCAInfo(admin, rootcaname);
cachain = cvcainfo.getCertificateChain();
assertEquals(1, cachain.size());
Certificate cert2 = (Certificate) cachain.iterator().next();
CardVerifiableCertificate cvcert2 = (CardVerifiableCertificate) cert2;
assertEquals("SETCVCAEC00002", cvcert2.getCVCertificate().getCertificateBody().getHolderReference().getConcatenated());
request = caAdminSession.makeRequest(admin, cvcainfo.getCAId(), cachain, false, false, false, null);
obj = CertificateParser.parseCVCObject(request);
// We should have created an authenticated request signed by the old
// certificate
CVCAuthenticatedRequest authreq1 = (CVCAuthenticatedRequest) obj;
CVCertificate reqcert1 = authreq1.getRequest();
assertEquals("SETCVCAEC00002", reqcert1.getCertificateBody().getHolderReference().getConcatenated());
assertEquals("SETCVCAEC00002", reqcert1.getCertificateBody().getAuthorityReference().getConcatenated());
} // test10AddCVCCAECC