testsignsession.java

一套JAVA的CA证书签发系统.

            userExists = true;
        }

        if (userExists) {
            log.debug("User foo already exists.");

            UserDataPK pk = new UserDataPK("foo");
            UserDataRemote data = userhome.findByPrimaryKey(pk);
            data.setStatus(UserDataRemote.STATUS_NEW);
            log.debug("Reset status to NEW");
        }

        log.debug("<test01CreateNewUser()");
    }

    /**
     * creates cert
     *
     * @throws Exception if en error occurs...
     */
    public void test02SignSession() throws Exception {
        log.debug(">test02SignSession()");
        keys = genKeys();

        // user that we know exists...
        X509Certificate cert = (X509Certificate) remote.createCertificate(admin, "foo", "foo123", keys.getPublic());
        assertNotNull("Misslyckades skapa cert", cert);
        log.debug("Cert=" + cert.toString());

        //FileOutputStream fos = new FileOutputStream("testcert.crt");
        //fos.write(cert.getEncoded());
        //fos.close();
        log.debug("<test02SignSession()");
    }

    /**
     * tests bouncy PKCS10
     *
     * @throws Exception if en error occurs...
     */
    public void test03TestBCPKCS10() throws Exception {
        log.debug(">test03TestBCPKCS10()");

        UserDataPK pk = new UserDataPK("foo");
        UserDataRemote data = userhome.findByPrimaryKey(pk);
        data.setStatus(UserDataRemote.STATUS_NEW);
        log.debug("Reset status of 'foo' to NEW");

        // Create certificate request
        PKCS10CertificationRequest req = new PKCS10CertificationRequest("SHA1WithRSA",
                CertTools.stringToBcX509Name("C=SE, O=AnaTom, CN=foo"), keys.getPublic(), null,
                keys.getPrivate());
        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
        DEROutputStream dOut = new DEROutputStream(bOut);
        dOut.writeObject(req);
        dOut.close();

        PKCS10CertificationRequest req2 = new PKCS10CertificationRequest(bOut.toByteArray());
        boolean verify = req2.verify();
        log.debug("Verify returned " + verify);

        if (verify == false) {
            log.debug("Aborting!");

            return;
        }

        log.debug("CertificationRequest generated successfully.");

        byte[] bcp10 = bOut.toByteArray();
        PKCS10RequestMessage p10 = new PKCS10RequestMessage(bcp10);
        p10.setUsername("foo");
        p10.setPassword("foo123");
        IResponseMessage resp = remote.createCertificate(admin, 
            p10, Class.forName("se.anatom.ejbca.protocol.X509ResponseMessage"));
        X509Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        assertNotNull("Failed to create certificate", cert);
        log.debug("Cert=" + cert.toString());
        log.debug("<test03TestBCPKCS10()");
    }

    /**
     * tests keytool pkcs10
     *
     * @throws Exception if en error occurs...
     */
    public void test04TestKeytoolPKCS10() throws Exception {
        log.debug(">test04TestKeytoolPKCS10()");

        UserDataPK pk = new UserDataPK("foo");
        UserDataRemote data = userhome.findByPrimaryKey(pk);
        data.setStatus(UserDataRemote.STATUS_NEW);
        log.debug("Reset status of 'foo' to NEW");

        PKCS10RequestMessage p10 = new PKCS10RequestMessage(keytoolp10);
        p10.setUsername("foo");
        p10.setPassword("foo123");
        IResponseMessage resp = remote.createCertificate(admin, 
            p10, Class.forName("se.anatom.ejbca.protocol.X509ResponseMessage"));
        X509Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        assertNotNull("Failed to create certificate", cert);
        log.debug("Cert=" + cert.toString());
        log.debug("<test04TestKeytoolPKCS10()");
    }

    /**
     * tests ie pkcs10
     *
     * @throws Exception if en error occurs...
     */
    public void test05TestIEPKCS10() throws Exception {
        log.debug(">test05TestIEPKCS10()");

        UserDataPK pk = new UserDataPK("foo");
        UserDataRemote data = userhome.findByPrimaryKey(pk);
        data.setStatus(UserDataRemote.STATUS_NEW);
        log.debug("Reset status of 'foo' to NEW");

        PKCS10RequestMessage p10 = new PKCS10RequestMessage(iep10);
        p10.setUsername("foo");
        p10.setPassword("foo123");
        IResponseMessage resp = remote.createCertificate(admin, 
            p10, Class.forName("se.anatom.ejbca.protocol.X509ResponseMessage"));
        X509Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        assertNotNull("Failed to create certificate", cert);
        log.debug("Cert=" + cert.toString());
        log.debug("<test05TestIEPKCS10()");
    }

    /**
     * test to set specific key usage
     *
     * @throws Exception if en error occurs...
     */
    public void test06KeyUsage() throws Exception {
        log.debug(">test06KeyUsage()");

        UserDataPK pk = new UserDataPK("foo");
        UserDataRemote data = userhome.findByPrimaryKey(pk);
        data.setStatus(UserDataRemote.STATUS_NEW);
        log.debug("Reset status of 'foo' to NEW");

        // Create an array for KeyUsage acoording to X509Certificate.getKeyUsage()
        boolean[] keyusage1 = new boolean[9];
        Arrays.fill(keyusage1, false);

        // digitalSignature
        keyusage1[0] = true;

        // keyEncipherment
        keyusage1[2] = true;

        X509Certificate cert = (X509Certificate) remote.createCertificate(admin, "foo", "foo123", keys.getPublic(), keyusage1);
        assertNotNull("Misslyckades skapa cert", cert);
        log.debug("Cert=" + cert.toString());

        boolean[] retKU = cert.getKeyUsage();
        assertTrue("Fel KeyUsage, digitalSignature finns ej!", retKU[0]);
        assertTrue("Fel KeyUsage, keyEncipherment finns ej!", retKU[2]);
        assertTrue("Fel KeyUsage, cRLSign finns!", !retKU[6]);

        pk = new UserDataPK("foo");
        data = userhome.findByPrimaryKey(pk);
        data.setStatus(UserDataRemote.STATUS_NEW);
        log.debug("Reset status of 'foo' to NEW");

        boolean[] keyusage2 = new boolean[9];
        Arrays.fill(keyusage2, false);

        // keyCertSign
        keyusage2[5] = true;

        // cRLSign
        keyusage2[6] = true;

        X509Certificate cert1 = (X509Certificate) remote.createCertificate(admin, "foo", "foo123", keys.getPublic(), keyusage2);
        assertNotNull("Misslyckades skapa cert", cert1);
        retKU = cert1.getKeyUsage();
        assertTrue("Fel KeyUsage, keyCertSign finns ej!", retKU[5]);
        assertTrue("Fel KeyUsage, cRLSign finns ej!", retKU[6]);
        assertTrue("Fel KeyUsage, digitalSignature finns!", !retKU[0]);

        log.debug("Cert=" + cert1.toString());
        log.debug("<test06KeyUsage()");
    }

    /**
     * test DSA keys instead of RSA
     *
     * @throws Exception if en error occurs...
     */
    public void test07DSAKey() throws Exception {
        log.debug(">test07DSAKey()");

        UserDataPK pk = new UserDataPK("foo");
        UserDataRemote data = userhome.findByPrimaryKey(pk);
        data.setStatus(UserDataRemote.STATUS_NEW);
        log.debug("Reset status of 'foo' to NEW");

        try {
            PKCS10RequestMessage p10 = new PKCS10RequestMessage(keytooldsa);
            p10.setUsername("foo");
            p10.setPassword("foo123");
            IResponseMessage resp = remote.createCertificate(admin, 
                p10, Class.forName("se.anatom.ejbca.protocol.X509ResponseMessage"));
            X509Certificate cert = CertTools.getCertfromByteArray(resp.getResponseMessage());
        } catch (Exception e) {
            // RSASignSession should throw an IllegalKeyException here.
            assertTrue("Expected IllegalKeyException: " + e.toString(),
                e instanceof IllegalKeyException);
        }

        log.debug("<test07DSAKey()");
    }

    /**
     * Tests international characters
     *
     * @throws Exception if en error occurs...
     */
    public void test08SwedeChars() throws Exception {
        log.debug(">test08SwedeChars()");
        // Make user that we know...
        boolean userExists = false;
        try {
            UserDataRemote createdata = userhome.create("swede", "foo123", "C=SE, O=拍