use of org.xipki.scep.client.ScepClient in project xipki by xipki.
the class CertPollCmd method execute0.
@Override
protected Object execute0() throws Exception {
CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile));
ScepClient client = getScepClient();
X509Certificate caCert = client.getAuthorityCertStore().getCaCert();
X500Name caSubject = X500Name.getInstance(caCert.getSubjectX500Principal().getEncoded());
EnrolmentResponse resp = client.scepCertPoll(getIdentityKey(), getIdentityCert(), csr, caSubject);
if (resp.isFailure()) {
throw new CmdFailure("server returned 'failure'");
}
if (resp.isPending()) {
throw new CmdFailure("server returned 'pending'");
}
List<X509Certificate> certs = resp.getCertificates();
if (certs == null || certs.isEmpty()) {
throw new CmdFailure("received no certficate from server");
}
saveVerbose("saved certificate to file", new File(outputFile), certs.get(0).getEncoded());
return null;
}
use of org.xipki.scep.client.ScepClient in project xipki by xipki.
the class GetCertCmd method execute0.
@Override
protected Object execute0() throws Exception {
ScepClient client = getScepClient();
BigInteger serial = toBigInt(serialNumber);
X509Certificate caCert = client.getAuthorityCertStore().getCaCert();
X500Name caSubject = X500Name.getInstance(caCert.getSubjectX500Principal().getEncoded());
List<X509Certificate> certs = client.scepGetCert(getIdentityKey(), getIdentityCert(), caSubject, serial);
if (certs == null || certs.isEmpty()) {
throw new CmdFailure("received no certficate from server");
}
saveVerbose("saved certificate to file", new File(outputFile), certs.get(0).getEncoded());
return null;
}
use of org.xipki.scep.client.ScepClient in project xipki by xipki.
the class AbstractCaTest method test.
@Test
public void test() throws Exception {
CaIdentifier caId = new CaIdentifier("http://localhost:" + port + "/scep/pkiclient.exe", null);
CaCertValidator caCertValidator = new PreprovisionedCaCertValidator(ScepUtil.toX509Cert(scepServer.getCaCert()));
ScepClient client = new ScepClient(caId, caCertValidator);
client.setUseInsecureAlgorithms(useInsecureAlgorithms());
client.refresh();
CaCaps expCaCaps = getExpectedCaCaps();
// CACaps
CaCaps caCaps = client.getCaCaps();
Assert.assertEquals("CACaps", expCaCaps, caCaps);
// CA certificate
Certificate expCaCert = scepServer.getCaCert();
X509Certificate caCert = client.getAuthorityCertStore().getCaCert();
if (!equals(expCaCert, caCert)) {
Assert.fail("Configured and received CA certificate not the same");
}
boolean withRa = isWithRa();
// RA
if (withRa) {
Certificate expRaCert = scepServer.getRaCert();
X509Certificate raSigCert = client.getAuthorityCertStore().getSignatureCert();
X509Certificate raEncCert = client.getAuthorityCertStore().getEncryptionCert();
Assert.assertEquals("RA certificate", raSigCert, raEncCert);
if (!equals(expRaCert, raSigCert)) {
Assert.fail("Configured and received RA certificate not the same");
}
}
// getNextCA
if (isWithNextCa()) {
AuthorityCertStore nextCa = client.scepNextCaCert();
Certificate expNextCaCert = scepServer.getNextCaCert();
X509Certificate nextCaCert = nextCa.getCaCert();
if (!equals(expNextCaCert, nextCaCert)) {
Assert.fail("Configured and received next CA certificate not the same");
}
if (withRa) {
Certificate expNextRaCert = scepServer.getNextRaCert();
X509Certificate nextRaSigCert = nextCa.getSignatureCert();
X509Certificate nextRaEncCert = nextCa.getEncryptionCert();
Assert.assertEquals("Next RA certificate", nextRaSigCert, nextRaEncCert);
if (!equals(expNextRaCert, nextRaSigCert)) {
Assert.fail("Configured and received next RA certificate not the same");
}
}
}
// enroll
CertificationRequest csr;
X509Certificate selfSignedCert;
X509Certificate enroledCert;
X500Name issuerName = X500Name.getInstance(caCert.getSubjectX500Principal().getEncoded());
PrivateKey privKey;
{
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA");
kpGen.initialize(2048);
KeyPair keypair = kpGen.generateKeyPair();
privKey = keypair.getPrivate();
SubjectPublicKeyInfo subjectPublicKeyInfo = ScepUtil.createSubjectPublicKeyInfo(keypair.getPublic());
X500Name subject = new X500Name("CN=EE1, OU=emulator, O=xipki.org, C=DE");
// first try without secret
PKCS10CertificationRequest p10Req = ScepUtil.generateRequest(privKey, subjectPublicKeyInfo, subject, null, null);
csr = p10Req.toASN1Structure();
selfSignedCert = ScepUtil.generateSelfsignedCert(p10Req.toASN1Structure(), privKey);
EnrolmentResponse enrolResp = client.scepPkcsReq(p10Req.toASN1Structure(), privKey, selfSignedCert);
PkiStatus status = enrolResp.getPkcsRep().getPkiStatus();
Assert.assertEquals("PkiStatus without secret", PkiStatus.FAILURE, status);
// then try invalid secret
p10Req = ScepUtil.generateRequest(privKey, subjectPublicKeyInfo, subject, "invalid-" + secret, null);
csr = p10Req.toASN1Structure();
selfSignedCert = ScepUtil.generateSelfsignedCert(p10Req.toASN1Structure(), privKey);
enrolResp = client.scepPkcsReq(p10Req.toASN1Structure(), privKey, selfSignedCert);
status = enrolResp.getPkcsRep().getPkiStatus();
Assert.assertEquals("PkiStatus with invalid secret", PkiStatus.FAILURE, status);
// try with valid secret
p10Req = ScepUtil.generateRequest(privKey, subjectPublicKeyInfo, subject, secret, null);
csr = p10Req.toASN1Structure();
selfSignedCert = ScepUtil.generateSelfsignedCert(p10Req.toASN1Structure(), privKey);
enrolResp = client.scepPkcsReq(p10Req.toASN1Structure(), privKey, selfSignedCert);
List<X509Certificate> certs = enrolResp.getCertificates();
Assert.assertTrue("number of received certificates", certs.size() > 0);
X509Certificate cert = certs.get(0);
Assert.assertNotNull("enroled certificate", cert);
enroledCert = cert;
// try :: self-signed certificate's subject different from the one of CSR
p10Req = ScepUtil.generateRequest(privKey, subjectPublicKeyInfo, subject, secret, null);
csr = p10Req.toASN1Structure();
selfSignedCert = ScepUtil.generateSelfsignedCert(new X500Name("CN=dummy"), csr.getCertificationRequestInfo().getSubjectPublicKeyInfo(), privKey);
enrolResp = client.scepPkcsReq(p10Req.toASN1Structure(), privKey, selfSignedCert);
status = enrolResp.getPkcsRep().getPkiStatus();
Assert.assertEquals("PkiStatus with invalid secret", PkiStatus.FAILURE, status);
}
// certPoll
EnrolmentResponse enrolResp = client.scepCertPoll(privKey, selfSignedCert, csr, issuerName);
List<X509Certificate> certs = enrolResp.getCertificates();
Assert.assertTrue("number of received certificates", certs.size() > 0);
X509Certificate cert = certs.get(0);
Assert.assertNotNull("enrolled certificate", cert);
// getCert
certs = client.scepGetCert(privKey, selfSignedCert, issuerName, enroledCert.getSerialNumber());
Assert.assertTrue("number of received certificates", certs.size() > 0);
cert = certs.get(0);
Assert.assertNotNull("received certificate", cert);
// getCRL
X509CRL crl = client.scepGetCrl(privKey, enroledCert, issuerName, enroledCert.getSerialNumber());
Assert.assertNotNull("received CRL", crl);
// getNextCA
AuthorityCertStore nextCa = client.scepNextCaCert();
Assert.assertNotNull("nextCa", nextCa);
}
Aggregations