Examples with SslCertVO com.cloud.network.dao.SslCertVO used on opensource projects

Example 1 with SslCertVO

use of com.cloud.network.dao.SslCertVO in project cloudstack by apache.

the class CertServiceImpl method uploadSslCert.

@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_LB_CERT_UPLOAD, eventDescription = "Uploading a certificate to cloudstack", async = false)
public SslCertResponse uploadSslCert(final UploadSslCertCmd certCmd) {
    Preconditions.checkNotNull(certCmd);
    final String cert = certCmd.getCert();
    final String key = certCmd.getKey();
    final String password = certCmd.getPassword();
    final String chain = certCmd.getChain();
    validate(cert, key, password, chain);
    s_logger.debug("Certificate Validation succeeded");
    final String fingerPrint = CertificateHelper.generateFingerPrint(parseCertificate(cert));
    final CallContext ctx = CallContext.current();
    final Account caller = ctx.getCallingAccount();
    Account owner = null;
    if (!Strings.isNullOrEmpty(certCmd.getAccountName()) && certCmd.getDomainId() != null || certCmd.getProjectId() != null) {
        owner = _accountMgr.finalizeOwner(caller, certCmd.getAccountName(), certCmd.getDomainId(), certCmd.getProjectId());
    } else {
        owner = caller;
    }
    final Long accountId = owner.getId();
    final Long domainId = owner.getDomainId();
    final SslCertVO certVO = new SslCertVO(cert, key, password, chain, accountId, domainId, fingerPrint);
    _sslCertDao.persist(certVO);
    return createCertResponse(certVO, null);
}

Example 2 with SslCertVO

use of com.cloud.network.dao.SslCertVO in project cloudstack by apache.

the class CertServiceImpl method deleteSslCert.

@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_LB_CERT_DELETE, eventDescription = "Deleting a certificate to cloudstack", async = false)
public void deleteSslCert(final DeleteSslCertCmd deleteSslCertCmd) {
    Preconditions.checkNotNull(deleteSslCertCmd);
    final CallContext ctx = CallContext.current();
    final Account caller = ctx.getCallingAccount();
    final Long certId = deleteSslCertCmd.getId();
    final SslCertVO certVO = _sslCertDao.findById(certId);
    if (certVO == null) {
        throw new InvalidParameterValueException("Invalid certificate id: " + certId);
    }
    _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, true, certVO);
    final List<LoadBalancerCertMapVO> lbCertRule = _lbCertDao.listByCertId(certId);
    if (lbCertRule != null && !lbCertRule.isEmpty()) {
        String lbUuids = "";
        for (final LoadBalancerCertMapVO rule : lbCertRule) {
            final LoadBalancerVO lb = _entityMgr.findById(LoadBalancerVO.class, rule.getLbId());
            lbUuids += " " + lb.getUuid();
        }
        throw new CloudRuntimeException("Certificate in use by a loadbalancer(s)" + lbUuids);
    }
    _sslCertDao.remove(certId);
}

Example 3 with SslCertVO

use of com.cloud.network.dao.SslCertVO in project cloudstack by apache.

the class CertServiceTest method runUploadSslCertExpiredCert.

@Test
public void runUploadSslCertExpiredCert() throws IOException, IllegalAccessException, NoSuchFieldException {
    // Reading appropritate files
    final String certFile = URLDecoder.decode(getClass().getResource("/certs/expired_cert.crt").getFile(), Charset.defaultCharset().name());
    final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(), Charset.defaultCharset().name());
    final String cert = readFileToString(new File(certFile));
    final String key = readFileToString(new File(keyFile));
    final CertServiceImpl certService = new CertServiceImpl();
    //setting mock objects
    certService._accountMgr = Mockito.mock(AccountManager.class);
    final Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
    when(certService._accountMgr.getAccount(Matchers.anyLong())).thenReturn(account);
    certService._domainDao = Mockito.mock(DomainDao.class);
    final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
    when(certService._domainDao.findByIdIncludingRemoved(Matchers.anyLong())).thenReturn(domain);
    certService._sslCertDao = Mockito.mock(SslCertDao.class);
    when(certService._sslCertDao.persist(Matchers.any(SslCertVO.class))).thenReturn(new SslCertVO());
    //creating the command
    final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
    final Class<?> klazz = uploadCmd.getClass().getSuperclass();
    final Field certField = klazz.getDeclaredField("cert");
    certField.setAccessible(true);
    certField.set(uploadCmd, cert);
    final Field keyField = klazz.getDeclaredField("key");
    keyField.setAccessible(true);
    keyField.set(uploadCmd, key);
    try {
        certService.uploadSslCert(uploadCmd);
        Assert.fail("Given an expired certificate, upload should fail");
    } catch (final Exception e) {
        System.out.println(e.getMessage());
        Assert.assertTrue(e.getMessage().contains("Parsing certificate/key failed: NotAfter:"));
    }
}

Example 4 with SslCertVO

use of com.cloud.network.dao.SslCertVO in project cloudstack by apache.

the class CertServiceTest method runUploadSslCertNotX509.

@Test
public void runUploadSslCertNotX509() throws IOException, IllegalAccessException, NoSuchFieldException {
    // Reading appropritate files
    final String certFile = URLDecoder.decode(getClass().getResource("/certs/non_x509_pem.crt").getFile(), Charset.defaultCharset().name());
    final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(), Charset.defaultCharset().name());
    final String cert = readFileToString(new File(certFile));
    final String key = readFileToString(new File(keyFile));
    final CertServiceImpl certService = new CertServiceImpl();
    //setting mock objects
    certService._accountMgr = Mockito.mock(AccountManager.class);
    final Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
    when(certService._accountMgr.getAccount(Matchers.anyLong())).thenReturn(account);
    certService._domainDao = Mockito.mock(DomainDao.class);
    final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
    when(certService._domainDao.findByIdIncludingRemoved(Matchers.anyLong())).thenReturn(domain);
    certService._sslCertDao = Mockito.mock(SslCertDao.class);
    when(certService._sslCertDao.persist(Matchers.any(SslCertVO.class))).thenReturn(new SslCertVO());
    //creating the command
    final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
    final Class<?> klazz = uploadCmd.getClass().getSuperclass();
    final Field certField = klazz.getDeclaredField("cert");
    certField.setAccessible(true);
    certField.set(uploadCmd, cert);
    final Field keyField = klazz.getDeclaredField("key");
    keyField.setAccessible(true);
    keyField.set(uploadCmd, key);
    try {
        certService.uploadSslCert(uploadCmd);
        Assert.fail("Given a Certificate which is not X509, upload should fail");
    } catch (final Exception e) {
        Assert.assertTrue(e.getMessage().contains("Expected X509 certificate"));
    }
}

Example 5 with SslCertVO

use of com.cloud.network.dao.SslCertVO in project cloudstack by apache.

the class CertServiceTest method runUploadSslCertNoRootCert.

@Test
public void runUploadSslCertNoRootCert() throws IOException, IllegalAccessException, NoSuchFieldException {
    Assume.assumeTrue(isOpenJdk() || isJCEInstalled());
    final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(), Charset.defaultCharset().name());
    final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(), Charset.defaultCharset().name());
    final String chainFile = URLDecoder.decode(getClass().getResource("/certs/non_root.crt").getFile(), Charset.defaultCharset().name());
    final String cert = readFileToString(new File(certFile));
    final String key = readFileToString(new File(keyFile));
    final String chain = readFileToString(new File(chainFile));
    final CertServiceImpl certService = new CertServiceImpl();
    //setting mock objects
    certService._accountMgr = Mockito.mock(AccountManager.class);
    final Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
    when(certService._accountMgr.getAccount(Matchers.anyLong())).thenReturn(account);
    certService._domainDao = Mockito.mock(DomainDao.class);
    final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
    when(certService._domainDao.findByIdIncludingRemoved(Matchers.anyLong())).thenReturn(domain);
    certService._sslCertDao = Mockito.mock(SslCertDao.class);
    when(certService._sslCertDao.persist(Matchers.any(SslCertVO.class))).thenReturn(new SslCertVO());
    //creating the command
    final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
    final Class<?> klazz = uploadCmd.getClass().getSuperclass();
    final Field certField = klazz.getDeclaredField("cert");
    certField.setAccessible(true);
    certField.set(uploadCmd, cert);
    final Field keyField = klazz.getDeclaredField("key");
    keyField.setAccessible(true);
    keyField.set(uploadCmd, key);
    final Field chainField = klazz.getDeclaredField("chain");
    chainField.setAccessible(true);
    chainField.set(uploadCmd, chain);
    try {
        certService.uploadSslCert(uploadCmd);
        Assert.fail("Chain is given but does not link to the certificate");
    } catch (final Exception e) {
        Assert.assertTrue(e.getMessage().contains("Invalid certificate chain"));
    }
}