Examples with SslCertVO com.cloud.network.dao.SslCertVO used on opensource projects

Example 6 with SslCertVO

use of com.cloud.network.dao.SslCertVO in project cloudstack by apache.

the class CertServiceTest method runUploadSslCertWithCAChain.

@Test
public /**
     * Given a certificate signed by a CA and a valid CA chain, upload should succeed
     */
void runUploadSslCertWithCAChain() throws Exception {
    Assume.assumeTrue(isOpenJdk() || isJCEInstalled());
    TransactionLegacy.open("runUploadSslCertWithCAChain");
    final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(), Charset.defaultCharset().name());
    final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(), Charset.defaultCharset().name());
    final String chainFile = URLDecoder.decode(getClass().getResource("/certs/root_chain.crt").getFile(), Charset.defaultCharset().name());
    final String cert = readFileToString(new File(certFile));
    final String key = readFileToString(new File(keyFile));
    final String chain = readFileToString(new File(chainFile));
    final CertServiceImpl certService = new CertServiceImpl();
    //setting mock objects
    certService._accountMgr = Mockito.mock(AccountManager.class);
    final Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
    when(certService._accountMgr.getAccount(Matchers.anyLong())).thenReturn(account);
    certService._domainDao = Mockito.mock(DomainDao.class);
    final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
    when(certService._domainDao.findByIdIncludingRemoved(Matchers.anyLong())).thenReturn(domain);
    certService._sslCertDao = Mockito.mock(SslCertDao.class);
    when(certService._sslCertDao.persist(Matchers.any(SslCertVO.class))).thenReturn(new SslCertVO());
    certService._accountDao = Mockito.mock(AccountDao.class);
    when(certService._accountDao.findByIdIncludingRemoved(Matchers.anyLong())).thenReturn((AccountVO) account);
    //creating the command
    final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
    final Class<?> klazz = uploadCmd.getClass().getSuperclass();
    final Field certField = klazz.getDeclaredField("cert");
    certField.setAccessible(true);
    certField.set(uploadCmd, cert);
    final Field keyField = klazz.getDeclaredField("key");
    keyField.setAccessible(true);
    keyField.set(uploadCmd, key);
    final Field chainField = klazz.getDeclaredField("chain");
    chainField.setAccessible(true);
    chainField.set(uploadCmd, chain);
    certService.uploadSslCert(uploadCmd);
}

Example 7 with SslCertVO

use of com.cloud.network.dao.SslCertVO in project cloudstack by apache.

the class LoadBalancingRulesManagerImpl method assignCertToLoadBalancer.

@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_LB_CERT_ASSIGN, eventDescription = "assigning certificate to load balancer", async = true)
public boolean assignCertToLoadBalancer(long lbRuleId, Long certId) {
    CallContext caller = CallContext.current();
    LoadBalancerVO loadBalancer = _lbDao.findById(Long.valueOf(lbRuleId));
    if (loadBalancer == null) {
        throw new InvalidParameterException("Invalid load balancer id: " + lbRuleId);
    }
    SslCertVO certVO = _entityMgr.findById(SslCertVO.class, certId);
    if (certVO == null) {
        throw new InvalidParameterException("Invalid certificate id: " + certId);
    }
    _accountMgr.checkAccess(caller.getCallingAccount(), null, true, loadBalancer);
    // check if LB and Cert belong to the same account
    if (loadBalancer.getAccountId() != certVO.getAccountId()) {
        throw new InvalidParameterValueException("Access denied for account " + certVO.getAccountId());
    }
    String capability = getLBCapability(loadBalancer.getNetworkId(), Capability.SslTermination.getName());
    if (capability == null) {
        throw new InvalidParameterValueException("Ssl termination not supported by the loadbalancer");
    }
    //check if the lb is already bound
    LoadBalancerCertMapVO certMapRule = _lbCertMapDao.findByLbRuleId(loadBalancer.getId());
    if (certMapRule != null)
        throw new InvalidParameterValueException("Another certificate is already bound to the LB");
    //check for correct port
    if (loadBalancer.getLbProtocol() == null || !(loadBalancer.getLbProtocol().equals(NetUtils.SSL_PROTO)))
        throw new InvalidParameterValueException("Bad LB protocol: Expected ssl got " + loadBalancer.getLbProtocol());
    boolean success = false;
    FirewallRule.State backupState = loadBalancer.getState();
    try {
        loadBalancer.setState(FirewallRule.State.Add);
        _lbDao.persist(loadBalancer);
        LoadBalancerCertMapVO certMap = new LoadBalancerCertMapVO(lbRuleId, certId, false);
        _lbCertMapDao.persist(certMap);
        applyLoadBalancerConfig(loadBalancer.getId());
        success = true;
    } catch (ResourceUnavailableException e) {
        if (isRollBackAllowedForProvider(loadBalancer)) {
            loadBalancer.setState(backupState);
            _lbDao.persist(loadBalancer);
            LoadBalancerCertMapVO certMap = _lbCertMapDao.findByLbRuleId(lbRuleId);
            _lbCertMapDao.remove(certMap.getId());
            s_logger.debug("LB Rollback rule id: " + loadBalancer.getId() + " while adding cert");
        }
        s_logger.warn("Unable to apply the load balancer config because resource is unavaliable.", e);
    }
    return success;
}

Example 8 with SslCertVO

use of com.cloud.network.dao.SslCertVO in project cloudstack by apache.

the class CertServiceTest method runUploadSslCertBadFormat.

@Test(expected = NullPointerException.class)
public void runUploadSslCertBadFormat() throws IOException, IllegalAccessException, NoSuchFieldException {
    // Reading appropritate files
    final String certFile = URLDecoder.decode(getClass().getResource("/certs/bad_format_cert.crt").getFile(), Charset.defaultCharset().name());
    final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(), Charset.defaultCharset().name());
    final String cert = readFileToString(new File(certFile));
    final String key = readFileToString(new File(keyFile));
    final CertServiceImpl certService = new CertServiceImpl();
    //setting mock objects
    certService._accountMgr = Mockito.mock(AccountManager.class);
    final Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
    when(certService._accountMgr.getAccount(Matchers.anyLong())).thenReturn(account);
    certService._domainDao = Mockito.mock(DomainDao.class);
    final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
    when(certService._domainDao.findByIdIncludingRemoved(Matchers.anyLong())).thenReturn(domain);
    certService._sslCertDao = Mockito.mock(SslCertDao.class);
    when(certService._sslCertDao.persist(Matchers.any(SslCertVO.class))).thenReturn(new SslCertVO());
    //creating the command
    final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
    final Class<?> klazz = uploadCmd.getClass().getSuperclass();
    final Field certField = klazz.getDeclaredField("cert");
    certField.setAccessible(true);
    certField.set(uploadCmd, cert);
    final Field keyField = klazz.getDeclaredField("key");
    keyField.setAccessible(true);
    keyField.set(uploadCmd, key);
    certService.uploadSslCert(uploadCmd);
    Assert.fail("Given a Certificate in bad format (Not PEM), upload should fail");
}

Example 9 with SslCertVO

use of com.cloud.network.dao.SslCertVO in project cloudstack by apache.

the class CertServiceTest method runUploadSslCertSelfSignedNoPassword.

@Test
public /**
     * Given a Self-signed Certificate with non-encrypted key, upload should succeed
     */
void runUploadSslCertSelfSignedNoPassword() throws Exception {
    TransactionLegacy.open("runUploadSslCertSelfSignedNoPassword");
    final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(), Charset.defaultCharset().name());
    final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(), Charset.defaultCharset().name());
    final String cert = readFileToString(new File(certFile));
    final String key = readFileToString(new File(keyFile));
    final CertServiceImpl certService = new CertServiceImpl();
    //setting mock objects
    certService._accountMgr = Mockito.mock(AccountManager.class);
    final Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
    when(certService._accountMgr.getAccount(Matchers.anyLong())).thenReturn(account);
    certService._domainDao = Mockito.mock(DomainDao.class);
    final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
    when(certService._domainDao.findByIdIncludingRemoved(Matchers.anyLong())).thenReturn(domain);
    certService._sslCertDao = Mockito.mock(SslCertDao.class);
    when(certService._sslCertDao.persist(Matchers.any(SslCertVO.class))).thenReturn(new SslCertVO());
    certService._accountDao = Mockito.mock(AccountDao.class);
    when(certService._accountDao.findByIdIncludingRemoved(Matchers.anyLong())).thenReturn((AccountVO) account);
    //creating the command
    UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
    final Class<?> klazz = uploadCmd.getClass().getSuperclass();
    final Field certField = klazz.getDeclaredField("cert");
    certField.setAccessible(true);
    certField.set(uploadCmd, cert);
    final Field keyField = klazz.getDeclaredField("key");
    keyField.setAccessible(true);
    keyField.set(uploadCmd, key);
    uploadCmd = Mockito.spy(uploadCmd);
    certService.uploadSslCert(uploadCmd);
    Mockito.verify(uploadCmd, Mockito.atLeastOnce()).getAccountName();
    Mockito.verify(uploadCmd, Mockito.times(1)).getCert();
}

Example 10 with SslCertVO

use of com.cloud.network.dao.SslCertVO in project cloudstack by apache.

the class CertServiceTest method runUploadSslCertBadPassword.

@Test
public void runUploadSslCertBadPassword() throws IOException, IllegalAccessException, NoSuchFieldException {
    final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(), Charset.defaultCharset().name());
    final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(), Charset.defaultCharset().name());
    final String password = "bad_password";
    final String cert = readFileToString(new File(certFile));
    final String key = readFileToString(new File(keyFile));
    final CertServiceImpl certService = new CertServiceImpl();
    //setting mock objects
    certService._accountMgr = Mockito.mock(AccountManager.class);
    final Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
    when(certService._accountMgr.getAccount(Matchers.anyLong())).thenReturn(account);
    certService._domainDao = Mockito.mock(DomainDao.class);
    final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
    when(certService._domainDao.findByIdIncludingRemoved(Matchers.anyLong())).thenReturn(domain);
    certService._sslCertDao = Mockito.mock(SslCertDao.class);
    when(certService._sslCertDao.persist(Matchers.any(SslCertVO.class))).thenReturn(new SslCertVO());
    //creating the command
    final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
    final Class<?> klazz = uploadCmd.getClass().getSuperclass();
    final Field certField = klazz.getDeclaredField("cert");
    certField.setAccessible(true);
    certField.set(uploadCmd, cert);
    final Field keyField = klazz.getDeclaredField("key");
    keyField.setAccessible(true);
    keyField.set(uploadCmd, key);
    final Field passField = klazz.getDeclaredField("password");
    passField.setAccessible(true);
    passField.set(uploadCmd, password);
    try {
        certService.uploadSslCert(uploadCmd);
        Assert.fail("Given an encrypted private key with a bad password. Upload should fail.");
    } catch (final Exception e) {
        Assert.assertTrue("Did not expect message: " + e.getMessage(), e.getMessage().contains("Parsing certificate/key failed: Invalid Key format."));
    }
}