Example 1 with CertificateChain
use of com.emc.vipr.model.keystore.CertificateChain in project coprhd-controller by CoprHD.
the class VirtualDataCenters method downloadCertificateChain.
public static void downloadCertificateChain() throws UnsupportedEncodingException {
CertificateChain cert = BourneUtil.getViprClient().vdc().getCertificateChain();
if (cert == null || cert.getChain() == null || cert.getChain().isEmpty()) {
flash.error(MessagesUtils.get("vdc.certChain.empty.error"));
}
String chain = cert.getChain();
ByteArrayInputStream is = new ByteArrayInputStream(chain.getBytes("UTF-8"));
renderBinary(is, "vdc_certificate", "text/plain", false);
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
CertificateChain(com.emc.vipr.model.keystore.CertificateChain)
Example 2 with CertificateChain
use of com.emc.vipr.model.keystore.CertificateChain in project coprhd-controller by CoprHD.
the class VirtualDataCenterService method getCertificateChain.
/**
* Get the certificate chain being used by ViPR
*
* @brief Get the certificate chain being used by ViPR
* @prereq none
*/
@Path("/keystore")
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public CertificateChain getCertificateChain() {
CertificateChain chain = new CertificateChain();
try {
Certificate[] certChain = null;
certChain = getKeyStore().getCertificateChain(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS);
chain.setChain(KeyCertificatePairGenerator.getCertificateChainAsString(certChain));
return chain;
} catch (KeyStoreException e) {
_log.error(e.getMessage(), e);
throw new IllegalStateException(e);
} catch (CertificateEncodingException e) {
throw SecurityException.fatals.couldNotParseCertificateToString(e);
}
}
Also used :
CertificateChain(com.emc.vipr.model.keystore.CertificateChain)
KeyAndCertificateChain(com.emc.vipr.model.keystore.KeyAndCertificateChain)
KeyStoreException(java.security.KeyStoreException)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Example 3 with CertificateChain
use of com.emc.vipr.model.keystore.CertificateChain in project coprhd-controller by CoprHD.
the class ApiTest method testKeystore.
/**
*/
private void testKeystore() {
/*
* GET THE CERTIFICATE CHAIN
*/
// test with a security admin -should succeed
ClientResponse response = rZAdmin.path("/vdc/keystore").get(ClientResponse.class);
Assert.assertEquals(200, response.getStatus());
CertificateChain previousChain = rZAdmin.path("/vdc/keystore").get(CertificateChain.class);
// test with a non-privileged user user -should succeed
response = rRootUser2.path("/vdc/keystore").get(ClientResponse.class);
Assert.assertEquals(200, response.getStatus());
/*
* REGENERATE THE KEY AND CERTIFICATE
*/
// test with a non-privileged user -should fail
RotateKeyAndCertParam rotateKeyAndCertParam = new RotateKeyAndCertParam();
rotateKeyAndCertParam.setSystemSelfSigned(true);
response = rRootUser2.path("/vdc/keystore").put(ClientResponse.class, rotateKeyAndCertParam);
Assert.assertEquals(403, response.getStatus());
// test with a security admin -should succeed
CertificateChain currChain = rZAdmin.path("/vdc/keystore").put(CertificateChain.class, rotateKeyAndCertParam);
Assert.assertNotSame(removeNewLines(previousChain.getChain()), removeNewLines(currChain.getChain()));
waitForClusterToBeStable();
previousChain = currChain;
/*
* SET THE KEY AND CERTIFICATE
*/
// test with a non-privileged user -should fail
rotateKeyAndCertParam.setSystemSelfSigned(false);
KeyAndCertificateChain keyAndCertificateChain = new KeyAndCertificateChain();
keyAndCertificateChain.setCertificateChain(CERTIFICATE_2048);
keyAndCertificateChain.setPrivateKey(RSA_KEY_2048);
rotateKeyAndCertParam.setKeyCertChain(keyAndCertificateChain);
response = rRootUser2.path("/vdc/keystore").put(ClientResponse.class, rotateKeyAndCertParam);
Assert.assertEquals(403, response.getStatus());
// test with a security admin -should succeed
currChain = rZAdmin.path("/vdc/keystore").put(CertificateChain.class, rotateKeyAndCertParam);
Assert.assertNotSame(removeNewLines(previousChain.getChain()), removeNewLines(currChain.getChain()));
waitForClusterToBeStable();
// test with the same key and certificate - should fail
String expectedError = "The specified certificate is already being used. Please specify a new key and certificate pair.";
response = rZAdmin.path("/vdc/keystore").put(ClientResponse.class, rotateKeyAndCertParam);
assertExpectedError(response, 400, ServiceCode.API_BAD_REQUEST, expectedError);
// test with a mismatched key and certificate
keyAndCertificateChain.setPrivateKey(RSA_KEY_2048);
keyAndCertificateChain.setCertificateChain(CERTIFICATE_1024);
rotateKeyAndCertParam.setKeyCertChain(keyAndCertificateChain);
response = rZAdmin.path("/vdc/keystore").put(ClientResponse.class, rotateKeyAndCertParam);
expectedError = "The provided key and certificate do not match";
assertExpectedError(response, 400, ServiceCode.API_PARAMETER_INVALID, expectedError);
// test with bad key
keyAndCertificateChain = new KeyAndCertificateChain();
keyAndCertificateChain.setCertificateChain(CERTIFICATE_1024);
keyAndCertificateChain.setPrivateKey("this is a bad key");
rotateKeyAndCertParam.setKeyCertChain(keyAndCertificateChain);
response = rZAdmin.path("/vdc/keystore").put(ClientResponse.class, rotateKeyAndCertParam);
expectedError = "Failed to load the private key.";
assertExpectedError(response, 400, ServiceCode.API_PARAMETER_INVALID, expectedError);
// test with bad certificate
keyAndCertificateChain = new KeyAndCertificateChain();
String badCert = "this is a bad certificate";
keyAndCertificateChain.setCertificateChain(badCert);
keyAndCertificateChain.setPrivateKey(RSA_KEY_1024);
rotateKeyAndCertParam.setKeyCertChain(keyAndCertificateChain);
response = rZAdmin.path("/vdc/keystore").put(ClientResponse.class, rotateKeyAndCertParam);
expectedError = "Failed to load the following certificate(s): " + badCert;
assertExpectedError(response, 400, ServiceCode.API_PARAMETER_INVALID, expectedError);
// test with a key that's less than 2048 bits long
keyAndCertificateChain = new KeyAndCertificateChain();
keyAndCertificateChain.setCertificateChain(CERTIFICATE_1024);
keyAndCertificateChain.setPrivateKey(RSA_KEY_1024);
rotateKeyAndCertParam.setKeyCertChain(keyAndCertificateChain);
response = rZAdmin.path("/vdc/keystore").put(ClientResponse.class, rotateKeyAndCertParam);
expectedError = "Invalid parameter private_key was 1,024bits but minimum is 2,048bits";
assertExpectedError(response, 400, ServiceCode.API_PARAMETER_INVALID_RANGE, expectedError);
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
KeyAndCertificateChain(com.emc.vipr.model.keystore.KeyAndCertificateChain)
CertificateChain(com.emc.vipr.model.keystore.CertificateChain)
KeyAndCertificateChain(com.emc.vipr.model.keystore.KeyAndCertificateChain)
RotateKeyAndCertParam(com.emc.vipr.model.keystore.RotateKeyAndCertParam)
Aggregations
CertificateChain (com.emc.vipr.model.keystore.CertificateChain)3
KeyAndCertificateChain (com.emc.vipr.model.keystore.KeyAndCertificateChain)2
RotateKeyAndCertParam (com.emc.vipr.model.keystore.RotateKeyAndCertParam)1
ClientResponse (com.sun.jersey.api.client.ClientResponse)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
KeyStoreException (java.security.KeyStoreException)1
GET (javax.ws.rs.GET)1
Path (javax.ws.rs.Path)1
Produces (javax.ws.rs.Produces)1
