Example 1 with RotateKeyAndCertParam
use of com.emc.vipr.model.keystore.RotateKeyAndCertParam in project coprhd-controller by CoprHD.
the class Keystore method setKeyAndCertificateChain.
/**
* Sets the key and certificate chain that ViPR uses for SSL communication.
* <p>
* API Call: <tt>PUT /vdc/keystore</tt>
*
* @param keyAndCert
* the new key and certificate
*
* @return The Certificate chain
*/
public CertificateChain setKeyAndCertificateChain(KeyAndCertificateChain keyAndCert) {
RotateKeyAndCertParam rotateKeyAndCertParam = new RotateKeyAndCertParam();
rotateKeyAndCertParam.setSystemSelfSigned(false);
rotateKeyAndCertParam.setKeyCertChain(keyAndCert);
return client.put(CertificateChain.class, rotateKeyAndCertParam, KEYSTORE_URL);
}
Also used :
RotateKeyAndCertParam(com.emc.vipr.model.keystore.RotateKeyAndCertParam)
Example 2 with RotateKeyAndCertParam
use of com.emc.vipr.model.keystore.RotateKeyAndCertParam in project coprhd-controller by CoprHD.
the class Keystore method regenerateKeyAndCertificate.
/**
* Makes ViPR generate a key and a self signed certificate to use for SSL
* communication.
* <p>
* API Call: <tt>PUT /vdc/keystore</tt>
*
* @return The Certificate chain
*/
public CertificateChain regenerateKeyAndCertificate() {
RotateKeyAndCertParam rotateKeyAndCertParam = new RotateKeyAndCertParam();
rotateKeyAndCertParam.setSystemSelfSigned(true);
return client.put(CertificateChain.class, rotateKeyAndCertParam, KEYSTORE_URL);
}
Also used :
RotateKeyAndCertParam(com.emc.vipr.model.keystore.RotateKeyAndCertParam)
Example 3 with RotateKeyAndCertParam
use of com.emc.vipr.model.keystore.RotateKeyAndCertParam in project coprhd-controller by CoprHD.
the class RoleChangeTest method putKeystore_neg.
@Test
public void putKeystore_neg() {
RotateKeyAndCertParam param = new RotateKeyAndCertParam();
param.setSystemSelfSigned(true);
ClientResponse resp = rootUser.path("/vdc/keystore").header(AUTH_TOKEN_HEADER, rootToken).put(ClientResponse.class, param);
Assert.assertEquals(405, resp.getStatus());
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
RotateKeyAndCertParam(com.emc.vipr.model.keystore.RotateKeyAndCertParam)
Test(org.junit.Test)
Example 4 with RotateKeyAndCertParam
use of com.emc.vipr.model.keystore.RotateKeyAndCertParam in project coprhd-controller by CoprHD.
the class ApiTest method testKeystore.
/**
*/
private void testKeystore() {
/*
* GET THE CERTIFICATE CHAIN
*/
// test with a security admin -should succeed
ClientResponse response = rZAdmin.path("/vdc/keystore").get(ClientResponse.class);
Assert.assertEquals(200, response.getStatus());
CertificateChain previousChain = rZAdmin.path("/vdc/keystore").get(CertificateChain.class);
// test with a non-privileged user user -should succeed
response = rRootUser2.path("/vdc/keystore").get(ClientResponse.class);
Assert.assertEquals(200, response.getStatus());
/*
* REGENERATE THE KEY AND CERTIFICATE
*/
// test with a non-privileged user -should fail
RotateKeyAndCertParam rotateKeyAndCertParam = new RotateKeyAndCertParam();
rotateKeyAndCertParam.setSystemSelfSigned(true);
response = rRootUser2.path("/vdc/keystore").put(ClientResponse.class, rotateKeyAndCertParam);
Assert.assertEquals(403, response.getStatus());
// test with a security admin -should succeed
CertificateChain currChain = rZAdmin.path("/vdc/keystore").put(CertificateChain.class, rotateKeyAndCertParam);
Assert.assertNotSame(removeNewLines(previousChain.getChain()), removeNewLines(currChain.getChain()));
waitForClusterToBeStable();
previousChain = currChain;
/*
* SET THE KEY AND CERTIFICATE
*/
// test with a non-privileged user -should fail
rotateKeyAndCertParam.setSystemSelfSigned(false);
KeyAndCertificateChain keyAndCertificateChain = new KeyAndCertificateChain();
keyAndCertificateChain.setCertificateChain(CERTIFICATE_2048);
keyAndCertificateChain.setPrivateKey(RSA_KEY_2048);
rotateKeyAndCertParam.setKeyCertChain(keyAndCertificateChain);
response = rRootUser2.path("/vdc/keystore").put(ClientResponse.class, rotateKeyAndCertParam);
Assert.assertEquals(403, response.getStatus());
// test with a security admin -should succeed
currChain = rZAdmin.path("/vdc/keystore").put(CertificateChain.class, rotateKeyAndCertParam);
Assert.assertNotSame(removeNewLines(previousChain.getChain()), removeNewLines(currChain.getChain()));
waitForClusterToBeStable();
// test with the same key and certificate - should fail
String expectedError = "The specified certificate is already being used. Please specify a new key and certificate pair.";
response = rZAdmin.path("/vdc/keystore").put(ClientResponse.class, rotateKeyAndCertParam);
assertExpectedError(response, 400, ServiceCode.API_BAD_REQUEST, expectedError);
// test with a mismatched key and certificate
keyAndCertificateChain.setPrivateKey(RSA_KEY_2048);
keyAndCertificateChain.setCertificateChain(CERTIFICATE_1024);
rotateKeyAndCertParam.setKeyCertChain(keyAndCertificateChain);
response = rZAdmin.path("/vdc/keystore").put(ClientResponse.class, rotateKeyAndCertParam);
expectedError = "The provided key and certificate do not match";
assertExpectedError(response, 400, ServiceCode.API_PARAMETER_INVALID, expectedError);
// test with bad key
keyAndCertificateChain = new KeyAndCertificateChain();
keyAndCertificateChain.setCertificateChain(CERTIFICATE_1024);
keyAndCertificateChain.setPrivateKey("this is a bad key");
rotateKeyAndCertParam.setKeyCertChain(keyAndCertificateChain);
response = rZAdmin.path("/vdc/keystore").put(ClientResponse.class, rotateKeyAndCertParam);
expectedError = "Failed to load the private key.";
assertExpectedError(response, 400, ServiceCode.API_PARAMETER_INVALID, expectedError);
// test with bad certificate
keyAndCertificateChain = new KeyAndCertificateChain();
String badCert = "this is a bad certificate";
keyAndCertificateChain.setCertificateChain(badCert);
keyAndCertificateChain.setPrivateKey(RSA_KEY_1024);
rotateKeyAndCertParam.setKeyCertChain(keyAndCertificateChain);
response = rZAdmin.path("/vdc/keystore").put(ClientResponse.class, rotateKeyAndCertParam);
expectedError = "Failed to load the following certificate(s): " + badCert;
assertExpectedError(response, 400, ServiceCode.API_PARAMETER_INVALID, expectedError);
// test with a key that's less than 2048 bits long
keyAndCertificateChain = new KeyAndCertificateChain();
keyAndCertificateChain.setCertificateChain(CERTIFICATE_1024);
keyAndCertificateChain.setPrivateKey(RSA_KEY_1024);
rotateKeyAndCertParam.setKeyCertChain(keyAndCertificateChain);
response = rZAdmin.path("/vdc/keystore").put(ClientResponse.class, rotateKeyAndCertParam);
expectedError = "Invalid parameter private_key was 1,024bits but minimum is 2,048bits";
assertExpectedError(response, 400, ServiceCode.API_PARAMETER_INVALID_RANGE, expectedError);
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
KeyAndCertificateChain(com.emc.vipr.model.keystore.KeyAndCertificateChain)
CertificateChain(com.emc.vipr.model.keystore.CertificateChain)
KeyAndCertificateChain(com.emc.vipr.model.keystore.KeyAndCertificateChain)
RotateKeyAndCertParam(com.emc.vipr.model.keystore.RotateKeyAndCertParam)
Aggregations
RotateKeyAndCertParam (com.emc.vipr.model.keystore.RotateKeyAndCertParam)4
ClientResponse (com.sun.jersey.api.client.ClientResponse)2
CertificateChain (com.emc.vipr.model.keystore.CertificateChain)1
KeyAndCertificateChain (com.emc.vipr.model.keystore.KeyAndCertificateChain)1
Test (org.junit.Test)1
