Search in sources :

Example 1 with SslTrustCertificateState

use of com.vmware.photon.controller.model.security.service.SslTrustCertificateService.SslTrustCertificateState in project photon-model by vmware.

the class CertificateUtil method storeCertificate.

public static void storeCertificate(X509Certificate endCertificate, List<String> tenantLinks, ServiceHost host, ServiceRequestSender sender, CompletionHandler ch) {
    SslTrustCertificateState certState = new SslTrustCertificateState();
    if (tenantLinks != null) {
        certState.tenantLinks = tenantLinks;
    }
    certState.certificate = CertificateUtil.toPEMformat(endCertificate);
    SslTrustCertificateState.populateCertificateProperties(certState, endCertificate);
    logger.info(String.format("Register certificate with common name: %s " + "and fingerprint: %s in trust store", certState.commonName, certState.fingerprint));
    // save untrusted certificate to the trust store
    Operation.createPost(host, SslTrustCertificateService.FACTORY_LINK).addPragmaDirective(Operation.PRAGMA_DIRECTIVE_FORCE_INDEX_UPDATE).setBody(certState).setCompletion(ch).sendWith(sender);
    ServerX509TrustManager trustManager = ServerX509TrustManager.getInstance();
    if (trustManager != null) {
        logger.fine("Register Certificate " + certState);
        trustManager.registerCertificate(certState);
    }
}
Also used : ServerX509TrustManager(com.vmware.photon.controller.model.security.ssl.ServerX509TrustManager) SslTrustCertificateState(com.vmware.photon.controller.model.security.service.SslTrustCertificateService.SslTrustCertificateState)

Example 2 with SslTrustCertificateState

use of com.vmware.photon.controller.model.security.service.SslTrustCertificateService.SslTrustCertificateState in project photon-model by vmware.

the class SslTrustCertificateServiceTest method setUp.

@Before
public void setUp() throws Throwable {
    this.sslTrust1 = CommonTestStateFactory.getFileContent("test_ssl_trust.PEM").trim();
    this.sslTrust2 = CommonTestStateFactory.getFileContent("test_ssl_trust2.PEM").trim();
    this.sslTrustCert = new SslTrustCertificateState();
    this.sslTrustCert.certificate = this.sslTrust1;
    this.host.startService(new SslTrustCertificateFactoryService());
    waitForServiceAvailability(SslTrustCertificateService.FACTORY_LINK);
}
Also used : SslTrustCertificateState(com.vmware.photon.controller.model.security.service.SslTrustCertificateService.SslTrustCertificateState) Before(org.junit.Before)

Example 3 with SslTrustCertificateState

use of com.vmware.photon.controller.model.security.service.SslTrustCertificateService.SslTrustCertificateState in project photon-model by vmware.

the class SslTrustCertificateServiceTest method testPOSTandGET.

@Test
public void testPOSTandGET() throws Throwable {
    verifyService(FactoryService.create(SslTrustCertificateService.class), SslTrustCertificateState.class, (prefix, index) -> {
        return this.sslTrustCert;
    }, (prefix, serviceDocument) -> {
        SslTrustCertificateState state = (SslTrustCertificateState) serviceDocument;
        assertEquals(this.sslTrustCert.certificate, state.certificate);
        validateCertProperties(state);
    });
}
Also used : SslTrustCertificateState(com.vmware.photon.controller.model.security.service.SslTrustCertificateService.SslTrustCertificateState) Test(org.junit.Test)

Example 4 with SslTrustCertificateState

use of com.vmware.photon.controller.model.security.service.SslTrustCertificateService.SslTrustCertificateState in project photon-model by vmware.

the class SslTrustCertificateServiceUtilsTest method testLoadCertificates.

@Test
public void testLoadCertificates() throws Throwable {
    int numCerts = 10;
    // create certificates
    SslTrustCertificateState[] certState = new SslTrustCertificateState[numCerts];
    for (int i = 0; i < numCerts; i++) {
        String certPEM = CommonTestStateFactory.getFileContent("test_ssl_trust.PEM").trim();
        X509Certificate[] certificates = CertificateUtil.createCertificateChain(certPEM);
        // Populate the certificate properties based on the first (end server) certificate
        X509Certificate endCertificate = certificates[0];
        certState[i] = new SslTrustCertificateState();
        certState[i].certificate = CertificateUtil.toPEMformat(endCertificate);
        // since documentSelfLink is calculated from certState.certificate
        // we need to make it unique in each of the 10 certStates
        // be careful if you make any changes to file 'test_ssl_trust.PEM'
        // then you will have to change following lines to pick a different
        // set of characters (here 'EMMA') to replace, for creating unique cert
        String replacement = String.valueOf(i);
        certState[i].certificate = certState[i].certificate.replaceAll("P", replacement);
        this.host.sendAndWaitExpectSuccess(Operation.createPost(this.host, SslTrustCertificateService.FACTORY_LINK).setBody(certState[i]));
    }
    // test different page sizes
    testLoadCertificatesPagination(numCerts, 1);
    testLoadCertificatesPagination(numCerts, 2);
    testLoadCertificatesPagination(numCerts, 3);
    testLoadCertificatesPagination(numCerts, 10);
    testLoadCertificatesPagination(numCerts, 11);
}
Also used : SslTrustCertificateState(com.vmware.photon.controller.model.security.service.SslTrustCertificateService.SslTrustCertificateState) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 5 with SslTrustCertificateState

use of com.vmware.photon.controller.model.security.service.SslTrustCertificateService.SslTrustCertificateState in project photon-model by vmware.

the class ServerX509TrustManager method certificateChanged.

private void certificateChanged(Operation operation) {
    Utils.log(getClass(), getClass().getName(), Level.WARNING, "process certificate changed for operation %s", operation.toLogString());
    QueryTask queryTask = operation.getBody(QueryTask.class);
    if (queryTask.results != null && queryTask.results.documentLinks != null && !queryTask.results.documentLinks.isEmpty()) {
        queryTask.results.documents.values().forEach(doc -> {
            SslTrustCertificateState cert = Utils.fromJson(doc, SslTrustCertificateState.class);
            if (Action.DELETE.toString().equals(cert.documentUpdateAction)) {
                deleteCertificate(cert.getAlias());
            } else {
                registerCertificate(cert);
            }
        });
    } else {
        Utils.log(getClass(), getClass().getName(), Level.WARNING, "No document links for operation %s", operation.toLogString());
    }
    operation.complete();
}
Also used : QueryTask(com.vmware.xenon.services.common.QueryTask) SslTrustCertificateState(com.vmware.photon.controller.model.security.service.SslTrustCertificateService.SslTrustCertificateState)

Aggregations

SslTrustCertificateState (com.vmware.photon.controller.model.security.service.SslTrustCertificateService.SslTrustCertificateState)13 Test (org.junit.Test)6 URI (java.net.URI)2 X509Certificate (java.security.cert.X509Certificate)2 Before (org.junit.Before)2 ResourceOperation (com.vmware.photon.controller.model.adapters.registry.operations.ResourceOperation)1 QueryUtils (com.vmware.photon.controller.model.query.QueryUtils)1 ServerX509TrustManager (com.vmware.photon.controller.model.security.ssl.ServerX509TrustManager)1 X509TrustManagerResolver (com.vmware.photon.controller.model.security.ssl.X509TrustManagerResolver)1 Operation (com.vmware.xenon.common.Operation)1 QueryTask (com.vmware.xenon.services.common.QueryTask)1 Query (com.vmware.xenon.services.common.QueryTask.Query)1 IOException (java.io.IOException)1 CountDownLatch (java.util.concurrent.CountDownLatch)1 ExecutionException (java.util.concurrent.ExecutionException)1