Search in sources :

Example 1 with UploadSslCertCmd

use of org.apache.cloudstack.api.command.user.loadbalancer.UploadSslCertCmd in project cloudstack by apache.

the class CertServiceTest method runUploadSslCertWithCAChain.

@Test
public /**
 * Given a certificate signed by a CA and a valid CA chain, upload should succeed
 */
void runUploadSslCertWithCAChain() throws Exception {
    Assume.assumeTrue(isOpenJdk() || isJCEInstalled());
    TransactionLegacy.open("runUploadSslCertWithCAChain");
    final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(), Charset.defaultCharset().name());
    final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(), Charset.defaultCharset().name());
    final String chainFile = URLDecoder.decode(getClass().getResource("/certs/root_chain.crt").getFile(), Charset.defaultCharset().name());
    final String cert = readFileToString(new File(certFile));
    final String key = readFileToString(new File(keyFile));
    final String chain = readFileToString(new File(chainFile));
    final CertServiceImpl certService = new CertServiceImpl();
    // setting mock objects
    certService._accountMgr = Mockito.mock(AccountManager.class);
    final Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
    when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
    certService._domainDao = Mockito.mock(DomainDao.class);
    final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
    when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);
    certService._sslCertDao = Mockito.mock(SslCertDao.class);
    when(certService._sslCertDao.persist(Matchers.any(SslCertVO.class))).thenReturn(new SslCertVO());
    certService._accountDao = Mockito.mock(AccountDao.class);
    when(certService._accountDao.findByIdIncludingRemoved(anyLong())).thenReturn((AccountVO) account);
    // creating the command
    final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
    final Class<?> klazz = uploadCmd.getClass().getSuperclass();
    final Field certField = klazz.getDeclaredField("cert");
    certField.setAccessible(true);
    certField.set(uploadCmd, cert);
    final Field keyField = klazz.getDeclaredField("key");
    keyField.setAccessible(true);
    keyField.set(uploadCmd, key);
    final Field chainField = klazz.getDeclaredField("chain");
    chainField.setAccessible(true);
    chainField.set(uploadCmd, chain);
    final Field enabledRevocationCheckField = klazz.getDeclaredField("enabledRevocationCheck");
    enabledRevocationCheckField.setAccessible(true);
    enabledRevocationCheckField.set(uploadCmd, Boolean.FALSE);
    certService.uploadSslCert(uploadCmd);
}
Also used : Account(com.cloud.user.Account) SslCertDao(com.cloud.network.dao.SslCertDao) AccountDao(com.cloud.user.dao.AccountDao) FileUtils.readFileToString(org.apache.commons.io.FileUtils.readFileToString) AccountVO(com.cloud.user.AccountVO) DomainVO(com.cloud.domain.DomainVO) Field(java.lang.reflect.Field) SslCertVO(com.cloud.network.dao.SslCertVO) DomainDao(com.cloud.domain.dao.DomainDao) AccountManager(com.cloud.user.AccountManager) UploadSslCertCmd(org.apache.cloudstack.api.command.user.loadbalancer.UploadSslCertCmd) File(java.io.File) Test(org.junit.Test)

Example 2 with UploadSslCertCmd

use of org.apache.cloudstack.api.command.user.loadbalancer.UploadSslCertCmd in project cloudstack by apache.

the class CertServiceTest method runUploadSslCertNoRootCert.

@Test
public void runUploadSslCertNoRootCert() throws IOException, IllegalAccessException, NoSuchFieldException {
    Assume.assumeTrue(isOpenJdk() || isJCEInstalled());
    final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(), Charset.defaultCharset().name());
    final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(), Charset.defaultCharset().name());
    final String chainFile = URLDecoder.decode(getClass().getResource("/certs/non_root.crt").getFile(), Charset.defaultCharset().name());
    final String cert = readFileToString(new File(certFile));
    final String key = readFileToString(new File(keyFile));
    final String chain = readFileToString(new File(chainFile));
    final CertServiceImpl certService = new CertServiceImpl();
    // setting mock objects
    certService._accountMgr = Mockito.mock(AccountManager.class);
    final Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
    when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
    certService._domainDao = Mockito.mock(DomainDao.class);
    final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
    when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);
    certService._sslCertDao = Mockito.mock(SslCertDao.class);
    when(certService._sslCertDao.persist(Matchers.any(SslCertVO.class))).thenReturn(new SslCertVO());
    // creating the command
    final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
    final Class<?> klazz = uploadCmd.getClass().getSuperclass();
    final Field certField = klazz.getDeclaredField("cert");
    certField.setAccessible(true);
    certField.set(uploadCmd, cert);
    final Field keyField = klazz.getDeclaredField("key");
    keyField.setAccessible(true);
    keyField.set(uploadCmd, key);
    final Field chainField = klazz.getDeclaredField("chain");
    chainField.setAccessible(true);
    chainField.set(uploadCmd, chain);
    try {
        certService.uploadSslCert(uploadCmd);
        Assert.fail("Chain is given but does not link to the certificate");
    } catch (final Exception e) {
        Assert.assertTrue(e.getMessage().contains("Invalid certificate chain"));
    }
}
Also used : Account(com.cloud.user.Account) SslCertDao(com.cloud.network.dao.SslCertDao) FileUtils.readFileToString(org.apache.commons.io.FileUtils.readFileToString) AccountVO(com.cloud.user.AccountVO) IOException(java.io.IOException) DomainVO(com.cloud.domain.DomainVO) Field(java.lang.reflect.Field) SslCertVO(com.cloud.network.dao.SslCertVO) DomainDao(com.cloud.domain.dao.DomainDao) AccountManager(com.cloud.user.AccountManager) UploadSslCertCmd(org.apache.cloudstack.api.command.user.loadbalancer.UploadSslCertCmd) File(java.io.File) Test(org.junit.Test)

Example 3 with UploadSslCertCmd

use of org.apache.cloudstack.api.command.user.loadbalancer.UploadSslCertCmd in project cloudstack by apache.

the class CertServiceTest method runUploadSslCertNotX509.

@Test
public void runUploadSslCertNotX509() throws IOException, IllegalAccessException, NoSuchFieldException {
    // Reading appropritate files
    final String certFile = URLDecoder.decode(getClass().getResource("/certs/non_x509_pem.crt").getFile(), Charset.defaultCharset().name());
    final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(), Charset.defaultCharset().name());
    final String cert = readFileToString(new File(certFile));
    final String key = readFileToString(new File(keyFile));
    final CertServiceImpl certService = new CertServiceImpl();
    // setting mock objects
    certService._accountMgr = Mockito.mock(AccountManager.class);
    final Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
    when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
    certService._domainDao = Mockito.mock(DomainDao.class);
    final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
    when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);
    certService._sslCertDao = Mockito.mock(SslCertDao.class);
    when(certService._sslCertDao.persist(Matchers.any(SslCertVO.class))).thenReturn(new SslCertVO());
    // creating the command
    final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
    final Class<?> klazz = uploadCmd.getClass().getSuperclass();
    final Field certField = klazz.getDeclaredField("cert");
    certField.setAccessible(true);
    certField.set(uploadCmd, cert);
    final Field keyField = klazz.getDeclaredField("key");
    keyField.setAccessible(true);
    keyField.set(uploadCmd, key);
    try {
        certService.uploadSslCert(uploadCmd);
        Assert.fail("Given a Certificate which is not X509, upload should fail");
    } catch (final Exception e) {
        Assert.assertTrue(e.getMessage().contains("Expected X509 certificate"));
    }
}
Also used : Account(com.cloud.user.Account) SslCertDao(com.cloud.network.dao.SslCertDao) FileUtils.readFileToString(org.apache.commons.io.FileUtils.readFileToString) AccountVO(com.cloud.user.AccountVO) IOException(java.io.IOException) DomainVO(com.cloud.domain.DomainVO) Field(java.lang.reflect.Field) SslCertVO(com.cloud.network.dao.SslCertVO) DomainDao(com.cloud.domain.dao.DomainDao) AccountManager(com.cloud.user.AccountManager) UploadSslCertCmd(org.apache.cloudstack.api.command.user.loadbalancer.UploadSslCertCmd) File(java.io.File) Test(org.junit.Test)

Example 4 with UploadSslCertCmd

use of org.apache.cloudstack.api.command.user.loadbalancer.UploadSslCertCmd in project cloudstack by apache.

the class CertServiceTest method runUploadSslCertExpiredCert.

@Test
public void runUploadSslCertExpiredCert() throws IOException, IllegalAccessException, NoSuchFieldException {
    // Reading appropritate files
    final String certFile = URLDecoder.decode(getClass().getResource("/certs/expired_cert.crt").getFile(), Charset.defaultCharset().name());
    final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(), Charset.defaultCharset().name());
    final String cert = readFileToString(new File(certFile));
    final String key = readFileToString(new File(keyFile));
    final CertServiceImpl certService = new CertServiceImpl();
    // setting mock objects
    certService._accountMgr = Mockito.mock(AccountManager.class);
    final Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
    when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
    certService._domainDao = Mockito.mock(DomainDao.class);
    final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
    when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);
    certService._sslCertDao = Mockito.mock(SslCertDao.class);
    when(certService._sslCertDao.persist(Matchers.any(SslCertVO.class))).thenReturn(new SslCertVO());
    // creating the command
    final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
    final Class<?> klazz = uploadCmd.getClass().getSuperclass();
    final Field certField = klazz.getDeclaredField("cert");
    certField.setAccessible(true);
    certField.set(uploadCmd, cert);
    final Field keyField = klazz.getDeclaredField("key");
    keyField.setAccessible(true);
    keyField.set(uploadCmd, key);
    try {
        certService.uploadSslCert(uploadCmd);
        Assert.fail("Given an expired certificate, upload should fail");
    } catch (final Exception e) {
        System.out.println(e.getMessage());
        Assert.assertTrue(e.getMessage().contains("Parsing certificate/key failed: NotAfter:"));
    }
}
Also used : Account(com.cloud.user.Account) SslCertDao(com.cloud.network.dao.SslCertDao) FileUtils.readFileToString(org.apache.commons.io.FileUtils.readFileToString) AccountVO(com.cloud.user.AccountVO) IOException(java.io.IOException) DomainVO(com.cloud.domain.DomainVO) Field(java.lang.reflect.Field) SslCertVO(com.cloud.network.dao.SslCertVO) DomainDao(com.cloud.domain.dao.DomainDao) AccountManager(com.cloud.user.AccountManager) UploadSslCertCmd(org.apache.cloudstack.api.command.user.loadbalancer.UploadSslCertCmd) File(java.io.File) Test(org.junit.Test)

Example 5 with UploadSslCertCmd

use of org.apache.cloudstack.api.command.user.loadbalancer.UploadSslCertCmd in project cloudstack by apache.

the class CertServiceTest method runUploadSslCertBadFormat.

@Test(expected = NullPointerException.class)
public void runUploadSslCertBadFormat() throws IOException, IllegalAccessException, NoSuchFieldException {
    // Reading appropritate files
    final String certFile = URLDecoder.decode(getClass().getResource("/certs/bad_format_cert.crt").getFile(), Charset.defaultCharset().name());
    final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(), Charset.defaultCharset().name());
    final String cert = readFileToString(new File(certFile));
    final String key = readFileToString(new File(keyFile));
    final CertServiceImpl certService = new CertServiceImpl();
    // setting mock objects
    certService._accountMgr = Mockito.mock(AccountManager.class);
    final Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
    when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
    certService._domainDao = Mockito.mock(DomainDao.class);
    final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
    when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);
    certService._sslCertDao = Mockito.mock(SslCertDao.class);
    when(certService._sslCertDao.persist(Matchers.any(SslCertVO.class))).thenReturn(new SslCertVO());
    // creating the command
    final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
    final Class<?> klazz = uploadCmd.getClass().getSuperclass();
    final Field certField = klazz.getDeclaredField("cert");
    certField.setAccessible(true);
    certField.set(uploadCmd, cert);
    final Field keyField = klazz.getDeclaredField("key");
    keyField.setAccessible(true);
    keyField.set(uploadCmd, key);
    certService.uploadSslCert(uploadCmd);
    Assert.fail("Given a Certificate in bad format (Not PEM), upload should fail");
}
Also used : Account(com.cloud.user.Account) SslCertDao(com.cloud.network.dao.SslCertDao) FileUtils.readFileToString(org.apache.commons.io.FileUtils.readFileToString) AccountVO(com.cloud.user.AccountVO) DomainVO(com.cloud.domain.DomainVO) Field(java.lang.reflect.Field) SslCertVO(com.cloud.network.dao.SslCertVO) DomainDao(com.cloud.domain.dao.DomainDao) AccountManager(com.cloud.user.AccountManager) UploadSslCertCmd(org.apache.cloudstack.api.command.user.loadbalancer.UploadSslCertCmd) File(java.io.File) Test(org.junit.Test)

Aggregations

DomainVO (com.cloud.domain.DomainVO)12 DomainDao (com.cloud.domain.dao.DomainDao)12 SslCertDao (com.cloud.network.dao.SslCertDao)12 SslCertVO (com.cloud.network.dao.SslCertVO)12 Account (com.cloud.user.Account)12 AccountManager (com.cloud.user.AccountManager)12 AccountVO (com.cloud.user.AccountVO)12 File (java.io.File)12 Field (java.lang.reflect.Field)12 UploadSslCertCmd (org.apache.cloudstack.api.command.user.loadbalancer.UploadSslCertCmd)12 FileUtils.readFileToString (org.apache.commons.io.FileUtils.readFileToString)12 Test (org.junit.Test)11 IOException (java.io.IOException)8 AccountDao (com.cloud.user.dao.AccountDao)4