Examples with IdentityCertificate org.candlepin.model.IdentityCertificate used on opensource projects

Example 21 with IdentityCertificate

use of org.candlepin.model.IdentityCertificate in project candlepin by candlepin.

the class HypervisorResourceTest method ensureEmptyGuestIdsAreIgnored.

@SuppressWarnings({ "rawtypes", "unchecked", "deprecation" })
@Test
public void ensureEmptyGuestIdsAreIgnored() throws Exception {
    Owner owner = new Owner("admin");
    Map<String, List<GuestIdDTO>> hostGuestMap = new HashMap<>();
    hostGuestMap.put("HYPERVISOR_A", new ArrayList(Arrays.asList(TestUtil.createGuestIdDTO("GUEST_A"), TestUtil.createGuestIdDTO(""))));
    when(ownerCurator.lookupByKey(eq(owner.getKey()))).thenReturn(owner);
    when(consumerCurator.getHostConsumersMap(any(Owner.class), any(Set.class))).thenReturn(new VirtConsumerMap());
    when(consumerCurator.getGuestConsumersMap(any(String.class), any(Set.class))).thenReturn(new VirtConsumerMap());
    when(ownerCurator.lookupByKey(eq(owner.getKey()))).thenReturn(owner);
    when(principal.canAccess(eq(owner), eq(SubResource.CONSUMERS), eq(Access.CREATE))).thenReturn(true);
    when(idCertService.generateIdentityCert(any(Consumer.class))).thenReturn(new IdentityCertificate());
    HypervisorCheckInResult result = hypervisorResource.hypervisorUpdate(hostGuestMap, principal, owner.getKey(), true);
    assertNotNull(result);
    assertNotNull(result.getCreated());
    List<Consumer> created = new ArrayList<>(result.getCreated());
    assertEquals(1, created.size());
    List<GuestId> gids = created.get(0).getGuestIds();
    assertEquals(1, gids.size());
}

Example 22 with IdentityCertificate

use of org.candlepin.model.IdentityCertificate in project candlepin by candlepin.

the class HypervisorResourceTest method checkInCreatesNoNewConsumerWhenCreateIsFalse.

@SuppressWarnings({ "rawtypes", "unchecked", "deprecation" })
@Test
public void checkInCreatesNoNewConsumerWhenCreateIsFalse() throws Exception {
    Owner owner = new Owner("admin");
    Map<String, List<GuestIdDTO>> hostGuestMap = new HashMap<>();
    hostGuestMap.put("test-host", new ArrayList(Arrays.asList(TestUtil.createGuestIdDTO("GUEST_A"), TestUtil.createGuestIdDTO("GUEST_B"))));
    when(ownerCurator.lookupByKey(eq(owner.getKey()))).thenReturn(owner);
    when(consumerCurator.getHostConsumersMap(any(Owner.class), any(Set.class))).thenReturn(new VirtConsumerMap());
    when(consumerCurator.getGuestConsumersMap(any(String.class), any(Set.class))).thenReturn(new VirtConsumerMap());
    when(ownerCurator.lookupByKey(eq(owner.getKey()))).thenReturn(owner);
    when(principal.canAccess(eq(owner), eq(SubResource.CONSUMERS), eq(Access.CREATE))).thenReturn(true);
    when(idCertService.generateIdentityCert(any(Consumer.class))).thenReturn(new IdentityCertificate());
    HypervisorCheckInResult result = hypervisorResource.hypervisorUpdate(hostGuestMap, principal, owner.getKey(), false);
    assertEquals(0, result.getCreated().size());
    assertEquals(1, result.getFailedUpdate().size());
    String failed = result.getFailedUpdate().iterator().next();
    String expected = "test-host: Unable to find hypervisor in org \"admin\"";
    assertEquals(expected, failed);
}

Example 23 with IdentityCertificate

use of org.candlepin.model.IdentityCertificate in project candlepin by candlepin.

the class ConsumerResource method generateIdCert.

/**
 * Generates the identity certificate for the given consumer and user.
 * Throws RuntimeException if there is a problem with generating the
 * certificate.
 * <p>
 * Regenerating an Id Cert is ok to do at any time. Since we only check
 * that the cert's date range is valid, and that it is signed by us,
 * and that the consumer UUID is in our db, it doesn't matter if the actual
 * cert itself is the one stored in our db (and therefore the most recent
 * version) or not.
 *
 * @param c Consumer whose certificate needs to be generated.
 * @param regen if true, forces a regen of the certificate.
 * @return an IdentityCertificate object
 */
private IdentityCertificate generateIdCert(Consumer c, boolean regen) {
    IdentityCertificate idCert = null;
    boolean errored = false;
    try {
        if (regen) {
            idCert = identityCertService.regenerateIdentityCert(c);
        } else {
            idCert = identityCertService.generateIdentityCert(c);
        }
        if (idCert == null) {
            errored = true;
        }
    } catch (GeneralSecurityException e) {
        log.error("Problem regenerating ID cert for unit:", e);
        errored = true;
    } catch (IOException e) {
        log.error("Problem regenerating ID cert for unit:", e);
        errored = true;
    }
    if (errored) {
        throw new BadRequestException(i18n.tr("Problem regenerating ID cert for unit {0}", c));
    }
    log.debug("Generated identity cert: {}", idCert.getSerial());
    return idCert;
}

Example 24 with IdentityCertificate

use of org.candlepin.model.IdentityCertificate in project candlepin by candlepin.

the class ConsumerResource method performConsumerUpdates.

@Transactional
public boolean performConsumerUpdates(ConsumerDTO updated, Consumer toUpdate, GuestMigration guestMigration, boolean isIdCert) {
    log.debug("Updating consumer: {}", toUpdate.getUuid());
    // We need a representation of the consumer before making any modifications.
    // If nothing changes we won't send.  The new entity needs to be correct though,
    // so we should get a Jsonstring now, and finish it off if we're going to send
    EventBuilder eventBuilder = eventFactory.getEventBuilder(Target.CONSUMER, Type.MODIFIED).setEventData(toUpdate);
    // version changed on non-checked in consumer, or list of capabilities
    // changed on checked in consumer
    boolean changesMade = updateCapabilities(toUpdate, updated);
    changesMade = checkForFactsUpdate(toUpdate, updated) || changesMade;
    changesMade = checkForInstalledProductsUpdate(toUpdate, updated) || changesMade;
    changesMade = checkForHypervisorIdUpdate(toUpdate, updated) || changesMade;
    changesMade = guestMigration.isMigrationPending() || changesMade;
    if (updated.getContentTags() != null && !updated.getContentTags().equals(toUpdate.getContentTags())) {
        log.info("   Updating content tags.");
        toUpdate.setContentTags(updated.getContentTags());
        changesMade = true;
    }
    // Allow optional setting of the autoheal attribute:
    if (updated.getAutoheal() != null && !updated.getAutoheal().equals(toUpdate.isAutoheal())) {
        log.info("   Updating consumer autoheal setting.");
        toUpdate.setAutoheal(updated.getAutoheal());
        changesMade = true;
    }
    if (updated.getReleaseVersion() != null && !updated.getReleaseVersion().equals(toUpdate.getReleaseVer() == null ? null : toUpdate.getReleaseVer().getReleaseVer())) {
        log.info("   Updating consumer releaseVer setting.");
        toUpdate.setReleaseVer(new Release(updated.getReleaseVersion()));
        changesMade = true;
    }
    // Allow optional setting of the service level attribute:
    String level = updated.getServiceLevel();
    if (level != null && !level.equals(toUpdate.getServiceLevel())) {
        log.info("   Updating consumer service level setting.");
        consumerBindUtil.validateServiceLevel(toUpdate.getOwnerId(), level);
        toUpdate.setServiceLevel(level);
        changesMade = true;
    }
    String environmentId = updated.getEnvironment() == null ? null : updated.getEnvironment().getId();
    if (environmentId != null && (toUpdate.getEnvironmentId() == null || !toUpdate.getEnvironmentId().equals(environmentId))) {
        Environment e = environmentCurator.find(environmentId);
        if (e == null) {
            throw new NotFoundException(i18n.tr("Environment with ID \"{0}\" could not be found.", environmentId));
        }
        log.info("Updating environment to: {}", environmentId);
        toUpdate.setEnvironment(e);
        // lazily regenerate certs, so the client can still work
        poolManager.regenerateCertificatesOf(toUpdate, true);
        changesMade = true;
    }
    // it should remain the same
    if (updated.getName() != null && !toUpdate.getName().equals(updated.getName())) {
        checkConsumerName(updated);
        log.info("Updating consumer name: {} -> {}", toUpdate.getName(), updated.getName());
        toUpdate.setName(updated.getName());
        changesMade = true;
        // get the new name into the id cert if we are using the cert
        if (isIdCert) {
            IdentityCertificate ic = generateIdCert(toUpdate, true);
            toUpdate.setIdCert(ic);
        }
    }
    ConsumerType ctype = this.consumerTypeCurator.getConsumerType(toUpdate);
    if (updated.getContentAccessMode() != null && !updated.getContentAccessMode().equals(toUpdate.getContentAccessMode()) && ctype.isManifest()) {
        Owner toUpdateOwner = ownerCurator.findOwnerById(toUpdate.getOwnerId());
        if (!toUpdateOwner.isAllowedContentAccessMode(updated.getContentAccessMode())) {
            throw new BadRequestException(i18n.tr("The consumer cannot use the supplied content access mode."));
        }
        toUpdate.setContentAccessMode(updated.getContentAccessMode());
        changesMade = true;
    }
    if (!StringUtils.isEmpty(updated.getContentAccessMode()) && !ctype.isManifest()) {
        throw new BadRequestException(i18n.tr("The consumer cannot be assigned a content access mode."));
    }
    if (updated.getLastCheckin() != null) {
        log.info("Updating to specific last checkin time: {}", updated.getLastCheckin());
        toUpdate.setLastCheckin(updated.getLastCheckin());
        changesMade = true;
    }
    if (changesMade) {
        log.debug("Consumer {} updated.", toUpdate.getUuid());
        // Set the updated date here b/c @PreUpdate will not get fired
        // since only the facts table will receive the update.
        toUpdate.setUpdated(new Date());
        // this should update compliance on toUpdate, but not call the curator
        complianceRules.getStatus(toUpdate, null, false, false);
        Event event = eventBuilder.setEventData(toUpdate).buildEvent();
        sink.queueEvent(event);
    }
    return changesMade;
}

Example 25 with IdentityCertificate

use of org.candlepin.model.IdentityCertificate in project candlepin by candlepin.

the class ConsumerResourceTest method testRegenerateIdCerts.

@Test
public void testRegenerateIdCerts() throws GeneralSecurityException, IOException {
    // using lconsumer simply to avoid hiding consumer. This should
    // get renamed once we refactor this test suite.
    IdentityCertServiceAdapter mockIdSvc = Mockito.mock(IdentityCertServiceAdapter.class);
    EventSink sink = Mockito.mock(EventSinkImpl.class);
    Consumer consumer = createConsumer(createOwner());
    consumer.setIdCert(createIdCert());
    IdentityCertificate ic = consumer.getIdCert();
    assertNotNull(ic);
    when(mockIdSvc.regenerateIdentityCert(consumer)).thenReturn(createIdCert());
    ConsumerResource cr = new ConsumerResource(mockConsumerCurator, mockConsumerTypeCurator, null, null, null, null, mockIdSvc, null, null, sink, eventFactory, null, null, null, null, null, mockOwnerCurator, null, null, null, null, null, null, this.config, null, null, null, consumerBindUtil, null, null, this.factValidator, null, consumerEnricher, migrationProvider, translator);
    ConsumerDTO fooc = cr.regenerateIdentityCertificates(consumer.getUuid());
    assertNotNull(fooc);
    CertificateDTO ic1 = fooc.getIdCert();
    assertNotNull(ic1);
    assertFalse(ic.getId().equals(ic1.getId()));
}