private void createTestTrustCertificate() throws Throwable { SslTrustCertificateService.SslTrustCertificateState sslTrustCert1 = new SslTrustCertificateService.SslTrustCertificateState(); String sslTrust1 = CommonTestStateFactory.getFileContent("certs/test_ssl_trust.PEM") .trim(); sslTrustCert1.certificate = sslTrust1; sslTrustCert1.subscriptionLink = null; doPost(sslTrustCert1, SslTrustCertificateService.FACTORY_LINK); }
sslTrust.getAlias());
private void validateStateOnStart(SslTrustCertificateState state) throws Exception { assertNotEmpty(state.certificate, "certificate"); state.certificate = state.certificate.trim(); X509Certificate[] certificates = CertificateUtil.createCertificateChain(state.certificate); CertificateUtil.validateCertificateChain(certificates); // Populate the certificate properties based on the first (end server) certificate X509Certificate endCertificate = certificates[0]; SslTrustCertificateState.populateCertificateProperties(state, endCertificate); }
SslTrustCertificateState sslTrustCert2 = new SslTrustCertificateState(); sslTrustCert2.documentSelfLink = sslTrustCert.documentSelfLink; sslTrustCert2.certificate = sslTrust2; doOperation(new SslTrustCertificateState(), uri, expectedFailure, Action.DELETE);
dockerCredentials.privateKey = getProperty( DOCKER_CLIENT_CERTIFICATE, testProperties); dockerTrust = new SslTrustCertificateState(); dockerTrust.certificate = getProperty(DOCKER_SERVER_CERTIFICATE, testProperties); } else {
@Test public void testCloudAdminHasAccessToCertificates() throws Throwable { host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN)); SslTrustCertificateState cert = new SslTrustCertificateState(); cert.certificate = CommonTestStateFactory.getFileContent(FIRST_CERTIFICATE_PATH).trim(); // POST SslTrustCertificateState createdState = doPost(cert, SslTrustCertificateService.FACTORY_LINK); assertNotNull(createdState); assertNotNull(createdState.documentSelfLink); // GET SslTrustCertificateState retrievedState = getDocument(SslTrustCertificateState.class, createdState.documentSelfLink); assertNotNull(retrievedState); // PUT createdState.certificate = CommonTestStateFactory.getFileContent(SECOND_CERTIFICATE_PATH).trim(); SslTrustCertificateState updatedState = doPut(createdState); assertNotNull(updatedState); assertTrue(createdState.certificate.equals(updatedState.certificate)); // DELETE doDelete(UriUtils.buildUri(host, createdState.documentSelfLink), false); retrievedState = getDocumentNoWait(SslTrustCertificateState.class, createdState.documentSelfLink); assertNull(retrievedState); }
@Test public void testIdempotentPOST() throws Throwable { SslTrustCertificateState sslTrustCert1 = new SslTrustCertificateState(); sslTrustCert1.certificate = sslTrust1; sslTrustCert1.subscriptionLink = null; sslTrustCert1.origin = HTTPS_HOST_COM; sslTrustCert1 = doPost(sslTrustCert1, SslTrustCertificateService.FACTORY_LINK); SslTrustCertificateState sslTrustCert2 = new SslTrustCertificateState(); sslTrustCert2.certificate = sslTrust1; sslTrustCert2.subscriptionLink = "subscription-link"; sslTrustCert2.origin = HTTPS_HOST_COM; sslTrustCert2 = doPost(sslTrustCert2, SslTrustCertificateService.FACTORY_LINK); sslTrustCert = getDocument(SslTrustCertificateState.class, sslTrustCert1.documentSelfLink); /* We POST two different objects without explicitly setting the documentSelfLink, but these * objects have the same certificate. The factory will build the same documentSelfLink for * both of these objects and the idempotent option will turn the post to a put, so we expect * to have the subscriptionLink set after the POST */ assertEquals(sslTrustCert2.subscriptionLink, sslTrustCert.subscriptionLink); validateCertProperties(sslTrustCert); }
@Test public void testProjectAdminRestrictionsToCertificates() throws Throwable { SslTrustCertificateState cert = new SslTrustCertificateState(); cert.certificate = CommonTestStateFactory.getFileContent("test_ssl_trust.PEM").trim(); host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN)); SslTrustCertificateState createdState = doPost(cert, SslTrustCertificateService.FACTORY_LINK); assertNotNull(createdState); assertNotNull(createdState.documentSelfLink); host.assumeIdentity(buildUserServicePath(USER_EMAIL_GLORIA)); // GET getDocument(SslTrustCertificateState.class, createdState.documentSelfLink); // POST doPost(cert, SslTrustCertificateService.FACTORY_LINK); // PUT createdState.commonName = "updated-name"; doPut(createdState); // DELETE doDelete(UriUtils.buildUri(host, createdState.documentSelfLink), false); }
@Test public void testBasicUserRestrictionsToCertificates() throws Throwable { SslTrustCertificateState cert = new SslTrustCertificateState(); cert.certificate = CommonTestStateFactory.getFileContent(FIRST_CERTIFICATE_PATH).trim(); // GET host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN)); SslTrustCertificateState createdState = doPost(cert, SslTrustCertificateService.FACTORY_LINK); assertNotNull(createdState); assertNotNull(createdState.documentSelfLink); host.assumeIdentity(buildUserServicePath(USER_EMAIL_BASIC_USER)); doGetWithRestrictionVerification(createdState, SslTrustCertificateService.FACTORY_LINK, SslTrustCertificateState.class.getName()); // POST doPostWithRestrictionVerification(cert, SslTrustCertificateService.FACTORY_LINK); // PUT createdState.commonName = "updated-name"; doPutWithRestrictionVerification(createdState, SslTrustCertificateService.FACTORY_LINK); // DELETE doDeleteWithRestrictionVerification(createdState, SslTrustCertificateService.FACTORY_LINK); }
private void distributeCertificate(RegistryState registry, Operation parentOp) { parentOp.complete(); logInfo("Distributing certificate for %s. Fetching registry certificate", registry.address); RegistryService.fetchRegistryCertificate(registry, (certificate) -> { RegistryConfigCertificateDistributionState distributionState = new RegistryConfigCertificateDistributionState(); distributionState.registryAddress = registry.address; distributionState.tenantLinks = registry.tenantLinks; distributionState.certState = new SslTrustCertificateState(); distributionState.certState.certificate = certificate; logInfo("Distributing certificate for %s. Fetched registry certificate.", registry.address); sendRequest(Operation.createPost(this, RegistryConfigCertificateDistributionService.SELF_LINK) .setContextId(parentOp.getContextId()) .setBody(distributionState)); }, getHost()); }
@Override public void accept(ServiceDocumentQueryElementResult<SslTrustCertificateState> result) { if (result.hasException()) { Utils.logWarning("Exception during ssl trust cert loading: %s", (result.getException() instanceof CancellationException) ? result.getException().getClass().getName() : Utils.toString(result.getException())); } else if (result.hasResult()) { SslTrustCertificateState sslTrustCert = result.getResult(); self.host.log(Level.FINE, "Adding certificate %s", sslTrustCert.fingerprint); if (ServiceDocument.isDeleted(sslTrustCert)) { deleteCertificate(sslTrustCert.getAlias()); } else { loadCertificate(sslTrustCert); } } }
private void loadCertificate(SslTrustCertificateState sslTrustCert) { try { self.putDelegate(sslTrustCert.getAlias(), sslTrustCert.certificate); Utils.log(getClass(), "Self Signed Trust Store", Level.FINE, "Certificate with alias %s updated", sslTrustCert.getAlias()); } catch (Throwable e) { Utils.logWarning( "Exception during certificate reload with alias: %s. Error: %s", sslTrustCert.getAlias(), Utils.toString(e)); } }
private SslTrustCertificateState createSslTrustCert() throws Throwable { if (this.sslTrustCert != null) { return this.sslTrustCert; } String sslTrustPem = FileUtil.getResourceAsString("/certs/ca.pem", true).trim(); SslTrustCertificateState sslTrustCert = new SslTrustCertificateState(); sslTrustCert.certificate = sslTrustPem; return createEntity(sslTrustCert, SslTrustCertificateService.FACTORY_LINK); }
public static SslTrustCertificateState createSslTrustCertificateState(String pemFileName, String id) { SslTrustCertificateState sslTrustState = new SslTrustCertificateState(); sslTrustState.documentSelfLink = id; sslTrustState.certificate = getFileContent(pemFileName); return sslTrustState; }
@Before public void setUp() throws Throwable { sslTrust1 = CommonTestStateFactory.getFileContent("test_ssl_trust.PEM").trim(); sslTrust2 = CommonTestStateFactory.getFileContent("test_ssl_trust2.PEM").trim(); sslTrustCert = new SslTrustCertificateState(); sslTrustCert.certificate = sslTrust1; sslTrustCert.origin = HTTPS_HOST_COM; waitForServiceAvailability(SslTrustCertificateService.FACTORY_LINK); waitForServiceAvailability(ContainerFactoryService.SELF_LINK); }
private SslTrustCertificateState createSslTrustCert() throws Throwable { if (sslTrustCert == null) { String sslTrust1 = CommonTestStateFactory.getFileContent("test_ssl_trust.PEM").trim(); // String sslTrust2 = CommonTestStateFactory.getFileContent("test_ssl_trust2.PEM").trim(); sslTrustCert = new SslTrustCertificateState(); sslTrustCert.certificate = sslTrust1; sslTrustCert = doPost(sslTrustCert, SslTrustCertificateService.FACTORY_LINK); } return sslTrustCert; }
private SslTrustCertificateState createSslTrustCert() throws Throwable { String sslTrustPem = CommonTestStateFactory.getFileContent("certs/ca.pem").trim(); SslTrustCertificateState sslTrustCert = new SslTrustCertificateState(); sslTrustCert.certificate = sslTrustPem; sslTrustCert = doPost(sslTrustCert, SslTrustCertificateService.FACTORY_LINK); return sslTrustCert; }
private SslTrustCertificateState createSslTrustCert(String commonName) throws Throwable { SslTrustCertificateState sslTrustCert = new SslTrustCertificateState(); String sslTrust1 = CommonTestStateFactory.getFileContent("test_ssl_trust.PEM").trim(); sslTrustCert.certificate = sslTrust1; sslTrustCert.commonName = commonName; sslTrustCert = doPost(sslTrustCert, SslTrustCertificateService.FACTORY_LINK); return sslTrustCert; } }
private SslTrustCertificateState createSslTrustCertificateState( SslTrustImportRequest request, X509Certificate[] certChain) { String sslTrust = CertificateUtilExtended.toPEMformat(certChain, getHost()); SslTrustCertificateState sslTrustState = new SslTrustCertificateState(); sslTrustState.certificate = sslTrust; SslTrustCertificateState.populateCertificateProperties(sslTrustState, certChain[0]); sslTrustState.tenantLinks = request.tenantLinks; sslTrustState.documentSelfLink = SslTrustCertificateFactoryService .generateSelfLlink(sslTrustState); sslTrustState.origin = request.hostUri.toString(); return sslTrustState; }