http://git-wip-us.apache.org/repos/asf/cloudstack/blob/cd5a7b54/server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java ---------------------------------------------------------------------- diff --git a/server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java b/server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java index 8e35441..23857de 100644 --- a/server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java +++ b/server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java @@ -116,37 +116,37 @@ public class CertServiceImpl implements CertService { @DB @Override @ActionEvent(eventType = EventTypes.EVENT_LB_CERT_UPLOAD, eventDescription = "Uploading a certificate to cloudstack", async = false) - public SslCertResponse uploadSslCert(UploadSslCertCmd certCmd) { + public SslCertResponse uploadSslCert(final UploadSslCertCmd certCmd) { try { - String cert = certCmd.getCert(); - String key = certCmd.getKey(); - String password = certCmd.getPassword(); - String chain = certCmd.getChain(); + final String cert = certCmd.getCert(); + final String key = certCmd.getKey(); + final String password = certCmd.getPassword(); + final String chain = certCmd.getChain(); validate(cert, key, password, chain); s_logger.debug("Certificate Validation succeeded"); - String fingerPrint = generateFingerPrint(parseCertificate(cert)); + final String fingerPrint = generateFingerPrint(parseCertificate(cert)); - CallContext ctx = CallContext.current(); - Account caller = ctx.getCallingAccount(); + final CallContext ctx = CallContext.current(); + final Account caller = ctx.getCallingAccount(); Account owner = null; - if ((certCmd.getAccountName() != null && certCmd.getDomainId() != null) || certCmd.getProjectId() != null) { + if (certCmd.getAccountName() != null && certCmd.getDomainId() != null || certCmd.getProjectId() != null) { owner = _accountMgr.finalizeOwner(caller, certCmd.getAccountName(), certCmd.getDomainId(), certCmd.getProjectId()); } else { owner = caller; } - Long accountId = owner.getId(); - Long domainId = owner.getDomainId(); + final Long accountId = owner.getId(); + final Long domainId = owner.getDomainId(); - SslCertVO certVO = new SslCertVO(cert, key, password, chain, accountId, domainId, fingerPrint); + final SslCertVO certVO = new SslCertVO(cert, key, password, chain, accountId, domainId, fingerPrint); _sslCertDao.persist(certVO); return createCertResponse(certVO, null); - } catch (Exception e) { + } catch (final Exception e) { throw new CloudRuntimeException("Error parsing certificate data " + e.getMessage()); } @@ -155,26 +155,26 @@ public class CertServiceImpl implements CertService { @DB @Override @ActionEvent(eventType = EventTypes.EVENT_LB_CERT_DELETE, eventDescription = "Deleting a certificate to cloudstack", async = false) - public void deleteSslCert(DeleteSslCertCmd deleteSslCertCmd) { + public void deleteSslCert(final DeleteSslCertCmd deleteSslCertCmd) { - CallContext ctx = CallContext.current(); - Account caller = ctx.getCallingAccount(); + final CallContext ctx = CallContext.current(); + final Account caller = ctx.getCallingAccount(); - Long certId = deleteSslCertCmd.getId(); - SslCertVO certVO = _sslCertDao.findById(certId); + final Long certId = deleteSslCertCmd.getId(); + final SslCertVO certVO = _sslCertDao.findById(certId); if (certVO == null) { throw new InvalidParameterValueException("Invalid certificate id: " + certId); } _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, true, certVO); - List<LoadBalancerCertMapVO> lbCertRule = _lbCertDao.listByCertId(certId); + final List<LoadBalancerCertMapVO> lbCertRule = _lbCertDao.listByCertId(certId); - if ((lbCertRule != null) && (!lbCertRule.isEmpty())) { + if (lbCertRule != null && !lbCertRule.isEmpty()) { String lbUuids = ""; - for (LoadBalancerCertMapVO rule : lbCertRule) { - LoadBalancerVO lb = _entityMgr.findById(LoadBalancerVO.class, rule.getLbId()); + for (final LoadBalancerCertMapVO rule : lbCertRule) { + final LoadBalancerVO lb = _entityMgr.findById(LoadBalancerVO.class, rule.getLbId()); lbUuids += " " + lb.getUuid(); } @@ -185,16 +185,16 @@ public class CertServiceImpl implements CertService { } @Override - public List<SslCertResponse> listSslCerts(ListSslCertsCmd listSslCertCmd) { - CallContext ctx = CallContext.current(); - Account caller = ctx.getCallingAccount(); + public List<SslCertResponse> listSslCerts(final ListSslCertsCmd listSslCertCmd) { + final CallContext ctx = CallContext.current(); + final Account caller = ctx.getCallingAccount(); - Long certId = listSslCertCmd.getCertId(); - Long accountId = listSslCertCmd.getAccountId(); - Long lbRuleId = listSslCertCmd.getLbId(); - Long projectId = listSslCertCmd.getProjectId(); + final Long certId = listSslCertCmd.getCertId(); + final Long accountId = listSslCertCmd.getAccountId(); + final Long lbRuleId = listSslCertCmd.getLbId(); + final Long projectId = listSslCertCmd.getProjectId(); - List<SslCertResponse> certResponseList = new ArrayList<SslCertResponse>(); + final List<SslCertResponse> certResponseList = new ArrayList<SslCertResponse>(); if (certId == null && accountId == null && lbRuleId == null && projectId == null) { throw new InvalidParameterValueException("Invalid parameters either certificate ID or Account ID or Loadbalancer ID or Project ID required"); @@ -219,7 +219,7 @@ public class CertServiceImpl implements CertService { } if (lbRuleId != null) { - LoadBalancer lb = _entityMgr.findById(LoadBalancerVO.class, lbRuleId); + final LoadBalancer lb = _entityMgr.findById(LoadBalancerVO.class, lbRuleId); if (lb == null) { throw new InvalidParameterValueException("Found no loadbalancer with id: " + lbRuleId); @@ -245,18 +245,19 @@ public class CertServiceImpl implements CertService { } if (projectId != null) { - Project project = _projectMgr.getProject(projectId); + final Project project = _projectMgr.getProject(projectId); if (project == null) { throw new InvalidParameterValueException("Found no project with id: " + projectId); } - List<SslCertVO> projectCertVOList = _sslCertDao.listByAccountId(project.getProjectAccountId()); - if (projectCertVOList == null || projectCertVOList.isEmpty()) + final List<SslCertVO> projectCertVOList = _sslCertDao.listByAccountId(project.getProjectAccountId()); + if (projectCertVOList == null || projectCertVOList.isEmpty()) { return certResponseList; + } _accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, projectCertVOList.get(0)); - for (SslCertVO cert : projectCertVOList) { + for (final SslCertVO cert : projectCertVOList) { certLbMap = _lbCertDao.listByCertId(cert.getId()); certResponseList.add(createCertResponse(cert, certLbMap)); } @@ -264,19 +265,20 @@ public class CertServiceImpl implements CertService { } //reached here look by accountId - List<SslCertVO> certVOList = _sslCertDao.listByAccountId(accountId); - if (certVOList == null || certVOList.isEmpty()) + final List<SslCertVO> certVOList = _sslCertDao.listByAccountId(accountId); + if (certVOList == null || certVOList.isEmpty()) { return certResponseList; + } _accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, certVOList.get(0)); - for (SslCertVO cert : certVOList) { + for (final SslCertVO cert : certVOList) { certLbMap = _lbCertDao.listByCertId(cert.getId()); certResponseList.add(createCertResponse(cert, certLbMap)); } return certResponseList; } - private void validate(String certInput, String keyInput, String password, String chainInput) { + private void validate(final String certInput, final String keyInput, final String password, final String chainInput) { Certificate cert; PrivateKey key; List<Certificate> chain = null; @@ -296,17 +298,18 @@ public class CertServiceImpl implements CertService { validateCert(cert, chainInput != null ? true : false); validateKeys(cert.getPublicKey(), key); - if (chainInput != null) + if (chainInput != null) { validateChain(chain, cert); + } } - public SslCertResponse createCertResponse(SslCertVO cert, List<LoadBalancerCertMapVO> lbCertMap) { - SslCertResponse response = new SslCertResponse(); + public SslCertResponse createCertResponse(final SslCertVO cert, final List<LoadBalancerCertMapVO> lbCertMap) { + final SslCertResponse response = new SslCertResponse(); - Account account = _accountDao.findByIdIncludingRemoved(cert.getAccountId()); + final Account account = _accountDao.findByIdIncludingRemoved(cert.getAccountId()); if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { // find the project - Project project = _projectMgr.findByProjectAccountIdIncludingRemoved(account.getId()); + final Project project = _projectMgr.findByProjectAccountIdIncludingRemoved(account.getId()); if (project != null) { response.setProjectId(project.getUuid()); @@ -318,7 +321,7 @@ public class CertServiceImpl implements CertService { response.setAccountName(account.getAccountName()); } - DomainVO domain = _domainDao.findByIdIncludingRemoved(cert.getDomainId()); + final DomainVO domain = _domainDao.findByIdIncludingRemoved(cert.getDomainId()); response.setDomainId(domain.getUuid()); response.setDomainName(domain.getName()); @@ -327,13 +330,14 @@ public class CertServiceImpl implements CertService { response.setCertificate(cert.getCertificate()); response.setFingerprint(cert.getFingerPrint()); - if (cert.getChain() != null) + if (cert.getChain() != null) { response.setCertchain(cert.getChain()); + } if (lbCertMap != null && !lbCertMap.isEmpty()) { - List<String> lbIds = new ArrayList<String>(); - for (LoadBalancerCertMapVO mapVO : lbCertMap) { - LoadBalancer lb = _entityMgr.findById(LoadBalancerVO.class, mapVO.getLbId()); + final List<String> lbIds = new ArrayList<String>(); + for (final LoadBalancerCertMapVO mapVO : lbCertMap) { + final LoadBalancer lb = _entityMgr.findById(LoadBalancerVO.class, mapVO.getLbId()); if (lb != null) { lbIds.add(lb.getUuid()); } @@ -344,74 +348,79 @@ public class CertServiceImpl implements CertService { return response; } - private void validateCert(Certificate cert, boolean chainPresent) { + private void validateCert(final Certificate cert, final boolean chainPresent) { - if (!(cert instanceof X509Certificate)) + if (!(cert instanceof X509Certificate)) { throw new IllegalArgumentException("Invalid certificate format. Expected X509 certificate"); + } try { ((X509Certificate)cert).checkValidity(); - } catch (Exception e) { + } catch (final Exception e) { throw new IllegalArgumentException("Certificate expired or not valid", e); } } - private void validateKeys(PublicKey pubKey, PrivateKey privKey) { + private void validateKeys(final PublicKey pubKey, final PrivateKey privKey) { - if (pubKey.getAlgorithm() != privKey.getAlgorithm()) + if (pubKey.getAlgorithm() != privKey.getAlgorithm()) { throw new IllegalArgumentException("Public and private key have different algorithms"); + } // No encryption for DSA - if (pubKey.getAlgorithm() != "RSA") + if (pubKey.getAlgorithm() != "RSA") { return; + } try { - String data = "ENCRYPT_DATA"; - SecureRandom random = new SecureRandom(); - Cipher cipher = Cipher.getInstance(pubKey.getAlgorithm()); + final String data = "ENCRYPT_DATA"; + final SecureRandom random = new SecureRandom(); + final Cipher cipher = Cipher.getInstance(pubKey.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, privKey, random); - byte[] encryptedData = cipher.doFinal(data.getBytes()); + final byte[] encryptedData = cipher.doFinal(data.getBytes()); cipher.init(Cipher.DECRYPT_MODE, pubKey, random); - String decreptedData = new String(cipher.doFinal(encryptedData)); - if (!decreptedData.equals(data)) + final String decreptedData = new String(cipher.doFinal(encryptedData)); + if (!decreptedData.equals(data)) { throw new IllegalArgumentException("Bad public-private key"); + } - } catch (BadPaddingException e) { + } catch (final BadPaddingException e) { throw new IllegalArgumentException("Bad public-private key", e); - } catch (IllegalBlockSizeException e) { + } catch (final IllegalBlockSizeException e) { throw new IllegalArgumentException("Bad public-private key", e); - } catch (NoSuchPaddingException e) { + } catch (final NoSuchPaddingException e) { throw new IllegalArgumentException("Bad public-private key", e); - } catch (InvalidKeyException e) { + } catch (final InvalidKeyException e) { throw new IllegalArgumentException("Invalid public-private key", e); - } catch (NoSuchAlgorithmException e) { + } catch (final NoSuchAlgorithmException e) { throw new IllegalArgumentException("Invalid algorithm for public-private key", e); } } - private void validateChain(List<Certificate> chain, Certificate cert) { + private void validateChain(final List<Certificate> chain, final Certificate cert) { - List<Certificate> certs = new ArrayList<Certificate>(); - Set<TrustAnchor> anchors = new HashSet<TrustAnchor>(); + final List<Certificate> certs = new ArrayList<Certificate>(); + final Set<TrustAnchor> anchors = new HashSet<TrustAnchor>(); certs.add(cert); // adding for self signed certs certs.addAll(chain); - for (Certificate c : certs) { - if (!(c instanceof X509Certificate)) + for (final Certificate c : certs) { + if (!(c instanceof X509Certificate)) { throw new IllegalArgumentException("Invalid chain format. Expected X509 certificate"); + } - X509Certificate xCert = (X509Certificate)c; + final X509Certificate xCert = (X509Certificate)c; xCert.getSubjectDN(); xCert.getIssuerDN(); - anchors.add(new TrustAnchor(xCert, null)); + anchors.add(new TrustAnchor(xCert, null)); } - X509CertSelector target = new X509CertSelector(); + final X509CertSelector target = new X509CertSelector(); target.setCertificate((X509Certificate)cert); PKIXBuilderParameters params = null; @@ -419,16 +428,16 @@ public class CertServiceImpl implements CertService { params = new PKIXBuilderParameters(anchors, target); params.setRevocationEnabled(false); params.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs))); - CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC"); + final CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC"); builder.build(params); - } catch (InvalidAlgorithmParameterException e) { + } catch (final InvalidAlgorithmParameterException e) { throw new IllegalArgumentException("Invalid certificate chain", e); - } catch (CertPathBuilderException e) { + } catch (final CertPathBuilderException e) { throw new IllegalArgumentException("Invalid certificate chain", e); - } catch (NoSuchAlgorithmException e) { + } catch (final NoSuchAlgorithmException e) { throw new IllegalArgumentException("Invalid certificate chain", e); - } catch (NoSuchProviderException e) { + } catch (final NoSuchProviderException e) { throw new CloudRuntimeException("No provider for certificate validation", e); } @@ -448,7 +457,7 @@ public class CertServiceImpl implements CertService { } } - public Certificate parseCertificate(String cert) { + public Certificate parseCertificate(final String cert) { final PemReader certPem = new PemReader(new StringReader(cert)); try { return readCertificateFromPemObject(certPem.readPemObject()); @@ -459,7 +468,7 @@ public class CertServiceImpl implements CertService { } } - private Certificate readCertificateFromPemObject(PemObject pemObject) throws CertificateException { + private Certificate readCertificateFromPemObject(final PemObject pemObject) throws CertificateException { final ByteArrayInputStream bais = new ByteArrayInputStream(pemObject.getContent()); final CertificateFactory certificateFactory = CertificateFactory.getInstance("X509"); @@ -467,20 +476,20 @@ public class CertServiceImpl implements CertService { } - public List<Certificate> parseChain(String chain) throws IOException, CertificateException { + public List<Certificate> parseChain(final String chain) throws IOException, CertificateException { return CertificateHelper.parseChain(chain); } - String generateFingerPrint(Certificate cert) { + String generateFingerPrint(final Certificate cert) { final char[] HEX = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'}; - StringBuilder buffer = new StringBuilder(60); + final StringBuilder buffer = new StringBuilder(60); try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] data = md.digest(cert.getEncoded()); + final MessageDigest md = MessageDigest.getInstance("SHA-1"); + final byte[] data = md.digest(cert.getEncoded()); for (final byte element : data) { if (buffer.length() > 0) { @@ -511,7 +520,7 @@ public class CertServiceImpl implements CertService { boolean passwordRequested = false; char[] password; - KeyPassword(char[] word) { + KeyPassword(final char[] word) { password = word; }
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/cd5a7b54/server/test/org/apache/cloudstack/network/lb/CertServiceTest.java ---------------------------------------------------------------------- diff --git a/server/test/org/apache/cloudstack/network/lb/CertServiceTest.java b/server/test/org/apache/cloudstack/network/lb/CertServiceTest.java index 033b44e..734e381 100644 --- a/server/test/org/apache/cloudstack/network/lb/CertServiceTest.java +++ b/server/test/org/apache/cloudstack/network/lb/CertServiceTest.java @@ -62,8 +62,8 @@ public class CertServiceTest { @Before public void setUp() { - Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); - UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN); + final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); + final UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN); CallContext.register(user, account); } @@ -99,23 +99,23 @@ public class CertServiceTest { TransactionLegacy.open("runUploadSslCertWithCAChain"); - String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),Charset.defaultCharset().name()); - String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),Charset.defaultCharset().name()); - String chainFile = URLDecoder.decode(getClass().getResource("/certs/root_chain.crt").getFile(),Charset.defaultCharset().name()); + final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),Charset.defaultCharset().name()); + final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),Charset.defaultCharset().name()); + final String chainFile = URLDecoder.decode(getClass().getResource("/certs/root_chain.crt").getFile(),Charset.defaultCharset().name()); - String cert = readFileToString(new File(certFile)); - String key = readFileToString(new File(keyFile)); - String chain = readFileToString(new File(chainFile)); + final String cert = readFileToString(new File(certFile)); + final String key = readFileToString(new File(keyFile)); + final String chain = readFileToString(new File(chainFile)); - CertServiceImpl certService = new CertServiceImpl(); + final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); - Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); + final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); - DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); + final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); @@ -125,25 +125,25 @@ public class CertServiceTest { when(certService._accountDao.findByIdIncludingRemoved(anyLong())).thenReturn((AccountVO)account); //creating the command - UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); - Class<?> _class = uploadCmd.getClass().getSuperclass(); + final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); + final Class<?> _class = uploadCmd.getClass().getSuperclass(); - Field certField = _class.getDeclaredField("cert"); + final Field certField = _class.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); - Field keyField = _class.getDeclaredField("key"); + final Field keyField = _class.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); - Field chainField = _class.getDeclaredField("chain"); + final Field chainField = _class.getDeclaredField("chain"); chainField.setAccessible(true); chainField.set(uploadCmd, chain); certService.uploadSslCert(uploadCmd); } -// @Test + // @Test /** * Given a Self-signed Certificate with encrypted key, upload should succeed */ @@ -151,22 +151,22 @@ public class CertServiceTest { TransactionLegacy.open("runUploadSslCertSelfSignedWithPassword"); - String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); - String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); - String password = "test"; + final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); + final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); + final String password = "test"; - String cert = readFileToString(new File(certFile)); - String key = readFileToString(new File(keyFile)); + final String cert = readFileToString(new File(certFile)); + final String key = readFileToString(new File(keyFile)); - CertServiceImpl certService = new CertServiceImpl(); + final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); - Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); + final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); - DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); + final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); @@ -176,18 +176,18 @@ public class CertServiceTest { when(certService._accountDao.findByIdIncludingRemoved(anyLong())).thenReturn((AccountVO)account); //creating the command - UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); - Class<?> _class = uploadCmd.getClass().getSuperclass(); + final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); + final Class<?> _class = uploadCmd.getClass().getSuperclass(); - Field certField = _class.getDeclaredField("cert"); + final Field certField = _class.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); - Field keyField = _class.getDeclaredField("key"); + final Field keyField = _class.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); - Field passField = _class.getDeclaredField("password"); + final Field passField = _class.getDeclaredField("password"); passField.setAccessible(true); passField.set(uploadCmd, password); @@ -202,21 +202,21 @@ public class CertServiceTest { TransactionLegacy.open("runUploadSslCertSelfSignedNoPassword"); - String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); - String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); + final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); + final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); - String cert = readFileToString(new File(certFile)); - String key = readFileToString(new File(keyFile)); + final String cert = readFileToString(new File(certFile)); + final String key = readFileToString(new File(keyFile)); - CertServiceImpl certService = new CertServiceImpl(); + final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); - Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); + final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); - DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); + final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); @@ -226,14 +226,14 @@ public class CertServiceTest { when(certService._accountDao.findByIdIncludingRemoved(anyLong())).thenReturn((AccountVO)account); //creating the command - UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); - Class<?> _class = uploadCmd.getClass().getSuperclass(); + final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); + final Class<?> _class = uploadCmd.getClass().getSuperclass(); - Field certField = _class.getDeclaredField("cert"); + final Field certField = _class.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); - Field keyField = _class.getDeclaredField("key"); + final Field keyField = _class.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); @@ -245,48 +245,48 @@ public class CertServiceTest { public void runUploadSslCertBadChain() throws IOException, IllegalAccessException, NoSuchFieldException { Assume.assumeTrue(isOpenJdk() || isJCEInstalled()); - String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),Charset.defaultCharset().name()); - String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),Charset.defaultCharset().name()); - String chainFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); + final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),Charset.defaultCharset().name()); + final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),Charset.defaultCharset().name()); + final String chainFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); - String cert = readFileToString(new File(certFile)); - String key = readFileToString(new File(keyFile)); - String chain = readFileToString(new File(chainFile)); + final String cert = readFileToString(new File(certFile)); + final String key = readFileToString(new File(keyFile)); + final String chain = readFileToString(new File(chainFile)); - CertServiceImpl certService = new CertServiceImpl(); + final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); - Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); + final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); - DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); + final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command - UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); - Class<?> _class = uploadCmd.getClass().getSuperclass(); + final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); + final Class<?> _class = uploadCmd.getClass().getSuperclass(); - Field certField = _class.getDeclaredField("cert"); + final Field certField = _class.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); - Field keyField = _class.getDeclaredField("key"); + final Field keyField = _class.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); - Field chainField = _class.getDeclaredField("chain"); + final Field chainField = _class.getDeclaredField("chain"); chainField.setAccessible(true); chainField.set(uploadCmd, chain); try { certService.uploadSslCert(uploadCmd); fail("The chain given is not the correct chain for the certificate"); - } catch (Exception e) { + } catch (final Exception e) { assertTrue(e.getMessage().contains("Invalid certificate chain")); } } @@ -297,48 +297,48 @@ public class CertServiceTest { Assume.assumeTrue(isOpenJdk() || isJCEInstalled()); - String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),Charset.defaultCharset().name()); - String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),Charset.defaultCharset().name()); - String chainFile = URLDecoder.decode(getClass().getResource("/certs/non_root.crt").getFile(),Charset.defaultCharset().name()); + final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),Charset.defaultCharset().name()); + final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),Charset.defaultCharset().name()); + final String chainFile = URLDecoder.decode(getClass().getResource("/certs/non_root.crt").getFile(),Charset.defaultCharset().name()); - String cert = readFileToString(new File(certFile)); - String key = readFileToString(new File(keyFile)); - String chain = readFileToString(new File(chainFile)); + final String cert = readFileToString(new File(certFile)); + final String key = readFileToString(new File(keyFile)); + final String chain = readFileToString(new File(chainFile)); - CertServiceImpl certService = new CertServiceImpl(); + final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); - Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); + final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); - DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); + final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command - UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); - Class<?> _class = uploadCmd.getClass().getSuperclass(); + final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); + final Class<?> _class = uploadCmd.getClass().getSuperclass(); - Field certField = _class.getDeclaredField("cert"); + final Field certField = _class.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); - Field keyField = _class.getDeclaredField("key"); + final Field keyField = _class.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); - Field chainField = _class.getDeclaredField("chain"); + final Field chainField = _class.getDeclaredField("chain"); chainField.setAccessible(true); chainField.set(uploadCmd, chain); try { certService.uploadSslCert(uploadCmd); fail("Chain is given but does not link to the certificate"); - } catch (Exception e) { + } catch (final Exception e) { assertTrue(e.getMessage().contains("Invalid certificate chain")); } @@ -348,40 +348,40 @@ public class CertServiceTest { @Test public void runUploadSslCertBadPassword() throws IOException, IllegalAccessException, NoSuchFieldException { - String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); - String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); - String password = "bad_password"; + final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),Charset.defaultCharset().name()); + final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),Charset.defaultCharset().name()); + final String password = "bad_password"; - String cert = readFileToString(new File(certFile)); - String key = readFileToString(new File(keyFile)); + final String cert = readFileToString(new File(certFile)); + final String key = readFileToString(new File(keyFile)); - CertServiceImpl certService = new CertServiceImpl(); + final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); - Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); + final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); - DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); + final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command - UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); - Class<?> _class = uploadCmd.getClass().getSuperclass(); + final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); + final Class<?> _class = uploadCmd.getClass().getSuperclass(); - Field certField = _class.getDeclaredField("cert"); + final Field certField = _class.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); - Field keyField = _class.getDeclaredField("key"); + final Field keyField = _class.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); - Field passField = _class.getDeclaredField("password"); + final Field passField = _class.getDeclaredField("password"); passField.setAccessible(true); passField.set(uploadCmd, password); @@ -398,41 +398,41 @@ public class CertServiceTest { @Test public void runUploadSslCertBadkeyPair() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files - String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); - String keyFile = URLDecoder.decode(getClass().getResource("/certs/non_root.key").getFile(),Charset.defaultCharset().name()); + final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); + final String keyFile = URLDecoder.decode(getClass().getResource("/certs/non_root.key").getFile(),Charset.defaultCharset().name()); - String cert = readFileToString(new File(certFile)); - String key = readFileToString(new File(keyFile)); + final String cert = readFileToString(new File(certFile)); + final String key = readFileToString(new File(keyFile)); - CertServiceImpl certService = new CertServiceImpl(); + final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); - Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); + final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); - DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); + final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command - UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); - Class<?> _class = uploadCmd.getClass().getSuperclass(); + final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); + final Class<?> _class = uploadCmd.getClass().getSuperclass(); - Field certField = _class.getDeclaredField("cert"); + final Field certField = _class.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); - Field keyField = _class.getDeclaredField("key"); + final Field keyField = _class.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); try { certService.uploadSslCert(uploadCmd); - } catch (Exception e) { + } catch (final Exception e) { assertTrue(e.getMessage().contains("Bad public-private key")); } } @@ -441,35 +441,35 @@ public class CertServiceTest { public void runUploadSslCertBadkeyAlgo() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files - String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); - String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); + final String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),Charset.defaultCharset().name()); + final String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),Charset.defaultCharset().name()); - String cert = readFileToString(new File(certFile)); - String key = readFileToString(new File(keyFile)); + final String cert = readFileToString(new File(certFile)); + final String key = readFileToString(new File(keyFile)); - CertServiceImpl certService = new CertServiceImpl(); + final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); - Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); + final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); - DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); + final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command - UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); - Class<?> _class = uploadCmd.getClass().getSuperclass(); + final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); + final Class<?> _class = uploadCmd.getClass().getSuperclass(); - Field certField = _class.getDeclaredField("cert"); + final Field certField = _class.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); - Field keyField = _class.getDeclaredField("key"); + final Field keyField = _class.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); @@ -486,42 +486,42 @@ public class CertServiceTest { public void runUploadSslCertExpiredCert() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files - String certFile = URLDecoder.decode(getClass().getResource("/certs/expired_cert.crt").getFile(),Charset.defaultCharset().name()); - String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); + final String certFile = URLDecoder.decode(getClass().getResource("/certs/expired_cert.crt").getFile(),Charset.defaultCharset().name()); + final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); - String cert = readFileToString(new File(certFile)); - String key = readFileToString(new File(keyFile)); + final String cert = readFileToString(new File(certFile)); + final String key = readFileToString(new File(keyFile)); - CertServiceImpl certService = new CertServiceImpl(); + final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); - Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); + final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); - DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); + final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command - UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); - Class<?> _class = uploadCmd.getClass().getSuperclass(); + final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); + final Class<?> _class = uploadCmd.getClass().getSuperclass(); - Field certField = _class.getDeclaredField("cert"); + final Field certField = _class.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); - Field keyField = _class.getDeclaredField("key"); + final Field keyField = _class.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); try { certService.uploadSslCert(uploadCmd); fail("Given an expired certificate, upload should fail"); - } catch (Exception e) { + } catch (final Exception e) { assertTrue(e.getMessage().contains("Certificate expired")); } } @@ -529,42 +529,42 @@ public class CertServiceTest { @Test public void runUploadSslCertNotX509() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files - String certFile = URLDecoder.decode(getClass().getResource("/certs/non_x509_pem.crt").getFile(),Charset.defaultCharset().name()); - String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); + final String certFile = URLDecoder.decode(getClass().getResource("/certs/non_x509_pem.crt").getFile(),Charset.defaultCharset().name()); + final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); - String cert = readFileToString(new File(certFile)); - String key = readFileToString(new File(keyFile)); + final String cert = readFileToString(new File(certFile)); + final String key = readFileToString(new File(keyFile)); - CertServiceImpl certService = new CertServiceImpl(); + final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); - Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); + final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); - DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); + final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command - UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); - Class<?> _class = uploadCmd.getClass().getSuperclass(); + final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); + final Class<?> _class = uploadCmd.getClass().getSuperclass(); - Field certField = _class.getDeclaredField("cert"); + final Field certField = _class.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); - Field keyField = _class.getDeclaredField("key"); + final Field keyField = _class.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); try { certService.uploadSslCert(uploadCmd); fail("Given a Certificate which is not X509, upload should fail"); - } catch (Exception e) { + } catch (final Exception e) { assertTrue(e.getMessage().contains("Expected X509 certificate")); } } @@ -573,35 +573,35 @@ public class CertServiceTest { public void runUploadSslCertBadFormat() throws IOException, IllegalAccessException, NoSuchFieldException { // Reading appropritate files - String certFile = URLDecoder.decode(getClass().getResource("/certs/bad_format_cert.crt").getFile(),Charset.defaultCharset().name()); - String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); + final String certFile = URLDecoder.decode(getClass().getResource("/certs/bad_format_cert.crt").getFile(),Charset.defaultCharset().name()); + final String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),Charset.defaultCharset().name()); - String cert = readFileToString(new File(certFile)); - String key = readFileToString(new File(keyFile)); + final String cert = readFileToString(new File(certFile)); + final String key = readFileToString(new File(keyFile)); - CertServiceImpl certService = new CertServiceImpl(); + final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); - Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); + final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); - DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); + final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO()); //creating the command - UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); - Class<?> _class = uploadCmd.getClass().getSuperclass(); + final UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn(); + final Class<?> _class = uploadCmd.getClass().getSuperclass(); - Field certField = _class.getDeclaredField("cert"); + final Field certField = _class.getDeclaredField("cert"); certField.setAccessible(true); certField.set(uploadCmd, cert); - Field keyField = _class.getDeclaredField("key"); + final Field keyField = _class.getDeclaredField("key"); keyField.setAccessible(true); keyField.set(uploadCmd, key); @@ -620,18 +620,18 @@ public class CertServiceTest { */ public void runDeleteSslCertValid() throws Exception { - TransactionLegacy txn = TransactionLegacy.open("runDeleteSslCertValid"); + TransactionLegacy.open("runDeleteSslCertValid"); - CertServiceImpl certService = new CertServiceImpl(); - long certId = 1; + final CertServiceImpl certService = new CertServiceImpl(); + final long certId = 1; //setting mock objects certService._accountMgr = Mockito.mock(AccountManager.class); - Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); + final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); - DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); + final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); @@ -644,10 +644,10 @@ public class CertServiceTest { when(certService._lbCertDao.listByCertId(anyLong())).thenReturn(null); //creating the command - DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn(); - Class<?> _class = deleteCmd.getClass().getSuperclass(); + final DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn(); + final Class<?> _class = deleteCmd.getClass().getSuperclass(); - Field certField = _class.getDeclaredField("id"); + final Field certField = _class.getDeclaredField("id"); certField.setAccessible(true); certField.set(deleteCmd, certId); @@ -657,19 +657,19 @@ public class CertServiceTest { @Test public void runDeleteSslCertBoundCert() throws NoSuchFieldException, IllegalAccessException { - TransactionLegacy txn = TransactionLegacy.open("runDeleteSslCertBoundCert"); + TransactionLegacy.open("runDeleteSslCertBoundCert"); - CertServiceImpl certService = new CertServiceImpl(); + final CertServiceImpl certService = new CertServiceImpl(); //setting mock objects - long certId = 1; + final long certId = 1; certService._accountMgr = Mockito.mock(AccountManager.class); - Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); + final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); - DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); + final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); @@ -679,7 +679,7 @@ public class CertServiceTest { // rule holding the cert certService._lbCertDao = Mockito.mock(LoadBalancerCertMapDao.class); - List<LoadBalancerCertMapVO> lbMapList = new ArrayList<LoadBalancerCertMapVO>(); + final List<LoadBalancerCertMapVO> lbMapList = new ArrayList<LoadBalancerCertMapVO>(); lbMapList.add(new LoadBalancerCertMapVO()); certService._lbCertDao = Mockito.mock(LoadBalancerCertMapDao.class); @@ -689,17 +689,17 @@ public class CertServiceTest { when(certService._entityMgr.findById(eq(LoadBalancerVO.class), anyLong())).thenReturn(new LoadBalancerVO()); //creating the command - DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn(); - Class<?> _class = deleteCmd.getClass().getSuperclass(); + final DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn(); + final Class<?> _class = deleteCmd.getClass().getSuperclass(); - Field certField = _class.getDeclaredField("id"); + final Field certField = _class.getDeclaredField("id"); certField.setAccessible(true); certField.set(deleteCmd, certId); try { certService.deleteSslCert(deleteCmd); fail("Delete with a cert id bound to a lb should fail"); - } catch (Exception e) { + } catch (final Exception e) { assertTrue(e.getMessage().contains("Certificate in use by a loadbalancer")); } @@ -707,17 +707,17 @@ public class CertServiceTest { @Test public void runDeleteSslCertInvalidId() throws NoSuchFieldException, IllegalAccessException { - TransactionLegacy txn = TransactionLegacy.open("runDeleteSslCertInvalidId"); + TransactionLegacy.open("runDeleteSslCertInvalidId"); - long certId = 1; - CertServiceImpl certService = new CertServiceImpl(); + final long certId = 1; + final CertServiceImpl certService = new CertServiceImpl(); certService._accountMgr = Mockito.mock(AccountManager.class); - Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); + final Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString()); when(certService._accountMgr.getAccount(anyLong())).thenReturn(account); certService._domainDao = Mockito.mock(DomainDao.class); - DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); + final DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain"); when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain); certService._sslCertDao = Mockito.mock(SslCertDao.class); @@ -729,17 +729,17 @@ public class CertServiceTest { when(certService._lbCertDao.listByCertId(anyLong())).thenReturn(null); //creating the command - DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn(); - Class<?> _class = deleteCmd.getClass().getSuperclass(); + final DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn(); + final Class<?> _class = deleteCmd.getClass().getSuperclass(); - Field certField = _class.getDeclaredField("id"); + final Field certField = _class.getDeclaredField("id"); certField.setAccessible(true); certField.set(deleteCmd, certId); try { certService.deleteSslCert(deleteCmd); fail("Delete with an invalid ID should fail"); - } catch (Exception e) { + } catch (final Exception e) { assertTrue(e.getMessage().contains("Invalid certificate id")); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/cd5a7b54/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java ---------------------------------------------------------------------- diff --git a/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java b/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java index 2426500..ee7c438 100644 --- a/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java +++ b/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java @@ -50,30 +50,30 @@ import com.cloud.utils.Ternary; import com.cloud.utils.exception.CloudRuntimeException; public class CertificateHelper { - public static byte[] buildAndSaveKeystore(String alias, String cert, String privateKey, String storePassword) throws KeyStoreException, CertificateException, - NoSuchAlgorithmException, InvalidKeySpecException, IOException { - KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); + public static byte[] buildAndSaveKeystore(final String alias, final String cert, final String privateKey, final String storePassword) throws KeyStoreException, CertificateException, + NoSuchAlgorithmException, InvalidKeySpecException, IOException { + final KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); - ByteArrayOutputStream os = new ByteArrayOutputStream(); + final ByteArrayOutputStream os = new ByteArrayOutputStream(); ks.store(os, storePassword != null ? storePassword.toCharArray() : null); os.close(); return os.toByteArray(); } - public static byte[] buildAndSaveKeystore(List<Ternary<String, String, String>> certs, String storePassword) throws KeyStoreException, NoSuchAlgorithmException, - CertificateException, IOException, InvalidKeySpecException { - KeyStore ks = KeyStore.getInstance("JKS"); + public static byte[] buildAndSaveKeystore(final List<Ternary<String, String, String>> certs, final String storePassword) throws KeyStoreException, NoSuchAlgorithmException, + CertificateException, IOException, InvalidKeySpecException { + final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, storePassword != null ? storePassword.toCharArray() : null); //name,cert,key - for (Ternary<String, String, String> cert : certs) { + for (final Ternary<String, String, String> cert : certs) { if (cert.third() == null) { - Certificate c = buildCertificate(cert.second()); + final Certificate c = buildCertificate(cert.second()); ks.setCertificateEntry(cert.first(), c); } else { - Certificate[] c = new Certificate[certs.size()]; + final Certificate[] c = new Certificate[certs.size()]; int i = certs.size(); - for (Ternary<String, String, String> ct : certs) { + for (final Ternary<String, String, String> ct : certs) { c[i - 1] = buildCertificate(ct.second()); i--; } @@ -81,46 +81,46 @@ public class CertificateHelper { } } - ByteArrayOutputStream os = new ByteArrayOutputStream(); + final ByteArrayOutputStream os = new ByteArrayOutputStream(); ks.store(os, storePassword != null ? storePassword.toCharArray() : null); os.close(); return os.toByteArray(); } - public static KeyStore loadKeystore(byte[] ksData, String storePassword) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { - assert (ksData != null); - KeyStore ks = KeyStore.getInstance("JKS"); + public static KeyStore loadKeystore(final byte[] ksData, final String storePassword) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { + assert ksData != null; + final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new ByteArrayInputStream(ksData), storePassword != null ? storePassword.toCharArray() : null); return ks; } - public static KeyStore buildKeystore(String alias, String cert, String privateKey, String storePassword) throws KeyStoreException, CertificateException, - NoSuchAlgorithmException, InvalidKeySpecException, IOException { + public static KeyStore buildKeystore(final String alias, final String cert, final String privateKey, final String storePassword) throws KeyStoreException, CertificateException, + NoSuchAlgorithmException, InvalidKeySpecException, IOException { - KeyStore ks = KeyStore.getInstance("JKS"); + final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, storePassword != null ? storePassword.toCharArray() : null); - Certificate[] certs = new Certificate[1]; + final Certificate[] certs = new Certificate[1]; certs[0] = buildCertificate(cert); ks.setKeyEntry(alias, buildPrivateKey(privateKey), storePassword != null ? storePassword.toCharArray() : null, certs); return ks; } - public static Certificate buildCertificate(String content) throws CertificateException { - assert (content != null); + public static Certificate buildCertificate(final String content) throws CertificateException { + assert content != null; - BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream(content.getBytes())); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); + final BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream(content.getBytes())); + final CertificateFactory cf = CertificateFactory.getInstance("X.509"); return cf.generateCertificate(bis); } - public static Key buildPrivateKey(String base64EncodedKeyContent) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException { - KeyFactory kf = KeyFactory.getInstance("RSA"); - PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(Base64.decodeBase64(base64EncodedKeyContent)); + public static Key buildPrivateKey(final String base64EncodedKeyContent) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException { + final KeyFactory kf = KeyFactory.getInstance("RSA"); + final PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(Base64.decodeBase64(base64EncodedKeyContent)); return kf.generatePrivate(keysp); } - public static List<Certificate> parseChain(String chain) throws IOException, CertificateException { + public static List<Certificate> parseChain(final String chain) throws IOException, CertificateException { final List<Certificate> certs = new ArrayList<Certificate>(); try(final PemReader pemReader = new PemReader(new StringReader(chain));) @@ -130,8 +130,8 @@ public class CertificateHelper { final ByteArrayInputStream bais = new ByteArrayInputStream(pemObject.getContent()); final CertificateFactory certificateFactory = CertificateFactory.getInstance("X509"); - Collection<? extends Certificate> c = certificateFactory.generateCertificates(bais); - Iterator<? extends Certificate> i = c.iterator(); + final Collection<? extends Certificate> c = certificateFactory.generateCertificates(bais); + final Iterator<? extends Certificate> i = c.iterator(); while (i.hasNext()) { cert = i.next(); if (cert instanceof X509Certificate) { @@ -149,15 +149,15 @@ public class CertificateHelper { return certs; } - public static String generateFingerPrint(Certificate cert) { + public static String generateFingerPrint(final Certificate cert) { final char[] HEX = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'}; - StringBuilder buffer = new StringBuilder(60); + final StringBuilder buffer = new StringBuilder(60); try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] data = md.digest(cert.getEncoded()); + final MessageDigest md = MessageDigest.getInstance("SHA-1"); + final byte[] data = md.digest(cert.getEncoded()); for (final byte element : data) { if (buffer.length() > 0) {
