You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bf...@apache.org on 2013/11/08 19:09:20 UTC
[64/76] [abbrv] Squashed merge of Ssl Termination feature
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/org/apache/cloudstack/network/lb/ApplicationLoadBalancerTest.java
----------------------------------------------------------------------
diff --git a/server/test/org/apache/cloudstack/network/lb/ApplicationLoadBalancerTest.java b/server/test/org/apache/cloudstack/network/lb/ApplicationLoadBalancerTest.java
new file mode 100644
index 0000000..82b1181
--- /dev/null
+++ b/server/test/org/apache/cloudstack/network/lb/ApplicationLoadBalancerTest.java
@@ -0,0 +1,381 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.network.lb;
+
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.inject.Inject;
+
+import junit.framework.TestCase;
+
+import org.apache.cloudstack.lb.ApplicationLoadBalancerRuleVO;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mockito;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.ComponentScan.Filter;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.FilterType;
+import org.springframework.core.type.classreading.MetadataReader;
+import org.springframework.core.type.classreading.MetadataReaderFactory;
+import org.springframework.core.type.filter.TypeFilter;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.support.AnnotationConfigContextLoader;
+
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
+import org.apache.cloudstack.lb.dao.ApplicationLoadBalancerRuleDao;
+import org.apache.cloudstack.network.lb.ApplicationLoadBalancerManagerImpl;
+import org.apache.cloudstack.network.lb.ApplicationLoadBalancerRule;
+import org.apache.cloudstack.test.utils.SpringUtils;
+
+import com.cloud.event.dao.UsageEventDao;
+import com.cloud.exception.InsufficientAddressCapacityException;
+import com.cloud.exception.InsufficientVirtualNetworkCapcityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.UnsupportedServiceException;
+import com.cloud.network.IpAddressManager;
+import com.cloud.network.Network;
+import com.cloud.network.Network.Capability;
+import com.cloud.network.Network.Service;
+import com.cloud.network.NetworkModel;
+import com.cloud.network.Networks.TrafficType;
+import com.cloud.network.dao.FirewallRulesDao;
+import com.cloud.network.dao.NetworkVO;
+import com.cloud.network.lb.LoadBalancingRule;
+import com.cloud.network.lb.LoadBalancingRulesManager;
+import com.cloud.network.lb.LoadBalancingRulesService;
+import com.cloud.network.rules.FirewallRuleVO;
+import com.cloud.network.rules.LoadBalancerContainer.Scheme;
+import com.cloud.tags.dao.ResourceTagDao;
+import com.cloud.user.AccountManager;
+import com.cloud.user.AccountVO;
+import com.cloud.user.UserVO;
+import com.cloud.utils.component.ComponentContext;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.net.Ip;
+import com.cloud.utils.net.NetUtils;
+
+/**
+ * This class is responsible for unittesting the methods defined in ApplicationLoadBalancerService
+ *
+ */
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(loader = AnnotationConfigContextLoader.class)
+public class ApplicationLoadBalancerTest extends TestCase {
+ //The interface to test
+ @Inject
+ ApplicationLoadBalancerManagerImpl _appLbSvc;
+
+ //The interfaces below are mocked
+ @Inject
+ ApplicationLoadBalancerRuleDao _lbDao;
+ @Inject
+ LoadBalancingRulesManager _lbMgr;
+ @Inject
+ NetworkModel _ntwkModel;
+ @Inject
+ AccountManager _accountMgr;
+ @Inject
+ FirewallRulesDao _firewallDao;
+ @Inject
+ UsageEventDao _usageEventDao;
+ @Inject
+ LoadBalancingRulesService _lbService;
+
+ public static long existingLbId = 1L;
+ public static long nonExistingLbId = 2L;
+
+ public static long validGuestNetworkId = 1L;
+ public static long invalidGuestNetworkId = 2L;
+ public static long validPublicNetworkId = 3L;
+
+ public static long validAccountId = 1L;
+ public static long invalidAccountId = 2L;
+
+ public String validRequestedIp = "10.1.1.1";
+
+ @Override
+ @Before
+ public void setUp() {
+ ComponentContext.initComponentsLifeCycle();
+ //mockito for .getApplicationLoadBalancer tests
+ Mockito.when(_lbDao.findById(1L)).thenReturn(new ApplicationLoadBalancerRuleVO());
+ Mockito.when(_lbDao.findById(2L)).thenReturn(null);
+
+ //mockito for .deleteApplicationLoadBalancer tests
+ Mockito.when(_lbService.deleteLoadBalancerRule(existingLbId, true)).thenReturn(true);
+ Mockito.when(_lbService.deleteLoadBalancerRule(nonExistingLbId, true)).thenReturn(false);
+
+ //mockito for .createApplicationLoadBalancer tests
+ NetworkVO guestNetwork = new NetworkVO(TrafficType.Guest, null, null, 1, null, 1, 1L);
+ setId(guestNetwork, validGuestNetworkId);
+ guestNetwork.setCidr("10.1.1.1/24");
+
+ NetworkVO publicNetwork = new NetworkVO(TrafficType.Public, null, null, 1, null, 1, 1L);
+
+ Mockito.when(_ntwkModel.getNetwork(validGuestNetworkId)).thenReturn(guestNetwork);
+ Mockito.when(_ntwkModel.getNetwork(invalidGuestNetworkId)).thenReturn(null);
+ Mockito.when(_ntwkModel.getNetwork(validPublicNetworkId)).thenReturn(publicNetwork);
+
+ Mockito.when(_accountMgr.getAccount(validAccountId)).thenReturn(new AccountVO());
+ Mockito.when(_accountMgr.getAccount(invalidAccountId)).thenReturn(null);
+ Mockito.when(_ntwkModel.areServicesSupportedInNetwork(validGuestNetworkId, Service.Lb)).thenReturn(true);
+ Mockito.when(_ntwkModel.areServicesSupportedInNetwork(invalidGuestNetworkId, Service.Lb)).thenReturn(false);
+
+ ApplicationLoadBalancerRuleVO lbRule = new ApplicationLoadBalancerRuleVO("new", "new", 22, 22, "roundrobin", validGuestNetworkId, validAccountId, 1L, new Ip(
+ validRequestedIp), validGuestNetworkId, Scheme.Internal);
+ Mockito.when(_lbDao.persist(Mockito.any(ApplicationLoadBalancerRuleVO.class))).thenReturn(lbRule);
+
+ Mockito.when(_lbMgr.validateLbRule(Mockito.any(LoadBalancingRule.class))).thenReturn(true);
+
+ Mockito.when(_firewallDao.setStateToAdd(Mockito.any(FirewallRuleVO.class))).thenReturn(true);
+
+ Mockito.when(_accountMgr.getSystemUser()).thenReturn(new UserVO(1));
+ Mockito.when(_accountMgr.getSystemAccount()).thenReturn(new AccountVO(2));
+ CallContext.register(_accountMgr.getSystemUser(), _accountMgr.getSystemAccount());
+
+ Mockito.when(_ntwkModel.areServicesSupportedInNetwork(Mockito.anyLong(), Mockito.any(Network.Service.class))).thenReturn(true);
+
+ Map<Network.Capability, String> caps = new HashMap<Network.Capability, String>();
+ caps.put(Capability.SupportedProtocols, NetUtils.TCP_PROTO);
+ Mockito.when(_ntwkModel.getNetworkServiceCapabilities(Mockito.anyLong(), Mockito.any(Network.Service.class))).thenReturn(caps);
+
+ Mockito.when(_lbDao.countBySourceIp(new Ip(validRequestedIp), validGuestNetworkId)).thenReturn(1L);
+
+ }
+
+ @Override
+ @After
+ public void tearDown() {
+ CallContext.unregister();
+ }
+
+ /**
+ * TESTS FOR .getApplicationLoadBalancer
+ */
+
+ @Test
+ //Positive test - retrieve existing lb
+ public
+ void searchForExistingLoadBalancer() {
+ ApplicationLoadBalancerRule rule = _appLbSvc.getApplicationLoadBalancer(existingLbId);
+ assertNotNull("Couldn't find existing application load balancer", rule);
+ }
+
+ @Test
+ //Negative test - try to retrieve non-existing lb
+ public
+ void searchForNonExistingLoadBalancer() {
+ boolean notFound = false;
+ ApplicationLoadBalancerRule rule = null;
+ try {
+ rule = _appLbSvc.getApplicationLoadBalancer(nonExistingLbId);
+ if (rule != null) {
+ notFound = false;
+ }
+ } catch (InvalidParameterValueException ex) {
+ notFound = true;
+ }
+
+ assertTrue("Found non-existing load balancer; no invalid parameter value exception was thrown", notFound);
+ }
+
+ /**
+ * TESTS FOR .deleteApplicationLoadBalancer
+ */
+
+ @Test
+ //Positive test - delete existing lb
+ public
+ void deleteExistingLoadBalancer() {
+ boolean result = false;
+ try {
+ result = _appLbSvc.deleteApplicationLoadBalancer(existingLbId);
+ } finally {
+ assertTrue("Couldn't delete existing application load balancer", result);
+ }
+ }
+
+ @Test
+ //Negative test - try to delete non-existing lb
+ public
+ void deleteNonExistingLoadBalancer() {
+ boolean result = true;
+ try {
+ result = _appLbSvc.deleteApplicationLoadBalancer(nonExistingLbId);
+ } finally {
+ assertFalse("Didn't fail when try to delete non-existing load balancer", result);
+ }
+ }
+
+ /**
+ * TESTS FOR .createApplicationLoadBalancer
+ * @throws NetworkRuleConflictException
+ * @throws InsufficientVirtualNetworkCapcityException
+ * @throws InsufficientAddressCapacityException
+ */
+
+ @Test(expected = CloudRuntimeException.class)
+ //Positive test
+ public
+ void createValidLoadBalancer() throws InsufficientAddressCapacityException, InsufficientVirtualNetworkCapcityException, NetworkRuleConflictException {
+ _appLbSvc.createApplicationLoadBalancer("alena", "alena", Scheme.Internal, validGuestNetworkId, validRequestedIp, 22, 22, "roundrobin", validGuestNetworkId, validAccountId);
+ }
+
+ @Test(expected = UnsupportedServiceException.class)
+ //Negative test - only internal scheme value is supported in the current release
+ public
+ void createPublicLoadBalancer() throws InsufficientAddressCapacityException, InsufficientVirtualNetworkCapcityException, NetworkRuleConflictException {
+ _appLbSvc.createApplicationLoadBalancer("alena", "alena", Scheme.Public, validGuestNetworkId, validRequestedIp, 22, 22, "roundrobin", validGuestNetworkId, validAccountId);
+ }
+
+ @Test(expected = InvalidParameterValueException.class)
+ //Negative test - invalid SourcePort
+ public
+ void createWithInvalidSourcePort() throws InsufficientAddressCapacityException, InsufficientVirtualNetworkCapcityException, NetworkRuleConflictException {
+ _appLbSvc.createApplicationLoadBalancer("alena", "alena", Scheme.Internal, validGuestNetworkId, validRequestedIp, 65536, 22, "roundrobin", validGuestNetworkId,
+ validAccountId);
+ }
+
+ @Test(expected = InvalidParameterValueException.class)
+ //Negative test - invalid instancePort
+ public
+ void createWithInvalidInstandePort() throws InsufficientAddressCapacityException, InsufficientVirtualNetworkCapcityException, NetworkRuleConflictException {
+ _appLbSvc.createApplicationLoadBalancer("alena", "alena", Scheme.Internal, validGuestNetworkId, validRequestedIp, 22, 65536, "roundrobin", validGuestNetworkId,
+ validAccountId);
+
+ }
+
+ @Test(expected = InvalidParameterValueException.class)
+ //Negative test - invalid algorithm
+ public
+ void createWithInvalidAlgorithm() throws InsufficientAddressCapacityException, InsufficientVirtualNetworkCapcityException, NetworkRuleConflictException {
+ String expectedExcText = null;
+ _appLbSvc.createApplicationLoadBalancer("alena", "alena", Scheme.Internal, validGuestNetworkId, validRequestedIp, 22, 22, "invalidalgorithm", validGuestNetworkId,
+ validAccountId);
+
+ }
+
+ @Test(expected = InvalidParameterValueException.class)
+ //Negative test - invalid sourceNetworkId (of Public type, which is not supported)
+ public
+ void createWithInvalidSourceIpNtwk() throws InsufficientAddressCapacityException, InsufficientVirtualNetworkCapcityException, NetworkRuleConflictException {
+ _appLbSvc.createApplicationLoadBalancer("alena", "alena", Scheme.Internal, validPublicNetworkId, validRequestedIp, 22, 22, "roundrobin", validGuestNetworkId,
+ validAccountId);
+
+ }
+
+ @Test(expected = InvalidParameterValueException.class)
+ //Negative test - invalid requested IP (outside of guest network cidr range)
+ public
+ void createWithInvalidRequestedIp() throws InsufficientAddressCapacityException, InsufficientVirtualNetworkCapcityException, NetworkRuleConflictException {
+
+ _appLbSvc.createApplicationLoadBalancer("alena", "alena", Scheme.Internal, validGuestNetworkId, "10.2.1.1", 22, 22, "roundrobin", validGuestNetworkId, validAccountId);
+ }
+
+ private static NetworkVO setId(NetworkVO vo, long id) {
+ NetworkVO voToReturn = vo;
+ Class<?> c = voToReturn.getClass();
+ try {
+ Field f = c.getDeclaredField("id");
+ f.setAccessible(true);
+ f.setLong(voToReturn, id);
+ } catch (NoSuchFieldException ex) {
+ return null;
+ } catch (IllegalAccessException ex) {
+ return null;
+ }
+
+ return voToReturn;
+ }
+
+ @Configuration
+ @ComponentScan(basePackageClasses = {NetUtils.class, ApplicationLoadBalancerManagerImpl.class}, includeFilters = {@Filter(value = TestConfiguration.Library.class, type = FilterType.CUSTOM)}, useDefaultFilters = false)
+ public static class TestConfiguration extends SpringUtils.CloudStackTestConfiguration {
+
+ @Bean
+ public ApplicationLoadBalancerRuleDao applicationLoadBalancerDao() {
+ return Mockito.mock(ApplicationLoadBalancerRuleDao.class);
+ }
+
+ @Bean
+ IpAddressManager ipAddressManager() {
+ return Mockito.mock(IpAddressManager.class);
+ }
+
+ @Bean
+ public NetworkModel networkModel() {
+ return Mockito.mock(NetworkModel.class);
+ }
+
+ @Bean
+ public AccountManager accountManager() {
+ return Mockito.mock(AccountManager.class);
+ }
+
+
+ @Bean
+ public LoadBalancingRulesManager loadBalancingRulesManager() {
+ return Mockito.mock(LoadBalancingRulesManager.class);
+ }
+
+ @Bean
+ public LoadBalancingRulesService loadBalancingRulesService() {
+ return Mockito.mock(LoadBalancingRulesService.class);
+ }
+
+ @Bean
+ public FirewallRulesDao firewallRulesDao() {
+ return Mockito.mock(FirewallRulesDao.class);
+ }
+
+ @Bean
+ public ResourceTagDao resourceTagDao() {
+ return Mockito.mock(ResourceTagDao.class);
+ }
+
+ @Bean
+ public NetworkOrchestrationService networkManager() {
+ return Mockito.mock(NetworkOrchestrationService.class);
+ }
+
+ @Bean
+ public UsageEventDao UsageEventDao() {
+ return Mockito.mock(UsageEventDao.class);
+ }
+
+ public static class Library implements TypeFilter {
+ @Override
+ public boolean match(MetadataReader mdr, MetadataReaderFactory arg1) throws IOException {
+ mdr.getClassMetadata().getClassName();
+ ComponentScan cs = TestConfiguration.class.getAnnotation(ComponentScan.class);
+ return SpringUtils.includedInBasePackageClasses(mdr.getClassMetadata().getClassName(), cs);
+ }
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/org/apache/cloudstack/network/lb/CertServiceTest.java
----------------------------------------------------------------------
diff --git a/server/test/org/apache/cloudstack/network/lb/CertServiceTest.java b/server/test/org/apache/cloudstack/network/lb/CertServiceTest.java
new file mode 100644
index 0000000..e47fc01
--- /dev/null
+++ b/server/test/org/apache/cloudstack/network/lb/CertServiceTest.java
@@ -0,0 +1,791 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.network.lb;
+
+import com.cloud.network.dao.*;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.user.AccountVO;
+import com.cloud.user.UserVO;
+import com.cloud.user.dao.AccountDao;
+import com.cloud.utils.db.EntityManager;
+import com.cloud.utils.db.Transaction;
+import com.cloud.utils.db.TransactionLegacy;
+import junit.framework.TestCase;
+import org.apache.cloudstack.api.command.user.loadbalancer.DeleteSslCertCmd;
+import org.apache.cloudstack.api.command.user.loadbalancer.UploadSslCertCmd;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+import java.io.File;
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.UUID;
+
+import static org.apache.commons.io.FileUtils.readFileToString;
+import static org.mockito.Matchers.*;
+import static org.mockito.Mockito.when;
+
+public class CertServiceTest extends TestCase {
+
+ private static final Logger s_logger = Logger.getLogger( CertServiceTest.class);
+
+ @Override
+ @Before
+ public void setUp() {
+ Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString());
+ UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+ CallContext.register(user, account);
+ }
+
+ @Override
+ @After
+ public void tearDown() {
+ CallContext.unregister();
+ }
+
+ @Test
+ public void testUploadSslCert() throws Exception {
+
+ /* Test1 : Given a Certificate in bad format (Not PEM), upload should fail */
+ runUploadSslCertBadFormat();
+
+ /* Test2: Given a Certificate which is not X509, upload should fail */
+ runUploadSslCertNotX509();
+
+ /* Test3: Given an expired certificate, upload should fail */
+ runUploadSslCertExpiredCert();
+
+ /* Test4: Given a private key which has a different algorithm than the certificate,
+ upload should fail.
+ */
+ runUploadSslCertBadkeyAlgo();
+
+ /* Test5: Given a private key which does not match the public key in the certificate,
+ upload should fail
+ */
+ runUploadSslCertBadkeyPair();
+
+ /* Test6: Given an encrypted private key with a bad password. Upload should fail. */
+ runUploadSslCertBadPassword();
+
+ /* Test7: If no chain is given, the certificate should be self signed. Else, uploadShould Fail */
+ runUploadSslCertNoChain();
+
+ /* Test8: Chain is given but does not have root certificate */
+ runUploadSslCertNoRootCert();
+
+ /* Test9: The chain given is not the correct chain for the certificate */
+ runUploadSslCertBadChain();
+
+ /* Test10: Given a Self-signed Certificate with encrypted key, upload should succeed */
+ runUploadSslCertSelfSignedNoPassword();
+
+ /* Test11: Given a Self-signed Certificate with non-encrypted key, upload should succeed */
+ runUploadSslCertSelfSignedWithPassword();
+
+ /* Test12: Given a certificate signed by a CA and a valid CA chain, upload should succeed */
+ runUploadSslCertWithCAChain();
+
+ }
+
+ private void runUploadSslCertWithCAChain() throws Exception {
+ //To change body of created methods use File | Settings | File Templates.
+
+ TransactionLegacy txn = TransactionLegacy.open("runUploadSslCertWithCAChain");
+
+ String certFile = getClass().getResource("/certs/rsa_ca_signed.crt").getFile();
+ String keyFile = getClass().getResource("/certs/rsa_ca_signed.key").getFile();
+ String chainFile = getClass().getResource("/certs/root_chain.crt").getFile();
+ String password = "user";
+
+
+ String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+ String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+ String chain = URLEncoder.encode(readFileToString(new File(chainFile)), "UTF-8");
+
+ CertServiceImpl certService = new CertServiceImpl();
+
+ //setting mock objects
+ certService._accountMgr = Mockito.mock(AccountManager.class);
+ Account account = new AccountVO("testaccount", 1,
+ "networkdomain", (short) 0, UUID.randomUUID().toString());
+ when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+ certService._sslCertDao = Mockito.mock(SslCertDao.class);
+ when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+
+ certService._accountDao = Mockito.mock(AccountDao.class);
+ when(certService._accountDao.findByIdIncludingRemoved(anyLong())).thenReturn((AccountVO)account);
+
+
+ //creating the command
+ UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+ Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+ Field certField = _class.getDeclaredField("cert");
+ certField.setAccessible(true);
+ certField.set(uploadCmd, cert);
+
+ Field keyField = _class.getDeclaredField("key");
+ keyField.setAccessible(true);
+ keyField.set(uploadCmd, key);
+
+ Field passField = _class.getDeclaredField("password");
+ passField.setAccessible(true);
+ passField.set(uploadCmd, password);
+
+ Field chainField = _class.getDeclaredField("chain");
+ chainField.setAccessible(true);
+ chainField.set(uploadCmd, chain);
+
+ certService.uploadSslCert(uploadCmd);
+ }
+
+ private void runUploadSslCertSelfSignedWithPassword() throws Exception {
+
+ TransactionLegacy txn = TransactionLegacy.open("runUploadSslCertSelfSignedWithPassword");
+
+ String certFile = getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile();
+ String keyFile = getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile();
+ String password = "test";
+
+
+ String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+ String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+ CertServiceImpl certService = new CertServiceImpl();
+
+ //setting mock objects
+ certService._accountMgr = Mockito.mock(AccountManager.class);
+ Account account = new AccountVO("testaccount", 1,
+ "networkdomain", (short) 0, UUID.randomUUID().toString());
+ when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+ certService._sslCertDao = Mockito.mock(SslCertDao.class);
+ when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+
+ certService._accountDao = Mockito.mock(AccountDao.class);
+ when(certService._accountDao.findByIdIncludingRemoved(anyLong())).thenReturn((AccountVO)account);
+
+
+ //creating the command
+ UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+ Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+ Field certField = _class.getDeclaredField("cert");
+ certField.setAccessible(true);
+ certField.set(uploadCmd, cert);
+
+ Field keyField = _class.getDeclaredField("key");
+ keyField.setAccessible(true);
+ keyField.set(uploadCmd, key);
+
+ Field passField = _class.getDeclaredField("password");
+ passField.setAccessible(true);
+ passField.set(uploadCmd, password);
+
+ certService.uploadSslCert(uploadCmd);
+ }
+
+ private void runUploadSslCertSelfSignedNoPassword() throws Exception {
+
+ TransactionLegacy txn = TransactionLegacy.open("runUploadSslCertSelfSignedNoPassword");
+
+ String certFile = getClass().getResource("/certs/rsa_self_signed.crt").getFile();
+ String keyFile = getClass().getResource("/certs/rsa_self_signed.key").getFile();
+
+
+ String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+ String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+ CertServiceImpl certService = new CertServiceImpl();
+
+ //setting mock objects
+ certService._accountMgr = Mockito.mock(AccountManager.class);
+ Account account = new AccountVO("testaccount", 1,
+ "networkdomain", (short) 0, UUID.randomUUID().toString());
+ when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+ certService._sslCertDao = Mockito.mock(SslCertDao.class);
+ when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+
+ certService._accountDao = Mockito.mock(AccountDao.class);
+ when(certService._accountDao.findByIdIncludingRemoved(anyLong())).thenReturn((AccountVO)account);
+
+
+ //creating the command
+ UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+ Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+ Field certField = _class.getDeclaredField("cert");
+ certField.setAccessible(true);
+ certField.set(uploadCmd, cert);
+
+ Field keyField = _class.getDeclaredField("key");
+ keyField.setAccessible(true);
+ keyField.set(uploadCmd, key);
+
+ certService.uploadSslCert(uploadCmd);
+ }
+
+
+ private void runUploadSslCertBadChain() throws IOException, IllegalAccessException, NoSuchFieldException {
+ //To change body of created methods use File | Settings | File Templates.
+ String certFile = getClass().getResource("/certs/rsa_ca_signed.crt").getFile();
+ String keyFile = getClass().getResource("/certs/rsa_ca_signed.key").getFile();
+ String chainFile = getClass().getResource("/certs/rsa_self_signed.crt").getFile();
+ String password = "user";
+
+
+ String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+ String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+ String chain = URLEncoder.encode(readFileToString(new File(chainFile)), "UTF-8");
+
+ CertServiceImpl certService = new CertServiceImpl();
+
+ //setting mock objects
+ certService._accountMgr = Mockito.mock(AccountManager.class);
+ Account account = new AccountVO("testaccount", 1,
+ "networkdomain", (short) 0, UUID.randomUUID().toString());
+ when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+ certService._sslCertDao = Mockito.mock(SslCertDao.class);
+ when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+ //creating the command
+ UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+ Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+ Field certField = _class.getDeclaredField("cert");
+ certField.setAccessible(true);
+ certField.set(uploadCmd, cert);
+
+ Field keyField = _class.getDeclaredField("key");
+ keyField.setAccessible(true);
+ keyField.set(uploadCmd, key);
+
+ Field passField = _class.getDeclaredField("password");
+ passField.setAccessible(true);
+ passField.set(uploadCmd, password);
+
+ Field chainField = _class.getDeclaredField("chain");
+ chainField.setAccessible(true);
+ chainField.set(uploadCmd, chain);
+
+ try {
+ certService.uploadSslCert(uploadCmd);
+ } catch (Exception e) {
+ assertTrue(e.getMessage().contains("Invalid certificate chain"));
+ }
+ }
+
+ private void runUploadSslCertNoRootCert() throws IOException, IllegalAccessException, NoSuchFieldException {
+
+ //To change body of created methods use File | Settings | File Templates.
+ String certFile = getClass().getResource("/certs/rsa_ca_signed.crt").getFile();
+ String keyFile = getClass().getResource("/certs/rsa_ca_signed.key").getFile();
+ String chainFile = getClass().getResource("/certs/rsa_ca_signed2.crt").getFile();
+ String password = "user";
+
+
+ String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+ String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+ String chain = URLEncoder.encode(readFileToString(new File(chainFile)), "UTF-8");
+
+ CertServiceImpl certService = new CertServiceImpl();
+
+ //setting mock objects
+ certService._accountMgr = Mockito.mock(AccountManager.class);
+ Account account = new AccountVO("testaccount", 1,
+ "networkdomain", (short) 0, UUID.randomUUID().toString());
+ when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+ certService._sslCertDao = Mockito.mock(SslCertDao.class);
+ when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+ //creating the command
+ UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+ Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+ Field certField = _class.getDeclaredField("cert");
+ certField.setAccessible(true);
+ certField.set(uploadCmd, cert);
+
+ Field keyField = _class.getDeclaredField("key");
+ keyField.setAccessible(true);
+ keyField.set(uploadCmd, key);
+
+ Field passField = _class.getDeclaredField("password");
+ passField.setAccessible(true);
+ passField.set(uploadCmd, password);
+
+ Field chainField = _class.getDeclaredField("chain");
+ chainField.setAccessible(true);
+ chainField.set(uploadCmd, chain);
+
+ try {
+ certService.uploadSslCert(uploadCmd);
+ } catch (Exception e) {
+ assertTrue(e.getMessage().contains("No root certificates found"));
+ }
+
+ }
+
+ private void runUploadSslCertNoChain() throws IOException, IllegalAccessException, NoSuchFieldException {
+
+ String certFile = getClass().getResource("/certs/rsa_ca_signed.crt").getFile();
+ String keyFile = getClass().getResource("/certs/rsa_ca_signed.key").getFile();
+ String password = "user";
+
+
+ String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+ String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+ CertServiceImpl certService = new CertServiceImpl();
+
+ //setting mock objects
+ certService._accountMgr = Mockito.mock(AccountManager.class);
+ Account account = new AccountVO("testaccount", 1,
+ "networkdomain", (short) 0, UUID.randomUUID().toString());
+ when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+ certService._sslCertDao = Mockito.mock(SslCertDao.class);
+ when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+ //creating the command
+ UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+ Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+ Field certField = _class.getDeclaredField("cert");
+ certField.setAccessible(true);
+ certField.set(uploadCmd, cert);
+
+ Field keyField = _class.getDeclaredField("key");
+ keyField.setAccessible(true);
+ keyField.set(uploadCmd, key);
+
+ Field passField = _class.getDeclaredField("password");
+ passField.setAccessible(true);
+ passField.set(uploadCmd, password);
+
+
+ try {
+ certService.uploadSslCert(uploadCmd);
+ } catch (Exception e) {
+ assertTrue(e.getMessage().contains("No chain given and certificate not self signed"));
+ }
+
+ }
+
+ private void runUploadSslCertBadPassword() throws IOException, IllegalAccessException, NoSuchFieldException {
+
+ String certFile = getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile();
+ String keyFile = getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile();
+ String password = "bad_password";
+
+
+ String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+ String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+ CertServiceImpl certService = new CertServiceImpl();
+
+ //setting mock objects
+ certService._accountMgr = Mockito.mock(AccountManager.class);
+ Account account = new AccountVO("testaccount", 1,
+ "networkdomain", (short) 0, UUID.randomUUID().toString());
+ when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+ certService._sslCertDao = Mockito.mock(SslCertDao.class);
+ when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+ //creating the command
+ UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+ Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+ Field certField = _class.getDeclaredField("cert");
+ certField.setAccessible(true);
+ certField.set(uploadCmd, cert);
+
+ Field keyField = _class.getDeclaredField("key");
+ keyField.setAccessible(true);
+ keyField.set(uploadCmd, key);
+
+ Field passField = _class.getDeclaredField("password");
+ passField.setAccessible(true);
+ passField.set(uploadCmd, password);
+
+
+ try {
+ certService.uploadSslCert(uploadCmd);
+ } catch (Exception e) {
+ assertTrue(e.getMessage().contains("please check password and data"));
+ }
+
+ }
+
+ private void runUploadSslCertBadkeyPair() throws IOException, IllegalAccessException, NoSuchFieldException {
+ // Reading appropritate files
+ String certFile = getClass().getResource("/certs/rsa_self_signed.crt").getFile();
+ String keyFile = getClass().getResource("/certs/rsa_random_pkey.key").getFile();
+
+ String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+ String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+ CertServiceImpl certService = new CertServiceImpl();
+
+ //setting mock objects
+ certService._accountMgr = Mockito.mock(AccountManager.class);
+ Account account = new AccountVO("testaccount", 1,
+ "networkdomain", (short) 0, UUID.randomUUID().toString());
+ when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+ certService._sslCertDao = Mockito.mock(SslCertDao.class);
+ when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+ //creating the command
+ UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+ Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+ Field certField = _class.getDeclaredField("cert");
+ certField.setAccessible(true);
+ certField.set(uploadCmd, cert);
+
+ Field keyField = _class.getDeclaredField("key");
+ keyField.setAccessible(true);
+ keyField.set(uploadCmd, key);
+
+ try {
+ certService.uploadSslCert(uploadCmd);
+ } catch (Exception e) {
+ assertTrue(e.getMessage().contains("Bad public-private key"));
+ }
+ }
+
+ private void runUploadSslCertBadkeyAlgo() throws IOException, IllegalAccessException, NoSuchFieldException {
+
+ // Reading appropritate files
+ String certFile = getClass().getResource("/certs/rsa_self_signed.crt").getFile();
+ String keyFile = getClass().getResource("/certs/dsa_self_signed.key").getFile();
+
+ String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+ String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+ CertServiceImpl certService = new CertServiceImpl();
+
+ //setting mock objects
+ certService._accountMgr = Mockito.mock(AccountManager.class);
+ Account account = new AccountVO("testaccount", 1,
+ "networkdomain", (short) 0, UUID.randomUUID().toString());
+ when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+ certService._sslCertDao = Mockito.mock(SslCertDao.class);
+ when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+ //creating the command
+ UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+ Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+ Field certField = _class.getDeclaredField("cert");
+ certField.setAccessible(true);
+ certField.set(uploadCmd, cert);
+
+ Field keyField = _class.getDeclaredField("key");
+ keyField.setAccessible(true);
+ keyField.set(uploadCmd, key);
+
+ try {
+ certService.uploadSslCert(uploadCmd);
+ } catch (Exception e) {
+ assertTrue(e.getMessage().contains("Public and private key have different algorithms"));
+ }
+ }
+
+ private void runUploadSslCertExpiredCert() throws IOException, IllegalAccessException, NoSuchFieldException {
+
+ // Reading appropritate files
+ String certFile = getClass().getResource("/certs/expired_cert.crt").getFile();
+ String keyFile = getClass().getResource("/certs/rsa_self_signed.key").getFile();
+
+ String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+ String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+ CertServiceImpl certService = new CertServiceImpl();
+
+ //setting mock objects
+ certService._accountMgr = Mockito.mock(AccountManager.class);
+ Account account = new AccountVO("testaccount", 1,
+ "networkdomain", (short) 0, UUID.randomUUID().toString());
+ when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+ certService._sslCertDao = Mockito.mock(SslCertDao.class);
+ when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+ //creating the command
+ UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+ Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+ Field certField = _class.getDeclaredField("cert");
+ certField.setAccessible(true);
+ certField.set(uploadCmd, cert);
+
+ Field keyField = _class.getDeclaredField("key");
+ keyField.setAccessible(true);
+ keyField.set(uploadCmd, key);
+
+ try {
+ certService.uploadSslCert(uploadCmd);
+ } catch (Exception e) {
+ assertTrue(e.getMessage().contains("Certificate expired"));
+ }
+ }
+
+ private void runUploadSslCertNotX509() throws IOException, IllegalAccessException, NoSuchFieldException {
+ // Reading appropritate files
+ String certFile = getClass().getResource("/certs/non_x509_pem.crt").getFile();
+ String keyFile = getClass().getResource("/certs/rsa_self_signed.key").getFile();
+
+ String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+ String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+ CertServiceImpl certService = new CertServiceImpl();
+
+ //setting mock objects
+ certService._accountMgr = Mockito.mock(AccountManager.class);
+ Account account = new AccountVO("testaccount", 1,
+ "networkdomain", (short) 0, UUID.randomUUID().toString());
+ when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+ certService._sslCertDao = Mockito.mock(SslCertDao.class);
+ when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+ //creating the command
+ UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+ Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+ Field certField = _class.getDeclaredField("cert");
+ certField.setAccessible(true);
+ certField.set(uploadCmd, cert);
+
+ Field keyField = _class.getDeclaredField("key");
+ keyField.setAccessible(true);
+ keyField.set(uploadCmd, key);
+
+ try {
+ certService.uploadSslCert(uploadCmd);
+ } catch (Exception e) {
+ assertTrue(e.getMessage().contains("Expected X509 certificate"));
+ }
+ }
+
+ private void runUploadSslCertBadFormat() throws IOException, IllegalAccessException, NoSuchFieldException {
+
+ // Reading appropritate files
+ String certFile = getClass().getResource("/certs/bad_format_cert.crt").getFile();
+ String keyFile = getClass().getResource("/certs/rsa_self_signed.key").getFile();
+
+ String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+ String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+ CertServiceImpl certService = new CertServiceImpl();
+
+ //setting mock objects
+ certService._accountMgr = Mockito.mock(AccountManager.class);
+ Account account = new AccountVO("testaccount", 1,
+ "networkdomain", (short) 0, UUID.randomUUID().toString());
+ when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+ certService._sslCertDao = Mockito.mock(SslCertDao.class);
+ when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+ //creating the command
+ UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+ Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+ Field certField = _class.getDeclaredField("cert");
+ certField.setAccessible(true);
+ certField.set(uploadCmd, cert);
+
+ Field keyField = _class.getDeclaredField("key");
+ keyField.setAccessible(true);
+ keyField.set(uploadCmd, key);
+
+ try {
+ certService.uploadSslCert(uploadCmd);
+ } catch (Exception e) {
+ assertTrue(e.getMessage().contains("Invalid certificate format"));
+ }
+ }
+
+
+ @Test
+ public void testDeleteSslCert() throws Exception {
+ /* Test1: Delete with an invalid ID should fail */
+ runDeleteSslCertInvalidId();
+
+ /* Test2: Delete with a cert id bound to a lb should fail */
+ runDeleteSslCertBoundCert();
+
+ /* Test3: Delete with a valid Id should succeed */
+ runDeleteSslCertValid();
+
+
+ }
+
+ private void runDeleteSslCertValid() throws Exception {
+
+ TransactionLegacy txn = TransactionLegacy.open("runDeleteSslCertValid");
+
+ CertServiceImpl certService = new CertServiceImpl();
+ long certId = 1;
+
+ //setting mock objects
+ certService._accountMgr = Mockito.mock(AccountManager.class);
+ Account account = new AccountVO("testaccount", 1,
+ "networkdomain", (short) 0, UUID.randomUUID().toString());
+ when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+ certService._sslCertDao = Mockito.mock(SslCertDao.class);
+ when(certService._sslCertDao.remove(anyLong())).thenReturn(true);
+ when(certService._sslCertDao.findById(anyLong())).thenReturn(new SslCertVO());
+
+ // a rule holding the cert
+
+ certService._lbCertDao = Mockito.mock(LoadBalancerCertMapDao.class);
+ when(certService._lbCertDao.listByCertId(anyLong())).thenReturn(null);
+
+ //creating the command
+ DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn();
+ Class<?> _class = deleteCmd.getClass().getSuperclass();
+
+ Field certField = _class.getDeclaredField("id");
+ certField.setAccessible(true);
+ certField.set(deleteCmd, certId);
+
+ certService.deleteSslCert(deleteCmd);
+ }
+
+ private void runDeleteSslCertBoundCert() throws NoSuchFieldException, IllegalAccessException {
+
+ TransactionLegacy txn = TransactionLegacy.open("runDeleteSslCertBoundCert");
+
+ CertServiceImpl certService = new CertServiceImpl();
+
+ //setting mock objects
+ long certId = 1;
+
+ certService._accountMgr = Mockito.mock(AccountManager.class);
+ Account account = new AccountVO("testaccount", 1,
+ "networkdomain", (short) 0, UUID.randomUUID().toString());
+ when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+ certService._sslCertDao = Mockito.mock(SslCertDao.class);
+ when(certService._sslCertDao.remove(anyLong())).thenReturn(true);
+ when(certService._sslCertDao.findById(anyLong())).thenReturn(new SslCertVO());
+
+ // rule holding the cert
+ certService._lbCertDao = Mockito.mock(LoadBalancerCertMapDao.class);
+
+ List<LoadBalancerCertMapVO> lbMapList = new ArrayList<LoadBalancerCertMapVO>();
+ lbMapList.add(new LoadBalancerCertMapVO());
+
+ certService._lbCertDao = Mockito.mock(LoadBalancerCertMapDao.class);
+ when(certService._lbCertDao.listByCertId(anyLong())).thenReturn(lbMapList);
+
+
+ certService._entityMgr = Mockito.mock(EntityManager.class);
+ when(certService._entityMgr.findById(eq(LoadBalancerVO.class), anyLong())).thenReturn(new LoadBalancerVO());
+
+ //creating the command
+ DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn();
+ Class<?> _class = deleteCmd.getClass().getSuperclass();
+
+ Field certField = _class.getDeclaredField("id");
+ certField.setAccessible(true);
+ certField.set(deleteCmd, certId);
+
+ try {
+ certService.deleteSslCert(deleteCmd);
+ }catch (Exception e){
+ assertTrue(e.getMessage().contains("Certificate in use by a loadbalancer"));
+ }
+
+
+ }
+
+ private void runDeleteSslCertInvalidId() throws NoSuchFieldException, IllegalAccessException {
+
+ TransactionLegacy txn = TransactionLegacy.open("runDeleteSslCertInvalidId");
+
+ long certId = 1;
+ CertServiceImpl certService = new CertServiceImpl();
+
+ certService._accountMgr = Mockito.mock(AccountManager.class);
+ Account account = new AccountVO("testaccount", 1,
+ "networkdomain", (short) 0, UUID.randomUUID().toString());
+ when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+ certService._sslCertDao = Mockito.mock(SslCertDao.class);
+ when(certService._sslCertDao.remove(anyLong())).thenReturn(true);
+ when(certService._sslCertDao.findById(anyLong())).thenReturn(null);
+
+ // no rule holding the cert
+ certService._lbCertDao = Mockito.mock(LoadBalancerCertMapDao.class);
+ when(certService._lbCertDao.listByCertId(anyLong())).thenReturn(null);
+
+ //creating the command
+ DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn();
+ Class<?> _class = deleteCmd.getClass().getSuperclass();
+
+ Field certField = _class.getDeclaredField("id");
+ certField.setAccessible(true);
+ certField.set(deleteCmd, certId);
+
+ try {
+ certService.deleteSslCert(deleteCmd);
+ }catch (Exception e){
+ assertTrue(e.getMessage().contains("Invalid certificate id"));
+ }
+
+ }
+
+
+ public class UploadSslCertCmdExtn extends UploadSslCertCmd {
+ @Override
+ public long getEntityOwnerId() {
+ return 1;
+ }
+ }
+
+ public class DeleteSslCertCmdExtn extends DeleteSslCertCmd {
+ @Override
+ public long getEntityOwnerId() {
+ return 1;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/bad_format_cert.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/bad_format_cert.crt b/server/test/resources/certs/bad_format_cert.crt
new file mode 100644
index 0000000..bab377a
--- /dev/null
+++ b/server/test/resources/certs/bad_format_cert.crt
@@ -0,0 +1 @@
+BAD FORMAT CERT
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/dsa_self_signed.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/dsa_self_signed.crt b/server/test/resources/certs/dsa_self_signed.crt
new file mode 100644
index 0000000..9ee3dc8
--- /dev/null
+++ b/server/test/resources/certs/dsa_self_signed.crt
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEaDCCBBACCQDB6QTHSA74AzAJBgcqhkjOOAQDMEUxCzAJBgNVBAYTAkFVMRMw
+EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
+eSBMdGQwHhcNMTMxMDIxMTUxMzE1WhcNMTQxMDIxMTUxMzE1WjBFMQswCQYDVQQG
+EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
+Z2l0cyBQdHkgTHRkMIIDSDCCAjoGByqGSM44BAEwggItAoIBAQD1cLkWeTvzloom
+uaHmB0ANyrmHTum6bVVMyN2V/it8BAErugqQBIaNtF2EOmJ3baxsxIROOqJ5uVx0
+pymYVr4BcS3R6H2G7lSWHa5iA/UMfVp9yHroK+WYdN5ZVKGYcUTvKZXtyr2OX3Rc
+KJJ2yp4qbcQTB2GlV6eZdpX3l38G/03n/Wi5yjU2/p56R80FAaLtCr4wJoS2aXxU
+Iytps+msEn0LRZuFHpW1sLIKPLRCnjFXWeWKdJu6bggUVB0GjfsZR67XzFY5nRvX
+7/vW2XS5Vo4X6gSOym0O/8/vzUp1gQSwHiMQQRAoRYoZPxWo8ACMsqdj0MTbN32y
+b11//OlXAiEAoR8xDStCDTaQ2Ale9swNzLB8vWFzmSLQXXOM1PY10fMCggEBAO1p
+RV1kluxjYCKec12MKdTBqO2QZnOOVFsY2vpIavgqpxyGaHRwY8Cm7BGosV2chMZw
+G6xMz5CRnR55KasaX1Vz2xAz7PwczXWDQA59Il5tQbQdewitm1S3NRb1n9u+cNkQ
+E6ZekjdW9tRykvaNQHH8EBzgQ9KXCYzJ8nFLk2DMt2Mor/paXfobNzO/vi2UgL+B
+5/E8BXoMtBFPhiz72CsCiXp/usROe/UAejow/CTHYC2mfcPhKt2jIVelXx7Baf0n
+K1SWKBpNI4ucBj+/4L3Be0ldqDGmeTRUNTNpJIzmAyplUvnpOiqCbzKst57+l4ZE
+xdVgv2LiIrTaqTn1L4sDggEGAAKCAQEAv0hyFYj8IMEaOCk9+6wb32NGEGoEz4re
+YW1O02Kij2/0YJk0CPyg0ozIpJq9FiHvOzE+2/Eg5jLVTLlAJbjnGjSnzZJ6pJHw
+zhwnJ9wT4to51jLvG1v82iL2FfFKOZFjABxC+kND9cAUXu3URIGfdYJl1rBxvOD1
+WZ03Gk90GMCLUIMqqUYBQg7XRNVf0k1AgiRgDWpdLkKOGiDntAj/unXdFrbse2xD
+IbqBGhCNtPVx34CZ3bUWrvYBoj+BUinfItRK4rkZTEGJinoxbKDvdqoewgk2nSty
+7CH40wFS4ni4DCvYTEwUoUuciQaU4XUOOSYFS9IjNWOR8uGBtORteTAJBgcqhkjO
+OAQDA0cAMEQCIHqfrNbyMadxZ3uCPr8QPj+17XZZod8B7F8VgZW3R5vSAiAV/WMF
+vQ1Dwpr4wJOjNELDe5AEH9WGvevfuc54vmdAdg==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/dsa_self_signed.key
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/dsa_self_signed.key b/server/test/resources/certs/dsa_self_signed.key
new file mode 100644
index 0000000..9a9d667
--- /dev/null
+++ b/server/test/resources/certs/dsa_self_signed.key
@@ -0,0 +1,20 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIDVwIBAAKCAQEA9XC5Fnk785aKJrmh5gdADcq5h07pum1VTMjdlf4rfAQBK7oK
+kASGjbRdhDpid22sbMSETjqieblcdKcpmFa+AXEt0eh9hu5Ulh2uYgP1DH1afch6
+6CvlmHTeWVShmHFE7ymV7cq9jl90XCiSdsqeKm3EEwdhpVenmXaV95d/Bv9N5/1o
+uco1Nv6eekfNBQGi7Qq+MCaEtml8VCMrabPprBJ9C0WbhR6VtbCyCjy0Qp4xV1nl
+inSbum4IFFQdBo37GUeu18xWOZ0b1+/71tl0uVaOF+oEjsptDv/P781KdYEEsB4j
+EEEQKEWKGT8VqPAAjLKnY9DE2zd9sm9df/zpVwIhAKEfMQ0rQg02kNgJXvbMDcyw
+fL1hc5ki0F1zjNT2NdHzAoIBAQDtaUVdZJbsY2AinnNdjCnUwajtkGZzjlRbGNr6
+SGr4Kqcchmh0cGPApuwRqLFdnITGcBusTM+QkZ0eeSmrGl9Vc9sQM+z8HM11g0AO
+fSJebUG0HXsIrZtUtzUW9Z/bvnDZEBOmXpI3VvbUcpL2jUBx/BAc4EPSlwmMyfJx
+S5NgzLdjKK/6Wl36Gzczv74tlIC/gefxPAV6DLQRT4Ys+9grAol6f7rETnv1AHo6
+MPwkx2Atpn3D4SrdoyFXpV8ewWn9JytUligaTSOLnAY/v+C9wXtJXagxpnk0VDUz
+aSSM5gMqZVL56Toqgm8yrLee/peGRMXVYL9i4iK02qk59S+LAoIBAQC/SHIViPwg
+wRo4KT37rBvfY0YQagTPit5hbU7TYqKPb/RgmTQI/KDSjMikmr0WIe87MT7b8SDm
+MtVMuUAluOcaNKfNknqkkfDOHCcn3BPi2jnWMu8bW/zaIvYV8Uo5kWMAHEL6Q0P1
+wBRe7dREgZ91gmXWsHG84PVZnTcaT3QYwItQgyqpRgFCDtdE1V/STUCCJGANal0u
+Qo4aIOe0CP+6dd0Wtux7bEMhuoEaEI209XHfgJndtRau9gGiP4FSKd8i1EriuRlM
+QYmKejFsoO92qh7CCTadK3LsIfjTAVLieLgMK9hMTBShS5yJBpThdQ45JgVL0iM1
+Y5Hy4YG05G15AiBO/b8wvyKsJJAInNbsLH7OPitH3qKsI18IxykJSl9lTw==
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/expired_cert.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/expired_cert.crt b/server/test/resources/certs/expired_cert.crt
new file mode 100644
index 0000000..d133f24
--- /dev/null
+++ b/server/test/resources/certs/expired_cert.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVzCCAj+gAwIBAgIJAJRInPvOqxbXMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNV
+BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
+Q29tcGFueSBMdGQwHhcNMTMxMDIxMjAwNjA5WhcNMTMxMDIwMjAwNjA5WjBCMQsw
+CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh
+dWx0IENvbXBhbnkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+3rASFvBmAF+CHn58TU5ib0HuMD4gxutohjzQjJXYRFs1cmiLb9esO0Cvk0DFaQuq
+lpxw4Dhe6kxRbNQKkPFr0zsv9B8I/o8UQmclnZ0I++ixlAq4VyP6H0sewrmdVbrV
+mSH0eG1t0hLqXUmxX/XX1kkbHOgZQQk90Sew23VwTVxbywq8yjkYLa2hlBXh33rX
+siky7JFiF0TJE2r6wNB60BQMdi2EErtBUPL/1LD7+VuB/Y6xZpwivKwMIXeFdzSr
+I2gGCn+zf01kNfHj0YrA2bH0i5FX4/9YSpd8PFIOYc/gA+3MNO0xMWchbz6AfjPQ
+aR4tGLsRBjjwvLIZwHzyWQIDAQABo1AwTjAdBgNVHQ4EFgQUo/kIdWN+yxvnWUoK
+/ZJYNl2wY9cwHwYDVR0jBBgwFoAUo/kIdWN+yxvnWUoK/ZJYNl2wY9cwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAJ/LwjkhXQFOcfUmAoIeBIDAMayy7
+HEJusMOA+uUPPuEemgU7DTbwABCaavfBza7QvG171LsTGtvgnvwDg7rdScUOcoX8
+w0XZbhr+dZzvashVmMz4oY6hGw29eGo7M01Rm4msX7bW1IXmdWmDcqcNT6/dKOgj
+tjMR2JvN9I4qwZ41xXAeUHDUqKjgsKlhflBbOX7K07tbpHFMQZcoOs19Jqve8Gfm
+MbH0hZw3LC2YNed8ne/3/lXKNZIhbyZp1IJ/rjgruEZ0ObOwqB1IGR0UjQbAw102
+1D4L8FOzmDi4LfhKPgGc/BMeuPRozxQi60TzrnXN5eQSb0ukFvScMhAIrQ==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/non_x509_pem.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/non_x509_pem.crt b/server/test/resources/certs/non_x509_pem.crt
new file mode 100644
index 0000000..fbbae8e
--- /dev/null
+++ b/server/test/resources/certs/non_x509_pem.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICtzCCAZ8CAQAwcjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwEU3ll
+ZDEcMBoGCSqGSIb3DQEJARYNc3llZEB0ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAKmQeRXpkeGRhzdj3aJiWUcZtKdcjPCdtphx8gHk1GV1
+vHK2zYenwe23EbSsfkOAQx2p86jCpghN7b+ECilmou4C7ASPS2U8n+GhWdl4eUK4
+Gmz7+daRqcDQOCTCJWSybtShYzvfp2SaEt/TcUgDT+k6xRitqcIkAY7boGY1Cehy
+O6hYdlFkg0oU1XCA0usIaSEi7gOTijpGe2jSh7CTBRRWiClQnqE8VT7x4hXQEDF6
+u26K/ptAL90bgyFUuX2dEH5dKd/5QAyAfdrLV6a3wIvikCUGZy23Twtxot4kFVYf
+S2x3H9BS6j/mIvrUj95CLi2Eu6t4z5uHMOrf8k0NjN8CAwEAAaAAMA0GCSqGSIb3
+DQEBBQUAA4IBAQBa5B6xzAkx3OtJEgOkTJ0nID2TsTt6eQBrp+//jhT/9yKLHmd5
+SeNcLzMWDlTQ+zNlLf9+lreO+CmlolaOKDRXh9eXbyNq0/I2QxOEsIlXqH4dVoCB
+6UkV8eA0lFeNdFJaCla5/QTKmv4f0eUakbI5Scd1PlBr+YOplvI9fpLaxHGmVzCX
+s3WQ7m7SN5hZav7dO8krheZL7N3AYZoCY0QbQ3JTeoakLenmFXqvsckP6in5NQJh
+ECaJprYxrxR+5GPjpUkxu7YGLloXHvnnINeZGJG0TB7kPDO+axDxloiI2eYlT/mp
+HxdgL9BvDYNfI+0NcZYHguz8GWuWiTZC7F26
+-----END CERTIFICATE REQUEST-----
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/root_chain.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/root_chain.crt b/server/test/resources/certs/root_chain.crt
new file mode 100644
index 0000000..2ed8085
--- /dev/null
+++ b/server/test/resources/certs/root_chain.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnTCCAoWgAwIBAgIJALXV1B5/vewgMA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNV
+BAYTAkFVMQ0wCwYDVQQIDARTb21lMQwwCgYDVQQKDANPcmcxDDAKBgNVBAsMA0Rl
+djENMAsGA1UEAwwETmFtZTEcMBoGCSqGSIb3DQEJARYNdGVzdEBtYWlsLmNvbTAe
+Fw0xMzEwMjExNjAxMDdaFw0xNjEwMjAxNjAxMDdaMGUxCzAJBgNVBAYTAkFVMQ0w
+CwYDVQQIDARTb21lMQwwCgYDVQQKDANPcmcxDDAKBgNVBAsMA0RldjENMAsGA1UE
+AwwETmFtZTEcMBoGCSqGSIb3DQEJARYNdGVzdEBtYWlsLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALQZLQa2R64GRCuoh59VFvKoXnAM+4H4sW9E
+jiURT/CeH6rbD0IbEMZZ3o84VfQw1zDsVXN/GXq3IEMp8uBBpWJuZRBF1UeDMYlB
+bouMqUGL05Ov51zK2aQK/83S8MoQI7KV1FGJNti4iwUzemG1fClrBqjCFJQKmv8y
+0z1UaeniAR7ygedIB4I2Y4a/DxtI0e2EsS0TcViwKHGrLArO0GfvNbH+tXqTaotF
+X5eyinUFqQxT3JvnlIIernk0ly8c07mqOFbFqHrhFXxddD4pZrUetHXM2MKLdCMu
+fvXsmMXSAgQ5F97GWmiDEJ9zMDxGoSmhTIN96FwPCRDr7e22lEsCAwEAAaNQME4w
+HQYDVR0OBBYEFIxSziB7ssNqFvhV2MSf1GYvGHQYMB8GA1UdIwQYMBaAFIxSziB7
+ssNqFvhV2MSf1GYvGHQYMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB
+AB1rcxZL6xGuk8PSoBQ0imREcVf9BcEvGIC6uubPSXuoJ/gr584vo3pRJpTpHQyK
+xUUwG6gCaDgAMYX177GBamGCt056ThSLKFROIPVrigZ5yY1NWznNq3zjWS4jIHkV
+vGd+Gx8t3qYBhsn+v6Y6gRTjMOVQum+rvxvixG7n97DaxBnrwNWXbzZQ9spHrQsT
+dsSF/kf9NKkWM0zKh+f/FSNmveJKKvZ+WQZC/MKUfc5VHjyLldXhrffcxzek/dOc
+8YADSICSizvXCP/QjyVVl8dpKr/3c00r16Ei3QQaFhHES0bv/sKLnTwQwKDfJthu
+bQj7M/XGWi33JQgoMHktYhI=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_ca_signed.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_ca_signed.crt b/server/test/resources/certs/rsa_ca_signed.crt
new file mode 100644
index 0000000..fb74f17
--- /dev/null
+++ b/server/test/resources/certs/rsa_ca_signed.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID1TCCAr2gAwIBAgIJALXV1B5/vewhMA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNV
+BAYTAkFVMQ0wCwYDVQQIDARTb21lMQwwCgYDVQQKDANPcmcxDDAKBgNVBAsMA0Rl
+djENMAsGA1UEAwwETmFtZTEcMBoGCSqGSIb3DQEJARYNdGVzdEBtYWlsLmNvbTAe
+Fw0xMzEwMjExNjE4MjJaFw0xNDEwMjExNjE4MjJaMHIxCzAJBgNVBAYTAkFVMRMw
+EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
+eSBMdGQxDTALBgNVBAMMBFN5ZWQxHDAaBgkqhkiG9w0BCQEWDXN5ZWRAdGVzdC5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpkHkV6ZHhkYc3Y92i
+YllHGbSnXIzwnbaYcfIB5NRldbxyts2Hp8HttxG0rH5DgEMdqfOowqYITe2/hAop
+ZqLuAuwEj0tlPJ/hoVnZeHlCuBps+/nWkanA0DgkwiVksm7UoWM736dkmhLf03FI
+A0/pOsUYranCJAGO26BmNQnocjuoWHZRZINKFNVwgNLrCGkhIu4Dk4o6Rnto0oew
+kwUUVogpUJ6hPFU+8eIV0BAxertuiv6bQC/dG4MhVLl9nRB+XSnf+UAMgH3ay1em
+t8CL4pAlBmctt08LcaLeJBVWH0tsdx/QUuo/5iL61I/eQi4thLureM+bhzDq3/JN
+DYzfAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wg
+R2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBR2LIRfVveDgQB3dC7TOYhX
+BEv71DAfBgNVHSMEGDAWgBSMUs4ge7LDahb4VdjEn9RmLxh0GDANBgkqhkiG9w0B
+AQUFAAOCAQEAPjN/sdLcPfMh5ep29vp/7JTh6dUYnBNATYaXxx8j2XdnMCKeRfgP
+WOJur8HDPSayWWKKlztiQbJV5jDS5vyuMWI1a5/KIAQlOJep+anpR1QnQaX4/M4Z
+YUJo1fPs6tg47dXRpZZaJ+Hqwh0ZftCQoUq/sBxawXf6sbxsjoUmzxQLBqzYo1LJ
+jwxBs6C9aM8LDHFz4TVlyclSFQXiLMosj1jLBQ+TqzCxS6qOfJeMM9STXI9W3F2k
+duXeceqOwEkh8aeSUIztYFpX34d4SA4DDX5GUEaOeOR/abnXjH52vE6tM/m7NOve
+5+I/BrlT3heRqiD6Z2ofSsFhG86YeF9Q3w==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_ca_signed.key
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_ca_signed.key b/server/test/resources/certs/rsa_ca_signed.key
new file mode 100644
index 0000000..d30dd8e
--- /dev/null
+++ b/server/test/resources/certs/rsa_ca_signed.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIN4x8YHLIb60CAggA
+MBQGCCqGSIb3DQMHBAiuWe+C2SitUgSCBMhVxMKivNaQh9SQedh2GQ8vlhI2/mKf
+r6zVUgODOdmFRj/PAlQu6B+VH8u2Ef5tr74O9UyZUQpC6oI0npvQOGqnhIxECR8D
+zepFlC0s+6kNRqfzXiMhGTsfbs3xUE1TZK1z5556OS4GlihIB0E5F7GdlulHELeA
+dnEItqDffWPQczTmSmFqtH7G/ksGQhSA2reBIDNgxWreBh9x9h2TftEvhhogdkr2
+XQpzxcby2v2z6Hut1lfVkLQNdvdHYdDG751NQltOmGvncXkTNJ+tSByXuY9ITtYz
+XqwY/vAEX+YYjCrWcvMmhU1t6B9cZ3viFzIIIltqtvDo3rybicpM3xvmnYnTF35j
+sGebcynzZedrLUHwD6/o0jBzFJN26QBxDGrlmn9E8HBhmjMCeSyZTXtSkwN0dAhu
+EHT2NgdC/4G4+JHsb3Oetl6AbUyYs2eWTRgr6bgBezbiDqKMj1QtGECkPQE9tFFP
+Jtma6lGJ1/u8zLFYNjigKZgXaNbtlMpslk+KDTGaTSbbVEaaxWSc0YlHz329ovQC
+1btrTE71FoNjRsTRaDRXC7BfrrMtnLhG2SmROKzyBtoxFymfEmASpdGERO+c2712
+Z0NLpHJL5ocsRr/onVi0auFC/nuaq6QqYF5OPtZhYh3+IDd193LP3xo8hnFjTq90
+9zV1QI2uHfTfijI4OABYSSZLxrl2IFF7Z/e4XkWSXrneR2Ne5GoYX7w6wshiuubQ
+bDPUHODsy7uQJ3ZEmmmd5xWvA3h3F5Yyls3WEuz8+jYR4iPKdjt8DJuz9j+7IP3C
+LoRa3KhxIPAzziQw+tMFVCozLLfS1kN8mg5SwU9Dp4HUPY/n3KnjVSjUJ347KAgW
++ykPlz4S1H0A2GyGWhdyX3J839UOdXfCsfKQQ1FLOBvhQgBNGzoRIgDrsZdrxgWa
+XtF+Ct2/2/O+503I6X90maXzhshmGw/NKsiNx7YOdUiu6w3N4LajIWE689UUU7Dr
+EtM8HcfmBnE/cZTbeWbQBfl1GqigMp+YOAY2sw0rZdF4ocmnqoCWLVN2j8O/re5g
+20y5eHkztPOZ+NNczo5PP96ng1XEMVzs/h6xDHzsak6osZb5b+Hs9kcYuqBEqr16
+3DVwaZ45dGwNN90Q9YmrgEdCqtCAU12w/YYVB/aB701Ijg0NhVsh7PgWaJIOJD56
+YTaiWIzQaZ/uM0KlgLz2eI9VXcuv24gUMAUMaI84mInnIrax1zFMrlCjEcR8Zxvk
+jCCY6Uq9WH30cUo7cMHWLWMzsl7PC7xpYSHPClqzCUluUgQwqoOs5Ux4nYl+JI7C
+ZfJ8BUMCD2RJtjvJhkE6LEkcrCjwnvappRaXbN54IVXpuMl2XYtp44T117QulEj1
+I/jk1mrpkXRKi9ZsKsjDH9VMy1hcKHn4CgTxmtRYN6LPA4tamxzVLxIi6YDU0142
+l1u763cT7cH14lvzUvEQMFbk/s0AUl8zeZAwjDayNlD/ljz7nZnJ3NToMlxeoK0a
+F6c/RgQBwxR8NMdo19Irv8stxo9WGB2/0Q8WCxW7ENHlBpvX5zXKRJMswFKp0ft6
+dT7hOBPgJlD7C1eX5jVcSz6kDRM6gQ7K/c5QcJa6qNAC2Jw6yBBYltqiRalFWX46
+VcM=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_ca_signed2.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_ca_signed2.crt b/server/test/resources/certs/rsa_ca_signed2.crt
new file mode 100644
index 0000000..fb74f17
--- /dev/null
+++ b/server/test/resources/certs/rsa_ca_signed2.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID1TCCAr2gAwIBAgIJALXV1B5/vewhMA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNV
+BAYTAkFVMQ0wCwYDVQQIDARTb21lMQwwCgYDVQQKDANPcmcxDDAKBgNVBAsMA0Rl
+djENMAsGA1UEAwwETmFtZTEcMBoGCSqGSIb3DQEJARYNdGVzdEBtYWlsLmNvbTAe
+Fw0xMzEwMjExNjE4MjJaFw0xNDEwMjExNjE4MjJaMHIxCzAJBgNVBAYTAkFVMRMw
+EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
+eSBMdGQxDTALBgNVBAMMBFN5ZWQxHDAaBgkqhkiG9w0BCQEWDXN5ZWRAdGVzdC5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpkHkV6ZHhkYc3Y92i
+YllHGbSnXIzwnbaYcfIB5NRldbxyts2Hp8HttxG0rH5DgEMdqfOowqYITe2/hAop
+ZqLuAuwEj0tlPJ/hoVnZeHlCuBps+/nWkanA0DgkwiVksm7UoWM736dkmhLf03FI
+A0/pOsUYranCJAGO26BmNQnocjuoWHZRZINKFNVwgNLrCGkhIu4Dk4o6Rnto0oew
+kwUUVogpUJ6hPFU+8eIV0BAxertuiv6bQC/dG4MhVLl9nRB+XSnf+UAMgH3ay1em
+t8CL4pAlBmctt08LcaLeJBVWH0tsdx/QUuo/5iL61I/eQi4thLureM+bhzDq3/JN
+DYzfAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wg
+R2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBR2LIRfVveDgQB3dC7TOYhX
+BEv71DAfBgNVHSMEGDAWgBSMUs4ge7LDahb4VdjEn9RmLxh0GDANBgkqhkiG9w0B
+AQUFAAOCAQEAPjN/sdLcPfMh5ep29vp/7JTh6dUYnBNATYaXxx8j2XdnMCKeRfgP
+WOJur8HDPSayWWKKlztiQbJV5jDS5vyuMWI1a5/KIAQlOJep+anpR1QnQaX4/M4Z
+YUJo1fPs6tg47dXRpZZaJ+Hqwh0ZftCQoUq/sBxawXf6sbxsjoUmzxQLBqzYo1LJ
+jwxBs6C9aM8LDHFz4TVlyclSFQXiLMosj1jLBQ+TqzCxS6qOfJeMM9STXI9W3F2k
+duXeceqOwEkh8aeSUIztYFpX34d4SA4DDX5GUEaOeOR/abnXjH52vE6tM/m7NOve
+5+I/BrlT3heRqiD6Z2ofSsFhG86YeF9Q3w==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_ca_signed2.key
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_ca_signed2.key b/server/test/resources/certs/rsa_ca_signed2.key
new file mode 100644
index 0000000..d30dd8e
--- /dev/null
+++ b/server/test/resources/certs/rsa_ca_signed2.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIN4x8YHLIb60CAggA
+MBQGCCqGSIb3DQMHBAiuWe+C2SitUgSCBMhVxMKivNaQh9SQedh2GQ8vlhI2/mKf
+r6zVUgODOdmFRj/PAlQu6B+VH8u2Ef5tr74O9UyZUQpC6oI0npvQOGqnhIxECR8D
+zepFlC0s+6kNRqfzXiMhGTsfbs3xUE1TZK1z5556OS4GlihIB0E5F7GdlulHELeA
+dnEItqDffWPQczTmSmFqtH7G/ksGQhSA2reBIDNgxWreBh9x9h2TftEvhhogdkr2
+XQpzxcby2v2z6Hut1lfVkLQNdvdHYdDG751NQltOmGvncXkTNJ+tSByXuY9ITtYz
+XqwY/vAEX+YYjCrWcvMmhU1t6B9cZ3viFzIIIltqtvDo3rybicpM3xvmnYnTF35j
+sGebcynzZedrLUHwD6/o0jBzFJN26QBxDGrlmn9E8HBhmjMCeSyZTXtSkwN0dAhu
+EHT2NgdC/4G4+JHsb3Oetl6AbUyYs2eWTRgr6bgBezbiDqKMj1QtGECkPQE9tFFP
+Jtma6lGJ1/u8zLFYNjigKZgXaNbtlMpslk+KDTGaTSbbVEaaxWSc0YlHz329ovQC
+1btrTE71FoNjRsTRaDRXC7BfrrMtnLhG2SmROKzyBtoxFymfEmASpdGERO+c2712
+Z0NLpHJL5ocsRr/onVi0auFC/nuaq6QqYF5OPtZhYh3+IDd193LP3xo8hnFjTq90
+9zV1QI2uHfTfijI4OABYSSZLxrl2IFF7Z/e4XkWSXrneR2Ne5GoYX7w6wshiuubQ
+bDPUHODsy7uQJ3ZEmmmd5xWvA3h3F5Yyls3WEuz8+jYR4iPKdjt8DJuz9j+7IP3C
+LoRa3KhxIPAzziQw+tMFVCozLLfS1kN8mg5SwU9Dp4HUPY/n3KnjVSjUJ347KAgW
++ykPlz4S1H0A2GyGWhdyX3J839UOdXfCsfKQQ1FLOBvhQgBNGzoRIgDrsZdrxgWa
+XtF+Ct2/2/O+503I6X90maXzhshmGw/NKsiNx7YOdUiu6w3N4LajIWE689UUU7Dr
+EtM8HcfmBnE/cZTbeWbQBfl1GqigMp+YOAY2sw0rZdF4ocmnqoCWLVN2j8O/re5g
+20y5eHkztPOZ+NNczo5PP96ng1XEMVzs/h6xDHzsak6osZb5b+Hs9kcYuqBEqr16
+3DVwaZ45dGwNN90Q9YmrgEdCqtCAU12w/YYVB/aB701Ijg0NhVsh7PgWaJIOJD56
+YTaiWIzQaZ/uM0KlgLz2eI9VXcuv24gUMAUMaI84mInnIrax1zFMrlCjEcR8Zxvk
+jCCY6Uq9WH30cUo7cMHWLWMzsl7PC7xpYSHPClqzCUluUgQwqoOs5Ux4nYl+JI7C
+ZfJ8BUMCD2RJtjvJhkE6LEkcrCjwnvappRaXbN54IVXpuMl2XYtp44T117QulEj1
+I/jk1mrpkXRKi9ZsKsjDH9VMy1hcKHn4CgTxmtRYN6LPA4tamxzVLxIi6YDU0142
+l1u763cT7cH14lvzUvEQMFbk/s0AUl8zeZAwjDayNlD/ljz7nZnJ3NToMlxeoK0a
+F6c/RgQBwxR8NMdo19Irv8stxo9WGB2/0Q8WCxW7ENHlBpvX5zXKRJMswFKp0ft6
+dT7hOBPgJlD7C1eX5jVcSz6kDRM6gQ7K/c5QcJa6qNAC2Jw6yBBYltqiRalFWX46
+VcM=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_random_pkey.key
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_random_pkey.key b/server/test/resources/certs/rsa_random_pkey.key
new file mode 100644
index 0000000..8c29b3e
--- /dev/null
+++ b/server/test/resources/certs/rsa_random_pkey.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQD2ZYOSvqPjro7k
+JKWggB0FJL45mz3pfvBR0NcHTGgHKdh5hml1GiHHPanYnWqRuKFI7UPWLq3xllvJ
+jolMjX6FGzPFuh4wHQ3gHMFlmpi6o1gUkk5QxAeCWmsA77qJAAiLVbm27sqfpvSG
+ec6KJOcePDDN/6Jp363Gf8JuSssafg6fAbfwLp7Cm1cxFM3RKN13fUdy50+OcXv7
+uvUlzHZ2ZIVK7FnlFoXOfhFHoyfdZL2Qm8xV3SuUllNPGl7aCM59Y6xR743Rq01j
+3E6hHNZ82GlJGaOL413oVsp5J9ZmKV+WM7plFIn86p2JGMoA2xjtON+X6BZdz3YT
+ymp7ic+7AgMBAAECggEBAKvkNd3x0TPNWzIdvs4xkg08jNhzTMXQIKdzIg+dZhVZ
+RAPDmV5wVJBCnHLZnrb6LspJe8G33vFjC7WZEn+tVk5Vo9CU/uph2oQ2i1TufQ33
+VkNDrg76MqLloTCODXv14gASVfUgsYqfVodaApStGe8l3oZXiF6EBR8tkd6PnxFi
+8TPAalFS/0mfjj/dA9zHXoZ0iyl+h6had6kqJNNbP8zgD+TbnfJZVkURNB0cyGVI
+8/8d/eO05oQ1DpuvTJ+Q5i8wTDjikUzc4btt6coA/ho4QuOvfsZGsgCzCYsUn0+W
+GA+Vn2PVEFV5hJ+MZ9gGmQ5ouC/IVAYkBBC7HlNX70ECgYEA+3DC6rTvXqdrjZz1
+TFWcITfAt7WzfGlHi2LBZ/JNmyIetXmF/sHpqGKkvp7iHDMJ4NeEBXSN9tbbEfhc
+1yU+HXYlKkeaZAGaNiCSvqlr/Bouy7dX3jG8xgPGQ1o2gyluaoTEwORf2LgmApYA
+q/eQyWTKHLxatTnjlqLULerxqv8CgYEA+t1Wa00XHHgB1D4was59qnpPemIUxpvm
+4e3wjyQs6P2kH0F0rKyytQaSXKhkBYRcmh0EnyNSGu7wxM5l3aDTzCDgBHmb1i9P
+UXLzWUYnsSgUpUB8jL6YDlUmQ1AMMDqvLagLlOLqPkRmNjN1P4/+6mdoxD5SL0rv
+5FeRaOAGR0UCgYEAjWEgGDzYg058CUqCGwPgIEVrFWETpRbFZbiHq1zxChOrVLsZ
+/t8l9MpSe+R2mwiPu18zGqYo1OyGjZorCcYlIQe3agiM5UKJZXn3SUGWOFC4k09q
+FsO8s1KX/nMRR7raHQa+Yv+GbSNOLBIQGqG/RZ5ojrPSBSihsaeoypDahh0CgYEA
++OK3ZmVpVHlLd0LrzktnKceHKqg8bH8oJWZnj9wYIl/igI/0LYx5EFigxQTblw2m
+wc+gUjI8tzPv85HCRovVFWRYXJg6H9l4HBqrjBqqLnzRXtIHv6soOLAJ8iZssTzH
+p8hdFS27sGMz9PpAjPtTsUM/EdOyvfDe5/Bo91+rWvECgYEAxgvptntWbXc8QI9n
+DFYGigeza0sQTmFtSsob5cux9dtPORChdb6EPNTgOPOfKD4QMkmar/VWedeXOHb9
+Cy1Qz7bgOhIUSMdXzw4hPOmLrT7IbhG5CHawwHanGycrQ/bJcV00lsv0BEj3N/NJ
+PW/vxADWc9H3AcVeMi5So6gTBt4=
+-----END PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_self_signed.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_self_signed.crt b/server/test/resources/certs/rsa_self_signed.crt
new file mode 100644
index 0000000..710326e
--- /dev/null
+++ b/server/test/resources/certs/rsa_self_signed.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAe4CCQCEkqahWR0hjjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTEzMTAyMTEzNTIyMFoXDTE0MTAyMTEzNTIyMFowRTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AN6wEhbwZgBfgh5+fE1OYm9B7jA+IMbraIY80IyV2ERbNXJoi2/XrDtAr5NAxWkL
+qpaccOA4XupMUWzUCpDxa9M7L/QfCP6PFEJnJZ2dCPvosZQKuFcj+h9LHsK5nVW6
+1Zkh9HhtbdIS6l1JsV/119ZJGxzoGUEJPdEnsNt1cE1cW8sKvMo5GC2toZQV4d96
+17IpMuyRYhdEyRNq+sDQetAUDHYthBK7QVDy/9Sw+/lbgf2OsWacIrysDCF3hXc0
+qyNoBgp/s39NZDXx49GKwNmx9IuRV+P/WEqXfDxSDmHP4APtzDTtMTFnIW8+gH4z
+0GkeLRi7EQY48LyyGcB88lkCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAlgx04bvU
+/EE5z7lJsYmUM2oi8FjqZcZkD4F1ku7zvdAXaDNhOHjrR5LxGL+iI/N9S8lKVeSV
+xZv+EXAT0NqkTidNFjvP7coctDrrM+JHSNTRlr2GnnYjCnjEph4+ZXNppx8vnhXe
+7jDnHoXL/C5GIPOm0+LQaH1AlGTPF0lnBrtQaz1UG34vCr8SSUtRbTDDxH/liXfc
+hfvVnf4OV5Duj0oUXsmB3YzITYZnZ/xvZ4Dw6rOU/U5Vetng+msOOt8momeTCnWB
+/d1clA7rulJTCNZXb0YyaUNaC6eQX7S9JHnluB67b9yp4yg8f00qz4xR165eTQmq
+mLiuE/U5fTODvA==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_self_signed.key
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_self_signed.key b/server/test/resources/certs/rsa_self_signed.key
new file mode 100644
index 0000000..14b95e6
--- /dev/null
+++ b/server/test/resources/certs/rsa_self_signed.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA3rASFvBmAF+CHn58TU5ib0HuMD4gxutohjzQjJXYRFs1cmiL
+b9esO0Cvk0DFaQuqlpxw4Dhe6kxRbNQKkPFr0zsv9B8I/o8UQmclnZ0I++ixlAq4
+VyP6H0sewrmdVbrVmSH0eG1t0hLqXUmxX/XX1kkbHOgZQQk90Sew23VwTVxbywq8
+yjkYLa2hlBXh33rXsiky7JFiF0TJE2r6wNB60BQMdi2EErtBUPL/1LD7+VuB/Y6x
+ZpwivKwMIXeFdzSrI2gGCn+zf01kNfHj0YrA2bH0i5FX4/9YSpd8PFIOYc/gA+3M
+NO0xMWchbz6AfjPQaR4tGLsRBjjwvLIZwHzyWQIDAQABAoIBAFBYus4oAsWTsEEM
+ZhEGfSGjaith3zWmblowyxZOYm+XcRtMeTLrYCso1bCNqCyUlwIsg9WCwUxMKPzZ
+LM7LLJpUOqMcJ4ShXy/uQ3Yw2LL7bEb77zMRugdcdUbQ7eGmvba4t5pT8VHgnUr3
+cdYrv6qDShMN8z6x9OnoJjmoj9J5Ggda6DhsXsvl5Ox85XMOJKd9yyaUfa/qy8b6
+wIyixGQ/9l/GwGONgtrF7yKW3YUE+uhoEp4pqgKsGUIke3l7aWug6dCDjKDMdbX5
+jwSSiw2ilTpQJhi1r8JIMOfMea3addf39VySK7e6cSWhsf1VTVwneJbka13xS6uR
+SSdvs7kCgYEA9ynOXh/1+VkpCHJBAPWEIUtPn16KGJB6YEsEf7cfaAQfzQCwJ8E4
+I7/WsHveHXs80HLS/ZJQlIXXsdeMiWdu1rnsQiVBZMmSNOpOD8iP/6mv8eqeeNr+
+3e3JG+j+l3w+/RzX516WC5JPMIsNSIzSlyx8Yht4IYA2uvpJcLdMW2MCgYEA5qY/
+xht6UlbLevGzFFFnM5R9LWSs+Ip88HCBmEwbow7FQTc0TXYbOKxGtPqn88dM91XT
+NMpPaGenuioRz+P1sbEFOP/iE4Hyob8643NMkAiwwoxzSf2Bsj+ebJ/U7oC0xKYx
+yjLeFWINhDy+I3LDLEXTTfv5GNrFlitqBEA+ThMCgYEAmOrJnhyCD4JlS698nj5I
+QF0a5wwTvnzs6dSf9PB0QuOCVVBerEn0FNIk3s3UL0NG7eSMu4uhxTJFr+cfMQfI
+YJtpG8d2/QdlKM3p/APna5Mtoyu4XieH1gC/E0CE+25IfksxHRm9FW2xBuSRFFjk
+FdnVHtHF8lwkAGzHsTAG0ucCgYEAigFdVT7psMyoEZb+7KBMXKtzPq7nZAsQ+JiI
+okSfoK/czMmoLNUHMqC56d20koNkhPVAW2zVmIW08QntAHPIdZqSomlQrxVoxOjz
+5lX9sIzSnoWFEfdyG+I++4Wi1VYDU0qRrgdDpI23wrDJn9Ix/5KD/TxP7lQwN0sg
+swxxeysCgYBBXGBBJR7+AbreFpOHitw0h32Qdmy6zHTEF8e0SjmEgDv3uwGDdsYO
+QQ7g9QPPPUsYtl0+mUmCwDrw1sJeVFtp86AQlQMV89pR2yXZLf0xwT7IN6RAH5Bi
+WlV2/pmiMuWB1qSUKgdPzVEd6aqtjD0TIjtryDBHp76YHJR6SzdCCA==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_self_signed_with_pwd.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_self_signed_with_pwd.crt b/server/test/resources/certs/rsa_self_signed_with_pwd.crt
new file mode 100644
index 0000000..de5e5c9
--- /dev/null
+++ b/server/test/resources/certs/rsa_self_signed_with_pwd.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAe4CCQD5Q6qF5dVV0jANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTEzMTAyMTEzNTgwNFoXDTE0MTAyMTEzNTgwNFowRTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AN/7lJtiEs68IC1ZPxY9NA34z9T4AU4LPS/kbQtuxx4X72XOBy+y0cB/qdMD7JNV
+h8Mq4URDljhSDyVPdH/+jQr+7kWx2gNe2R/DCnd/meVwwU30JJvpGVZXt+MTef5N
+QAbSfDMsuT4FaUY80InbDd24HelrjwunPdY9wwKXO6zL2fLjyDRediiydxcx18Vb
+Dq1cm7DRi4mNkmA3RwBQMhxGp3VsfXJ4Hy2WTRCCCxWHZphAh3EUJGK3idum6/7j
+HbAwpM/t1kNWN8PZiYDZ1HbccgjmqB7Cub10BfB9g1RByiQ/C87o5cKtQha3uuXR
+iBcHISoDydQrgxKgUpiqEF0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEASvulIaVb
+zh8z2TysE6RFoYTAYIRXghFrmqCUyyQmUVTvs6vN8iaSXr+WMQJcpgXewWcFrDhr
+mIcyRCvF91ZYb7q6lMZFSpE6u/SUGIEtxGUDAfbkbQdKYmrMcbggUUIvSzgUFisO
+Kr0H9PEO4AWtCCrtOJFc7jgu03Sv06wDxn9ghkyiBRnVkbAhoKfKnI179yKruJWR
+A3ieEj0eFoUbeSH8hDkToj4ynpkAvEGoHjHG9j+8FJxy/PTjkyVPl1ykTs+2Jc1B
+Snx8f2afdTenPWyyBm3wFuRZjEAJJLUO0kxM7E8hAwhGsr+XYanwcr1oA1dz6M3f
+cq26lpjTH5ITwQ==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_self_signed_with_pwd.key
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_self_signed_with_pwd.key b/server/test/resources/certs/rsa_self_signed_with_pwd.key
new file mode 100644
index 0000000..d645a71
--- /dev/null
+++ b/server/test/resources/certs/rsa_self_signed_with_pwd.key
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CCA6E4CB4C4039DD
+
+TaVCJtB0dE9xTZbX7GOaGJwwGHVAMjU1GbRIHf0jODdP+quZvbjklNqsw8Ozlia9
+q/G+UqtRJGlIPPLpce0YCrTo0P3eixZdMs0+hioAEJ4OLtL0SAC6b8q/gB6HRfAx
+BvNg+umTqeF9YB68Tcuv/2g4VGKiaePQACyOzMdf7lGY7ojxoJCYZa1mfKb7jWrg
+FLwmTtLLhNjb6CnOKo3klIef3A6zdutpgxF1gARzdRyXg4qCA3boYnwEptTOlJFu
+ovxbhDG9iuYYr4gXYSs1pLYptEC8J6iWpG/qzkwfr4l5Cfg5uF00bbxQE5+WeRaj
+YFicvXjB/kcoFZuCL7M/YRXYxkJ/EZ19xI9HZNBQ4L738StkSBKL4OhpF/qgYZ2y
+ZLRV6XT4AijUA0Ef7YTuUsTL7Qt9drj09gCtAzXTA7gpZBn5SqT9kWhuwSzY302l
+KF8DIC6A52igk2QKPLbleM/V8eCu6n+J4uF+0GwVRROuG7ThxAQiUlJKhoEYrndL
+nzT7jHVLftjilhVWFu2On62bRf5t1QZuob+1AdK0ukvEIVsYnN4bnlAkc99Wi6C0
+ZJd9qW5L4A9XAC2gcjr3m0Rzw3RO+k17faR8YfmTuJvGyBf5fnrSFoNkrninXQXp
+sk0ajRi4PJ4XTswLyxjWRSt3egNsZBSKnVCibca/QoDEdZHSKXo2FlYiUYx8JHQX
+SPUsLl9OQKC1W8/+ReryqBLHCkiGEsvT8gVaXga0uhVaqe+PaVur2tbOHl4yCysC
++ZlnKwsC84LQsUvpENdCh+D7E1I1Rao9IJMR6q9azKq8Ck63cOJ1fA9xSnxJGoCA
+IlGLttlXrR32EtzYwEnlqf1nI/IqNQrAXQKrP5VPzHsgMFu5uD4OEZa92Q5cVTsz
+ap/1UEqiJVYUt6nuA+aqOUlyjC0oNtYL/VO4DbHTFcHa8SI2cPSS6ebPMWPGHjUm
+l9bWa6Q9iyplCYS6hinAVsAaLVjPi1Eu9Pc8rxFCmoiJYJju5NZuGI5UBK64dqcX
+T6trWl0kB8QY63JtnrZaoStoSPImV5KVseUKDV8TM3Y76h1nLV3MSmAD1ivk9oKs
+VKeVrDhZBWUq9Dqre/+lVGO0a2wo5VTR8hfpf8QkODPLeyNZNdfGKzkkFLuXa8V5
+ELhLQJ3FnbEU3NEvMwikV9MhP/ELPTkZwJr/NKv+9JLs9eXtwz29I/Q8byQVrCCs
+hAuDl0zHGRnqdpdSImeS2EXGx631zGMwSe8fhKelni5h6hXrXz52asr0k30BxWjf
+WUn1uTInwVjWGy9B5j3mZlVDotFbvVAZgtR0IoFwihPl4VZd9oS13l+hMfrTy1YZ
+8xFNg8ZqUQ0lSmKfOVqSBT0lP8tM8LuGxgY4cWluhsAQxR5Nl7wkundnqjcwEDDu
+Jz2rD54St1EZYGLDJZSfC7mpG2PgodsdeopQCTyFhHWa8s3caZ40GFOwaR+/5+YF
+1oRvkR1Yr4qIS7KbX4xsaFfAA5b8QfLA74L05PAgDwKofam2GFAlAKHOcI6mexPq
+aySON9MNdnXBNxs16mBJLzCX5ljQb0ilJildVEI3aVmABptM4ehEiw==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/setup/db/db/schema-421to430.sql
----------------------------------------------------------------------
diff --git a/setup/db/db/schema-421to430.sql b/setup/db/db/schema-421to430.sql
index 7bacefe..53cd0bf 100644
--- a/setup/db/db/schema-421to430.sql
+++ b/setup/db/db/schema-421to430.sql
@@ -41,6 +41,8 @@ ALTER TABLE `cloud`.`vm_instance` ADD COLUMN `power_state_update_count` INT DEFA
ALTER TABLE `cloud`.`vm_instance` ADD COLUMN `power_host` bigint unsigned;
ALTER TABLE `cloud`.`vm_instance` ADD CONSTRAINT `fk_vm_instance__power_host` FOREIGN KEY (`power_host`) REFERENCES `cloud`.`host`(`id`);
+ALTER TABLE `cloud`.`load_balancing_rules` ADD COLUMN `lb_protocol` VARCHAR(40);
+
DROP TABLE IF EXISTS `cloud`.`vm_snapshot_details`;
CREATE TABLE `cloud`.`vm_snapshot_details` (
`id` bigint unsigned UNIQUE NOT NULL,
@@ -464,6 +466,32 @@ CREATE VIEW `cloud`.`storage_pool_view` AS
and async_job.instance_type = 'StoragePool'
and async_job.job_status = 0;
+
+CREATE TABLE `sslcerts` (
+ `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
+ `uuid` varchar(40) DEFAULT NULL,
+ `account_id` bigint(20) unsigned NOT NULL,
+ `domain_id` bigint(20) unsigned NOT NULL,
+ `certificate` text NOT NULL,
+ `fingerprint` varchar(62) NOT NULL,
+ `key` text NOT NULL,
+ `chain` text,
+ `password` varchar(255) DEFAULT NULL,
+ PRIMARY KEY (`id`),
+ CONSTRAINT `fk_sslcert__account_id` FOREIGN KEY (`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE,
+ CONSTRAINT `fk_sslcert__domain_id` FOREIGN KEY (`domain_id`) REFERENCES `domain` (`id`) ON DELETE CASCADE
+);
+
+CREATE TABLE `load_balancer_cert_map` (
+ `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
+ `uuid` varchar(40) DEFAULT NULL,
+ `load_balancer_id` bigint(20) unsigned NOT NULL,
+ `certificate_id` bigint(20) unsigned NOT NULL,
+ `revoke` tinyint(1) NOT NULL DEFAULT '0',
+ PRIMARY KEY (`id`),
+ CONSTRAINT `fk_load_balancer_cert_map__certificate_id` FOREIGN KEY (`certificate_id`) REFERENCES `sslcerts` (`id`) ON DELETE CASCADE,
+ CONSTRAINT `fk_load_balancer_cert_map__load_balancer_id` FOREIGN KEY (`load_balancer_id`) REFERENCES `load_balancing_rules` (`id`) ON DELETE CASCADE);
+
ALTER TABLE `cloud`.`host` ADD COLUMN `cpu_sockets` int(10) unsigned DEFAULT NULL COMMENT "the number of CPU sockets on the host" AFTER pod_id;
DROP VIEW IF EXISTS `cloud`.`host_view`;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/utils/src/com/cloud/utils/net/NetUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java
index f590425..8a35109 100755
--- a/utils/src/com/cloud/utils/net/NetUtils.java
+++ b/utils/src/com/cloud/utils/net/NetUtils.java
@@ -52,6 +52,7 @@ import com.cloud.utils.script.Script;
public class NetUtils {
protected final static Logger s_logger = Logger.getLogger(NetUtils.class);
public final static String HTTP_PORT = "80";
+ public final static String HTTPS_PORT = "443";
public final static int VPN_PORT = 500;
public final static int VPN_NATT_PORT = 4500;
public final static int VPN_L2TP_PORT = 1701;
@@ -61,6 +62,8 @@ public class NetUtils {
public final static String ANY_PROTO = "any";
public final static String ICMP_PROTO = "icmp";
public final static String ALL_PROTO = "all";
+ public final static String HTTP_PROTO = "http";
+ public final static String SSL_PROTO = "ssl";
public final static String ALL_CIDRS = "0.0.0.0/0";
public final static int PORT_RANGE_MIN = 0;