Beispiel #1
0
  @Test(expected = ExportCreationException.class)
  public void doNotExportDirtyEntitlements() throws Exception {
    config.setProperty(ConfigProperties.SYNC_WORK_DIR, "/tmp/");
    Consumer consumer = mock(Consumer.class);
    Entitlement ent = mock(Entitlement.class);
    Principal principal = mock(Principal.class);
    IdentityCertificate idcert = new IdentityCertificate();

    List<Entitlement> entitlements = new ArrayList<Entitlement>();
    entitlements.add(ent);

    when(pki.getSHA256WithRSAHash(any(InputStream.class))).thenReturn("signature".getBytes());
    when(pprov.get()).thenReturn(principal);
    when(principal.getUsername()).thenReturn("testUser");

    when(ec.listByConsumer(consumer)).thenReturn(entitlements);
    when(ent.getDirty()).thenReturn(true);
    idcert.setSerial(new CertificateSerial(10L, new Date()));
    idcert.setKey("euh0876puhapodifbvj094");
    idcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
    idcert.setCreated(new Date());
    idcert.setUpdated(new Date());
    when(consumer.getIdCert()).thenReturn(idcert);

    KeyPair keyPair = createKeyPair();
    when(consumer.getKeyPair()).thenReturn(keyPair);
    when(pki.getPemEncoded(keyPair.getPrivateKey())).thenReturn("privateKey".getBytes());
    when(pki.getPemEncoded(keyPair.getPublicKey())).thenReturn("publicKey".getBytes());

    Exporter e =
        new Exporter(
            ctc, me, ce, cte, re, ece, ecsa, pe, psa, pce, ec, ee, pki, config, exportRules, pprov);

    e.getFullExport(consumer);
  }
Beispiel #2
0
  @Test
  public void exportConsumer() throws ExportCreationException, IOException {
    config.setProperty(ConfigProperties.SYNC_WORK_DIR, "/tmp/");
    config.setProperty(ConfigProperties.PREFIX_WEBURL, "localhost:8443/weburl");
    config.setProperty(ConfigProperties.PREFIX_APIURL, "localhost:8443/apiurl");
    Rules mrules = mock(Rules.class);
    Consumer consumer = mock(Consumer.class);
    Principal principal = mock(Principal.class);

    when(mrules.getRules()).thenReturn("foobar");
    when(pki.getSHA256WithRSAHash(any(InputStream.class))).thenReturn("signature".getBytes());
    when(rc.getRules()).thenReturn(mrules);
    when(pprov.get()).thenReturn(principal);
    when(principal.getUsername()).thenReturn("testUser");

    // specific to this test
    IdentityCertificate idcert = new IdentityCertificate();
    idcert.setSerial(new CertificateSerial(10L, new Date()));
    idcert.setKey("euh0876puhapodifbvj094");
    idcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
    idcert.setCreated(new Date());
    idcert.setUpdated(new Date());
    when(consumer.getIdCert()).thenReturn(idcert);

    KeyPair keyPair = createKeyPair();
    when(consumer.getKeyPair()).thenReturn(keyPair);
    when(pki.getPemEncoded(keyPair.getPrivateKey())).thenReturn("privateKey".getBytes());
    when(pki.getPemEncoded(keyPair.getPublicKey())).thenReturn("publicKey".getBytes());
    when(consumer.getUuid()).thenReturn("8auuid");
    when(consumer.getName()).thenReturn("consumer_name");
    when(consumer.getType()).thenReturn(new ConsumerType(ConsumerTypeEnum.CANDLEPIN));

    // FINALLY test this badboy
    Exporter e =
        new Exporter(
            ctc,
            me,
            ce,
            cte,
            re,
            ece,
            ecsa,
            pe,
            psa,
            pce,
            ec,
            ee,
            pki,
            config,
            exportRules,
            pprov,
            dvc,
            dve,
            cdnc,
            cdne);
    File export = e.getFullExport(consumer);

    verifyContent(export, "export/consumer.json", new VerifyConsumer("consumer.json"));
  }
Beispiel #3
0
  @Test
  public void exportIdentityCertificate() throws Exception {
    config.setProperty(ConfigProperties.SYNC_WORK_DIR, "/tmp/");
    Rules mrules = mock(Rules.class);
    Consumer consumer = mock(Consumer.class);
    Principal principal = mock(Principal.class);

    when(mrules.getRules()).thenReturn("foobar");
    when(pki.getSHA256WithRSAHash(any(InputStream.class))).thenReturn("signature".getBytes());
    when(rc.getRules()).thenReturn(mrules);
    when(pprov.get()).thenReturn(principal);
    when(principal.getUsername()).thenReturn("testUser");

    // specific to this test
    IdentityCertificate idcert = new IdentityCertificate();
    idcert.setSerial(new CertificateSerial(10L, new Date()));
    idcert.setKey("euh0876puhapodifbvj094");
    idcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
    idcert.setCreated(new Date());
    idcert.setUpdated(new Date());
    when(consumer.getIdCert()).thenReturn(idcert);

    KeyPair keyPair = createKeyPair();
    when(consumer.getKeyPair()).thenReturn(keyPair);
    when(pki.getPemEncoded(keyPair.getPrivateKey())).thenReturn("privateKey".getBytes());
    when(pki.getPemEncoded(keyPair.getPublicKey())).thenReturn("publicKey".getBytes());

    // FINALLY test this badboy
    Exporter e =
        new Exporter(
            ctc,
            me,
            ce,
            cte,
            re,
            ece,
            ecsa,
            pe,
            psa,
            pce,
            ec,
            ee,
            pki,
            config,
            exportRules,
            pprov,
            dvc,
            dve,
            cdnc,
            cdne);
    File export = e.getFullExport(consumer);

    // VERIFY
    assertNotNull(export);
    assertTrue(export.exists());
    verifyContent(export, "export/upstream_consumer/10.pem", new VerifyIdentityCert("10.pem"));
  }
Beispiel #4
0
  /**
   * Create a tar.gz archive of the exported directory.
   *
   * @param exportDir Directory where Candlepin data was exported.
   * @return File reference to the new archive zip.
   */
  private File makeArchive(Consumer consumer, File tempDir, File exportDir) throws IOException {
    String exportFileName = exportDir.getName() + ".zip";
    log.info("Creating archive of " + exportDir.getAbsolutePath() + " in: " + exportFileName);

    File archive =
        createZipArchiveWithDir(
            tempDir,
            exportDir,
            "consumer_export.zip",
            "Candlepin export for " + consumer.getUuid());

    InputStream archiveInputStream = null;
    try {
      archiveInputStream = new FileInputStream(archive);
      File signedArchive =
          createSignedZipArchive(
              tempDir,
              archive,
              exportFileName,
              pki.getSHA256WithRSAHash(archiveInputStream),
              "signed Candlepin export for " + consumer.getUuid());

      log.debug("Returning file: " + archive.getAbsolutePath());
      return signedArchive;
    } finally {
      if (archiveInputStream != null) {
        try {
          archiveInputStream.close();
        } catch (Exception e) {
          // nothing to do
        }
      }
    }
  }
Beispiel #5
0
  @Test
  public void exportMetadata() throws ExportCreationException, IOException {
    config.setProperty(ConfigProperties.SYNC_WORK_DIR, "/tmp/");
    Date start = new Date();
    Rules mrules = mock(Rules.class);
    Consumer consumer = mock(Consumer.class);
    Principal principal = mock(Principal.class);
    IdentityCertificate idcert = new IdentityCertificate();

    when(mrules.getRules()).thenReturn("foobar");
    when(pki.getSHA256WithRSAHash(any(InputStream.class))).thenReturn("signature".getBytes());
    when(rc.getRules()).thenReturn(mrules);
    when(pprov.get()).thenReturn(principal);
    when(principal.getUsername()).thenReturn("testUser");

    idcert.setSerial(new CertificateSerial(10L, new Date()));
    idcert.setKey("euh0876puhapodifbvj094");
    idcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
    idcert.setCreated(new Date());
    idcert.setUpdated(new Date());
    when(consumer.getIdCert()).thenReturn(idcert);

    KeyPair keyPair = createKeyPair();
    when(consumer.getKeyPair()).thenReturn(keyPair);
    when(pki.getPemEncoded(keyPair.getPrivateKey())).thenReturn("privateKey".getBytes());
    when(pki.getPemEncoded(keyPair.getPublicKey())).thenReturn("publicKey".getBytes());

    // FINALLY test this badboy
    Exporter e =
        new Exporter(
            ctc, me, ce, cte, re, ece, ecsa, pe, psa, pce, ec, ee, pki, config, exportRules, pprov);
    File export = e.getFullExport(consumer);

    // VERIFY
    assertNotNull(export);
    assertTrue(export.exists());
    verifyContent(export, "export/meta.json", new VerifyMetadata(start));

    // cleanup the mess
    FileUtils.deleteDirectory(export.getParentFile());
    assertTrue(new File("/tmp/consumer_export.zip").delete());
    assertTrue(new File("/tmp/meta.json").delete());
  }
Beispiel #6
0
  @SuppressWarnings("unchecked")
  @Test
  public void exportProducts() throws Exception {
    config.setProperty(ConfigProperties.SYNC_WORK_DIR, "/tmp/");
    Consumer consumer = mock(Consumer.class);
    Entitlement ent = mock(Entitlement.class);
    ProvidedProduct pp = mock(ProvidedProduct.class);
    Pool pool = mock(Pool.class);
    Rules mrules = mock(Rules.class);
    Principal principal = mock(Principal.class);
    IdentityCertificate idcert = new IdentityCertificate();

    Set<ProvidedProduct> ppset = new HashSet<ProvidedProduct>();
    ppset.add(pp);

    Set<Entitlement> entitlements = new HashSet<Entitlement>();
    entitlements.add(ent);

    Product prod = new Product("12345", "RHEL Product");
    prod.setMultiplier(1L);
    prod.setCreated(new Date());
    prod.setUpdated(new Date());
    prod.setHref("http://localhost");
    prod.setAttributes(Collections.EMPTY_SET);

    Product prod1 = new Product("MKT-prod", "RHEL Product");
    prod1.setMultiplier(1L);
    prod1.setCreated(new Date());
    prod1.setUpdated(new Date());
    prod1.setHref("http://localhost");
    prod1.setAttributes(Collections.EMPTY_SET);

    ProductCertificate pcert = new ProductCertificate();
    pcert.setKey("euh0876puhapodifbvj094");
    pcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
    pcert.setCreated(new Date());
    pcert.setUpdated(new Date());

    when(pp.getProductId()).thenReturn("12345");
    when(pool.getProvidedProducts()).thenReturn(ppset);
    when(pool.getProductId()).thenReturn("MKT-prod");
    when(ent.getPool()).thenReturn(pool);
    when(mrules.getRules()).thenReturn("foobar");
    when(pki.getSHA256WithRSAHash(any(InputStream.class))).thenReturn("signature".getBytes());
    when(rc.getRules()).thenReturn(mrules);
    when(consumer.getEntitlements()).thenReturn(entitlements);
    when(psa.getProductById("12345")).thenReturn(prod);
    when(psa.getProductById("MKT-prod")).thenReturn(prod1);
    when(psa.getProductCertificate(any(Product.class))).thenReturn(pcert);
    when(pprov.get()).thenReturn(principal);
    when(principal.getUsername()).thenReturn("testUser");
    idcert.setSerial(new CertificateSerial(10L, new Date()));
    idcert.setKey("euh0876puhapodifbvj094");
    idcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
    idcert.setCreated(new Date());
    idcert.setUpdated(new Date());
    when(consumer.getIdCert()).thenReturn(idcert);

    KeyPair keyPair = createKeyPair();
    when(consumer.getKeyPair()).thenReturn(keyPair);
    when(pki.getPemEncoded(keyPair.getPrivateKey())).thenReturn("privateKey".getBytes());
    when(pki.getPemEncoded(keyPair.getPublicKey())).thenReturn("publicKey".getBytes());

    // FINALLY test this badboy
    Exporter e =
        new Exporter(
            ctc, me, ce, cte, re, ece, ecsa, pe, psa, pce, ec, ee, pki, config, exportRules, pprov);

    File export = e.getFullExport(consumer);

    // VERIFY
    assertNotNull(export);
    verifyContent(export, "export/products/12345.pem", new VerifyProductCert("12345.pem"));
    assertFalse(verifyHasEntry(export, "export/products/MKT-prod.pem"));
    FileUtils.deleteDirectory(export.getParentFile());
    assertTrue(new File("/tmp/consumer_export.zip").delete());
    assertTrue(new File("/tmp/12345.pem").delete());
  }
  private EntitlementCertificate generateEntitlementCert(
      Entitlement entitlement, Subscription sub, Product product, boolean thisIsUeberCert)
      throws GeneralSecurityException, IOException {

    log.info("Generating entitlement cert.");

    KeyPair keyPair = keyPairCurator.getConsumerKeyPair(entitlement.getConsumer());
    CertificateSerial serial = new CertificateSerial(entitlement.getEndDate());
    // We need the sequence generated id before we create the EntitlementCertificate,
    // otherwise we could have used cascading create
    serial = serialCurator.create(serial);

    Set<Product> products = new HashSet<Product>(getProvidedProducts(entitlement.getPool(), sub));

    // If creating a certificate for a distributor, we need
    // to add any derived products as well so that their content
    // is available in the upstream certificate.
    products.addAll(getDerivedProductsForDistributor(sub, entitlement));

    log.info("Creating X509 cert.");
    X509Certificate x509Cert =
        createX509Certificate(
            entitlement,
            product,
            products,
            BigInteger.valueOf(serial.getId()),
            keyPair,
            !thisIsUeberCert);

    EntitlementCertificate cert = new EntitlementCertificate();
    cert.setSerial(serial);
    cert.setKeyAsBytes(pki.getPemEncoded(keyPair.getPrivate()));

    products.add(product);
    Map<String, EnvironmentContent> promotedContent = getPromotedContent(entitlement);
    String contentPrefix = getContentPrefix(entitlement, !thisIsUeberCert);

    log.info("Getting PEM encoded cert.");
    String pem = new String(this.pki.getPemEncoded(x509Cert));

    if (shouldGenerateV3(entitlement)) {
      byte[] payloadBytes =
          v3extensionUtil.createEntitlementDataPayload(
              products, entitlement, contentPrefix, promotedContent);
      String payload = "-----BEGIN ENTITLEMENT DATA-----\n";
      payload += Util.toBase64(payloadBytes);
      payload += "-----END ENTITLEMENT DATA-----\n";

      byte[] bytes = pki.getSHA256WithRSAHash(new ByteArrayInputStream(payloadBytes));
      String signature = "-----BEGIN RSA SIGNATURE-----\n";
      signature += Util.toBase64(bytes);
      signature += "-----END RSA SIGNATURE-----\n";

      pem += payload + signature;
    }

    cert.setCert(pem);

    cert.setEntitlement(entitlement);

    if (log.isDebugEnabled()) {
      log.debug("Generated cert serial number: " + serial.getId());
      log.debug("Key: " + cert.getKey());
      log.debug("Cert: " + cert.getCert());
    }

    log.info("Persisting cert.");
    entitlement.getCertificates().add(cert);
    entCertCurator.create(cert);
    return cert;
  }