@Test(expected = ExportCreationException.class)
public void doNotExportDirtyEntitlements() throws Exception {
config.setProperty(ConfigProperties.SYNC_WORK_DIR, "/tmp/");
Consumer consumer = mock(Consumer.class);
Entitlement ent = mock(Entitlement.class);
Principal principal = mock(Principal.class);
IdentityCertificate idcert = new IdentityCertificate();
List<Entitlement> entitlements = new ArrayList<Entitlement>();
entitlements.add(ent);
when(pki.getSHA256WithRSAHash(any(InputStream.class))).thenReturn("signature".getBytes());
when(pprov.get()).thenReturn(principal);
when(principal.getUsername()).thenReturn("testUser");
when(ec.listByConsumer(consumer)).thenReturn(entitlements);
when(ent.getDirty()).thenReturn(true);
idcert.setSerial(new CertificateSerial(10L, new Date()));
idcert.setKey("euh0876puhapodifbvj094");
idcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
idcert.setCreated(new Date());
idcert.setUpdated(new Date());
when(consumer.getIdCert()).thenReturn(idcert);
KeyPair keyPair = createKeyPair();
when(consumer.getKeyPair()).thenReturn(keyPair);
when(pki.getPemEncoded(keyPair.getPrivateKey())).thenReturn("privateKey".getBytes());
when(pki.getPemEncoded(keyPair.getPublicKey())).thenReturn("publicKey".getBytes());
Exporter e =
new Exporter(
ctc, me, ce, cte, re, ece, ecsa, pe, psa, pce, ec, ee, pki, config, exportRules, pprov);
e.getFullExport(consumer);
}
@Test
public void exportConsumer() throws ExportCreationException, IOException {
config.setProperty(ConfigProperties.SYNC_WORK_DIR, "/tmp/");
config.setProperty(ConfigProperties.PREFIX_WEBURL, "localhost:8443/weburl");
config.setProperty(ConfigProperties.PREFIX_APIURL, "localhost:8443/apiurl");
Rules mrules = mock(Rules.class);
Consumer consumer = mock(Consumer.class);
Principal principal = mock(Principal.class);
when(mrules.getRules()).thenReturn("foobar");
when(pki.getSHA256WithRSAHash(any(InputStream.class))).thenReturn("signature".getBytes());
when(rc.getRules()).thenReturn(mrules);
when(pprov.get()).thenReturn(principal);
when(principal.getUsername()).thenReturn("testUser");
// specific to this test
IdentityCertificate idcert = new IdentityCertificate();
idcert.setSerial(new CertificateSerial(10L, new Date()));
idcert.setKey("euh0876puhapodifbvj094");
idcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
idcert.setCreated(new Date());
idcert.setUpdated(new Date());
when(consumer.getIdCert()).thenReturn(idcert);
KeyPair keyPair = createKeyPair();
when(consumer.getKeyPair()).thenReturn(keyPair);
when(pki.getPemEncoded(keyPair.getPrivateKey())).thenReturn("privateKey".getBytes());
when(pki.getPemEncoded(keyPair.getPublicKey())).thenReturn("publicKey".getBytes());
when(consumer.getUuid()).thenReturn("8auuid");
when(consumer.getName()).thenReturn("consumer_name");
when(consumer.getType()).thenReturn(new ConsumerType(ConsumerTypeEnum.CANDLEPIN));
// FINALLY test this badboy
Exporter e =
new Exporter(
ctc,
me,
ce,
cte,
re,
ece,
ecsa,
pe,
psa,
pce,
ec,
ee,
pki,
config,
exportRules,
pprov,
dvc,
dve,
cdnc,
cdne);
File export = e.getFullExport(consumer);
verifyContent(export, "export/consumer.json", new VerifyConsumer("consumer.json"));
}
@Test
public void exportIdentityCertificate() throws Exception {
config.setProperty(ConfigProperties.SYNC_WORK_DIR, "/tmp/");
Rules mrules = mock(Rules.class);
Consumer consumer = mock(Consumer.class);
Principal principal = mock(Principal.class);
when(mrules.getRules()).thenReturn("foobar");
when(pki.getSHA256WithRSAHash(any(InputStream.class))).thenReturn("signature".getBytes());
when(rc.getRules()).thenReturn(mrules);
when(pprov.get()).thenReturn(principal);
when(principal.getUsername()).thenReturn("testUser");
// specific to this test
IdentityCertificate idcert = new IdentityCertificate();
idcert.setSerial(new CertificateSerial(10L, new Date()));
idcert.setKey("euh0876puhapodifbvj094");
idcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
idcert.setCreated(new Date());
idcert.setUpdated(new Date());
when(consumer.getIdCert()).thenReturn(idcert);
KeyPair keyPair = createKeyPair();
when(consumer.getKeyPair()).thenReturn(keyPair);
when(pki.getPemEncoded(keyPair.getPrivateKey())).thenReturn("privateKey".getBytes());
when(pki.getPemEncoded(keyPair.getPublicKey())).thenReturn("publicKey".getBytes());
// FINALLY test this badboy
Exporter e =
new Exporter(
ctc,
me,
ce,
cte,
re,
ece,
ecsa,
pe,
psa,
pce,
ec,
ee,
pki,
config,
exportRules,
pprov,
dvc,
dve,
cdnc,
cdne);
File export = e.getFullExport(consumer);
// VERIFY
assertNotNull(export);
assertTrue(export.exists());
verifyContent(export, "export/upstream_consumer/10.pem", new VerifyIdentityCert("10.pem"));
}
/**
* Create a tar.gz archive of the exported directory.
*
* @param exportDir Directory where Candlepin data was exported.
* @return File reference to the new archive zip.
*/
private File makeArchive(Consumer consumer, File tempDir, File exportDir) throws IOException {
String exportFileName = exportDir.getName() + ".zip";
log.info("Creating archive of " + exportDir.getAbsolutePath() + " in: " + exportFileName);
File archive =
createZipArchiveWithDir(
tempDir,
exportDir,
"consumer_export.zip",
"Candlepin export for " + consumer.getUuid());
InputStream archiveInputStream = null;
try {
archiveInputStream = new FileInputStream(archive);
File signedArchive =
createSignedZipArchive(
tempDir,
archive,
exportFileName,
pki.getSHA256WithRSAHash(archiveInputStream),
"signed Candlepin export for " + consumer.getUuid());
log.debug("Returning file: " + archive.getAbsolutePath());
return signedArchive;
} finally {
if (archiveInputStream != null) {
try {
archiveInputStream.close();
} catch (Exception e) {
// nothing to do
}
}
}
}
@Test
public void exportMetadata() throws ExportCreationException, IOException {
config.setProperty(ConfigProperties.SYNC_WORK_DIR, "/tmp/");
Date start = new Date();
Rules mrules = mock(Rules.class);
Consumer consumer = mock(Consumer.class);
Principal principal = mock(Principal.class);
IdentityCertificate idcert = new IdentityCertificate();
when(mrules.getRules()).thenReturn("foobar");
when(pki.getSHA256WithRSAHash(any(InputStream.class))).thenReturn("signature".getBytes());
when(rc.getRules()).thenReturn(mrules);
when(pprov.get()).thenReturn(principal);
when(principal.getUsername()).thenReturn("testUser");
idcert.setSerial(new CertificateSerial(10L, new Date()));
idcert.setKey("euh0876puhapodifbvj094");
idcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
idcert.setCreated(new Date());
idcert.setUpdated(new Date());
when(consumer.getIdCert()).thenReturn(idcert);
KeyPair keyPair = createKeyPair();
when(consumer.getKeyPair()).thenReturn(keyPair);
when(pki.getPemEncoded(keyPair.getPrivateKey())).thenReturn("privateKey".getBytes());
when(pki.getPemEncoded(keyPair.getPublicKey())).thenReturn("publicKey".getBytes());
// FINALLY test this badboy
Exporter e =
new Exporter(
ctc, me, ce, cte, re, ece, ecsa, pe, psa, pce, ec, ee, pki, config, exportRules, pprov);
File export = e.getFullExport(consumer);
// VERIFY
assertNotNull(export);
assertTrue(export.exists());
verifyContent(export, "export/meta.json", new VerifyMetadata(start));
// cleanup the mess
FileUtils.deleteDirectory(export.getParentFile());
assertTrue(new File("/tmp/consumer_export.zip").delete());
assertTrue(new File("/tmp/meta.json").delete());
}
@SuppressWarnings("unchecked")
@Test
public void exportProducts() throws Exception {
config.setProperty(ConfigProperties.SYNC_WORK_DIR, "/tmp/");
Consumer consumer = mock(Consumer.class);
Entitlement ent = mock(Entitlement.class);
ProvidedProduct pp = mock(ProvidedProduct.class);
Pool pool = mock(Pool.class);
Rules mrules = mock(Rules.class);
Principal principal = mock(Principal.class);
IdentityCertificate idcert = new IdentityCertificate();
Set<ProvidedProduct> ppset = new HashSet<ProvidedProduct>();
ppset.add(pp);
Set<Entitlement> entitlements = new HashSet<Entitlement>();
entitlements.add(ent);
Product prod = new Product("12345", "RHEL Product");
prod.setMultiplier(1L);
prod.setCreated(new Date());
prod.setUpdated(new Date());
prod.setHref("http://localhost");
prod.setAttributes(Collections.EMPTY_SET);
Product prod1 = new Product("MKT-prod", "RHEL Product");
prod1.setMultiplier(1L);
prod1.setCreated(new Date());
prod1.setUpdated(new Date());
prod1.setHref("http://localhost");
prod1.setAttributes(Collections.EMPTY_SET);
ProductCertificate pcert = new ProductCertificate();
pcert.setKey("euh0876puhapodifbvj094");
pcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
pcert.setCreated(new Date());
pcert.setUpdated(new Date());
when(pp.getProductId()).thenReturn("12345");
when(pool.getProvidedProducts()).thenReturn(ppset);
when(pool.getProductId()).thenReturn("MKT-prod");
when(ent.getPool()).thenReturn(pool);
when(mrules.getRules()).thenReturn("foobar");
when(pki.getSHA256WithRSAHash(any(InputStream.class))).thenReturn("signature".getBytes());
when(rc.getRules()).thenReturn(mrules);
when(consumer.getEntitlements()).thenReturn(entitlements);
when(psa.getProductById("12345")).thenReturn(prod);
when(psa.getProductById("MKT-prod")).thenReturn(prod1);
when(psa.getProductCertificate(any(Product.class))).thenReturn(pcert);
when(pprov.get()).thenReturn(principal);
when(principal.getUsername()).thenReturn("testUser");
idcert.setSerial(new CertificateSerial(10L, new Date()));
idcert.setKey("euh0876puhapodifbvj094");
idcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
idcert.setCreated(new Date());
idcert.setUpdated(new Date());
when(consumer.getIdCert()).thenReturn(idcert);
KeyPair keyPair = createKeyPair();
when(consumer.getKeyPair()).thenReturn(keyPair);
when(pki.getPemEncoded(keyPair.getPrivateKey())).thenReturn("privateKey".getBytes());
when(pki.getPemEncoded(keyPair.getPublicKey())).thenReturn("publicKey".getBytes());
// FINALLY test this badboy
Exporter e =
new Exporter(
ctc, me, ce, cte, re, ece, ecsa, pe, psa, pce, ec, ee, pki, config, exportRules, pprov);
File export = e.getFullExport(consumer);
// VERIFY
assertNotNull(export);
verifyContent(export, "export/products/12345.pem", new VerifyProductCert("12345.pem"));
assertFalse(verifyHasEntry(export, "export/products/MKT-prod.pem"));
FileUtils.deleteDirectory(export.getParentFile());
assertTrue(new File("/tmp/consumer_export.zip").delete());
assertTrue(new File("/tmp/12345.pem").delete());
}
private EntitlementCertificate generateEntitlementCert(
Entitlement entitlement, Subscription sub, Product product, boolean thisIsUeberCert)
throws GeneralSecurityException, IOException {
log.info("Generating entitlement cert.");
KeyPair keyPair = keyPairCurator.getConsumerKeyPair(entitlement.getConsumer());
CertificateSerial serial = new CertificateSerial(entitlement.getEndDate());
// We need the sequence generated id before we create the EntitlementCertificate,
// otherwise we could have used cascading create
serial = serialCurator.create(serial);
Set<Product> products = new HashSet<Product>(getProvidedProducts(entitlement.getPool(), sub));
// If creating a certificate for a distributor, we need
// to add any derived products as well so that their content
// is available in the upstream certificate.
products.addAll(getDerivedProductsForDistributor(sub, entitlement));
log.info("Creating X509 cert.");
X509Certificate x509Cert =
createX509Certificate(
entitlement,
product,
products,
BigInteger.valueOf(serial.getId()),
keyPair,
!thisIsUeberCert);
EntitlementCertificate cert = new EntitlementCertificate();
cert.setSerial(serial);
cert.setKeyAsBytes(pki.getPemEncoded(keyPair.getPrivate()));
products.add(product);
Map<String, EnvironmentContent> promotedContent = getPromotedContent(entitlement);
String contentPrefix = getContentPrefix(entitlement, !thisIsUeberCert);
log.info("Getting PEM encoded cert.");
String pem = new String(this.pki.getPemEncoded(x509Cert));
if (shouldGenerateV3(entitlement)) {
byte[] payloadBytes =
v3extensionUtil.createEntitlementDataPayload(
products, entitlement, contentPrefix, promotedContent);
String payload = "-----BEGIN ENTITLEMENT DATA-----\n";
payload += Util.toBase64(payloadBytes);
payload += "-----END ENTITLEMENT DATA-----\n";
byte[] bytes = pki.getSHA256WithRSAHash(new ByteArrayInputStream(payloadBytes));
String signature = "-----BEGIN RSA SIGNATURE-----\n";
signature += Util.toBase64(bytes);
signature += "-----END RSA SIGNATURE-----\n";
pem += payload + signature;
}
cert.setCert(pem);
cert.setEntitlement(entitlement);
if (log.isDebugEnabled()) {
log.debug("Generated cert serial number: " + serial.getId());
log.debug("Key: " + cert.getKey());
log.debug("Cert: " + cert.getCert());
}
log.info("Persisting cert.");
entitlement.getCertificates().add(cert);
entCertCurator.create(cert);
return cert;
}
