org.apache.cloudstack.network.lb.CertServiceTest.java Source code

Java tutorial

Introduction

Here is the source code for org.apache.cloudstack.network.lb.CertServiceTest.java

Source

// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements.  See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership.  The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License.  You may obtain a copy of the License at
//
//   http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied.  See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.network.lb;

import static org.apache.commons.io.FileUtils.readFileToString;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.anyLong;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.when;

import java.io.File;
import java.io.IOException;
import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import java.net.URLDecoder;

import org.apache.cloudstack.api.command.user.loadbalancer.DeleteSslCertCmd;
import com.cloud.user.User;
import org.apache.cloudstack.api.command.user.loadbalancer.UploadSslCertCmd;
import org.apache.cloudstack.context.CallContext;
import org.junit.After;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

import com.cloud.domain.dao.DomainDao;
import com.cloud.domain.DomainVO;
import com.cloud.network.dao.LoadBalancerCertMapDao;
import com.cloud.network.dao.LoadBalancerCertMapVO;
import com.cloud.network.dao.LoadBalancerVO;
import com.cloud.network.dao.SslCertDao;
import com.cloud.network.dao.SslCertVO;
import com.cloud.user.Account;
import com.cloud.user.AccountManager;
import com.cloud.user.AccountVO;
import com.cloud.user.UserVO;
import com.cloud.user.dao.AccountDao;
import com.cloud.utils.db.EntityManager;
import com.cloud.utils.db.TransactionLegacy;
import java.nio.charset.Charset;

public class CertServiceTest {

    @Before
    public void setUp() {
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone",
                UUID.randomUUID().toString(), User.Source.UNKNOWN);
        CallContext.register(user, account);
    }

    @After
    public void tearDown() {
        CallContext.unregister();
    }

    /**
     * JCE is known to be working fine without additional configuration in OpenJDK.
     * This checks if the tests are running in OpenJDK;
     * @return  true if openjdk environment
     */
    static boolean isOpenJdk() {
        //TODO: find a better way for OpenJDK detection
        return System.getProperty("java.home").toLowerCase().contains("openjdk");
    }

    /**
     * One can run the tests on Oracle JDK after installing JCE by specifying -Dcloudstack.jce.enabled=true
     * @return true if the jce enable property was set to true
     */
    static boolean isJCEInstalled() {
        return Boolean.getBoolean("cloudstack.jce.enabled");
    }

    @Test
    /**
     * Given a certificate signed by a CA and a valid CA chain, upload should succeed
     */
    public void runUploadSslCertWithCAChain() throws Exception {
        Assume.assumeTrue(isOpenJdk() || isJCEInstalled());

        TransactionLegacy txn = TransactionLegacy.open("runUploadSslCertWithCAChain");

        String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),
                Charset.defaultCharset().name());
        String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),
                Charset.defaultCharset().name());
        String chainFile = URLDecoder.decode(getClass().getResource("/certs/root_chain.crt").getFile(),
                Charset.defaultCharset().name());

        String cert = readFileToString(new File(certFile));
        String key = readFileToString(new File(keyFile));
        String chain = readFileToString(new File(chainFile));

        CertServiceImpl certService = new CertServiceImpl();

        //setting mock objects
        certService._accountMgr = Mockito.mock(AccountManager.class);
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);

        certService._domainDao = Mockito.mock(DomainDao.class);
        DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
        when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);

        certService._sslCertDao = Mockito.mock(SslCertDao.class);
        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());

        certService._accountDao = Mockito.mock(AccountDao.class);
        when(certService._accountDao.findByIdIncludingRemoved(anyLong())).thenReturn((AccountVO) account);

        //creating the command
        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
        Class<?> _class = uploadCmd.getClass().getSuperclass();

        Field certField = _class.getDeclaredField("cert");
        certField.setAccessible(true);
        certField.set(uploadCmd, cert);

        Field keyField = _class.getDeclaredField("key");
        keyField.setAccessible(true);
        keyField.set(uploadCmd, key);

        Field chainField = _class.getDeclaredField("chain");
        chainField.setAccessible(true);
        chainField.set(uploadCmd, chain);

        certService.uploadSslCert(uploadCmd);
    }

    @Test
    /**
     * Given a Self-signed Certificate with encrypted key, upload should succeed
     */
    public void runUploadSslCertSelfSignedWithPassword() throws Exception {

        TransactionLegacy txn = TransactionLegacy.open("runUploadSslCertSelfSignedWithPassword");

        String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),
                Charset.defaultCharset().name());
        String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),
                Charset.defaultCharset().name());
        String password = "test";

        String cert = readFileToString(new File(certFile));
        String key = readFileToString(new File(keyFile));

        CertServiceImpl certService = new CertServiceImpl();

        //setting mock objects
        certService._accountMgr = Mockito.mock(AccountManager.class);
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);

        certService._domainDao = Mockito.mock(DomainDao.class);
        DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
        when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);

        certService._sslCertDao = Mockito.mock(SslCertDao.class);
        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());

        certService._accountDao = Mockito.mock(AccountDao.class);
        when(certService._accountDao.findByIdIncludingRemoved(anyLong())).thenReturn((AccountVO) account);

        //creating the command
        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
        Class<?> _class = uploadCmd.getClass().getSuperclass();

        Field certField = _class.getDeclaredField("cert");
        certField.setAccessible(true);
        certField.set(uploadCmd, cert);

        Field keyField = _class.getDeclaredField("key");
        keyField.setAccessible(true);
        keyField.set(uploadCmd, key);

        Field passField = _class.getDeclaredField("password");
        passField.setAccessible(true);
        passField.set(uploadCmd, password);

        certService.uploadSslCert(uploadCmd);
    }

    @Test
    /**
     * Given a Self-signed Certificate with non-encrypted key, upload should succeed
     */
    public void runUploadSslCertSelfSignedNoPassword() throws Exception {

        TransactionLegacy txn = TransactionLegacy.open("runUploadSslCertSelfSignedNoPassword");

        String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),
                Charset.defaultCharset().name());
        String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),
                Charset.defaultCharset().name());

        String cert = readFileToString(new File(certFile));
        String key = readFileToString(new File(keyFile));

        CertServiceImpl certService = new CertServiceImpl();

        //setting mock objects
        certService._accountMgr = Mockito.mock(AccountManager.class);
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);

        certService._domainDao = Mockito.mock(DomainDao.class);
        DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
        when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);

        certService._sslCertDao = Mockito.mock(SslCertDao.class);
        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());

        certService._accountDao = Mockito.mock(AccountDao.class);
        when(certService._accountDao.findByIdIncludingRemoved(anyLong())).thenReturn((AccountVO) account);

        //creating the command
        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
        Class<?> _class = uploadCmd.getClass().getSuperclass();

        Field certField = _class.getDeclaredField("cert");
        certField.setAccessible(true);
        certField.set(uploadCmd, cert);

        Field keyField = _class.getDeclaredField("key");
        keyField.setAccessible(true);
        keyField.set(uploadCmd, key);

        certService.uploadSslCert(uploadCmd);
    }

    @Test
    public void runUploadSslCertBadChain() throws IOException, IllegalAccessException, NoSuchFieldException {
        Assume.assumeTrue(isOpenJdk() || isJCEInstalled());

        String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),
                Charset.defaultCharset().name());
        String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),
                Charset.defaultCharset().name());
        String chainFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),
                Charset.defaultCharset().name());

        String cert = readFileToString(new File(certFile));
        String key = readFileToString(new File(keyFile));
        String chain = readFileToString(new File(chainFile));

        CertServiceImpl certService = new CertServiceImpl();

        //setting mock objects
        certService._accountMgr = Mockito.mock(AccountManager.class);
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);

        certService._domainDao = Mockito.mock(DomainDao.class);
        DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
        when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);

        certService._sslCertDao = Mockito.mock(SslCertDao.class);
        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());

        //creating the command
        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
        Class<?> _class = uploadCmd.getClass().getSuperclass();

        Field certField = _class.getDeclaredField("cert");
        certField.setAccessible(true);
        certField.set(uploadCmd, cert);

        Field keyField = _class.getDeclaredField("key");
        keyField.setAccessible(true);
        keyField.set(uploadCmd, key);

        Field chainField = _class.getDeclaredField("chain");
        chainField.setAccessible(true);
        chainField.set(uploadCmd, chain);

        try {
            certService.uploadSslCert(uploadCmd);
            fail("The chain given is not the correct chain for the certificate");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("Invalid certificate chain"));
        }
    }

    @Test
    public void runUploadSslCertNoRootCert() throws IOException, IllegalAccessException, NoSuchFieldException {

        Assume.assumeTrue(isOpenJdk() || isJCEInstalled());

        String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.crt").getFile(),
                Charset.defaultCharset().name());
        String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_ca_signed.key").getFile(),
                Charset.defaultCharset().name());
        String chainFile = URLDecoder.decode(getClass().getResource("/certs/non_root.crt").getFile(),
                Charset.defaultCharset().name());

        String cert = readFileToString(new File(certFile));
        String key = readFileToString(new File(keyFile));
        String chain = readFileToString(new File(chainFile));

        CertServiceImpl certService = new CertServiceImpl();

        //setting mock objects
        certService._accountMgr = Mockito.mock(AccountManager.class);
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);

        certService._domainDao = Mockito.mock(DomainDao.class);
        DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
        when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);

        certService._sslCertDao = Mockito.mock(SslCertDao.class);
        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());

        //creating the command
        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
        Class<?> _class = uploadCmd.getClass().getSuperclass();

        Field certField = _class.getDeclaredField("cert");
        certField.setAccessible(true);
        certField.set(uploadCmd, cert);

        Field keyField = _class.getDeclaredField("key");
        keyField.setAccessible(true);
        keyField.set(uploadCmd, key);

        Field chainField = _class.getDeclaredField("chain");
        chainField.setAccessible(true);
        chainField.set(uploadCmd, chain);

        try {
            certService.uploadSslCert(uploadCmd);
            fail("Chain is given but does not link to the certificate");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("Invalid certificate chain"));
        }

    }

    @Test
    public void runUploadSslCertBadPassword() throws IOException, IllegalAccessException, NoSuchFieldException {

        String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile(),
                Charset.defaultCharset().name());
        String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile(),
                Charset.defaultCharset().name());
        String password = "bad_password";

        String cert = readFileToString(new File(certFile));
        String key = readFileToString(new File(keyFile));

        CertServiceImpl certService = new CertServiceImpl();

        //setting mock objects
        certService._accountMgr = Mockito.mock(AccountManager.class);
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);

        certService._domainDao = Mockito.mock(DomainDao.class);
        DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
        when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);

        certService._sslCertDao = Mockito.mock(SslCertDao.class);
        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());

        //creating the command
        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
        Class<?> _class = uploadCmd.getClass().getSuperclass();

        Field certField = _class.getDeclaredField("cert");
        certField.setAccessible(true);
        certField.set(uploadCmd, cert);

        Field keyField = _class.getDeclaredField("key");
        keyField.setAccessible(true);
        keyField.set(uploadCmd, key);

        Field passField = _class.getDeclaredField("password");
        passField.setAccessible(true);
        passField.set(uploadCmd, password);

        try {
            certService.uploadSslCert(uploadCmd);
            fail("Given an encrypted private key with a bad password. Upload should fail.");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("please check password and data"));
        }

    }

    @Test
    public void runUploadSslCertBadkeyPair() throws IOException, IllegalAccessException, NoSuchFieldException {
        // Reading appropritate files
        String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),
                Charset.defaultCharset().name());
        String keyFile = URLDecoder.decode(getClass().getResource("/certs/non_root.key").getFile(),
                Charset.defaultCharset().name());

        String cert = readFileToString(new File(certFile));
        String key = readFileToString(new File(keyFile));

        CertServiceImpl certService = new CertServiceImpl();

        //setting mock objects
        certService._accountMgr = Mockito.mock(AccountManager.class);
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);

        certService._domainDao = Mockito.mock(DomainDao.class);
        DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
        when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);

        certService._sslCertDao = Mockito.mock(SslCertDao.class);
        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());

        //creating the command
        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
        Class<?> _class = uploadCmd.getClass().getSuperclass();

        Field certField = _class.getDeclaredField("cert");
        certField.setAccessible(true);
        certField.set(uploadCmd, cert);

        Field keyField = _class.getDeclaredField("key");
        keyField.setAccessible(true);
        keyField.set(uploadCmd, key);

        try {
            certService.uploadSslCert(uploadCmd);
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("Bad public-private key"));
        }
    }

    @Test
    public void runUploadSslCertBadkeyAlgo() throws IOException, IllegalAccessException, NoSuchFieldException {

        // Reading appropritate files
        String certFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.crt").getFile(),
                Charset.defaultCharset().name());
        String keyFile = URLDecoder.decode(getClass().getResource("/certs/dsa_self_signed.key").getFile(),
                Charset.defaultCharset().name());

        String cert = readFileToString(new File(certFile));
        String key = readFileToString(new File(keyFile));

        CertServiceImpl certService = new CertServiceImpl();

        //setting mock objects
        certService._accountMgr = Mockito.mock(AccountManager.class);
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);

        certService._domainDao = Mockito.mock(DomainDao.class);
        DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
        when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);

        certService._sslCertDao = Mockito.mock(SslCertDao.class);
        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());

        //creating the command
        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
        Class<?> _class = uploadCmd.getClass().getSuperclass();

        Field certField = _class.getDeclaredField("cert");
        certField.setAccessible(true);
        certField.set(uploadCmd, cert);

        Field keyField = _class.getDeclaredField("key");
        keyField.setAccessible(true);
        keyField.set(uploadCmd, key);

        try {
            certService.uploadSslCert(uploadCmd);
            fail("Given a private key which has a different algorithm than the certificate, upload should fail");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("Public and private key have different algorithms"));
        }
    }

    @Test
    public void runUploadSslCertExpiredCert() throws IOException, IllegalAccessException, NoSuchFieldException {

        // Reading appropritate files
        String certFile = URLDecoder.decode(getClass().getResource("/certs/expired_cert.crt").getFile(),
                Charset.defaultCharset().name());
        String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),
                Charset.defaultCharset().name());

        String cert = readFileToString(new File(certFile));
        String key = readFileToString(new File(keyFile));

        CertServiceImpl certService = new CertServiceImpl();

        //setting mock objects
        certService._accountMgr = Mockito.mock(AccountManager.class);
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);

        certService._domainDao = Mockito.mock(DomainDao.class);
        DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
        when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);

        certService._sslCertDao = Mockito.mock(SslCertDao.class);
        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());

        //creating the command
        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
        Class<?> _class = uploadCmd.getClass().getSuperclass();

        Field certField = _class.getDeclaredField("cert");
        certField.setAccessible(true);
        certField.set(uploadCmd, cert);

        Field keyField = _class.getDeclaredField("key");
        keyField.setAccessible(true);
        keyField.set(uploadCmd, key);

        try {
            certService.uploadSslCert(uploadCmd);
            fail("Given an expired certificate, upload should fail");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("Certificate expired"));
        }
    }

    @Test
    public void runUploadSslCertNotX509() throws IOException, IllegalAccessException, NoSuchFieldException {
        // Reading appropritate files
        String certFile = URLDecoder.decode(getClass().getResource("/certs/non_x509_pem.crt").getFile(),
                Charset.defaultCharset().name());
        String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),
                Charset.defaultCharset().name());

        String cert = readFileToString(new File(certFile));
        String key = readFileToString(new File(keyFile));

        CertServiceImpl certService = new CertServiceImpl();

        //setting mock objects
        certService._accountMgr = Mockito.mock(AccountManager.class);
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);

        certService._domainDao = Mockito.mock(DomainDao.class);
        DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
        when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);

        certService._sslCertDao = Mockito.mock(SslCertDao.class);
        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());

        //creating the command
        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
        Class<?> _class = uploadCmd.getClass().getSuperclass();

        Field certField = _class.getDeclaredField("cert");
        certField.setAccessible(true);
        certField.set(uploadCmd, cert);

        Field keyField = _class.getDeclaredField("key");
        keyField.setAccessible(true);
        keyField.set(uploadCmd, key);

        try {
            certService.uploadSslCert(uploadCmd);
            fail("Given a Certificate which is not X509, upload should fail");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("Expected X509 certificate"));
        }
    }

    @Test
    public void runUploadSslCertBadFormat() throws IOException, IllegalAccessException, NoSuchFieldException {

        // Reading appropritate files
        String certFile = URLDecoder.decode(getClass().getResource("/certs/bad_format_cert.crt").getFile(),
                Charset.defaultCharset().name());
        String keyFile = URLDecoder.decode(getClass().getResource("/certs/rsa_self_signed.key").getFile(),
                Charset.defaultCharset().name());

        String cert = readFileToString(new File(certFile));
        String key = readFileToString(new File(keyFile));

        CertServiceImpl certService = new CertServiceImpl();

        //setting mock objects
        certService._accountMgr = Mockito.mock(AccountManager.class);
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);

        certService._domainDao = Mockito.mock(DomainDao.class);
        DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
        when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);

        certService._sslCertDao = Mockito.mock(SslCertDao.class);
        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());

        //creating the command
        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
        Class<?> _class = uploadCmd.getClass().getSuperclass();

        Field certField = _class.getDeclaredField("cert");
        certField.setAccessible(true);
        certField.set(uploadCmd, cert);

        Field keyField = _class.getDeclaredField("key");
        keyField.setAccessible(true);
        keyField.set(uploadCmd, key);

        try {
            certService.uploadSslCert(uploadCmd);
            fail("Given a Certificate in bad format (Not PEM), upload should fail");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("Invalid certificate format"));
        }
    }

    @Test
    /**
     * Delete with a valid Id should succeed
     */
    public void runDeleteSslCertValid() throws Exception {

        TransactionLegacy txn = TransactionLegacy.open("runDeleteSslCertValid");

        CertServiceImpl certService = new CertServiceImpl();
        long certId = 1;

        //setting mock objects
        certService._accountMgr = Mockito.mock(AccountManager.class);
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);

        certService._domainDao = Mockito.mock(DomainDao.class);
        DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
        when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);

        certService._sslCertDao = Mockito.mock(SslCertDao.class);
        when(certService._sslCertDao.remove(anyLong())).thenReturn(true);
        when(certService._sslCertDao.findById(anyLong())).thenReturn(new SslCertVO());

        // a rule holding the cert

        certService._lbCertDao = Mockito.mock(LoadBalancerCertMapDao.class);
        when(certService._lbCertDao.listByCertId(anyLong())).thenReturn(null);

        //creating the command
        DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn();
        Class<?> _class = deleteCmd.getClass().getSuperclass();

        Field certField = _class.getDeclaredField("id");
        certField.setAccessible(true);
        certField.set(deleteCmd, certId);

        certService.deleteSslCert(deleteCmd);
    }

    @Test
    public void runDeleteSslCertBoundCert() throws NoSuchFieldException, IllegalAccessException {

        TransactionLegacy txn = TransactionLegacy.open("runDeleteSslCertBoundCert");

        CertServiceImpl certService = new CertServiceImpl();

        //setting mock objects
        long certId = 1;

        certService._accountMgr = Mockito.mock(AccountManager.class);
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);

        certService._domainDao = Mockito.mock(DomainDao.class);
        DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
        when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);

        certService._sslCertDao = Mockito.mock(SslCertDao.class);
        when(certService._sslCertDao.remove(anyLong())).thenReturn(true);
        when(certService._sslCertDao.findById(anyLong())).thenReturn(new SslCertVO());

        // rule holding the cert
        certService._lbCertDao = Mockito.mock(LoadBalancerCertMapDao.class);

        List<LoadBalancerCertMapVO> lbMapList = new ArrayList<LoadBalancerCertMapVO>();
        lbMapList.add(new LoadBalancerCertMapVO());

        certService._lbCertDao = Mockito.mock(LoadBalancerCertMapDao.class);
        when(certService._lbCertDao.listByCertId(anyLong())).thenReturn(lbMapList);

        certService._entityMgr = Mockito.mock(EntityManager.class);
        when(certService._entityMgr.findById(eq(LoadBalancerVO.class), anyLong())).thenReturn(new LoadBalancerVO());

        //creating the command
        DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn();
        Class<?> _class = deleteCmd.getClass().getSuperclass();

        Field certField = _class.getDeclaredField("id");
        certField.setAccessible(true);
        certField.set(deleteCmd, certId);

        try {
            certService.deleteSslCert(deleteCmd);
            fail("Delete with a cert id bound to a lb should fail");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("Certificate in use by a loadbalancer"));
        }

    }

    @Test
    public void runDeleteSslCertInvalidId() throws NoSuchFieldException, IllegalAccessException {
        TransactionLegacy txn = TransactionLegacy.open("runDeleteSslCertInvalidId");

        long certId = 1;
        CertServiceImpl certService = new CertServiceImpl();

        certService._accountMgr = Mockito.mock(AccountManager.class);
        Account account = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);

        certService._domainDao = Mockito.mock(DomainDao.class);
        DomainVO domain = new DomainVO("networkdomain", 1L, 1L, "networkdomain");
        when(certService._domainDao.findByIdIncludingRemoved(anyLong())).thenReturn(domain);

        certService._sslCertDao = Mockito.mock(SslCertDao.class);
        when(certService._sslCertDao.remove(anyLong())).thenReturn(true);
        when(certService._sslCertDao.findById(anyLong())).thenReturn(null);

        // no rule holding the cert
        certService._lbCertDao = Mockito.mock(LoadBalancerCertMapDao.class);
        when(certService._lbCertDao.listByCertId(anyLong())).thenReturn(null);

        //creating the command
        DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn();
        Class<?> _class = deleteCmd.getClass().getSuperclass();

        Field certField = _class.getDeclaredField("id");
        certField.setAccessible(true);
        certField.set(deleteCmd, certId);

        try {
            certService.deleteSslCert(deleteCmd);
            fail("Delete with an invalid ID should fail");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("Invalid certificate id"));
        }

    }

    public class UploadSslCertCmdExtn extends UploadSslCertCmd {
        @Override
        public long getEntityOwnerId() {
            return 1;
        }
    }

    public class DeleteSslCertCmdExtn extends DeleteSslCertCmd {
        @Override
        public long getEntityOwnerId() {
            return 1;
        }
    }
}