cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bfede...@apache.org
Subject [64/76] [abbrv] Squashed merge of Ssl Termination feature
Date Fri, 08 Nov 2013 18:09:20 GMT
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/org/apache/cloudstack/network/lb/ApplicationLoadBalancerTest.java
----------------------------------------------------------------------
diff --git a/server/test/org/apache/cloudstack/network/lb/ApplicationLoadBalancerTest.java b/server/test/org/apache/cloudstack/network/lb/ApplicationLoadBalancerTest.java
new file mode 100644
index 0000000..82b1181
--- /dev/null
+++ b/server/test/org/apache/cloudstack/network/lb/ApplicationLoadBalancerTest.java
@@ -0,0 +1,381 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.network.lb;
+
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.inject.Inject;
+
+import junit.framework.TestCase;
+
+import org.apache.cloudstack.lb.ApplicationLoadBalancerRuleVO;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mockito;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.ComponentScan.Filter;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.FilterType;
+import org.springframework.core.type.classreading.MetadataReader;
+import org.springframework.core.type.classreading.MetadataReaderFactory;
+import org.springframework.core.type.filter.TypeFilter;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.support.AnnotationConfigContextLoader;
+
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
+import org.apache.cloudstack.lb.dao.ApplicationLoadBalancerRuleDao;
+import org.apache.cloudstack.network.lb.ApplicationLoadBalancerManagerImpl;
+import org.apache.cloudstack.network.lb.ApplicationLoadBalancerRule;
+import org.apache.cloudstack.test.utils.SpringUtils;
+
+import com.cloud.event.dao.UsageEventDao;
+import com.cloud.exception.InsufficientAddressCapacityException;
+import com.cloud.exception.InsufficientVirtualNetworkCapcityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.UnsupportedServiceException;
+import com.cloud.network.IpAddressManager;
+import com.cloud.network.Network;
+import com.cloud.network.Network.Capability;
+import com.cloud.network.Network.Service;
+import com.cloud.network.NetworkModel;
+import com.cloud.network.Networks.TrafficType;
+import com.cloud.network.dao.FirewallRulesDao;
+import com.cloud.network.dao.NetworkVO;
+import com.cloud.network.lb.LoadBalancingRule;
+import com.cloud.network.lb.LoadBalancingRulesManager;
+import com.cloud.network.lb.LoadBalancingRulesService;
+import com.cloud.network.rules.FirewallRuleVO;
+import com.cloud.network.rules.LoadBalancerContainer.Scheme;
+import com.cloud.tags.dao.ResourceTagDao;
+import com.cloud.user.AccountManager;
+import com.cloud.user.AccountVO;
+import com.cloud.user.UserVO;
+import com.cloud.utils.component.ComponentContext;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.net.Ip;
+import com.cloud.utils.net.NetUtils;
+
+/**
+ * This class is responsible for unittesting the methods defined in ApplicationLoadBalancerService
+ *
+ */
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(loader = AnnotationConfigContextLoader.class)
+public class ApplicationLoadBalancerTest extends TestCase {
+    //The interface to test
+    @Inject
+    ApplicationLoadBalancerManagerImpl _appLbSvc;
+
+    //The interfaces below are mocked
+    @Inject
+    ApplicationLoadBalancerRuleDao _lbDao;
+    @Inject
+    LoadBalancingRulesManager _lbMgr;
+    @Inject
+    NetworkModel _ntwkModel;
+    @Inject
+    AccountManager _accountMgr;
+    @Inject
+    FirewallRulesDao _firewallDao;
+    @Inject
+    UsageEventDao _usageEventDao;
+    @Inject
+    LoadBalancingRulesService _lbService;
+
+    public static long existingLbId = 1L;
+    public static long nonExistingLbId = 2L;
+
+    public static long validGuestNetworkId = 1L;
+    public static long invalidGuestNetworkId = 2L;
+    public static long validPublicNetworkId = 3L;
+
+    public static long validAccountId = 1L;
+    public static long invalidAccountId = 2L;
+
+    public String validRequestedIp = "10.1.1.1";
+
+    @Override
+    @Before
+    public void setUp() {
+        ComponentContext.initComponentsLifeCycle();
+        //mockito for .getApplicationLoadBalancer tests
+        Mockito.when(_lbDao.findById(1L)).thenReturn(new ApplicationLoadBalancerRuleVO());
+        Mockito.when(_lbDao.findById(2L)).thenReturn(null);
+
+        //mockito for .deleteApplicationLoadBalancer tests
+        Mockito.when(_lbService.deleteLoadBalancerRule(existingLbId, true)).thenReturn(true);
+        Mockito.when(_lbService.deleteLoadBalancerRule(nonExistingLbId, true)).thenReturn(false);
+
+        //mockito for .createApplicationLoadBalancer tests
+        NetworkVO guestNetwork = new NetworkVO(TrafficType.Guest, null, null, 1, null, 1, 1L);
+        setId(guestNetwork, validGuestNetworkId);
+        guestNetwork.setCidr("10.1.1.1/24");
+
+        NetworkVO publicNetwork = new NetworkVO(TrafficType.Public, null, null, 1, null, 1, 1L);
+
+        Mockito.when(_ntwkModel.getNetwork(validGuestNetworkId)).thenReturn(guestNetwork);
+        Mockito.when(_ntwkModel.getNetwork(invalidGuestNetworkId)).thenReturn(null);
+        Mockito.when(_ntwkModel.getNetwork(validPublicNetworkId)).thenReturn(publicNetwork);
+
+        Mockito.when(_accountMgr.getAccount(validAccountId)).thenReturn(new AccountVO());
+        Mockito.when(_accountMgr.getAccount(invalidAccountId)).thenReturn(null);
+        Mockito.when(_ntwkModel.areServicesSupportedInNetwork(validGuestNetworkId, Service.Lb)).thenReturn(true);
+        Mockito.when(_ntwkModel.areServicesSupportedInNetwork(invalidGuestNetworkId, Service.Lb)).thenReturn(false);
+
+        ApplicationLoadBalancerRuleVO lbRule = new ApplicationLoadBalancerRuleVO("new", "new", 22, 22, "roundrobin", validGuestNetworkId, validAccountId, 1L, new Ip(
+            validRequestedIp), validGuestNetworkId, Scheme.Internal);
+        Mockito.when(_lbDao.persist(Mockito.any(ApplicationLoadBalancerRuleVO.class))).thenReturn(lbRule);
+
+        Mockito.when(_lbMgr.validateLbRule(Mockito.any(LoadBalancingRule.class))).thenReturn(true);
+
+        Mockito.when(_firewallDao.setStateToAdd(Mockito.any(FirewallRuleVO.class))).thenReturn(true);
+
+        Mockito.when(_accountMgr.getSystemUser()).thenReturn(new UserVO(1));
+        Mockito.when(_accountMgr.getSystemAccount()).thenReturn(new AccountVO(2));
+        CallContext.register(_accountMgr.getSystemUser(), _accountMgr.getSystemAccount());
+
+        Mockito.when(_ntwkModel.areServicesSupportedInNetwork(Mockito.anyLong(), Mockito.any(Network.Service.class))).thenReturn(true);
+
+        Map<Network.Capability, String> caps = new HashMap<Network.Capability, String>();
+        caps.put(Capability.SupportedProtocols, NetUtils.TCP_PROTO);
+        Mockito.when(_ntwkModel.getNetworkServiceCapabilities(Mockito.anyLong(), Mockito.any(Network.Service.class))).thenReturn(caps);
+
+        Mockito.when(_lbDao.countBySourceIp(new Ip(validRequestedIp), validGuestNetworkId)).thenReturn(1L);
+
+    }
+
+    @Override
+    @After
+    public void tearDown() {
+        CallContext.unregister();
+    }
+
+    /**
+     * TESTS FOR .getApplicationLoadBalancer
+     */
+
+    @Test
+    //Positive test - retrieve existing lb
+        public
+        void searchForExistingLoadBalancer() {
+        ApplicationLoadBalancerRule rule = _appLbSvc.getApplicationLoadBalancer(existingLbId);
+        assertNotNull("Couldn't find existing application load balancer", rule);
+    }
+
+    @Test
+    //Negative test - try to retrieve non-existing lb
+        public
+        void searchForNonExistingLoadBalancer() {
+        boolean notFound = false;
+        ApplicationLoadBalancerRule rule = null;
+        try {
+            rule = _appLbSvc.getApplicationLoadBalancer(nonExistingLbId);
+            if (rule != null) {
+                notFound = false;
+            }
+        } catch (InvalidParameterValueException ex) {
+            notFound = true;
+        }
+
+        assertTrue("Found non-existing load balancer; no invalid parameter value exception was thrown", notFound);
+    }
+
+    /**
+     * TESTS FOR .deleteApplicationLoadBalancer
+     */
+
+    @Test
+    //Positive test - delete existing lb
+        public
+        void deleteExistingLoadBalancer() {
+        boolean result = false;
+        try {
+            result = _appLbSvc.deleteApplicationLoadBalancer(existingLbId);
+        } finally {
+            assertTrue("Couldn't delete existing application load balancer", result);
+        }
+    }
+
+    @Test
+    //Negative test - try to delete non-existing lb
+        public
+        void deleteNonExistingLoadBalancer() {
+        boolean result = true;
+        try {
+            result = _appLbSvc.deleteApplicationLoadBalancer(nonExistingLbId);
+        } finally {
+            assertFalse("Didn't fail when try to delete non-existing load balancer", result);
+        }
+    }
+
+    /**
+     * TESTS FOR .createApplicationLoadBalancer
+     * @throws NetworkRuleConflictException
+     * @throws InsufficientVirtualNetworkCapcityException
+     * @throws InsufficientAddressCapacityException
+     */
+
+    @Test(expected = CloudRuntimeException.class)
+    //Positive test
+        public
+        void createValidLoadBalancer() throws InsufficientAddressCapacityException, InsufficientVirtualNetworkCapcityException, NetworkRuleConflictException {
+        _appLbSvc.createApplicationLoadBalancer("alena", "alena", Scheme.Internal, validGuestNetworkId, validRequestedIp, 22, 22, "roundrobin", validGuestNetworkId, validAccountId);
+    }
+
+    @Test(expected = UnsupportedServiceException.class)
+    //Negative test - only internal scheme value is supported in the current release
+        public
+        void createPublicLoadBalancer() throws InsufficientAddressCapacityException, InsufficientVirtualNetworkCapcityException, NetworkRuleConflictException {
+        _appLbSvc.createApplicationLoadBalancer("alena", "alena", Scheme.Public, validGuestNetworkId, validRequestedIp, 22, 22, "roundrobin", validGuestNetworkId, validAccountId);
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    //Negative test - invalid SourcePort
+        public
+        void createWithInvalidSourcePort() throws InsufficientAddressCapacityException, InsufficientVirtualNetworkCapcityException, NetworkRuleConflictException {
+        _appLbSvc.createApplicationLoadBalancer("alena", "alena", Scheme.Internal, validGuestNetworkId, validRequestedIp, 65536, 22, "roundrobin", validGuestNetworkId,
+            validAccountId);
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    //Negative test - invalid instancePort
+        public
+        void createWithInvalidInstandePort() throws InsufficientAddressCapacityException, InsufficientVirtualNetworkCapcityException, NetworkRuleConflictException {
+        _appLbSvc.createApplicationLoadBalancer("alena", "alena", Scheme.Internal, validGuestNetworkId, validRequestedIp, 22, 65536, "roundrobin", validGuestNetworkId,
+            validAccountId);
+
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    //Negative test - invalid algorithm
+        public
+        void createWithInvalidAlgorithm() throws InsufficientAddressCapacityException, InsufficientVirtualNetworkCapcityException, NetworkRuleConflictException {
+        String expectedExcText = null;
+        _appLbSvc.createApplicationLoadBalancer("alena", "alena", Scheme.Internal, validGuestNetworkId, validRequestedIp, 22, 22, "invalidalgorithm", validGuestNetworkId,
+            validAccountId);
+
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    //Negative test - invalid sourceNetworkId (of Public type, which is not supported)
+        public
+        void createWithInvalidSourceIpNtwk() throws InsufficientAddressCapacityException, InsufficientVirtualNetworkCapcityException, NetworkRuleConflictException {
+        _appLbSvc.createApplicationLoadBalancer("alena", "alena", Scheme.Internal, validPublicNetworkId, validRequestedIp, 22, 22, "roundrobin", validGuestNetworkId,
+            validAccountId);
+
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    //Negative test - invalid requested IP (outside of guest network cidr range)
+        public
+        void createWithInvalidRequestedIp() throws InsufficientAddressCapacityException, InsufficientVirtualNetworkCapcityException, NetworkRuleConflictException {
+
+        _appLbSvc.createApplicationLoadBalancer("alena", "alena", Scheme.Internal, validGuestNetworkId, "10.2.1.1", 22, 22, "roundrobin", validGuestNetworkId, validAccountId);
+    }
+
+    private static NetworkVO setId(NetworkVO vo, long id) {
+        NetworkVO voToReturn = vo;
+        Class<?> c = voToReturn.getClass();
+        try {
+            Field f = c.getDeclaredField("id");
+            f.setAccessible(true);
+            f.setLong(voToReturn, id);
+        } catch (NoSuchFieldException ex) {
+            return null;
+        } catch (IllegalAccessException ex) {
+            return null;
+        }
+
+        return voToReturn;
+    }
+
+    @Configuration
+    @ComponentScan(basePackageClasses = {NetUtils.class, ApplicationLoadBalancerManagerImpl.class}, includeFilters = {@Filter(value = TestConfiguration.Library.class, type = FilterType.CUSTOM)}, useDefaultFilters = false)
+    public static class TestConfiguration extends SpringUtils.CloudStackTestConfiguration {
+
+        @Bean
+        public ApplicationLoadBalancerRuleDao applicationLoadBalancerDao() {
+            return Mockito.mock(ApplicationLoadBalancerRuleDao.class);
+        }
+
+        @Bean
+        IpAddressManager ipAddressManager() {
+            return Mockito.mock(IpAddressManager.class);
+        }
+
+        @Bean
+        public NetworkModel networkModel() {
+            return Mockito.mock(NetworkModel.class);
+        }
+
+        @Bean
+        public AccountManager accountManager() {
+            return Mockito.mock(AccountManager.class);
+        }
+
+
+        @Bean
+        public LoadBalancingRulesManager loadBalancingRulesManager() {
+            return Mockito.mock(LoadBalancingRulesManager.class);
+        }
+
+        @Bean
+        public LoadBalancingRulesService loadBalancingRulesService() {
+            return Mockito.mock(LoadBalancingRulesService.class);
+        }
+
+        @Bean
+        public FirewallRulesDao firewallRulesDao() {
+            return Mockito.mock(FirewallRulesDao.class);
+        }
+
+        @Bean
+        public ResourceTagDao resourceTagDao() {
+            return Mockito.mock(ResourceTagDao.class);
+        }
+
+        @Bean
+        public NetworkOrchestrationService networkManager() {
+            return Mockito.mock(NetworkOrchestrationService.class);
+        }
+
+        @Bean
+        public UsageEventDao UsageEventDao() {
+            return Mockito.mock(UsageEventDao.class);
+        }
+
+        public static class Library implements TypeFilter {
+            @Override
+            public boolean match(MetadataReader mdr, MetadataReaderFactory arg1) throws IOException {
+                mdr.getClassMetadata().getClassName();
+                ComponentScan cs = TestConfiguration.class.getAnnotation(ComponentScan.class);
+                return SpringUtils.includedInBasePackageClasses(mdr.getClassMetadata().getClassName(), cs);
+            }
+        }
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/org/apache/cloudstack/network/lb/CertServiceTest.java
----------------------------------------------------------------------
diff --git a/server/test/org/apache/cloudstack/network/lb/CertServiceTest.java b/server/test/org/apache/cloudstack/network/lb/CertServiceTest.java
new file mode 100644
index 0000000..e47fc01
--- /dev/null
+++ b/server/test/org/apache/cloudstack/network/lb/CertServiceTest.java
@@ -0,0 +1,791 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.network.lb;
+
+import com.cloud.network.dao.*;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.user.AccountVO;
+import com.cloud.user.UserVO;
+import com.cloud.user.dao.AccountDao;
+import com.cloud.utils.db.EntityManager;
+import com.cloud.utils.db.Transaction;
+import com.cloud.utils.db.TransactionLegacy;
+import junit.framework.TestCase;
+import org.apache.cloudstack.api.command.user.loadbalancer.DeleteSslCertCmd;
+import org.apache.cloudstack.api.command.user.loadbalancer.UploadSslCertCmd;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+import java.io.File;
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.UUID;
+
+import static org.apache.commons.io.FileUtils.readFileToString;
+import static org.mockito.Matchers.*;
+import static org.mockito.Mockito.when;
+
+public class CertServiceTest extends TestCase {
+
+    private static final Logger s_logger = Logger.getLogger( CertServiceTest.class);
+
+    @Override
+    @Before
+    public void setUp() {
+        Account account = new AccountVO("testaccount", 1, "networkdomain", (short)0, UUID.randomUUID().toString());
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString());
+        CallContext.register(user, account);
+    }
+
+    @Override
+    @After
+    public void tearDown() {
+        CallContext.unregister();
+    }
+
+    @Test
+    public void testUploadSslCert() throws Exception {
+
+        /* Test1 : Given a Certificate in bad format (Not PEM), upload should fail */
+        runUploadSslCertBadFormat();
+
+        /* Test2: Given a Certificate which is not X509, upload should fail */
+        runUploadSslCertNotX509();
+
+        /* Test3: Given an expired certificate, upload should fail */
+        runUploadSslCertExpiredCert();
+
+        /* Test4: Given a private key which has a different algorithm than the certificate,
+           upload should fail.
+         */
+        runUploadSslCertBadkeyAlgo();
+
+        /* Test5: Given a private key which does not match the public key in the certificate,
+           upload should fail
+         */
+        runUploadSslCertBadkeyPair();
+
+        /* Test6: Given an encrypted private key with a bad password. Upload should fail. */
+        runUploadSslCertBadPassword();
+
+        /* Test7: If no chain is given, the certificate should be self signed. Else, uploadShould Fail */
+        runUploadSslCertNoChain();
+
+        /* Test8: Chain is given but does not have root certificate */
+        runUploadSslCertNoRootCert();
+
+        /* Test9: The chain given is not the correct chain for the certificate */
+        runUploadSslCertBadChain();
+
+        /* Test10: Given a Self-signed Certificate with encrypted key, upload should succeed */
+        runUploadSslCertSelfSignedNoPassword();
+
+        /* Test11: Given a Self-signed Certificate with non-encrypted key, upload should succeed */
+        runUploadSslCertSelfSignedWithPassword();
+
+        /* Test12: Given a certificate signed by a CA and a valid CA chain, upload should succeed */
+        runUploadSslCertWithCAChain();
+
+    }
+
+    private void runUploadSslCertWithCAChain() throws Exception {
+        //To change body of created methods use File | Settings | File Templates.
+
+        TransactionLegacy txn = TransactionLegacy.open("runUploadSslCertWithCAChain");
+
+        String certFile  = getClass().getResource("/certs/rsa_ca_signed.crt").getFile();
+        String keyFile   = getClass().getResource("/certs/rsa_ca_signed.key").getFile();
+        String chainFile = getClass().getResource("/certs/root_chain.crt").getFile();
+        String password = "user";
+
+
+        String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+        String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+        String chain = URLEncoder.encode(readFileToString(new File(chainFile)), "UTF-8");
+
+        CertServiceImpl certService =  new CertServiceImpl();
+
+        //setting mock objects
+        certService._accountMgr = Mockito.mock(AccountManager.class);
+        Account account = new AccountVO("testaccount", 1,
+                "networkdomain", (short) 0, UUID.randomUUID().toString());
+        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+        certService._sslCertDao = Mockito.mock(SslCertDao.class);
+        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+
+        certService._accountDao = Mockito.mock(AccountDao.class);
+        when(certService._accountDao.findByIdIncludingRemoved(anyLong())).thenReturn((AccountVO)account);
+
+
+        //creating the command
+        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+        Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+        Field certField = _class.getDeclaredField("cert");
+        certField.setAccessible(true);
+        certField.set(uploadCmd, cert);
+
+        Field keyField = _class.getDeclaredField("key");
+        keyField.setAccessible(true);
+        keyField.set(uploadCmd, key);
+
+        Field passField = _class.getDeclaredField("password");
+        passField.setAccessible(true);
+        passField.set(uploadCmd, password);
+
+        Field chainField = _class.getDeclaredField("chain");
+        chainField.setAccessible(true);
+        chainField.set(uploadCmd, chain);
+
+        certService.uploadSslCert(uploadCmd);
+    }
+
+    private void runUploadSslCertSelfSignedWithPassword() throws Exception {
+
+        TransactionLegacy txn = TransactionLegacy.open("runUploadSslCertSelfSignedWithPassword");
+
+        String certFile  = getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile();
+        String keyFile   = getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile();
+        String password = "test";
+
+
+        String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+        String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+        CertServiceImpl certService =  new CertServiceImpl();
+
+        //setting mock objects
+        certService._accountMgr = Mockito.mock(AccountManager.class);
+        Account account = new AccountVO("testaccount", 1,
+                "networkdomain", (short) 0, UUID.randomUUID().toString());
+        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+        certService._sslCertDao = Mockito.mock(SslCertDao.class);
+        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+
+        certService._accountDao = Mockito.mock(AccountDao.class);
+        when(certService._accountDao.findByIdIncludingRemoved(anyLong())).thenReturn((AccountVO)account);
+
+
+        //creating the command
+        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+        Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+        Field certField = _class.getDeclaredField("cert");
+        certField.setAccessible(true);
+        certField.set(uploadCmd, cert);
+
+        Field keyField = _class.getDeclaredField("key");
+        keyField.setAccessible(true);
+        keyField.set(uploadCmd, key);
+
+        Field passField = _class.getDeclaredField("password");
+        passField.setAccessible(true);
+        passField.set(uploadCmd, password);
+
+        certService.uploadSslCert(uploadCmd);
+    }
+
+    private void runUploadSslCertSelfSignedNoPassword() throws Exception {
+
+        TransactionLegacy txn = TransactionLegacy.open("runUploadSslCertSelfSignedNoPassword");
+
+        String certFile  = getClass().getResource("/certs/rsa_self_signed.crt").getFile();
+        String keyFile   = getClass().getResource("/certs/rsa_self_signed.key").getFile();
+
+
+        String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+        String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+        CertServiceImpl certService =  new CertServiceImpl();
+
+        //setting mock objects
+        certService._accountMgr = Mockito.mock(AccountManager.class);
+        Account account = new AccountVO("testaccount", 1,
+                "networkdomain", (short) 0, UUID.randomUUID().toString());
+        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+        certService._sslCertDao = Mockito.mock(SslCertDao.class);
+        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+
+        certService._accountDao = Mockito.mock(AccountDao.class);
+        when(certService._accountDao.findByIdIncludingRemoved(anyLong())).thenReturn((AccountVO)account);
+
+
+        //creating the command
+        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+        Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+        Field certField = _class.getDeclaredField("cert");
+        certField.setAccessible(true);
+        certField.set(uploadCmd, cert);
+
+        Field keyField = _class.getDeclaredField("key");
+        keyField.setAccessible(true);
+        keyField.set(uploadCmd, key);
+
+        certService.uploadSslCert(uploadCmd);
+    }
+
+
+    private void runUploadSslCertBadChain()  throws IOException, IllegalAccessException, NoSuchFieldException {
+        //To change body of created methods use File | Settings | File Templates.
+        String certFile  = getClass().getResource("/certs/rsa_ca_signed.crt").getFile();
+        String keyFile   = getClass().getResource("/certs/rsa_ca_signed.key").getFile();
+        String chainFile = getClass().getResource("/certs/rsa_self_signed.crt").getFile();
+        String password = "user";
+
+
+        String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+        String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+        String chain = URLEncoder.encode(readFileToString(new File(chainFile)), "UTF-8");
+
+        CertServiceImpl certService =  new CertServiceImpl();
+
+        //setting mock objects
+        certService._accountMgr = Mockito.mock(AccountManager.class);
+        Account account = new AccountVO("testaccount", 1,
+                "networkdomain", (short) 0, UUID.randomUUID().toString());
+        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+        certService._sslCertDao = Mockito.mock(SslCertDao.class);
+        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+        //creating the command
+        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+        Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+        Field certField = _class.getDeclaredField("cert");
+        certField.setAccessible(true);
+        certField.set(uploadCmd, cert);
+
+        Field keyField = _class.getDeclaredField("key");
+        keyField.setAccessible(true);
+        keyField.set(uploadCmd, key);
+
+        Field passField = _class.getDeclaredField("password");
+        passField.setAccessible(true);
+        passField.set(uploadCmd, password);
+
+        Field chainField = _class.getDeclaredField("chain");
+        chainField.setAccessible(true);
+        chainField.set(uploadCmd, chain);
+
+        try {
+            certService.uploadSslCert(uploadCmd);
+        } catch (Exception e) {
+            assertTrue(e.getMessage().contains("Invalid certificate chain"));
+        }
+    }
+
+    private void runUploadSslCertNoRootCert()  throws IOException, IllegalAccessException, NoSuchFieldException {
+
+                //To change body of created methods use File | Settings | File Templates.
+        String certFile  = getClass().getResource("/certs/rsa_ca_signed.crt").getFile();
+        String keyFile   = getClass().getResource("/certs/rsa_ca_signed.key").getFile();
+        String chainFile = getClass().getResource("/certs/rsa_ca_signed2.crt").getFile();
+        String password = "user";
+
+
+        String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+        String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+        String chain = URLEncoder.encode(readFileToString(new File(chainFile)), "UTF-8");
+
+        CertServiceImpl certService =  new CertServiceImpl();
+
+        //setting mock objects
+        certService._accountMgr = Mockito.mock(AccountManager.class);
+        Account account = new AccountVO("testaccount", 1,
+                "networkdomain", (short) 0, UUID.randomUUID().toString());
+        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+        certService._sslCertDao = Mockito.mock(SslCertDao.class);
+        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+        //creating the command
+        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+        Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+        Field certField = _class.getDeclaredField("cert");
+        certField.setAccessible(true);
+        certField.set(uploadCmd, cert);
+
+        Field keyField = _class.getDeclaredField("key");
+        keyField.setAccessible(true);
+        keyField.set(uploadCmd, key);
+
+        Field passField = _class.getDeclaredField("password");
+        passField.setAccessible(true);
+        passField.set(uploadCmd, password);
+
+        Field chainField = _class.getDeclaredField("chain");
+        chainField.setAccessible(true);
+        chainField.set(uploadCmd, chain);
+
+        try {
+            certService.uploadSslCert(uploadCmd);
+        } catch (Exception e) {
+            assertTrue(e.getMessage().contains("No root certificates found"));
+        }
+
+    }
+
+    private void runUploadSslCertNoChain() throws IOException, IllegalAccessException, NoSuchFieldException {
+
+        String certFile = getClass().getResource("/certs/rsa_ca_signed.crt").getFile();
+        String keyFile  = getClass().getResource("/certs/rsa_ca_signed.key").getFile();
+        String password = "user";
+
+
+        String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+        String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+        CertServiceImpl certService =  new CertServiceImpl();
+
+        //setting mock objects
+        certService._accountMgr = Mockito.mock(AccountManager.class);
+        Account account = new AccountVO("testaccount", 1,
+                "networkdomain", (short) 0, UUID.randomUUID().toString());
+        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+        certService._sslCertDao = Mockito.mock(SslCertDao.class);
+        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+        //creating the command
+        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+        Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+        Field certField = _class.getDeclaredField("cert");
+        certField.setAccessible(true);
+        certField.set(uploadCmd, cert);
+
+        Field keyField = _class.getDeclaredField("key");
+        keyField.setAccessible(true);
+        keyField.set(uploadCmd, key);
+
+        Field passField = _class.getDeclaredField("password");
+        passField.setAccessible(true);
+        passField.set(uploadCmd, password);
+
+
+        try {
+            certService.uploadSslCert(uploadCmd);
+        } catch (Exception e) {
+            assertTrue(e.getMessage().contains("No chain given and certificate not self signed"));
+        }
+
+    }
+
+    private void runUploadSslCertBadPassword() throws IOException, IllegalAccessException, NoSuchFieldException {
+
+        String certFile = getClass().getResource("/certs/rsa_self_signed_with_pwd.crt").getFile();
+        String keyFile  = getClass().getResource("/certs/rsa_self_signed_with_pwd.key").getFile();
+        String password = "bad_password";
+
+
+        String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+        String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+        CertServiceImpl certService =  new CertServiceImpl();
+
+        //setting mock objects
+        certService._accountMgr = Mockito.mock(AccountManager.class);
+        Account account = new AccountVO("testaccount", 1,
+                "networkdomain", (short) 0, UUID.randomUUID().toString());
+        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+        certService._sslCertDao = Mockito.mock(SslCertDao.class);
+        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+        //creating the command
+        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+        Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+        Field certField = _class.getDeclaredField("cert");
+        certField.setAccessible(true);
+        certField.set(uploadCmd, cert);
+
+        Field keyField = _class.getDeclaredField("key");
+        keyField.setAccessible(true);
+        keyField.set(uploadCmd, key);
+
+        Field passField = _class.getDeclaredField("password");
+        passField.setAccessible(true);
+        passField.set(uploadCmd, password);
+
+
+        try {
+            certService.uploadSslCert(uploadCmd);
+        } catch (Exception e) {
+            assertTrue(e.getMessage().contains("please check password and data"));
+        }
+
+    }
+
+    private void runUploadSslCertBadkeyPair() throws IOException, IllegalAccessException, NoSuchFieldException {
+        // Reading appropritate files
+        String certFile = getClass().getResource("/certs/rsa_self_signed.crt").getFile();
+        String keyFile  = getClass().getResource("/certs/rsa_random_pkey.key").getFile();
+
+        String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+        String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+        CertServiceImpl certService =  new CertServiceImpl();
+
+        //setting mock objects
+        certService._accountMgr = Mockito.mock(AccountManager.class);
+        Account account = new AccountVO("testaccount", 1,
+                "networkdomain", (short) 0, UUID.randomUUID().toString());
+        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+        certService._sslCertDao = Mockito.mock(SslCertDao.class);
+        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+        //creating the command
+        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+        Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+        Field certField = _class.getDeclaredField("cert");
+        certField.setAccessible(true);
+        certField.set(uploadCmd, cert);
+
+        Field keyField = _class.getDeclaredField("key");
+        keyField.setAccessible(true);
+        keyField.set(uploadCmd, key);
+
+        try {
+            certService.uploadSslCert(uploadCmd);
+        } catch (Exception e) {
+            assertTrue(e.getMessage().contains("Bad public-private key"));
+        }
+    }
+
+    private void runUploadSslCertBadkeyAlgo() throws IOException, IllegalAccessException, NoSuchFieldException {
+
+        // Reading appropritate files
+        String certFile = getClass().getResource("/certs/rsa_self_signed.crt").getFile();
+        String keyFile  = getClass().getResource("/certs/dsa_self_signed.key").getFile();
+
+        String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+        String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+        CertServiceImpl certService =  new CertServiceImpl();
+
+        //setting mock objects
+        certService._accountMgr = Mockito.mock(AccountManager.class);
+        Account account = new AccountVO("testaccount", 1,
+                "networkdomain", (short) 0, UUID.randomUUID().toString());
+        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+        certService._sslCertDao = Mockito.mock(SslCertDao.class);
+        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+        //creating the command
+        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+        Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+        Field certField = _class.getDeclaredField("cert");
+        certField.setAccessible(true);
+        certField.set(uploadCmd, cert);
+
+        Field keyField = _class.getDeclaredField("key");
+        keyField.setAccessible(true);
+        keyField.set(uploadCmd, key);
+
+        try {
+            certService.uploadSslCert(uploadCmd);
+        } catch (Exception e) {
+            assertTrue(e.getMessage().contains("Public and private key have different algorithms"));
+        }
+    }
+
+    private void runUploadSslCertExpiredCert() throws IOException, IllegalAccessException, NoSuchFieldException {
+
+        // Reading appropritate files
+        String certFile = getClass().getResource("/certs/expired_cert.crt").getFile();
+        String keyFile  = getClass().getResource("/certs/rsa_self_signed.key").getFile();
+
+        String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+        String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+        CertServiceImpl certService =  new CertServiceImpl();
+
+        //setting mock objects
+        certService._accountMgr = Mockito.mock(AccountManager.class);
+        Account account = new AccountVO("testaccount", 1,
+                "networkdomain", (short) 0, UUID.randomUUID().toString());
+        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+        certService._sslCertDao = Mockito.mock(SslCertDao.class);
+        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+        //creating the command
+        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+        Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+        Field certField = _class.getDeclaredField("cert");
+        certField.setAccessible(true);
+        certField.set(uploadCmd, cert);
+
+        Field keyField = _class.getDeclaredField("key");
+        keyField.setAccessible(true);
+        keyField.set(uploadCmd, key);
+
+        try {
+            certService.uploadSslCert(uploadCmd);
+        } catch (Exception e) {
+            assertTrue(e.getMessage().contains("Certificate expired"));
+        }
+    }
+
+    private void runUploadSslCertNotX509() throws IOException, IllegalAccessException, NoSuchFieldException {
+        // Reading appropritate files
+        String certFile = getClass().getResource("/certs/non_x509_pem.crt").getFile();
+        String keyFile  = getClass().getResource("/certs/rsa_self_signed.key").getFile();
+
+        String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+        String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+        CertServiceImpl certService =  new CertServiceImpl();
+
+        //setting mock objects
+        certService._accountMgr = Mockito.mock(AccountManager.class);
+        Account account = new AccountVO("testaccount", 1,
+                "networkdomain", (short) 0, UUID.randomUUID().toString());
+        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+        certService._sslCertDao = Mockito.mock(SslCertDao.class);
+        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+        //creating the command
+        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+        Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+        Field certField = _class.getDeclaredField("cert");
+        certField.setAccessible(true);
+        certField.set(uploadCmd, cert);
+
+        Field keyField = _class.getDeclaredField("key");
+        keyField.setAccessible(true);
+        keyField.set(uploadCmd, key);
+
+        try {
+            certService.uploadSslCert(uploadCmd);
+        } catch (Exception e) {
+            assertTrue(e.getMessage().contains("Expected X509 certificate"));
+        }
+    }
+
+    private void runUploadSslCertBadFormat() throws IOException, IllegalAccessException, NoSuchFieldException {
+
+        // Reading appropritate files
+        String certFile = getClass().getResource("/certs/bad_format_cert.crt").getFile();
+        String keyFile  = getClass().getResource("/certs/rsa_self_signed.key").getFile();
+
+        String cert = URLEncoder.encode(readFileToString(new File(certFile)), "UTF-8");
+        String key = URLEncoder.encode(readFileToString(new File(keyFile)), "UTF-8");
+
+        CertServiceImpl certService =  new CertServiceImpl();
+
+        //setting mock objects
+        certService._accountMgr = Mockito.mock(AccountManager.class);
+        Account account = new AccountVO("testaccount", 1,
+                "networkdomain", (short) 0, UUID.randomUUID().toString());
+        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+        certService._sslCertDao = Mockito.mock(SslCertDao.class);
+        when(certService._sslCertDao.persist(any(SslCertVO.class))).thenReturn(new SslCertVO());
+
+        //creating the command
+        UploadSslCertCmd uploadCmd = new UploadSslCertCmdExtn();
+        Class<?> _class = uploadCmd.getClass().getSuperclass();
+
+        Field certField = _class.getDeclaredField("cert");
+        certField.setAccessible(true);
+        certField.set(uploadCmd, cert);
+
+        Field keyField = _class.getDeclaredField("key");
+        keyField.setAccessible(true);
+        keyField.set(uploadCmd, key);
+
+        try {
+            certService.uploadSslCert(uploadCmd);
+        } catch (Exception e) {
+            assertTrue(e.getMessage().contains("Invalid certificate format"));
+        }
+    }
+
+
+    @Test
+    public void testDeleteSslCert() throws Exception {
+        /* Test1: Delete with an invalid ID should fail */
+        runDeleteSslCertInvalidId();
+
+        /* Test2: Delete with a cert id bound to a lb should fail */
+        runDeleteSslCertBoundCert();
+
+        /* Test3: Delete with a valid Id should succeed */
+        runDeleteSslCertValid();
+
+
+    }
+
+    private void runDeleteSslCertValid() throws Exception {
+
+        TransactionLegacy txn = TransactionLegacy.open("runDeleteSslCertValid");
+
+        CertServiceImpl certService =  new CertServiceImpl();
+        long certId = 1;
+
+        //setting mock objects
+        certService._accountMgr = Mockito.mock(AccountManager.class);
+        Account account = new AccountVO("testaccount", 1,
+                "networkdomain", (short) 0, UUID.randomUUID().toString());
+        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+        certService._sslCertDao = Mockito.mock(SslCertDao.class);
+        when(certService._sslCertDao.remove(anyLong())).thenReturn(true);
+        when(certService._sslCertDao.findById(anyLong())).thenReturn(new SslCertVO());
+
+        // a rule holding the cert
+
+        certService._lbCertDao = Mockito.mock(LoadBalancerCertMapDao.class);
+        when(certService._lbCertDao.listByCertId(anyLong())).thenReturn(null);
+
+        //creating the command
+        DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn();
+        Class<?> _class = deleteCmd.getClass().getSuperclass();
+
+        Field certField = _class.getDeclaredField("id");
+        certField.setAccessible(true);
+        certField.set(deleteCmd, certId);
+
+        certService.deleteSslCert(deleteCmd);
+    }
+
+    private void runDeleteSslCertBoundCert() throws NoSuchFieldException, IllegalAccessException {
+
+        TransactionLegacy txn = TransactionLegacy.open("runDeleteSslCertBoundCert");
+
+        CertServiceImpl certService =  new CertServiceImpl();
+
+        //setting mock objects
+        long certId = 1;
+
+        certService._accountMgr = Mockito.mock(AccountManager.class);
+        Account account = new AccountVO("testaccount", 1,
+                "networkdomain", (short) 0, UUID.randomUUID().toString());
+        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+        certService._sslCertDao = Mockito.mock(SslCertDao.class);
+        when(certService._sslCertDao.remove(anyLong())).thenReturn(true);
+        when(certService._sslCertDao.findById(anyLong())).thenReturn(new SslCertVO());
+
+        // rule holding the cert
+        certService._lbCertDao = Mockito.mock(LoadBalancerCertMapDao.class);
+
+        List<LoadBalancerCertMapVO> lbMapList = new ArrayList<LoadBalancerCertMapVO>();
+        lbMapList.add(new LoadBalancerCertMapVO());
+
+        certService._lbCertDao = Mockito.mock(LoadBalancerCertMapDao.class);
+        when(certService._lbCertDao.listByCertId(anyLong())).thenReturn(lbMapList);
+
+
+        certService._entityMgr = Mockito.mock(EntityManager.class);
+        when(certService._entityMgr.findById(eq(LoadBalancerVO.class), anyLong())).thenReturn(new LoadBalancerVO());
+
+        //creating the command
+        DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn();
+        Class<?> _class = deleteCmd.getClass().getSuperclass();
+
+        Field certField = _class.getDeclaredField("id");
+        certField.setAccessible(true);
+        certField.set(deleteCmd, certId);
+
+        try {
+            certService.deleteSslCert(deleteCmd);
+        }catch (Exception e){
+            assertTrue(e.getMessage().contains("Certificate in use by a loadbalancer"));
+        }
+
+
+    }
+
+    private void runDeleteSslCertInvalidId() throws NoSuchFieldException, IllegalAccessException {
+
+        TransactionLegacy txn = TransactionLegacy.open("runDeleteSslCertInvalidId");
+
+        long certId = 1;
+        CertServiceImpl certService =  new CertServiceImpl();
+
+        certService._accountMgr = Mockito.mock(AccountManager.class);
+        Account account = new AccountVO("testaccount", 1,
+                "networkdomain", (short) 0, UUID.randomUUID().toString());
+        when(certService._accountMgr.getAccount(anyLong())).thenReturn(account);
+
+        certService._sslCertDao = Mockito.mock(SslCertDao.class);
+        when(certService._sslCertDao.remove(anyLong())).thenReturn(true);
+        when(certService._sslCertDao.findById(anyLong())).thenReturn(null);
+
+        // no rule holding the cert
+        certService._lbCertDao = Mockito.mock(LoadBalancerCertMapDao.class);
+        when(certService._lbCertDao.listByCertId(anyLong())).thenReturn(null);
+
+        //creating the command
+        DeleteSslCertCmd deleteCmd = new DeleteSslCertCmdExtn();
+        Class<?> _class = deleteCmd.getClass().getSuperclass();
+
+        Field certField = _class.getDeclaredField("id");
+        certField.setAccessible(true);
+        certField.set(deleteCmd, certId);
+
+        try {
+            certService.deleteSslCert(deleteCmd);
+        }catch (Exception e){
+            assertTrue(e.getMessage().contains("Invalid certificate id"));
+        }
+
+    }
+
+
+    public class UploadSslCertCmdExtn extends UploadSslCertCmd {
+        @Override
+        public long getEntityOwnerId() {
+            return 1;
+        }
+    }
+
+    public class DeleteSslCertCmdExtn extends DeleteSslCertCmd {
+        @Override
+        public long getEntityOwnerId() {
+            return 1;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/bad_format_cert.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/bad_format_cert.crt b/server/test/resources/certs/bad_format_cert.crt
new file mode 100644
index 0000000..bab377a
--- /dev/null
+++ b/server/test/resources/certs/bad_format_cert.crt
@@ -0,0 +1 @@
+BAD FORMAT CERT

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/dsa_self_signed.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/dsa_self_signed.crt b/server/test/resources/certs/dsa_self_signed.crt
new file mode 100644
index 0000000..9ee3dc8
--- /dev/null
+++ b/server/test/resources/certs/dsa_self_signed.crt
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEaDCCBBACCQDB6QTHSA74AzAJBgcqhkjOOAQDMEUxCzAJBgNVBAYTAkFVMRMw
+EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
+eSBMdGQwHhcNMTMxMDIxMTUxMzE1WhcNMTQxMDIxMTUxMzE1WjBFMQswCQYDVQQG
+EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
+Z2l0cyBQdHkgTHRkMIIDSDCCAjoGByqGSM44BAEwggItAoIBAQD1cLkWeTvzloom
+uaHmB0ANyrmHTum6bVVMyN2V/it8BAErugqQBIaNtF2EOmJ3baxsxIROOqJ5uVx0
+pymYVr4BcS3R6H2G7lSWHa5iA/UMfVp9yHroK+WYdN5ZVKGYcUTvKZXtyr2OX3Rc
+KJJ2yp4qbcQTB2GlV6eZdpX3l38G/03n/Wi5yjU2/p56R80FAaLtCr4wJoS2aXxU
+Iytps+msEn0LRZuFHpW1sLIKPLRCnjFXWeWKdJu6bggUVB0GjfsZR67XzFY5nRvX
+7/vW2XS5Vo4X6gSOym0O/8/vzUp1gQSwHiMQQRAoRYoZPxWo8ACMsqdj0MTbN32y
+b11//OlXAiEAoR8xDStCDTaQ2Ale9swNzLB8vWFzmSLQXXOM1PY10fMCggEBAO1p
+RV1kluxjYCKec12MKdTBqO2QZnOOVFsY2vpIavgqpxyGaHRwY8Cm7BGosV2chMZw
+G6xMz5CRnR55KasaX1Vz2xAz7PwczXWDQA59Il5tQbQdewitm1S3NRb1n9u+cNkQ
+E6ZekjdW9tRykvaNQHH8EBzgQ9KXCYzJ8nFLk2DMt2Mor/paXfobNzO/vi2UgL+B
+5/E8BXoMtBFPhiz72CsCiXp/usROe/UAejow/CTHYC2mfcPhKt2jIVelXx7Baf0n
+K1SWKBpNI4ucBj+/4L3Be0ldqDGmeTRUNTNpJIzmAyplUvnpOiqCbzKst57+l4ZE
+xdVgv2LiIrTaqTn1L4sDggEGAAKCAQEAv0hyFYj8IMEaOCk9+6wb32NGEGoEz4re
+YW1O02Kij2/0YJk0CPyg0ozIpJq9FiHvOzE+2/Eg5jLVTLlAJbjnGjSnzZJ6pJHw
+zhwnJ9wT4to51jLvG1v82iL2FfFKOZFjABxC+kND9cAUXu3URIGfdYJl1rBxvOD1
+WZ03Gk90GMCLUIMqqUYBQg7XRNVf0k1AgiRgDWpdLkKOGiDntAj/unXdFrbse2xD
+IbqBGhCNtPVx34CZ3bUWrvYBoj+BUinfItRK4rkZTEGJinoxbKDvdqoewgk2nSty
+7CH40wFS4ni4DCvYTEwUoUuciQaU4XUOOSYFS9IjNWOR8uGBtORteTAJBgcqhkjO
+OAQDA0cAMEQCIHqfrNbyMadxZ3uCPr8QPj+17XZZod8B7F8VgZW3R5vSAiAV/WMF
+vQ1Dwpr4wJOjNELDe5AEH9WGvevfuc54vmdAdg==
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/dsa_self_signed.key
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/dsa_self_signed.key b/server/test/resources/certs/dsa_self_signed.key
new file mode 100644
index 0000000..9a9d667
--- /dev/null
+++ b/server/test/resources/certs/dsa_self_signed.key
@@ -0,0 +1,20 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIDVwIBAAKCAQEA9XC5Fnk785aKJrmh5gdADcq5h07pum1VTMjdlf4rfAQBK7oK
+kASGjbRdhDpid22sbMSETjqieblcdKcpmFa+AXEt0eh9hu5Ulh2uYgP1DH1afch6
+6CvlmHTeWVShmHFE7ymV7cq9jl90XCiSdsqeKm3EEwdhpVenmXaV95d/Bv9N5/1o
+uco1Nv6eekfNBQGi7Qq+MCaEtml8VCMrabPprBJ9C0WbhR6VtbCyCjy0Qp4xV1nl
+inSbum4IFFQdBo37GUeu18xWOZ0b1+/71tl0uVaOF+oEjsptDv/P781KdYEEsB4j
+EEEQKEWKGT8VqPAAjLKnY9DE2zd9sm9df/zpVwIhAKEfMQ0rQg02kNgJXvbMDcyw
+fL1hc5ki0F1zjNT2NdHzAoIBAQDtaUVdZJbsY2AinnNdjCnUwajtkGZzjlRbGNr6
+SGr4Kqcchmh0cGPApuwRqLFdnITGcBusTM+QkZ0eeSmrGl9Vc9sQM+z8HM11g0AO
+fSJebUG0HXsIrZtUtzUW9Z/bvnDZEBOmXpI3VvbUcpL2jUBx/BAc4EPSlwmMyfJx
+S5NgzLdjKK/6Wl36Gzczv74tlIC/gefxPAV6DLQRT4Ys+9grAol6f7rETnv1AHo6
+MPwkx2Atpn3D4SrdoyFXpV8ewWn9JytUligaTSOLnAY/v+C9wXtJXagxpnk0VDUz
+aSSM5gMqZVL56Toqgm8yrLee/peGRMXVYL9i4iK02qk59S+LAoIBAQC/SHIViPwg
+wRo4KT37rBvfY0YQagTPit5hbU7TYqKPb/RgmTQI/KDSjMikmr0WIe87MT7b8SDm
+MtVMuUAluOcaNKfNknqkkfDOHCcn3BPi2jnWMu8bW/zaIvYV8Uo5kWMAHEL6Q0P1
+wBRe7dREgZ91gmXWsHG84PVZnTcaT3QYwItQgyqpRgFCDtdE1V/STUCCJGANal0u
+Qo4aIOe0CP+6dd0Wtux7bEMhuoEaEI209XHfgJndtRau9gGiP4FSKd8i1EriuRlM
+QYmKejFsoO92qh7CCTadK3LsIfjTAVLieLgMK9hMTBShS5yJBpThdQ45JgVL0iM1
+Y5Hy4YG05G15AiBO/b8wvyKsJJAInNbsLH7OPitH3qKsI18IxykJSl9lTw==
+-----END DSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/expired_cert.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/expired_cert.crt b/server/test/resources/certs/expired_cert.crt
new file mode 100644
index 0000000..d133f24
--- /dev/null
+++ b/server/test/resources/certs/expired_cert.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVzCCAj+gAwIBAgIJAJRInPvOqxbXMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNV
+BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
+Q29tcGFueSBMdGQwHhcNMTMxMDIxMjAwNjA5WhcNMTMxMDIwMjAwNjA5WjBCMQsw
+CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh
+dWx0IENvbXBhbnkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+3rASFvBmAF+CHn58TU5ib0HuMD4gxutohjzQjJXYRFs1cmiLb9esO0Cvk0DFaQuq
+lpxw4Dhe6kxRbNQKkPFr0zsv9B8I/o8UQmclnZ0I++ixlAq4VyP6H0sewrmdVbrV
+mSH0eG1t0hLqXUmxX/XX1kkbHOgZQQk90Sew23VwTVxbywq8yjkYLa2hlBXh33rX
+siky7JFiF0TJE2r6wNB60BQMdi2EErtBUPL/1LD7+VuB/Y6xZpwivKwMIXeFdzSr
+I2gGCn+zf01kNfHj0YrA2bH0i5FX4/9YSpd8PFIOYc/gA+3MNO0xMWchbz6AfjPQ
+aR4tGLsRBjjwvLIZwHzyWQIDAQABo1AwTjAdBgNVHQ4EFgQUo/kIdWN+yxvnWUoK
+/ZJYNl2wY9cwHwYDVR0jBBgwFoAUo/kIdWN+yxvnWUoK/ZJYNl2wY9cwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAJ/LwjkhXQFOcfUmAoIeBIDAMayy7
+HEJusMOA+uUPPuEemgU7DTbwABCaavfBza7QvG171LsTGtvgnvwDg7rdScUOcoX8
+w0XZbhr+dZzvashVmMz4oY6hGw29eGo7M01Rm4msX7bW1IXmdWmDcqcNT6/dKOgj
+tjMR2JvN9I4qwZ41xXAeUHDUqKjgsKlhflBbOX7K07tbpHFMQZcoOs19Jqve8Gfm
+MbH0hZw3LC2YNed8ne/3/lXKNZIhbyZp1IJ/rjgruEZ0ObOwqB1IGR0UjQbAw102
+1D4L8FOzmDi4LfhKPgGc/BMeuPRozxQi60TzrnXN5eQSb0ukFvScMhAIrQ==
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/non_x509_pem.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/non_x509_pem.crt b/server/test/resources/certs/non_x509_pem.crt
new file mode 100644
index 0000000..fbbae8e
--- /dev/null
+++ b/server/test/resources/certs/non_x509_pem.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICtzCCAZ8CAQAwcjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwEU3ll
+ZDEcMBoGCSqGSIb3DQEJARYNc3llZEB0ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAKmQeRXpkeGRhzdj3aJiWUcZtKdcjPCdtphx8gHk1GV1
+vHK2zYenwe23EbSsfkOAQx2p86jCpghN7b+ECilmou4C7ASPS2U8n+GhWdl4eUK4
+Gmz7+daRqcDQOCTCJWSybtShYzvfp2SaEt/TcUgDT+k6xRitqcIkAY7boGY1Cehy
+O6hYdlFkg0oU1XCA0usIaSEi7gOTijpGe2jSh7CTBRRWiClQnqE8VT7x4hXQEDF6
+u26K/ptAL90bgyFUuX2dEH5dKd/5QAyAfdrLV6a3wIvikCUGZy23Twtxot4kFVYf
+S2x3H9BS6j/mIvrUj95CLi2Eu6t4z5uHMOrf8k0NjN8CAwEAAaAAMA0GCSqGSIb3
+DQEBBQUAA4IBAQBa5B6xzAkx3OtJEgOkTJ0nID2TsTt6eQBrp+//jhT/9yKLHmd5
+SeNcLzMWDlTQ+zNlLf9+lreO+CmlolaOKDRXh9eXbyNq0/I2QxOEsIlXqH4dVoCB
+6UkV8eA0lFeNdFJaCla5/QTKmv4f0eUakbI5Scd1PlBr+YOplvI9fpLaxHGmVzCX
+s3WQ7m7SN5hZav7dO8krheZL7N3AYZoCY0QbQ3JTeoakLenmFXqvsckP6in5NQJh
+ECaJprYxrxR+5GPjpUkxu7YGLloXHvnnINeZGJG0TB7kPDO+axDxloiI2eYlT/mp
+HxdgL9BvDYNfI+0NcZYHguz8GWuWiTZC7F26
+-----END CERTIFICATE REQUEST-----

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/root_chain.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/root_chain.crt b/server/test/resources/certs/root_chain.crt
new file mode 100644
index 0000000..2ed8085
--- /dev/null
+++ b/server/test/resources/certs/root_chain.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnTCCAoWgAwIBAgIJALXV1B5/vewgMA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNV
+BAYTAkFVMQ0wCwYDVQQIDARTb21lMQwwCgYDVQQKDANPcmcxDDAKBgNVBAsMA0Rl
+djENMAsGA1UEAwwETmFtZTEcMBoGCSqGSIb3DQEJARYNdGVzdEBtYWlsLmNvbTAe
+Fw0xMzEwMjExNjAxMDdaFw0xNjEwMjAxNjAxMDdaMGUxCzAJBgNVBAYTAkFVMQ0w
+CwYDVQQIDARTb21lMQwwCgYDVQQKDANPcmcxDDAKBgNVBAsMA0RldjENMAsGA1UE
+AwwETmFtZTEcMBoGCSqGSIb3DQEJARYNdGVzdEBtYWlsLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALQZLQa2R64GRCuoh59VFvKoXnAM+4H4sW9E
+jiURT/CeH6rbD0IbEMZZ3o84VfQw1zDsVXN/GXq3IEMp8uBBpWJuZRBF1UeDMYlB
+bouMqUGL05Ov51zK2aQK/83S8MoQI7KV1FGJNti4iwUzemG1fClrBqjCFJQKmv8y
+0z1UaeniAR7ygedIB4I2Y4a/DxtI0e2EsS0TcViwKHGrLArO0GfvNbH+tXqTaotF
+X5eyinUFqQxT3JvnlIIernk0ly8c07mqOFbFqHrhFXxddD4pZrUetHXM2MKLdCMu
+fvXsmMXSAgQ5F97GWmiDEJ9zMDxGoSmhTIN96FwPCRDr7e22lEsCAwEAAaNQME4w
+HQYDVR0OBBYEFIxSziB7ssNqFvhV2MSf1GYvGHQYMB8GA1UdIwQYMBaAFIxSziB7
+ssNqFvhV2MSf1GYvGHQYMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB
+AB1rcxZL6xGuk8PSoBQ0imREcVf9BcEvGIC6uubPSXuoJ/gr584vo3pRJpTpHQyK
+xUUwG6gCaDgAMYX177GBamGCt056ThSLKFROIPVrigZ5yY1NWznNq3zjWS4jIHkV
+vGd+Gx8t3qYBhsn+v6Y6gRTjMOVQum+rvxvixG7n97DaxBnrwNWXbzZQ9spHrQsT
+dsSF/kf9NKkWM0zKh+f/FSNmveJKKvZ+WQZC/MKUfc5VHjyLldXhrffcxzek/dOc
+8YADSICSizvXCP/QjyVVl8dpKr/3c00r16Ei3QQaFhHES0bv/sKLnTwQwKDfJthu
+bQj7M/XGWi33JQgoMHktYhI=
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_ca_signed.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_ca_signed.crt b/server/test/resources/certs/rsa_ca_signed.crt
new file mode 100644
index 0000000..fb74f17
--- /dev/null
+++ b/server/test/resources/certs/rsa_ca_signed.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID1TCCAr2gAwIBAgIJALXV1B5/vewhMA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNV
+BAYTAkFVMQ0wCwYDVQQIDARTb21lMQwwCgYDVQQKDANPcmcxDDAKBgNVBAsMA0Rl
+djENMAsGA1UEAwwETmFtZTEcMBoGCSqGSIb3DQEJARYNdGVzdEBtYWlsLmNvbTAe
+Fw0xMzEwMjExNjE4MjJaFw0xNDEwMjExNjE4MjJaMHIxCzAJBgNVBAYTAkFVMRMw
+EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
+eSBMdGQxDTALBgNVBAMMBFN5ZWQxHDAaBgkqhkiG9w0BCQEWDXN5ZWRAdGVzdC5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpkHkV6ZHhkYc3Y92i
+YllHGbSnXIzwnbaYcfIB5NRldbxyts2Hp8HttxG0rH5DgEMdqfOowqYITe2/hAop
+ZqLuAuwEj0tlPJ/hoVnZeHlCuBps+/nWkanA0DgkwiVksm7UoWM736dkmhLf03FI
+A0/pOsUYranCJAGO26BmNQnocjuoWHZRZINKFNVwgNLrCGkhIu4Dk4o6Rnto0oew
+kwUUVogpUJ6hPFU+8eIV0BAxertuiv6bQC/dG4MhVLl9nRB+XSnf+UAMgH3ay1em
+t8CL4pAlBmctt08LcaLeJBVWH0tsdx/QUuo/5iL61I/eQi4thLureM+bhzDq3/JN
+DYzfAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wg
+R2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBR2LIRfVveDgQB3dC7TOYhX
+BEv71DAfBgNVHSMEGDAWgBSMUs4ge7LDahb4VdjEn9RmLxh0GDANBgkqhkiG9w0B
+AQUFAAOCAQEAPjN/sdLcPfMh5ep29vp/7JTh6dUYnBNATYaXxx8j2XdnMCKeRfgP
+WOJur8HDPSayWWKKlztiQbJV5jDS5vyuMWI1a5/KIAQlOJep+anpR1QnQaX4/M4Z
+YUJo1fPs6tg47dXRpZZaJ+Hqwh0ZftCQoUq/sBxawXf6sbxsjoUmzxQLBqzYo1LJ
+jwxBs6C9aM8LDHFz4TVlyclSFQXiLMosj1jLBQ+TqzCxS6qOfJeMM9STXI9W3F2k
+duXeceqOwEkh8aeSUIztYFpX34d4SA4DDX5GUEaOeOR/abnXjH52vE6tM/m7NOve
+5+I/BrlT3heRqiD6Z2ofSsFhG86YeF9Q3w==
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_ca_signed.key
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_ca_signed.key b/server/test/resources/certs/rsa_ca_signed.key
new file mode 100644
index 0000000..d30dd8e
--- /dev/null
+++ b/server/test/resources/certs/rsa_ca_signed.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIN4x8YHLIb60CAggA
+MBQGCCqGSIb3DQMHBAiuWe+C2SitUgSCBMhVxMKivNaQh9SQedh2GQ8vlhI2/mKf
+r6zVUgODOdmFRj/PAlQu6B+VH8u2Ef5tr74O9UyZUQpC6oI0npvQOGqnhIxECR8D
+zepFlC0s+6kNRqfzXiMhGTsfbs3xUE1TZK1z5556OS4GlihIB0E5F7GdlulHELeA
+dnEItqDffWPQczTmSmFqtH7G/ksGQhSA2reBIDNgxWreBh9x9h2TftEvhhogdkr2
+XQpzxcby2v2z6Hut1lfVkLQNdvdHYdDG751NQltOmGvncXkTNJ+tSByXuY9ITtYz
+XqwY/vAEX+YYjCrWcvMmhU1t6B9cZ3viFzIIIltqtvDo3rybicpM3xvmnYnTF35j
+sGebcynzZedrLUHwD6/o0jBzFJN26QBxDGrlmn9E8HBhmjMCeSyZTXtSkwN0dAhu
+EHT2NgdC/4G4+JHsb3Oetl6AbUyYs2eWTRgr6bgBezbiDqKMj1QtGECkPQE9tFFP
+Jtma6lGJ1/u8zLFYNjigKZgXaNbtlMpslk+KDTGaTSbbVEaaxWSc0YlHz329ovQC
+1btrTE71FoNjRsTRaDRXC7BfrrMtnLhG2SmROKzyBtoxFymfEmASpdGERO+c2712
+Z0NLpHJL5ocsRr/onVi0auFC/nuaq6QqYF5OPtZhYh3+IDd193LP3xo8hnFjTq90
+9zV1QI2uHfTfijI4OABYSSZLxrl2IFF7Z/e4XkWSXrneR2Ne5GoYX7w6wshiuubQ
+bDPUHODsy7uQJ3ZEmmmd5xWvA3h3F5Yyls3WEuz8+jYR4iPKdjt8DJuz9j+7IP3C
+LoRa3KhxIPAzziQw+tMFVCozLLfS1kN8mg5SwU9Dp4HUPY/n3KnjVSjUJ347KAgW
++ykPlz4S1H0A2GyGWhdyX3J839UOdXfCsfKQQ1FLOBvhQgBNGzoRIgDrsZdrxgWa
+XtF+Ct2/2/O+503I6X90maXzhshmGw/NKsiNx7YOdUiu6w3N4LajIWE689UUU7Dr
+EtM8HcfmBnE/cZTbeWbQBfl1GqigMp+YOAY2sw0rZdF4ocmnqoCWLVN2j8O/re5g
+20y5eHkztPOZ+NNczo5PP96ng1XEMVzs/h6xDHzsak6osZb5b+Hs9kcYuqBEqr16
+3DVwaZ45dGwNN90Q9YmrgEdCqtCAU12w/YYVB/aB701Ijg0NhVsh7PgWaJIOJD56
+YTaiWIzQaZ/uM0KlgLz2eI9VXcuv24gUMAUMaI84mInnIrax1zFMrlCjEcR8Zxvk
+jCCY6Uq9WH30cUo7cMHWLWMzsl7PC7xpYSHPClqzCUluUgQwqoOs5Ux4nYl+JI7C
+ZfJ8BUMCD2RJtjvJhkE6LEkcrCjwnvappRaXbN54IVXpuMl2XYtp44T117QulEj1
+I/jk1mrpkXRKi9ZsKsjDH9VMy1hcKHn4CgTxmtRYN6LPA4tamxzVLxIi6YDU0142
+l1u763cT7cH14lvzUvEQMFbk/s0AUl8zeZAwjDayNlD/ljz7nZnJ3NToMlxeoK0a
+F6c/RgQBwxR8NMdo19Irv8stxo9WGB2/0Q8WCxW7ENHlBpvX5zXKRJMswFKp0ft6
+dT7hOBPgJlD7C1eX5jVcSz6kDRM6gQ7K/c5QcJa6qNAC2Jw6yBBYltqiRalFWX46
+VcM=
+-----END ENCRYPTED PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_ca_signed2.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_ca_signed2.crt b/server/test/resources/certs/rsa_ca_signed2.crt
new file mode 100644
index 0000000..fb74f17
--- /dev/null
+++ b/server/test/resources/certs/rsa_ca_signed2.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID1TCCAr2gAwIBAgIJALXV1B5/vewhMA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNV
+BAYTAkFVMQ0wCwYDVQQIDARTb21lMQwwCgYDVQQKDANPcmcxDDAKBgNVBAsMA0Rl
+djENMAsGA1UEAwwETmFtZTEcMBoGCSqGSIb3DQEJARYNdGVzdEBtYWlsLmNvbTAe
+Fw0xMzEwMjExNjE4MjJaFw0xNDEwMjExNjE4MjJaMHIxCzAJBgNVBAYTAkFVMRMw
+EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
+eSBMdGQxDTALBgNVBAMMBFN5ZWQxHDAaBgkqhkiG9w0BCQEWDXN5ZWRAdGVzdC5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpkHkV6ZHhkYc3Y92i
+YllHGbSnXIzwnbaYcfIB5NRldbxyts2Hp8HttxG0rH5DgEMdqfOowqYITe2/hAop
+ZqLuAuwEj0tlPJ/hoVnZeHlCuBps+/nWkanA0DgkwiVksm7UoWM736dkmhLf03FI
+A0/pOsUYranCJAGO26BmNQnocjuoWHZRZINKFNVwgNLrCGkhIu4Dk4o6Rnto0oew
+kwUUVogpUJ6hPFU+8eIV0BAxertuiv6bQC/dG4MhVLl9nRB+XSnf+UAMgH3ay1em
+t8CL4pAlBmctt08LcaLeJBVWH0tsdx/QUuo/5iL61I/eQi4thLureM+bhzDq3/JN
+DYzfAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wg
+R2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBR2LIRfVveDgQB3dC7TOYhX
+BEv71DAfBgNVHSMEGDAWgBSMUs4ge7LDahb4VdjEn9RmLxh0GDANBgkqhkiG9w0B
+AQUFAAOCAQEAPjN/sdLcPfMh5ep29vp/7JTh6dUYnBNATYaXxx8j2XdnMCKeRfgP
+WOJur8HDPSayWWKKlztiQbJV5jDS5vyuMWI1a5/KIAQlOJep+anpR1QnQaX4/M4Z
+YUJo1fPs6tg47dXRpZZaJ+Hqwh0ZftCQoUq/sBxawXf6sbxsjoUmzxQLBqzYo1LJ
+jwxBs6C9aM8LDHFz4TVlyclSFQXiLMosj1jLBQ+TqzCxS6qOfJeMM9STXI9W3F2k
+duXeceqOwEkh8aeSUIztYFpX34d4SA4DDX5GUEaOeOR/abnXjH52vE6tM/m7NOve
+5+I/BrlT3heRqiD6Z2ofSsFhG86YeF9Q3w==
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_ca_signed2.key
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_ca_signed2.key b/server/test/resources/certs/rsa_ca_signed2.key
new file mode 100644
index 0000000..d30dd8e
--- /dev/null
+++ b/server/test/resources/certs/rsa_ca_signed2.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIN4x8YHLIb60CAggA
+MBQGCCqGSIb3DQMHBAiuWe+C2SitUgSCBMhVxMKivNaQh9SQedh2GQ8vlhI2/mKf
+r6zVUgODOdmFRj/PAlQu6B+VH8u2Ef5tr74O9UyZUQpC6oI0npvQOGqnhIxECR8D
+zepFlC0s+6kNRqfzXiMhGTsfbs3xUE1TZK1z5556OS4GlihIB0E5F7GdlulHELeA
+dnEItqDffWPQczTmSmFqtH7G/ksGQhSA2reBIDNgxWreBh9x9h2TftEvhhogdkr2
+XQpzxcby2v2z6Hut1lfVkLQNdvdHYdDG751NQltOmGvncXkTNJ+tSByXuY9ITtYz
+XqwY/vAEX+YYjCrWcvMmhU1t6B9cZ3viFzIIIltqtvDo3rybicpM3xvmnYnTF35j
+sGebcynzZedrLUHwD6/o0jBzFJN26QBxDGrlmn9E8HBhmjMCeSyZTXtSkwN0dAhu
+EHT2NgdC/4G4+JHsb3Oetl6AbUyYs2eWTRgr6bgBezbiDqKMj1QtGECkPQE9tFFP
+Jtma6lGJ1/u8zLFYNjigKZgXaNbtlMpslk+KDTGaTSbbVEaaxWSc0YlHz329ovQC
+1btrTE71FoNjRsTRaDRXC7BfrrMtnLhG2SmROKzyBtoxFymfEmASpdGERO+c2712
+Z0NLpHJL5ocsRr/onVi0auFC/nuaq6QqYF5OPtZhYh3+IDd193LP3xo8hnFjTq90
+9zV1QI2uHfTfijI4OABYSSZLxrl2IFF7Z/e4XkWSXrneR2Ne5GoYX7w6wshiuubQ
+bDPUHODsy7uQJ3ZEmmmd5xWvA3h3F5Yyls3WEuz8+jYR4iPKdjt8DJuz9j+7IP3C
+LoRa3KhxIPAzziQw+tMFVCozLLfS1kN8mg5SwU9Dp4HUPY/n3KnjVSjUJ347KAgW
++ykPlz4S1H0A2GyGWhdyX3J839UOdXfCsfKQQ1FLOBvhQgBNGzoRIgDrsZdrxgWa
+XtF+Ct2/2/O+503I6X90maXzhshmGw/NKsiNx7YOdUiu6w3N4LajIWE689UUU7Dr
+EtM8HcfmBnE/cZTbeWbQBfl1GqigMp+YOAY2sw0rZdF4ocmnqoCWLVN2j8O/re5g
+20y5eHkztPOZ+NNczo5PP96ng1XEMVzs/h6xDHzsak6osZb5b+Hs9kcYuqBEqr16
+3DVwaZ45dGwNN90Q9YmrgEdCqtCAU12w/YYVB/aB701Ijg0NhVsh7PgWaJIOJD56
+YTaiWIzQaZ/uM0KlgLz2eI9VXcuv24gUMAUMaI84mInnIrax1zFMrlCjEcR8Zxvk
+jCCY6Uq9WH30cUo7cMHWLWMzsl7PC7xpYSHPClqzCUluUgQwqoOs5Ux4nYl+JI7C
+ZfJ8BUMCD2RJtjvJhkE6LEkcrCjwnvappRaXbN54IVXpuMl2XYtp44T117QulEj1
+I/jk1mrpkXRKi9ZsKsjDH9VMy1hcKHn4CgTxmtRYN6LPA4tamxzVLxIi6YDU0142
+l1u763cT7cH14lvzUvEQMFbk/s0AUl8zeZAwjDayNlD/ljz7nZnJ3NToMlxeoK0a
+F6c/RgQBwxR8NMdo19Irv8stxo9WGB2/0Q8WCxW7ENHlBpvX5zXKRJMswFKp0ft6
+dT7hOBPgJlD7C1eX5jVcSz6kDRM6gQ7K/c5QcJa6qNAC2Jw6yBBYltqiRalFWX46
+VcM=
+-----END ENCRYPTED PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_random_pkey.key
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_random_pkey.key b/server/test/resources/certs/rsa_random_pkey.key
new file mode 100644
index 0000000..8c29b3e
--- /dev/null
+++ b/server/test/resources/certs/rsa_random_pkey.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQD2ZYOSvqPjro7k
+JKWggB0FJL45mz3pfvBR0NcHTGgHKdh5hml1GiHHPanYnWqRuKFI7UPWLq3xllvJ
+jolMjX6FGzPFuh4wHQ3gHMFlmpi6o1gUkk5QxAeCWmsA77qJAAiLVbm27sqfpvSG
+ec6KJOcePDDN/6Jp363Gf8JuSssafg6fAbfwLp7Cm1cxFM3RKN13fUdy50+OcXv7
+uvUlzHZ2ZIVK7FnlFoXOfhFHoyfdZL2Qm8xV3SuUllNPGl7aCM59Y6xR743Rq01j
+3E6hHNZ82GlJGaOL413oVsp5J9ZmKV+WM7plFIn86p2JGMoA2xjtON+X6BZdz3YT
+ymp7ic+7AgMBAAECggEBAKvkNd3x0TPNWzIdvs4xkg08jNhzTMXQIKdzIg+dZhVZ
+RAPDmV5wVJBCnHLZnrb6LspJe8G33vFjC7WZEn+tVk5Vo9CU/uph2oQ2i1TufQ33
+VkNDrg76MqLloTCODXv14gASVfUgsYqfVodaApStGe8l3oZXiF6EBR8tkd6PnxFi
+8TPAalFS/0mfjj/dA9zHXoZ0iyl+h6had6kqJNNbP8zgD+TbnfJZVkURNB0cyGVI
+8/8d/eO05oQ1DpuvTJ+Q5i8wTDjikUzc4btt6coA/ho4QuOvfsZGsgCzCYsUn0+W
+GA+Vn2PVEFV5hJ+MZ9gGmQ5ouC/IVAYkBBC7HlNX70ECgYEA+3DC6rTvXqdrjZz1
+TFWcITfAt7WzfGlHi2LBZ/JNmyIetXmF/sHpqGKkvp7iHDMJ4NeEBXSN9tbbEfhc
+1yU+HXYlKkeaZAGaNiCSvqlr/Bouy7dX3jG8xgPGQ1o2gyluaoTEwORf2LgmApYA
+q/eQyWTKHLxatTnjlqLULerxqv8CgYEA+t1Wa00XHHgB1D4was59qnpPemIUxpvm
+4e3wjyQs6P2kH0F0rKyytQaSXKhkBYRcmh0EnyNSGu7wxM5l3aDTzCDgBHmb1i9P
+UXLzWUYnsSgUpUB8jL6YDlUmQ1AMMDqvLagLlOLqPkRmNjN1P4/+6mdoxD5SL0rv
+5FeRaOAGR0UCgYEAjWEgGDzYg058CUqCGwPgIEVrFWETpRbFZbiHq1zxChOrVLsZ
+/t8l9MpSe+R2mwiPu18zGqYo1OyGjZorCcYlIQe3agiM5UKJZXn3SUGWOFC4k09q
+FsO8s1KX/nMRR7raHQa+Yv+GbSNOLBIQGqG/RZ5ojrPSBSihsaeoypDahh0CgYEA
++OK3ZmVpVHlLd0LrzktnKceHKqg8bH8oJWZnj9wYIl/igI/0LYx5EFigxQTblw2m
+wc+gUjI8tzPv85HCRovVFWRYXJg6H9l4HBqrjBqqLnzRXtIHv6soOLAJ8iZssTzH
+p8hdFS27sGMz9PpAjPtTsUM/EdOyvfDe5/Bo91+rWvECgYEAxgvptntWbXc8QI9n
+DFYGigeza0sQTmFtSsob5cux9dtPORChdb6EPNTgOPOfKD4QMkmar/VWedeXOHb9
+Cy1Qz7bgOhIUSMdXzw4hPOmLrT7IbhG5CHawwHanGycrQ/bJcV00lsv0BEj3N/NJ
+PW/vxADWc9H3AcVeMi5So6gTBt4=
+-----END PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_self_signed.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_self_signed.crt b/server/test/resources/certs/rsa_self_signed.crt
new file mode 100644
index 0000000..710326e
--- /dev/null
+++ b/server/test/resources/certs/rsa_self_signed.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAe4CCQCEkqahWR0hjjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTEzMTAyMTEzNTIyMFoXDTE0MTAyMTEzNTIyMFowRTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AN6wEhbwZgBfgh5+fE1OYm9B7jA+IMbraIY80IyV2ERbNXJoi2/XrDtAr5NAxWkL
+qpaccOA4XupMUWzUCpDxa9M7L/QfCP6PFEJnJZ2dCPvosZQKuFcj+h9LHsK5nVW6
+1Zkh9HhtbdIS6l1JsV/119ZJGxzoGUEJPdEnsNt1cE1cW8sKvMo5GC2toZQV4d96
+17IpMuyRYhdEyRNq+sDQetAUDHYthBK7QVDy/9Sw+/lbgf2OsWacIrysDCF3hXc0
+qyNoBgp/s39NZDXx49GKwNmx9IuRV+P/WEqXfDxSDmHP4APtzDTtMTFnIW8+gH4z
+0GkeLRi7EQY48LyyGcB88lkCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAlgx04bvU
+/EE5z7lJsYmUM2oi8FjqZcZkD4F1ku7zvdAXaDNhOHjrR5LxGL+iI/N9S8lKVeSV
+xZv+EXAT0NqkTidNFjvP7coctDrrM+JHSNTRlr2GnnYjCnjEph4+ZXNppx8vnhXe
+7jDnHoXL/C5GIPOm0+LQaH1AlGTPF0lnBrtQaz1UG34vCr8SSUtRbTDDxH/liXfc
+hfvVnf4OV5Duj0oUXsmB3YzITYZnZ/xvZ4Dw6rOU/U5Vetng+msOOt8momeTCnWB
+/d1clA7rulJTCNZXb0YyaUNaC6eQX7S9JHnluB67b9yp4yg8f00qz4xR165eTQmq
+mLiuE/U5fTODvA==
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_self_signed.key
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_self_signed.key b/server/test/resources/certs/rsa_self_signed.key
new file mode 100644
index 0000000..14b95e6
--- /dev/null
+++ b/server/test/resources/certs/rsa_self_signed.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA3rASFvBmAF+CHn58TU5ib0HuMD4gxutohjzQjJXYRFs1cmiL
+b9esO0Cvk0DFaQuqlpxw4Dhe6kxRbNQKkPFr0zsv9B8I/o8UQmclnZ0I++ixlAq4
+VyP6H0sewrmdVbrVmSH0eG1t0hLqXUmxX/XX1kkbHOgZQQk90Sew23VwTVxbywq8
+yjkYLa2hlBXh33rXsiky7JFiF0TJE2r6wNB60BQMdi2EErtBUPL/1LD7+VuB/Y6x
+ZpwivKwMIXeFdzSrI2gGCn+zf01kNfHj0YrA2bH0i5FX4/9YSpd8PFIOYc/gA+3M
+NO0xMWchbz6AfjPQaR4tGLsRBjjwvLIZwHzyWQIDAQABAoIBAFBYus4oAsWTsEEM
+ZhEGfSGjaith3zWmblowyxZOYm+XcRtMeTLrYCso1bCNqCyUlwIsg9WCwUxMKPzZ
+LM7LLJpUOqMcJ4ShXy/uQ3Yw2LL7bEb77zMRugdcdUbQ7eGmvba4t5pT8VHgnUr3
+cdYrv6qDShMN8z6x9OnoJjmoj9J5Ggda6DhsXsvl5Ox85XMOJKd9yyaUfa/qy8b6
+wIyixGQ/9l/GwGONgtrF7yKW3YUE+uhoEp4pqgKsGUIke3l7aWug6dCDjKDMdbX5
+jwSSiw2ilTpQJhi1r8JIMOfMea3addf39VySK7e6cSWhsf1VTVwneJbka13xS6uR
+SSdvs7kCgYEA9ynOXh/1+VkpCHJBAPWEIUtPn16KGJB6YEsEf7cfaAQfzQCwJ8E4
+I7/WsHveHXs80HLS/ZJQlIXXsdeMiWdu1rnsQiVBZMmSNOpOD8iP/6mv8eqeeNr+
+3e3JG+j+l3w+/RzX516WC5JPMIsNSIzSlyx8Yht4IYA2uvpJcLdMW2MCgYEA5qY/
+xht6UlbLevGzFFFnM5R9LWSs+Ip88HCBmEwbow7FQTc0TXYbOKxGtPqn88dM91XT
+NMpPaGenuioRz+P1sbEFOP/iE4Hyob8643NMkAiwwoxzSf2Bsj+ebJ/U7oC0xKYx
+yjLeFWINhDy+I3LDLEXTTfv5GNrFlitqBEA+ThMCgYEAmOrJnhyCD4JlS698nj5I
+QF0a5wwTvnzs6dSf9PB0QuOCVVBerEn0FNIk3s3UL0NG7eSMu4uhxTJFr+cfMQfI
+YJtpG8d2/QdlKM3p/APna5Mtoyu4XieH1gC/E0CE+25IfksxHRm9FW2xBuSRFFjk
+FdnVHtHF8lwkAGzHsTAG0ucCgYEAigFdVT7psMyoEZb+7KBMXKtzPq7nZAsQ+JiI
+okSfoK/czMmoLNUHMqC56d20koNkhPVAW2zVmIW08QntAHPIdZqSomlQrxVoxOjz
+5lX9sIzSnoWFEfdyG+I++4Wi1VYDU0qRrgdDpI23wrDJn9Ix/5KD/TxP7lQwN0sg
+swxxeysCgYBBXGBBJR7+AbreFpOHitw0h32Qdmy6zHTEF8e0SjmEgDv3uwGDdsYO
+QQ7g9QPPPUsYtl0+mUmCwDrw1sJeVFtp86AQlQMV89pR2yXZLf0xwT7IN6RAH5Bi
+WlV2/pmiMuWB1qSUKgdPzVEd6aqtjD0TIjtryDBHp76YHJR6SzdCCA==
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_self_signed_with_pwd.crt
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_self_signed_with_pwd.crt b/server/test/resources/certs/rsa_self_signed_with_pwd.crt
new file mode 100644
index 0000000..de5e5c9
--- /dev/null
+++ b/server/test/resources/certs/rsa_self_signed_with_pwd.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAe4CCQD5Q6qF5dVV0jANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTEzMTAyMTEzNTgwNFoXDTE0MTAyMTEzNTgwNFowRTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AN/7lJtiEs68IC1ZPxY9NA34z9T4AU4LPS/kbQtuxx4X72XOBy+y0cB/qdMD7JNV
+h8Mq4URDljhSDyVPdH/+jQr+7kWx2gNe2R/DCnd/meVwwU30JJvpGVZXt+MTef5N
+QAbSfDMsuT4FaUY80InbDd24HelrjwunPdY9wwKXO6zL2fLjyDRediiydxcx18Vb
+Dq1cm7DRi4mNkmA3RwBQMhxGp3VsfXJ4Hy2WTRCCCxWHZphAh3EUJGK3idum6/7j
+HbAwpM/t1kNWN8PZiYDZ1HbccgjmqB7Cub10BfB9g1RByiQ/C87o5cKtQha3uuXR
+iBcHISoDydQrgxKgUpiqEF0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEASvulIaVb
+zh8z2TysE6RFoYTAYIRXghFrmqCUyyQmUVTvs6vN8iaSXr+WMQJcpgXewWcFrDhr
+mIcyRCvF91ZYb7q6lMZFSpE6u/SUGIEtxGUDAfbkbQdKYmrMcbggUUIvSzgUFisO
+Kr0H9PEO4AWtCCrtOJFc7jgu03Sv06wDxn9ghkyiBRnVkbAhoKfKnI179yKruJWR
+A3ieEj0eFoUbeSH8hDkToj4ynpkAvEGoHjHG9j+8FJxy/PTjkyVPl1ykTs+2Jc1B
+Snx8f2afdTenPWyyBm3wFuRZjEAJJLUO0kxM7E8hAwhGsr+XYanwcr1oA1dz6M3f
+cq26lpjTH5ITwQ==
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/server/test/resources/certs/rsa_self_signed_with_pwd.key
----------------------------------------------------------------------
diff --git a/server/test/resources/certs/rsa_self_signed_with_pwd.key b/server/test/resources/certs/rsa_self_signed_with_pwd.key
new file mode 100644
index 0000000..d645a71
--- /dev/null
+++ b/server/test/resources/certs/rsa_self_signed_with_pwd.key
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CCA6E4CB4C4039DD
+
+TaVCJtB0dE9xTZbX7GOaGJwwGHVAMjU1GbRIHf0jODdP+quZvbjklNqsw8Ozlia9
+q/G+UqtRJGlIPPLpce0YCrTo0P3eixZdMs0+hioAEJ4OLtL0SAC6b8q/gB6HRfAx
+BvNg+umTqeF9YB68Tcuv/2g4VGKiaePQACyOzMdf7lGY7ojxoJCYZa1mfKb7jWrg
+FLwmTtLLhNjb6CnOKo3klIef3A6zdutpgxF1gARzdRyXg4qCA3boYnwEptTOlJFu
+ovxbhDG9iuYYr4gXYSs1pLYptEC8J6iWpG/qzkwfr4l5Cfg5uF00bbxQE5+WeRaj
+YFicvXjB/kcoFZuCL7M/YRXYxkJ/EZ19xI9HZNBQ4L738StkSBKL4OhpF/qgYZ2y
+ZLRV6XT4AijUA0Ef7YTuUsTL7Qt9drj09gCtAzXTA7gpZBn5SqT9kWhuwSzY302l
+KF8DIC6A52igk2QKPLbleM/V8eCu6n+J4uF+0GwVRROuG7ThxAQiUlJKhoEYrndL
+nzT7jHVLftjilhVWFu2On62bRf5t1QZuob+1AdK0ukvEIVsYnN4bnlAkc99Wi6C0
+ZJd9qW5L4A9XAC2gcjr3m0Rzw3RO+k17faR8YfmTuJvGyBf5fnrSFoNkrninXQXp
+sk0ajRi4PJ4XTswLyxjWRSt3egNsZBSKnVCibca/QoDEdZHSKXo2FlYiUYx8JHQX
+SPUsLl9OQKC1W8/+ReryqBLHCkiGEsvT8gVaXga0uhVaqe+PaVur2tbOHl4yCysC
++ZlnKwsC84LQsUvpENdCh+D7E1I1Rao9IJMR6q9azKq8Ck63cOJ1fA9xSnxJGoCA
+IlGLttlXrR32EtzYwEnlqf1nI/IqNQrAXQKrP5VPzHsgMFu5uD4OEZa92Q5cVTsz
+ap/1UEqiJVYUt6nuA+aqOUlyjC0oNtYL/VO4DbHTFcHa8SI2cPSS6ebPMWPGHjUm
+l9bWa6Q9iyplCYS6hinAVsAaLVjPi1Eu9Pc8rxFCmoiJYJju5NZuGI5UBK64dqcX
+T6trWl0kB8QY63JtnrZaoStoSPImV5KVseUKDV8TM3Y76h1nLV3MSmAD1ivk9oKs
+VKeVrDhZBWUq9Dqre/+lVGO0a2wo5VTR8hfpf8QkODPLeyNZNdfGKzkkFLuXa8V5
+ELhLQJ3FnbEU3NEvMwikV9MhP/ELPTkZwJr/NKv+9JLs9eXtwz29I/Q8byQVrCCs
+hAuDl0zHGRnqdpdSImeS2EXGx631zGMwSe8fhKelni5h6hXrXz52asr0k30BxWjf
+WUn1uTInwVjWGy9B5j3mZlVDotFbvVAZgtR0IoFwihPl4VZd9oS13l+hMfrTy1YZ
+8xFNg8ZqUQ0lSmKfOVqSBT0lP8tM8LuGxgY4cWluhsAQxR5Nl7wkundnqjcwEDDu
+Jz2rD54St1EZYGLDJZSfC7mpG2PgodsdeopQCTyFhHWa8s3caZ40GFOwaR+/5+YF
+1oRvkR1Yr4qIS7KbX4xsaFfAA5b8QfLA74L05PAgDwKofam2GFAlAKHOcI6mexPq
+aySON9MNdnXBNxs16mBJLzCX5ljQb0ilJildVEI3aVmABptM4ehEiw==
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/setup/db/db/schema-421to430.sql
----------------------------------------------------------------------
diff --git a/setup/db/db/schema-421to430.sql b/setup/db/db/schema-421to430.sql
index 7bacefe..53cd0bf 100644
--- a/setup/db/db/schema-421to430.sql
+++ b/setup/db/db/schema-421to430.sql
@@ -41,6 +41,8 @@ ALTER TABLE `cloud`.`vm_instance` ADD COLUMN `power_state_update_count` INT DEFA
 ALTER TABLE `cloud`.`vm_instance` ADD COLUMN `power_host` bigint unsigned;
 ALTER TABLE `cloud`.`vm_instance` ADD CONSTRAINT `fk_vm_instance__power_host` FOREIGN KEY (`power_host`) REFERENCES `cloud`.`host`(`id`);
 
+ALTER TABLE `cloud`.`load_balancing_rules` ADD COLUMN `lb_protocol` VARCHAR(40);
+
 DROP TABLE IF EXISTS `cloud`.`vm_snapshot_details`;
 CREATE TABLE `cloud`.`vm_snapshot_details` (
   `id` bigint unsigned UNIQUE NOT NULL,
@@ -464,6 +466,32 @@ CREATE VIEW `cloud`.`storage_pool_view` AS
             and async_job.instance_type = 'StoragePool'
             and async_job.job_status = 0;
 
+
+CREATE TABLE `sslcerts` (
+      `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
+      `uuid` varchar(40) DEFAULT NULL,
+      `account_id` bigint(20) unsigned NOT NULL,
+      `domain_id` bigint(20) unsigned NOT NULL,
+      `certificate` text NOT NULL,
+      `fingerprint` varchar(62) NOT NULL,
+      `key` text NOT NULL,
+      `chain` text,
+      `password` varchar(255) DEFAULT NULL,
+      PRIMARY KEY (`id`),
+      CONSTRAINT `fk_sslcert__account_id` FOREIGN KEY (`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE,
+      CONSTRAINT `fk_sslcert__domain_id` FOREIGN KEY (`domain_id`) REFERENCES `domain` (`id`) ON DELETE CASCADE
+);
+
+CREATE TABLE `load_balancer_cert_map` (
+      `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
+      `uuid` varchar(40) DEFAULT NULL,
+      `load_balancer_id` bigint(20) unsigned NOT NULL,
+      `certificate_id` bigint(20) unsigned NOT NULL,
+      `revoke` tinyint(1) NOT NULL DEFAULT '0',
+      PRIMARY KEY (`id`),
+      CONSTRAINT `fk_load_balancer_cert_map__certificate_id` FOREIGN KEY (`certificate_id`) REFERENCES `sslcerts` (`id`) ON DELETE CASCADE,
+      CONSTRAINT `fk_load_balancer_cert_map__load_balancer_id` FOREIGN KEY (`load_balancer_id`) REFERENCES `load_balancing_rules` (`id`) ON DELETE CASCADE);
+
 ALTER TABLE `cloud`.`host` ADD COLUMN `cpu_sockets` int(10) unsigned DEFAULT NULL COMMENT "the number of CPU sockets on the host" AFTER pod_id;
 
 DROP VIEW IF EXISTS `cloud`.`host_view`;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00763078/utils/src/com/cloud/utils/net/NetUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java
index f590425..8a35109 100755
--- a/utils/src/com/cloud/utils/net/NetUtils.java
+++ b/utils/src/com/cloud/utils/net/NetUtils.java
@@ -52,6 +52,7 @@ import com.cloud.utils.script.Script;
 public class NetUtils {
     protected final static Logger s_logger = Logger.getLogger(NetUtils.class);
     public final static String HTTP_PORT = "80";
+    public final static String HTTPS_PORT = "443";
     public final static int VPN_PORT = 500;
     public final static int VPN_NATT_PORT = 4500;
     public final static int VPN_L2TP_PORT = 1701;
@@ -61,6 +62,8 @@ public class NetUtils {
     public final static String ANY_PROTO = "any";
     public final static String ICMP_PROTO = "icmp";
     public final static String ALL_PROTO = "all";
+    public final static String HTTP_PROTO = "http";
+    public final static String SSL_PROTO = "ssl";
 
     public final static String ALL_CIDRS = "0.0.0.0/0";
     public final static int PORT_RANGE_MIN = 0;


Mime
View raw message