You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ya...@apache.org on 2012/07/20 00:10:41 UTC
git commit: CS-15511: Not allow pfs parameter for customer VPN gateway
Updated Branches:
refs/heads/vpc 281b23c2c -> c0fcca399
CS-15511: Not allow pfs parameter for customer VPN gateway
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/c0fcca39
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/c0fcca39
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/c0fcca39
Branch: refs/heads/vpc
Commit: c0fcca3990ad2fd137e34ed5dea18b50967ef2a6
Parents: 281b23c
Author: Sheng Yang <sh...@citrix.com>
Authored: Thu Jul 19 15:08:56 2012 -0700
Committer: Sheng Yang <sh...@citrix.com>
Committed: Thu Jul 19 15:10:31 2012 -0700
----------------------------------------------------------------------
utils/src/com/cloud/utils/net/NetUtils.java | 19 +++++++++++-----
utils/test/com/cloud/utils/net/NetUtilsTest.java | 6 ++--
2 files changed, 16 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/c0fcca39/utils/src/com/cloud/utils/net/NetUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java
index 167e3fd..fe3dedc 100755
--- a/utils/src/com/cloud/utils/net/NetUtils.java
+++ b/utils/src/com/cloud/utils/net/NetUtils.java
@@ -1069,25 +1069,32 @@ public class NetUtils {
if (policy.isEmpty()) {
return false;
}
- String cipherHash = policy.split(";")[0];
+ //String cipherHash = policy.split(";")[0];
+ String cipherHash = policy;
if (cipherHash.isEmpty()) {
return false;
}
- String pfsGroup = null;
- if (!policy.equals(cipherHash)) {
- pfsGroup = policy.split(";")[1];
+ String[] list = cipherHash.split("-");
+ if (list.length != 2) {
+ return false;
}
- String cipher = cipherHash.split("-")[0];
- String hash = cipherHash.split("-")[1];
+ String cipher = list[0];
+ String hash = list[1];
if (!cipher.matches("des|3des|aes|aes128|aes256")) {
return false;
}
if (!hash.matches("md5|sha1")) {
return false;
}
+ /* Disable pfsGroup support, see CS-15511
+ String pfsGroup = null;
+ if (!policy.equals(cipherHash)) {
+ pfsGroup = policy.split(";")[1];
+ }
if (pfsGroup != null && !pfsGroup.matches("modp1024|modp1536")) {
return false;
}
+ */
}
return true;
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/c0fcca39/utils/test/com/cloud/utils/net/NetUtilsTest.java
----------------------------------------------------------------------
diff --git a/utils/test/com/cloud/utils/net/NetUtilsTest.java b/utils/test/com/cloud/utils/net/NetUtilsTest.java
index 4bcddeb..b187b55 100644
--- a/utils/test/com/cloud/utils/net/NetUtilsTest.java
+++ b/utils/test/com/cloud/utils/net/NetUtilsTest.java
@@ -55,9 +55,9 @@ public class NetUtilsTest extends TestCase {
public void testVpnPolicy() {
assertTrue(NetUtils.isValidS2SVpnPolicy("aes-sha1"));
- assertTrue(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024"));
- assertTrue(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024,aes-sha1;modp1536"));
- assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1;modp1536"));
+ assertFalse(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024"));
+ assertFalse(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024,aes-sha1;modp1536"));
+ assertFalse(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1;modp1536"));
assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1"));
assertFalse(NetUtils.isValidS2SVpnPolicy("abc-123,ase-sha1"));
assertFalse(NetUtils.isValidS2SVpnPolicy("de-sh,aes-sha1"));