You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/03/16 11:36:55 UTC
[1/9] git commit: updated refs/heads/4.4 to 8e58bc0
Repository: cloudstack
Updated Branches:
refs/heads/4.4 a3069ac02 -> 8e58bc087
Fix encoding for user account label in header
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit bfcdbeca29dcf234d5aecbb4f2d9ca1ec315e0da)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/2497a7a6
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/2497a7a6
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/2497a7a6
Branch: refs/heads/4.4
Commit: 2497a7a64da8b5feb7a2608699f9f6e9384b4abd
Parents: a3069ac
Author: Brian Federle <br...@citrix.com>
Authored: Thu Oct 9 10:47:31 2014 -0700
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Mar 16 15:49:15 2015 +0530
----------------------------------------------------------------------
ui/scripts/ui/core.js | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2497a7a6/ui/scripts/ui/core.js
----------------------------------------------------------------------
diff --git a/ui/scripts/ui/core.js b/ui/scripts/ui/core.js
index add7d06..6912d1b 100644
--- a/ui/scripts/ui/core.js
+++ b/ui/scripts/ui/core.js
@@ -50,7 +50,7 @@
.addClass('navigation-item')
.addClass(sectionID)
.append($('<span>').addClass('icon').html(' '))
- .append($('<span>').html(_l(args.title)))
+ .append($('<span>').text(_l(args.title)))
.data('cloudStack-section-id', sectionID);
if (args.customIcon) {
@@ -223,7 +223,7 @@
id: 'user'
}).addClass('button')
.append(
- $('<div>').addClass('name').html(
+ $('<div>').addClass('name').text(
args.context && args.context.users ?
cloudStack.concat(userLabel, 14) : 'Invalid User'
)
@@ -258,7 +258,7 @@
$('<div>').attr({
id: 'breadcrumbs'
})
- .append($('<div>').addClass('home').html(_l('label.home')))
+ .append($('<div>').addClass('home').text(_l('label.home')))
.append($('<div>').addClass('end'))
)
@@ -309,7 +309,7 @@
.attr({
href: '#'
})
- .html(_l(this.toString()))
+ .text(_l(this.toString()))
.appendTo($options);
if (this == 'label.help') {
@@ -323,8 +323,8 @@
}
if (this == 'label.about') {
$link.addClass('about').click(function() {
- var $logo = $('<div>').addClass('logo').html(_l('label.app.name')),
- $version = $('<div>').addClass('version').html(g_cloudstackversion),
+ var $logo = $('<div>').addClass('logo').text(_l('label.app.name')),
+ $version = $('<div>').addClass('version').text(g_cloudstackversion),
$about = $('<div>').addClass('about').append($logo).append($version);
$about.dialog({
modal: true,
[7/9] git commit: updated refs/heads/4.4 to 8e58bc0
Posted by bh...@apache.org.
utils: use a better extended implementation of SSLSocketFactory
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit b4a5a32a7488ecd93f295670e7f641fc32198aa7)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Conflicts:
plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b1f54db1
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b1f54db1
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b1f54db1
Branch: refs/heads/4.4
Commit: b1f54db18f770aaba60439180404ad987873167e
Parents: 0f10d36
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Fri Mar 13 17:31:30 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Mar 16 15:52:38 2015 +0530
----------------------------------------------------------------------
.../xen/resource/XenServerConnectionPool.java | 45 ++++---
.../opendaylight/api/NeutronRestApi.java | 38 +++---
.../storage/datastore/util/ElastistorUtil.java | 41 +++---
.../main/java/streamer/SocketWrapperImpl.java | 29 +++--
.../com/cloud/consoleproxy/util/RawHTTP.java | 16 +--
.../cloud/utils/rest/RESTServiceConnector.java | 60 +++++----
.../cloudstack/utils/security/SSLUtils.java | 7 ++
.../utils/security/SecureSSLSocketFactory.java | 124 +++++++++++++++++++
.../hypervisor/vmware/util/VmwareClient.java | 36 +++---
.../hypervisor/vmware/util/VmwareContext.java | 44 ++++---
10 files changed, 282 insertions(+), 158 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b1f54db1/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/XenServerConnectionPool.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/XenServerConnectionPool.java b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/XenServerConnectionPool.java
index e6f808c..6ca8a3e 100644
--- a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/XenServerConnectionPool.java
+++ b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/XenServerConnectionPool.java
@@ -16,26 +16,9 @@
// under the License.
package com.cloud.hypervisor.xen.resource;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.net.URL;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Queue;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLSession;
-
-import org.apache.log4j.Logger;
-import org.apache.xmlrpc.XmlRpcException;
-import org.apache.xmlrpc.client.XmlRpcClientException;
-
-import org.apache.cloudstack.utils.security.SSLUtils;
-
+import com.cloud.utils.NumbersUtil;
+import com.cloud.utils.PropertiesUtil;
+import com.cloud.utils.exception.CloudRuntimeException;
import com.xensource.xenapi.APIVersion;
import com.xensource.xenapi.Connection;
import com.xensource.xenapi.Host;
@@ -44,10 +27,24 @@ import com.xensource.xenapi.Session;
import com.xensource.xenapi.Types;
import com.xensource.xenapi.Types.BadServerResponse;
import com.xensource.xenapi.Types.XenAPIException;
+import org.apache.cloudstack.utils.security.SSLUtils;
+import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
+import org.apache.log4j.Logger;
+import org.apache.xmlrpc.XmlRpcException;
+import org.apache.xmlrpc.client.XmlRpcClientException;
-import com.cloud.utils.NumbersUtil;
-import com.cloud.utils.PropertiesUtil;
-import com.cloud.utils.exception.CloudRuntimeException;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSession;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Queue;
public class XenServerConnectionPool {
private static final Logger s_logger = Logger.getLogger(XenServerConnectionPool.class);
@@ -83,7 +80,7 @@ public class XenServerConnectionPool {
trustAllCerts[0] = tm;
javax.net.ssl.SSLContext sc = SSLUtils.getSSLContext();
sc.init(null, trustAllCerts, null);
- javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+ javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(new SecureSSLSocketFactory(sc));
HostnameVerifier hv = new HostnameVerifier() {
@Override
public boolean verify(String hostName, SSLSession session) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b1f54db1/plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java b/plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java
index 528a4ac..ab6595e 100644
--- a/plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java
+++ b/plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java
@@ -20,6 +20,24 @@
package org.apache.cloudstack.network.opendaylight.api;
import org.apache.cloudstack.utils.security.SSLUtils;
+import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpException;
+import org.apache.commons.httpclient.HttpMethodBase;
+import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
+import org.apache.commons.httpclient.cookie.CookiePolicy;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+import org.apache.log4j.Logger;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
@@ -33,24 +51,6 @@ import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-
-import org.apache.commons.httpclient.ConnectTimeoutException;
-import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.HttpException;
-import org.apache.commons.httpclient.HttpMethodBase;
-import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
-import org.apache.commons.httpclient.cookie.CookiePolicy;
-import org.apache.commons.httpclient.params.HttpConnectionParams;
-import org.apache.commons.httpclient.protocol.Protocol;
-import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
-import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
-import org.apache.log4j.Logger;
-
public class NeutronRestApi {
private static final Logger s_logger = Logger.getLogger(NeutronRestApi.class);
@@ -179,7 +179,7 @@ public class NeutronRestApi {
// Install the all-trusting trust manager
SSLContext sc = SSLUtils.getSSLContext();
sc.init(null, trustAllCerts, new java.security.SecureRandom());
- ssf = sc.getSocketFactory();
+ ssf = new SecureSSLSocketFactory(sc);
} catch (KeyManagementException e) {
throw new IOException(e);
} catch (NoSuchAlgorithmException e) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b1f54db1/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
----------------------------------------------------------------------
diff --git a/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java b/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
index aff3df4..552da19 100755
--- a/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
+++ b/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
@@ -19,11 +19,21 @@
package org.apache.cloudstack.storage.datastore.util;
-import java.net.ConnectException;
-import java.security.InvalidParameterException;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-import java.util.HashMap;
+import com.cloud.agent.api.Answer;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.google.gson.Gson;
+import com.google.gson.annotations.SerializedName;
+import com.sun.jersey.api.client.Client;
+import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.WebResource;
+import com.sun.jersey.api.client.config.ClientConfig;
+import com.sun.jersey.api.client.config.DefaultClientConfig;
+import com.sun.jersey.core.util.MultivaluedMapImpl;
+import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.utils.security.SSLUtils;
+import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
+import org.apache.http.auth.InvalidCredentialsException;
+import org.apache.log4j.Logger;
import javax.naming.ServiceUnavailableException;
import javax.net.ssl.HostnameVerifier;
@@ -36,20 +46,11 @@ import javax.net.ssl.X509TrustManager;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.UriBuilder;
-
-import org.apache.http.auth.InvalidCredentialsException;
-import org.apache.log4j.Logger;
-import org.apache.cloudstack.utils.security.SSLUtils;
-
-import com.cloud.utils.exception.CloudRuntimeException;
-import com.google.gson.Gson;
-import com.google.gson.annotations.SerializedName;
-import com.sun.jersey.api.client.Client;
-import com.sun.jersey.api.client.ClientResponse;
-import com.sun.jersey.api.client.WebResource;
-import com.sun.jersey.api.client.config.ClientConfig;
-import com.sun.jersey.api.client.config.DefaultClientConfig;
-import com.sun.jersey.core.util.MultivaluedMapImpl;
+import java.net.ConnectException;
+import java.security.InvalidParameterException;
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
+import java.util.HashMap;
public class ElastistorUtil {
@@ -644,7 +645,7 @@ public class ElastistorUtil {
try {
SSLContext sc = SSLUtils.getSSLContext();
sc.init(null, trustAllCerts, new SecureRandom());
- HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+ HttpsURLConnection.setDefaultSSLSocketFactory(new SecureSSLSocketFactory(sc));
HttpsURLConnection.setDefaultHostnameVerifier(hv);
} catch (Exception e) {
;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b1f54db1/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
----------------------------------------------------------------------
diff --git a/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java b/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
index 14089ce..4713173 100755
--- a/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
+++ b/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
@@ -16,9 +16,18 @@
// under the License.
package streamer;
-import static streamer.debug.MockServer.Packet.PacketType.CLIENT;
-import static streamer.debug.MockServer.Packet.PacketType.SERVER;
+import org.apache.cloudstack.utils.security.SSLUtils;
+import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
+import streamer.debug.MockServer;
+import streamer.debug.MockServer.Packet;
+import streamer.ssl.SSLState;
+import streamer.ssl.TrustAllX509TrustManager;
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@@ -26,18 +35,8 @@ import java.net.InetSocketAddress;
import java.net.Socket;
import java.util.HashMap;
-import javax.net.SocketFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-
-import org.apache.cloudstack.utils.security.SSLUtils;
-
-import streamer.debug.MockServer;
-import streamer.debug.MockServer.Packet;
-import streamer.ssl.SSLState;
-import streamer.ssl.TrustAllX509TrustManager;
+import static streamer.debug.MockServer.Packet.PacketType.CLIENT;
+import static streamer.debug.MockServer.Packet.PacketType.SERVER;
public class SocketWrapperImpl extends PipelineImpl implements SocketWrapper {
@@ -137,7 +136,7 @@ public class SocketWrapperImpl extends PipelineImpl implements SocketWrapper {
// Trust all certificates (FIXME: insecure)
sslContext.init(null, new TrustManager[] {new TrustAllX509TrustManager(sslState)}, null);
- SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
+ SSLSocketFactory sslSocketFactory = new SecureSSLSocketFactory(sslContext);
sslSocket = (SSLSocket)sslSocketFactory.createSocket(socket, address.getHostName(), address.getPort(), true);
sslSocket.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslSocket.getEnabledProtocols()));
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b1f54db1/services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java
----------------------------------------------------------------------
diff --git a/services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java b/services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java
index 8f78fb3..21b6241 100644
--- a/services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java
+++ b/services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java
@@ -17,7 +17,13 @@
package com.cloud.consoleproxy.util;
import org.apache.cloudstack.utils.security.SSLUtils;
+import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@@ -32,12 +38,6 @@ import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
-import javax.net.SocketFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-
//
// This file is originally from XenConsole with modifications
//
@@ -151,7 +151,7 @@ public final class RawHTTP {
SSLSocket ssl = null;
try {
context.init(null, trustAllCerts, new SecureRandom());
- SocketFactory factory = context.getSocketFactory();
+ SocketFactory factory = new SecureSSLSocketFactory(context);
ssl = (SSLSocket)factory.createSocket(host, port);
ssl.setEnabledProtocols(SSLUtils.getSupportedProtocols(ssl.getEnabledProtocols()));
/* ssl.setSSLParameters(context.getDefaultSSLParameters()); */
@@ -160,6 +160,8 @@ public final class RawHTTP {
throw e;
} catch (KeyManagementException e) {
s_logger.error("KeyManagementException: " + e.getMessage(), e);
+ } catch (NoSuchAlgorithmException e) {
+ s_logger.error("NoSuchAlgorithmException: " + e.getMessage(), e);
}
return ssl;
} else {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b1f54db1/utils/src/com/cloud/utils/rest/RESTServiceConnector.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/rest/RESTServiceConnector.java b/utils/src/com/cloud/utils/rest/RESTServiceConnector.java
index cdacd1f..6ededcb 100644
--- a/utils/src/com/cloud/utils/rest/RESTServiceConnector.java
+++ b/utils/src/com/cloud/utils/rest/RESTServiceConnector.java
@@ -19,29 +19,13 @@
package com.cloud.utils.rest;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.lang.reflect.Type;
-import java.net.InetAddress;
-import java.net.InetSocketAddress;
-import java.net.MalformedURLException;
-import java.net.Socket;
-import java.net.URL;
-import java.net.UnknownHostException;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-
+import com.google.gson.FieldNamingPolicy;
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonDeserializer;
+import com.google.gson.reflect.TypeToken;
+import org.apache.cloudstack.utils.security.SSLUtils;
+import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
@@ -62,13 +46,27 @@ import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.utils.security.SSLUtils;
-
-import com.google.gson.FieldNamingPolicy;
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.google.gson.JsonDeserializer;
-import com.google.gson.reflect.TypeToken;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.lang.reflect.Type;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.MalformedURLException;
+import java.net.Socket;
+import java.net.URL;
+import java.net.UnknownHostException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
/**
* This abstraction encapsulates client side code for REST service communication. It encapsulates
@@ -339,7 +337,7 @@ public class RESTServiceConnector {
// Install the all-trusting trust manager
final SSLContext sc = SSLUtils.getSSLContext();
sc.init(null, trustAllCerts, new java.security.SecureRandom());
- ssf = sc.getSocketFactory();
+ ssf = new SecureSSLSocketFactory(sc);
} catch (final KeyManagementException e) {
throw new IOException(e);
} catch (final NoSuchAlgorithmException e) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b1f54db1/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java b/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java
index 3de4c50..5ea89b1 100644
--- a/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java
@@ -24,6 +24,7 @@ import org.apache.log4j.Logger;
import javax.net.ssl.SSLContext;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
+import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
@@ -41,6 +42,12 @@ public class SSLUtils {
return (String[]) set.toArray(new String[set.size()]);
}
+ public static String[] getSupportedCiphers() throws NoSuchAlgorithmException {
+ String[] availableCiphers = getSSLContext().getSocketFactory().getSupportedCipherSuites();
+ Arrays.sort(availableCiphers);
+ return availableCiphers;
+ }
+
public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
return SSLContext.getInstance("TLSv1");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b1f54db1/utils/src/org/apache/cloudstack/utils/security/SecureSSLSocketFactory.java
----------------------------------------------------------------------
diff --git a/utils/src/org/apache/cloudstack/utils/security/SecureSSLSocketFactory.java b/utils/src/org/apache/cloudstack/utils/security/SecureSSLSocketFactory.java
new file mode 100644
index 0000000..fa9d492
--- /dev/null
+++ b/utils/src/org/apache/cloudstack/utils/security/SecureSSLSocketFactory.java
@@ -0,0 +1,124 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+
+package org.apache.cloudstack.utils.security;
+
+import org.apache.log4j.Logger;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+public class SecureSSLSocketFactory extends SSLSocketFactory {
+
+ public static final Logger s_logger = Logger.getLogger(SecureSSLSocketFactory.class);
+ private SSLContext _sslContext;
+
+ public SecureSSLSocketFactory() throws NoSuchAlgorithmException {
+ _sslContext = SSLUtils.getSSLContext();
+ }
+
+ public SecureSSLSocketFactory(SSLContext sslContext) throws NoSuchAlgorithmException {
+ if (sslContext != null) {
+ _sslContext = sslContext;
+ } else {
+ _sslContext = SSLUtils.getSSLContext();
+ }
+ }
+
+ public SecureSSLSocketFactory(KeyManager[] km, TrustManager[] tm, SecureRandom random) throws NoSuchAlgorithmException, KeyManagementException, IOException {
+ _sslContext = SSLUtils.getSSLContext();
+ _sslContext.init(km, tm, random);
+ }
+
+ @Override
+ public String[] getDefaultCipherSuites() {
+ return getSupportedCipherSuites();
+ }
+
+ @Override
+ public String[] getSupportedCipherSuites() {
+ String[] ciphers = null;
+ try {
+ ciphers = SSLUtils.getSupportedCiphers();
+ } catch (NoSuchAlgorithmException e) {
+ s_logger.error("SecureSSLSocketFactory::getDefaultCipherSuites found no cipher suites");
+ }
+ return ciphers;
+ }
+
+ @Override
+ public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
+ SSLSocketFactory factory = _sslContext.getSocketFactory();
+ Socket socket = factory.createSocket(s, host, port, autoClose);
+ if (socket instanceof SSLSocket) {
+ ((SSLSocket)socket).setEnabledProtocols(SSLUtils.getSupportedProtocols(((SSLSocket)socket).getEnabledProtocols()));
+ }
+ return socket;
+ }
+
+ @Override
+ public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
+ SSLSocketFactory factory = _sslContext.getSocketFactory();
+ Socket socket = factory.createSocket(host, port);
+ if (socket instanceof SSLSocket) {
+ ((SSLSocket)socket).setEnabledProtocols(SSLUtils.getSupportedProtocols(((SSLSocket)socket).getEnabledProtocols()));
+ }
+ return socket;
+ }
+
+ @Override
+ public Socket createSocket(String host, int port, InetAddress inetAddress, int localPort) throws IOException, UnknownHostException {
+ SSLSocketFactory factory = _sslContext.getSocketFactory();
+ Socket socket = factory.createSocket(host, port, inetAddress, localPort);
+ if (socket instanceof SSLSocket) {
+ ((SSLSocket)socket).setEnabledProtocols(SSLUtils.getSupportedProtocols(((SSLSocket)socket).getEnabledProtocols()));
+ }
+ return socket;
+ }
+
+ @Override
+ public Socket createSocket(InetAddress inetAddress, int localPort) throws IOException {
+ SSLSocketFactory factory = _sslContext.getSocketFactory();
+ Socket socket = factory.createSocket(inetAddress, localPort);
+ if (socket instanceof SSLSocket) {
+ ((SSLSocket)socket).setEnabledProtocols(SSLUtils.getSupportedProtocols(((SSLSocket)socket).getEnabledProtocols()));
+ }
+ return socket;
+ }
+
+ @Override
+ public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
+ SSLSocketFactory factory = this._sslContext.getSocketFactory();
+ Socket socket = factory.createSocket(address, port, localAddress, localPort);
+ if (socket instanceof SSLSocket) {
+ ((SSLSocket)socket).setEnabledProtocols(SSLUtils.getSupportedProtocols(((SSLSocket)socket).getEnabledProtocols()));
+ }
+ return socket;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b1f54db1/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java
----------------------------------------------------------------------
diff --git a/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java b/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java
index cc657a6..f3f7e0c 100644
--- a/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java
+++ b/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java
@@ -16,24 +16,6 @@
// under the License.
package com.cloud.hypervisor.vmware.util;
-import java.lang.reflect.Method;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Map;
-import java.util.StringTokenizer;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLSession;
-import javax.xml.ws.BindingProvider;
-import javax.xml.ws.WebServiceException;
-import javax.xml.ws.handler.MessageContext;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.utils.security.SSLUtils;
-
import com.vmware.vim25.DynamicProperty;
import com.vmware.vim25.InvalidCollectorVersionFaultMsg;
import com.vmware.vim25.InvalidPropertyFaultMsg;
@@ -56,6 +38,22 @@ import com.vmware.vim25.TraversalSpec;
import com.vmware.vim25.UpdateSet;
import com.vmware.vim25.VimPortType;
import com.vmware.vim25.VimService;
+import org.apache.cloudstack.utils.security.SSLUtils;
+import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
+import org.apache.log4j.Logger;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSession;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.WebServiceException;
+import javax.xml.ws.handler.MessageContext;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.StringTokenizer;
/**
* A wrapper class to handle Vmware vsphere connection and disconnection.
@@ -109,7 +107,7 @@ public class VmwareClient {
javax.net.ssl.SSLSessionContext sslsc = sc.getServerSessionContext();
sslsc.setSessionTimeout(0);
sc.init(null, trustAllCerts, null);
- javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+ javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(new SecureSSLSocketFactory(sc));
}
private final ManagedObjectReference svcInstRef = new ManagedObjectReference();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b1f54db1/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java
----------------------------------------------------------------------
diff --git a/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java b/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java
index cb0c4d7..bec4b37 100755
--- a/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java
+++ b/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java
@@ -16,6 +16,26 @@
// under the License.
package com.cloud.hypervisor.vmware.util;
+import com.cloud.hypervisor.vmware.mo.DatacenterMO;
+import com.cloud.hypervisor.vmware.mo.DatastoreFile;
+import com.cloud.utils.ActionDelegate;
+import com.vmware.vim25.ManagedObjectReference;
+import com.vmware.vim25.ObjectContent;
+import com.vmware.vim25.ObjectSpec;
+import com.vmware.vim25.PropertyFilterSpec;
+import com.vmware.vim25.PropertySpec;
+import com.vmware.vim25.ServiceContent;
+import com.vmware.vim25.TaskInfo;
+import com.vmware.vim25.TraversalSpec;
+import com.vmware.vim25.VimPortType;
+import org.apache.cloudstack.utils.security.SSLUtils;
+import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
+import org.apache.log4j.Logger;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSession;
+import javax.xml.ws.soap.SOAPFaultException;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.BufferedReader;
@@ -35,28 +55,6 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLSession;
-import javax.xml.ws.soap.SOAPFaultException;
-
-import org.apache.log4j.Logger;
-import org.apache.cloudstack.utils.security.SSLUtils;
-
-import com.vmware.vim25.ManagedObjectReference;
-import com.vmware.vim25.ObjectContent;
-import com.vmware.vim25.ObjectSpec;
-import com.vmware.vim25.PropertyFilterSpec;
-import com.vmware.vim25.PropertySpec;
-import com.vmware.vim25.ServiceContent;
-import com.vmware.vim25.TaskInfo;
-import com.vmware.vim25.TraversalSpec;
-import com.vmware.vim25.VimPortType;
-
-import com.cloud.hypervisor.vmware.mo.DatacenterMO;
-import com.cloud.hypervisor.vmware.mo.DatastoreFile;
-import com.cloud.utils.ActionDelegate;
-
public class VmwareContext {
private static final Logger s_logger = Logger.getLogger(VmwareContext.class);
@@ -82,7 +80,7 @@ public class VmwareContext {
trustAllCerts[0] = tm;
javax.net.ssl.SSLContext sc = SSLUtils.getSSLContext();
sc.init(null, trustAllCerts, null);
- javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+ javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(new SecureSSLSocketFactory(sc));
HostnameVerifier hv = new HostnameVerifier() {
@Override
[2/9] git commit: updated refs/heads/4.4 to 8e58bc0
Posted by bh...@apache.org.
Error message exposes domain Id when deployVirtualMachine() is attempted on a shared network to which the user doesnot have access to.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit 0d36f2e4b520ecc85342ab8660e5547f675db12a)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/c698af22
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/c698af22
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/c698af22
Branch: refs/heads/4.4
Commit: c698af221be227f42e8ec54439a1944cc1a4de5d
Parents: 2497a7a
Author: Min Chen <mi...@citrix.com>
Authored: Wed Sep 17 15:34:12 2014 -0700
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Mar 16 15:49:21 2015 +0530
----------------------------------------------------------------------
server/src/com/cloud/acl/AffinityGroupAccessChecker.java | 9 ++++++++-
server/src/com/cloud/network/NetworkModelImpl.java | 6 +++++-
2 files changed, 13 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c698af22/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
index 7bcecf0..57f7b37 100644
--- a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
+++ b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
@@ -28,9 +28,11 @@ import org.apache.cloudstack.affinity.AffinityGroup;
import org.apache.cloudstack.affinity.AffinityGroupService;
import org.apache.cloudstack.affinity.dao.AffinityGroupDomainMapDao;
+import com.cloud.domain.DomainVO;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.user.Account;
import com.cloud.user.AccountManager;
+import com.cloud.utils.exception.CloudRuntimeException;
@Component
@Local(value = SecurityChecker.class)
@@ -58,7 +60,12 @@ public class AffinityGroupAccessChecker extends DomainChecker {
if (group.getAclType() == ACLType.Domain) {
if (!_affinityGroupService.isAffinityGroupAvailableInDomain(group.getId(), caller.getDomainId())) {
- throw new PermissionDeniedException("Affinity group is not available in domain id=" + caller.getDomainId());
+ DomainVO callerDomain = _domainDao.findById(caller.getDomainId());
+ if (callerDomain == null) {
+ throw new CloudRuntimeException("cannot check permission on account " + caller.getAccountName() + " whose domain does not exist");
+ }
+
+ throw new PermissionDeniedException("Affinity group is not available in domain id=" + callerDomain.getUuid());
} else {
return true;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c698af22/server/src/com/cloud/network/NetworkModelImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkModelImpl.java b/server/src/com/cloud/network/NetworkModelImpl.java
index 7163d7e..7d1de81 100755
--- a/server/src/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/com/cloud/network/NetworkModelImpl.java
@@ -1585,8 +1585,12 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel {
} else {
if (!isNetworkAvailableInDomain(network.getId(), owner.getDomainId())) {
+ DomainVO ownerDomain = _domainDao.findById(owner.getDomainId());
+ if (ownerDomain == null) {
+ throw new CloudRuntimeException("cannot check permission on account " + owner.getAccountName() + " whose domain does not exist");
+ }
throw new PermissionDeniedException("Shared network id=" + ((NetworkVO)network).getUuid() + " is not available in domain id=" +
- owner.getDomainId());
+ ownerDomain.getUuid());
}
}
}
[6/9] git commit: updated refs/heads/4.4 to 8e58bc0
Posted by bh...@apache.org.
Avoid logging password when adding srx device
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit 32fe64ce1bef9c496ac13f405442d30589c9b34c)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0f10d369
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0f10d369
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0f10d369
Branch: refs/heads/4.4
Commit: 0f10d3690b324a83dd2b82f7d33b3ea84e44e4e4
Parents: f68b407
Author: Jayapal <ja...@apache.org>
Authored: Fri Mar 13 13:38:23 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Mar 16 15:51:28 2015 +0530
----------------------------------------------------------------------
.../cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0f10d369/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java
----------------------------------------------------------------------
diff --git a/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java b/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java
index 45e951a..efcce12 100644
--- a/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java
+++ b/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java
@@ -61,6 +61,7 @@ import com.cloud.cluster.ManagementServerHost;
import com.cloud.utils.DateUtil;
import com.cloud.utils.Pair;
import com.cloud.utils.Predicate;
+import com.cloud.utils.StringUtils;
import com.cloud.utils.component.ComponentLifecycle;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.concurrency.NamedThreadFactory;
@@ -173,7 +174,7 @@ public class AsyncJobManagerImpl extends ManagerBase implements AsyncJobManager,
publishOnEventBus(job, "submit");
scheduleExecution(job, scheduleJobExecutionInContext);
if (s_logger.isDebugEnabled()) {
- s_logger.debug("submit async job-" + job.getId() + ", details: " + job.toString());
+ s_logger.debug("submit async job-" + job.getId() + ", details: " + StringUtils.cleanString(job.toString()));
}
return job.getId();
}
@@ -483,7 +484,7 @@ public class AsyncJobManagerImpl extends ManagerBase implements AsyncJobManager,
// execute the job
if (s_logger.isDebugEnabled()) {
- s_logger.debug("Executing " + job);
+ s_logger.debug("Executing " + StringUtils.cleanString(job.toString()));
}
if ((getAndResetPendingSignals(job) & AsyncJob.Constants.SIGNAL_MASK_WAKEUP) != 0) {
[8/9] git commit: updated refs/heads/4.4 to 8e58bc0
Posted by bh...@apache.org.
CLOUDSTACK-7348 InvalidParameter Exception while executing scale vm.
We do not throw the exceptions any more, so added info in the logs to say
what happend to this command.
Signed-off-by: Rajani Karuturi <ra...@gmail.com>
(cherry picked from commit 659edb4d9b64377a52eb587ab07039e6badb604e)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/75c17a31
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/75c17a31
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/75c17a31
Branch: refs/heads/4.4
Commit: 75c17a31e760c5b49e23c014725687f68308ebc1
Parents: b1f54db
Author: Bharat Kumar <bh...@citrix.com>
Authored: Tue Nov 11 19:34:35 2014 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Mar 16 15:52:40 2015 +0530
----------------------------------------------------------------------
server/src/com/cloud/vm/UserVmManagerImpl.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/75c17a31/server/src/com/cloud/vm/UserVmManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index 0499a90..148eaef 100755
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -1300,7 +1300,8 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
Account caller = CallContext.current().getCallingAccount();
VMInstanceVO vmInstance = _vmInstanceDao.findById(vmId);
if (vmInstance.getHypervisorType() != HypervisorType.XenServer && vmInstance.getHypervisorType() != HypervisorType.VMware) {
- throw new InvalidParameterValueException("This operation not permitted for this hypervisor of the vm");
+ s_logger.info("Scaling the VM dynamically is not supported for VMs running on Hypervisor "+vmInstance.getHypervisorType());
+ throw new InvalidParameterValueException("Scaling the VM dynamically is not supported for VMs running on Hypervisor "+vmInstance.getHypervisorType());
}
_accountMgr.checkAccess(caller, null, true, vmInstance);
[3/9] git commit: updated refs/heads/4.4 to 8e58bc0
Posted by bh...@apache.org.
CS-20680: The user's secret key is not encrypted in the UserCredentialsVO class
Changes:
-Added annotation to encrypt the secret key while persisting to the DB
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit c5754e693f0272b29fc0aa89278a30ee967f12f9)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6da3d1bd
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6da3d1bd
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6da3d1bd
Branch: refs/heads/4.4
Commit: 6da3d1bd6bad9df670e38d635ed20259a9690ac9
Parents: c698af2
Author: Prachi Damle <pr...@citrix.com>
Authored: Wed Oct 15 14:53:45 2014 -0700
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Mar 16 15:49:27 2015 +0530
----------------------------------------------------------------------
awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java | 3 +++
1 file changed, 3 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6da3d1bd/awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java
----------------------------------------------------------------------
diff --git a/awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java b/awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java
index 9a10c2e..fe009cd 100644
--- a/awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java
+++ b/awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java
@@ -23,6 +23,8 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
+import com.cloud.utils.db.Encrypt;
+
@Entity
@Table(name = "usercredentials")
public class UserCredentialsVO {
@@ -36,6 +38,7 @@ public class UserCredentialsVO {
@Column(name = "AccessKey")
private String accessKey;
+ @Encrypt
@Column(name = "SecretKey")
private String secretKey;
[9/9] git commit: updated refs/heads/4.4 to 8e58bc0
Posted by bh...@apache.org.
ElastistorUtil: remove unused imports
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/8e58bc08
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/8e58bc08
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/8e58bc08
Branch: refs/heads/4.4
Commit: 8e58bc08799da710b9ae4e2326eb624a687df6f8
Parents: 75c17a3
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Mon Mar 16 16:06:26 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Mar 16 16:06:26 2015 +0530
----------------------------------------------------------------------
.../apache/cloudstack/storage/datastore/util/ElastistorUtil.java | 2 --
1 file changed, 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8e58bc08/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
----------------------------------------------------------------------
diff --git a/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java b/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
index 552da19..a6e4477 100755
--- a/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
+++ b/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
@@ -19,7 +19,6 @@
package org.apache.cloudstack.storage.datastore.util;
-import com.cloud.agent.api.Answer;
import com.cloud.utils.exception.CloudRuntimeException;
import com.google.gson.Gson;
import com.google.gson.annotations.SerializedName;
@@ -29,7 +28,6 @@ import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.ClientConfig;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.core.util.MultivaluedMapImpl;
-import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.cloudstack.utils.security.SSLUtils;
import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
import org.apache.http.auth.InvalidCredentialsException;
[5/9] git commit: updated refs/heads/4.4 to 8e58bc0
Posted by bh...@apache.org.
CS-17504: Weak SSL ciphers supported by the management server
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit f947fad197f8ffde51231dc80733cf16aa2f1fa1)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Conflicts:
packaging/centos63/cloud.spec
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/f68b4072
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/f68b4072
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/f68b4072
Branch: refs/heads/4.4
Commit: f68b407283356dd57241af3679171e3e5b0fea82
Parents: 84c6cc3
Author: Harikrishna Patnala <ha...@citrix.com>
Authored: Tue Nov 4 17:47:04 2014 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Mar 16 15:50:26 2015 +0530
----------------------------------------------------------------------
client/tomcatconf/java.security.ciphers.in | 18 ++++++++++++++++++
client/tomcatconf/tomcat6-nonssl.conf.in | 2 +-
client/tomcatconf/tomcat6-ssl.conf.in | 2 +-
debian/cloudstack-management.install | 1 +
packaging/centos63/cloud.spec | 1 +
5 files changed, 22 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f68b4072/client/tomcatconf/java.security.ciphers.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/java.security.ciphers.in b/client/tomcatconf/java.security.ciphers.in
new file mode 100644
index 0000000..986abf6
--- /dev/null
+++ b/client/tomcatconf/java.security.ciphers.in
@@ -0,0 +1,18 @@
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements. See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership. The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing,
+ # software distributed under the License is distributed on an
+ # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ # KIND, either express or implied. See the License for the
+ # specific language governing permissions and limitations
+ # under the License.
+
+jdk.tls.disabledAlgorithms=DH keySize < 128, RSA keySize < 128, DES keySize < 128, SHA1 keySize < 128, MD5 keySize < 128, RC4
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f68b4072/client/tomcatconf/tomcat6-nonssl.conf.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/tomcat6-nonssl.conf.in b/client/tomcatconf/tomcat6-nonssl.conf.in
index 5ce724c..3f08c90 100644
--- a/client/tomcatconf/tomcat6-nonssl.conf.in
+++ b/client/tomcatconf/tomcat6-nonssl.conf.in
@@ -41,7 +41,7 @@ CATALINA_TMPDIR="@MSENVIRON@/temp"
# Use JAVA_OPTS to set java.library.path for libtcnative.so
#JAVA_OPTS="-Djava.library.path=/usr/lib64"
-JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:PermSize=512M -XX:MaxPermSize=800m"
+JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:PermSize=512M -XX:MaxPermSize=800m -Djava.security.properties=/etc/cloudstack/management/java.security.ciphers"
# What user should run tomcat
TOMCAT_USER="@MSUSER@"
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f68b4072/client/tomcatconf/tomcat6-ssl.conf.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/tomcat6-ssl.conf.in b/client/tomcatconf/tomcat6-ssl.conf.in
index c967a98..e7c53ac 100644
--- a/client/tomcatconf/tomcat6-ssl.conf.in
+++ b/client/tomcatconf/tomcat6-ssl.conf.in
@@ -40,7 +40,7 @@ CATALINA_TMPDIR="@MSENVIRON@/temp"
# Use JAVA_OPTS to set java.library.path for libtcnative.so
#JAVA_OPTS="-Djava.library.path=/usr/lib64"
-JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Djavax.net.ssl.trustStore=/etc/cloudstack/management/cloudmanagementserver.keystore -Djavax.net.ssl.trustStorePassword=vmops.com -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:MaxPermSize=800m -XX:PermSize=512M"
+JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Djavax.net.ssl.trustStore=/etc/cloudstack/management/cloudmanagementserver.keystore -Djavax.net.ssl.trustStorePassword=vmops.com -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:MaxPermSize=800m -XX:PermSize=512M -Djava.security.properties=/etc/cloudstack/management/java.security.ciphers"
# What user should run tomcat
TOMCAT_USER="@MSUSER@"
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f68b4072/debian/cloudstack-management.install
----------------------------------------------------------------------
diff --git a/debian/cloudstack-management.install b/debian/cloudstack-management.install
index ea3f93b..4e016df 100644
--- a/debian/cloudstack-management.install
+++ b/debian/cloudstack-management.install
@@ -30,6 +30,7 @@
/etc/cloudstack/management/tomcat6.conf
/etc/cloudstack/management/web.xml
/etc/cloudstack/management/environment.properties
+/etc/cloudstack/management/java.security.ciphers
/etc/cloudstack/management/log4j-cloud.xml
/etc/cloudstack/management/tomcat-users.xml
/etc/cloudstack/management/context.xml
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f68b4072/packaging/centos63/cloud.spec
----------------------------------------------------------------------
diff --git a/packaging/centos63/cloud.spec b/packaging/centos63/cloud.spec
index 3196d9d..e65b1fa 100644
--- a/packaging/centos63/cloud.spec
+++ b/packaging/centos63/cloud.spec
@@ -280,6 +280,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/cl
for name in db.properties log4j-cloud.xml tomcat6-nonssl.conf tomcat6-ssl.conf server-ssl.xml server-nonssl.xml \
catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties ; do
+ catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties java.security.ciphers; do
mv ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/$name \
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/$name
done
[4/9] git commit: updated refs/heads/4.4 to 8e58bc0
Posted by bh...@apache.org.
CS-19734:Session cookie is exposed to scripts.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit 0b5b9c91e451d069c501a08a34523eccd22dff05)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/84c6cc36
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/84c6cc36
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/84c6cc36
Branch: refs/heads/4.4
Commit: 84c6cc361b82088daa1e66662440fa1a66979746
Parents: 6da3d1b
Author: Min Chen <mi...@citrix.com>
Authored: Fri Jul 18 12:08:07 2014 -0700
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Mar 16 15:49:33 2015 +0530
----------------------------------------------------------------------
client/tomcatconf/context.xml.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/84c6cc36/client/tomcatconf/context.xml.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/context.xml.in b/client/tomcatconf/context.xml.in
index 9913dd1..a78215c 100644
--- a/client/tomcatconf/context.xml.in
+++ b/client/tomcatconf/context.xml.in
@@ -16,7 +16,7 @@
limitations under the License.
-->
<!-- The contents of this file will be loaded for each web application -->
-<Context allowLinking="true">
+<Context allowLinking="true" useHttpOnly="true">
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>