You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by de...@apache.org on 2014/01/16 10:12:27 UTC

git commit: updated refs/heads/4.3 to ab0a068

Updated Branches:
  refs/heads/4.3 9ed4ab731 -> ab0a068d9


CLOUDSTACK-5880: Communication between management server and hyper-v agent should be secure.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ab0a068d
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ab0a068d
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ab0a068d

Branch: refs/heads/4.3
Commit: ab0a068d9f8f5601b804661929b1f4245ea5cf4e
Parents: 9ed4ab7
Author: Anshul Gangwar <an...@citrix.com>
Authored: Fri Jan 10 17:18:35 2014 +0530
Committer: Devdeep Singh <de...@gmail.com>
Committed: Thu Jan 16 14:42:24 2014 +0530

----------------------------------------------------------------------
 .../ServerResource/AgentShell/AgentService.cs   |  2 +-
 .../resource/HypervDirectConnectResource.java   | 48 ++++++++++++++++++--
 2 files changed, 44 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ab0a068d/plugins/hypervisors/hyperv/DotNet/ServerResource/AgentShell/AgentService.cs
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/hyperv/DotNet/ServerResource/AgentShell/AgentService.cs b/plugins/hypervisors/hyperv/DotNet/ServerResource/AgentShell/AgentService.cs
index e187097..9d66a5c 100644
--- a/plugins/hypervisors/hyperv/DotNet/ServerResource/AgentShell/AgentService.cs
+++ b/plugins/hypervisors/hyperv/DotNet/ServerResource/AgentShell/AgentService.cs
@@ -47,7 +47,7 @@ namespace CloudStack.Plugin.AgentShell
             logger.Info("Starting CloudStack agent");
             InitializeComponent();
 
-            UriBuilder baseUri = new UriBuilder("http", AgentSettings.Default.private_ip_address, AgentSettings.Default.port);
+            UriBuilder baseUri = new UriBuilder("https", AgentSettings.Default.private_ip_address, AgentSettings.Default.port);
 
             var config = new HttpSelfHostConfiguration(baseUri.Uri);
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ab0a068d/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java b/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java
index bb78fce..1edfea3 100644
--- a/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java
+++ b/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java
@@ -25,6 +25,12 @@ import java.net.URISyntaxException;
 import java.net.URL;
 import java.nio.channels.SocketChannel;
 import java.rmi.RemoteException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -40,11 +46,20 @@ import org.apache.http.HttpStatus;
 import org.apache.http.client.ClientProtocolException;
 import org.apache.http.client.HttpClient;
 import org.apache.http.client.methods.HttpPost;
+import org.apache.http.conn.ClientConnectionManager;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.scheme.SchemeRegistry;
+import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.conn.ssl.TrustStrategy;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.conn.BasicClientConnectionManager;
 import org.apache.http.util.EntityUtils;
 import org.apache.log4j.Logger;
 
+import com.google.gson.Gson;
+
 import com.cloud.agent.api.Answer;
 import com.cloud.agent.api.CheckRouterAnswer;
 import com.cloud.agent.api.CheckRouterCommand;
@@ -115,7 +130,6 @@ import com.cloud.utils.net.NetUtils;
 import com.cloud.utils.ssh.SshHelper;
 import com.cloud.vm.VirtualMachine;
 import com.cloud.vm.VirtualMachineName;
-import com.google.gson.Gson;
 
 /**
  * Implementation of dummy resource to be returned from discoverer.
@@ -131,7 +145,7 @@ public class HypervDirectConnectResource extends ServerResourceBase implements S
     private String _clusterId;
     private String _guid;
     private String _agentIp;
-    private int _port = DEFAULT_AGENT_PORT;
+    private final int _port = DEFAULT_AGENT_PORT;
     protected final long _ops_timeout = 900000;  // 15 minutes time out to time
 
     protected final int _retry = 24;
@@ -340,7 +354,7 @@ public class HypervDirectConnectResource extends ServerResourceBase implements S
         try {
             String cmdName = StartupCommand.class.getName();
             agentUri =
-                    new URI("http", null, _agentIp, _port,
+                    new URI("https", null, _agentIp, _port,
                             "/api/HypervResource/" + cmdName, null, null);
         } catch (URISyntaxException e) {
             // TODO add proper logging
@@ -380,7 +394,7 @@ public class HypervDirectConnectResource extends ServerResourceBase implements S
         try {
             String cmdName = cmd.getClass().getName();
             agentUri =
-                    new URI("http", null, _agentIp, _port,
+                    new URI("https", null, _agentIp, _port,
                             "/api/HypervResource/" + cmdName, null, null);
         } catch (URISyntaxException e) {
             // TODO add proper logging
@@ -1731,7 +1745,31 @@ public class HypervDirectConnectResource extends ServerResourceBase implements S
                 + " with contents" + jsonCmd);
 
         // Create request
-        HttpClient httpClient = new DefaultHttpClient();
+        HttpClient httpClient = null;
+        TrustStrategy easyStrategy = new TrustStrategy() {
+            @Override
+            public boolean isTrusted(X509Certificate[] chain, String authType)
+                    throws CertificateException {
+                return true;
+            }
+        };
+
+        try {
+            SSLSocketFactory sf = new SSLSocketFactory(easyStrategy, new AllowAllHostnameVerifier());
+            SchemeRegistry registry = new SchemeRegistry();
+            registry.register(new Scheme("https", DEFAULT_AGENT_PORT, sf));
+            ClientConnectionManager ccm = new BasicClientConnectionManager(registry);
+            httpClient = new DefaultHttpClient(ccm);
+        } catch (KeyManagementException e) {
+            s_logger.error("failed to initialize http client " + e.getMessage());
+        } catch (UnrecoverableKeyException e) {
+            s_logger.error("failed to initialize http client " + e.getMessage());
+        } catch (NoSuchAlgorithmException e) {
+            s_logger.error("failed to initialize http client " + e.getMessage());
+        } catch (KeyStoreException e) {
+            s_logger.error("failed to initialize http client " + e.getMessage());
+        }
+
         String result = null;
 
         // TODO: are there timeout settings and worker thread settings to tweak?