You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by de...@apache.org on 2014/01/16 10:12:27 UTC
git commit: updated refs/heads/4.3 to ab0a068
Updated Branches:
refs/heads/4.3 9ed4ab731 -> ab0a068d9
CLOUDSTACK-5880: Communication between management server and hyper-v agent should be secure.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ab0a068d
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ab0a068d
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ab0a068d
Branch: refs/heads/4.3
Commit: ab0a068d9f8f5601b804661929b1f4245ea5cf4e
Parents: 9ed4ab7
Author: Anshul Gangwar <an...@citrix.com>
Authored: Fri Jan 10 17:18:35 2014 +0530
Committer: Devdeep Singh <de...@gmail.com>
Committed: Thu Jan 16 14:42:24 2014 +0530
----------------------------------------------------------------------
.../ServerResource/AgentShell/AgentService.cs | 2 +-
.../resource/HypervDirectConnectResource.java | 48 ++++++++++++++++++--
2 files changed, 44 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ab0a068d/plugins/hypervisors/hyperv/DotNet/ServerResource/AgentShell/AgentService.cs
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/hyperv/DotNet/ServerResource/AgentShell/AgentService.cs b/plugins/hypervisors/hyperv/DotNet/ServerResource/AgentShell/AgentService.cs
index e187097..9d66a5c 100644
--- a/plugins/hypervisors/hyperv/DotNet/ServerResource/AgentShell/AgentService.cs
+++ b/plugins/hypervisors/hyperv/DotNet/ServerResource/AgentShell/AgentService.cs
@@ -47,7 +47,7 @@ namespace CloudStack.Plugin.AgentShell
logger.Info("Starting CloudStack agent");
InitializeComponent();
- UriBuilder baseUri = new UriBuilder("http", AgentSettings.Default.private_ip_address, AgentSettings.Default.port);
+ UriBuilder baseUri = new UriBuilder("https", AgentSettings.Default.private_ip_address, AgentSettings.Default.port);
var config = new HttpSelfHostConfiguration(baseUri.Uri);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ab0a068d/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java b/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java
index bb78fce..1edfea3 100644
--- a/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java
+++ b/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java
@@ -25,6 +25,12 @@ import java.net.URISyntaxException;
import java.net.URL;
import java.nio.channels.SocketChannel;
import java.rmi.RemoteException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -40,11 +46,20 @@ import org.apache.http.HttpStatus;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
+import org.apache.http.conn.ClientConnectionManager;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.scheme.SchemeRegistry;
+import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.conn.BasicClientConnectionManager;
import org.apache.http.util.EntityUtils;
import org.apache.log4j.Logger;
+import com.google.gson.Gson;
+
import com.cloud.agent.api.Answer;
import com.cloud.agent.api.CheckRouterAnswer;
import com.cloud.agent.api.CheckRouterCommand;
@@ -115,7 +130,6 @@ import com.cloud.utils.net.NetUtils;
import com.cloud.utils.ssh.SshHelper;
import com.cloud.vm.VirtualMachine;
import com.cloud.vm.VirtualMachineName;
-import com.google.gson.Gson;
/**
* Implementation of dummy resource to be returned from discoverer.
@@ -131,7 +145,7 @@ public class HypervDirectConnectResource extends ServerResourceBase implements S
private String _clusterId;
private String _guid;
private String _agentIp;
- private int _port = DEFAULT_AGENT_PORT;
+ private final int _port = DEFAULT_AGENT_PORT;
protected final long _ops_timeout = 900000; // 15 minutes time out to time
protected final int _retry = 24;
@@ -340,7 +354,7 @@ public class HypervDirectConnectResource extends ServerResourceBase implements S
try {
String cmdName = StartupCommand.class.getName();
agentUri =
- new URI("http", null, _agentIp, _port,
+ new URI("https", null, _agentIp, _port,
"/api/HypervResource/" + cmdName, null, null);
} catch (URISyntaxException e) {
// TODO add proper logging
@@ -380,7 +394,7 @@ public class HypervDirectConnectResource extends ServerResourceBase implements S
try {
String cmdName = cmd.getClass().getName();
agentUri =
- new URI("http", null, _agentIp, _port,
+ new URI("https", null, _agentIp, _port,
"/api/HypervResource/" + cmdName, null, null);
} catch (URISyntaxException e) {
// TODO add proper logging
@@ -1731,7 +1745,31 @@ public class HypervDirectConnectResource extends ServerResourceBase implements S
+ " with contents" + jsonCmd);
// Create request
- HttpClient httpClient = new DefaultHttpClient();
+ HttpClient httpClient = null;
+ TrustStrategy easyStrategy = new TrustStrategy() {
+ @Override
+ public boolean isTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException {
+ return true;
+ }
+ };
+
+ try {
+ SSLSocketFactory sf = new SSLSocketFactory(easyStrategy, new AllowAllHostnameVerifier());
+ SchemeRegistry registry = new SchemeRegistry();
+ registry.register(new Scheme("https", DEFAULT_AGENT_PORT, sf));
+ ClientConnectionManager ccm = new BasicClientConnectionManager(registry);
+ httpClient = new DefaultHttpClient(ccm);
+ } catch (KeyManagementException e) {
+ s_logger.error("failed to initialize http client " + e.getMessage());
+ } catch (UnrecoverableKeyException e) {
+ s_logger.error("failed to initialize http client " + e.getMessage());
+ } catch (NoSuchAlgorithmException e) {
+ s_logger.error("failed to initialize http client " + e.getMessage());
+ } catch (KeyStoreException e) {
+ s_logger.error("failed to initialize http client " + e.getMessage());
+ }
+
String result = null;
// TODO: are there timeout settings and worker thread settings to tweak?