You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/01/13 22:12:49 UTC
[1/2] git commit: updated refs/heads/4.5 to 921ad05
Repository: cloudstack
Updated Branches:
refs/heads/4.5 2ed76b2a5 -> 921ad057d
CLOUDSTACK-8155: Remove unwanted whitespaces from json response
This removes extra whitespaces from the JSON serialized response.
After the fix, tested to work with:
- Present UI
- CloudMonkey
- Old buggy json parsers
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/921ad057
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/921ad057
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/921ad057
Branch: refs/heads/4.5
Commit: 921ad057def3015cda9d9f5861c9be29a88b148e
Parents: 6bec698
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Wed Jan 14 02:33:34 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Wed Jan 14 02:40:00 2015 +0530
----------------------------------------------------------------------
.../api/response/ApiResponseSerializer.java | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/921ad057/server/src/com/cloud/api/response/ApiResponseSerializer.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/response/ApiResponseSerializer.java b/server/src/com/cloud/api/response/ApiResponseSerializer.java
index a32bd56..19d2671 100644
--- a/server/src/com/cloud/api/response/ApiResponseSerializer.java
+++ b/server/src/com/cloud/api/response/ApiResponseSerializer.java
@@ -79,13 +79,13 @@ public class ApiResponseSerializer {
StringBuilder sb = new StringBuilder();
- sb.append("{ \"").append(result.getResponseName()).append("\" : ");
+ sb.append("{\"").append(result.getResponseName()).append("\":");
if (result instanceof ListResponse) {
List<? extends ResponseObject> responses = ((ListResponse)result).getResponses();
Integer count = ((ListResponse)result).getCount();
boolean nonZeroCount = (count != null && count.longValue() != 0);
if (nonZeroCount) {
- sb.append("{ \"").append(ApiConstants.COUNT).append("\":").append(count);
+ sb.append("{\"").append(ApiConstants.COUNT).append("\":").append(count);
}
if ((responses != null) && !responses.isEmpty()) {
@@ -93,24 +93,24 @@ public class ApiResponseSerializer {
jsonStr = unescape(jsonStr);
if (nonZeroCount) {
- sb.append(" ,\"").append(responses.get(0).getObjectName()).append("\" : [ ").append(jsonStr);
+ sb.append(",\"").append(responses.get(0).getObjectName()).append("\":[").append(jsonStr);
}
for (int i = 1; i < ((ListResponse)result).getResponses().size(); i++) {
jsonStr = gson.toJson(responses.get(i));
jsonStr = unescape(jsonStr);
- sb.append(", ").append(jsonStr);
+ sb.append(",").append(jsonStr);
}
- sb.append(" ] }");
+ sb.append("]}");
} else {
if (!nonZeroCount) {
sb.append("{");
}
- sb.append(" }");
+ sb.append("}");
}
} else if (result instanceof SuccessResponse) {
- sb.append("{ \"success\" : \"").append(((SuccessResponse)result).getSuccess()).append("\"} ");
+ sb.append("{\"success\":\"").append(((SuccessResponse)result).getSuccess()).append("\"}");
} else if (result instanceof ExceptionResponse) {
String jsonErrorText = gson.toJson(result);
jsonErrorText = unescape(jsonErrorText);
@@ -122,13 +122,13 @@ public class ApiResponseSerializer {
if (result instanceof AsyncJobResponse || result instanceof CreateCmdResponse || result instanceof AuthenticationCmdResponse) {
sb.append(jsonStr);
} else {
- sb.append(" { \"").append(result.getObjectName()).append("\" : ").append(jsonStr).append(" } ");
+ sb.append("{\"").append(result.getObjectName()).append("\":").append(jsonStr).append("}");
}
} else {
- sb.append("{ }");
+ sb.append("{}");
}
}
- sb.append(" }");
+ sb.append("}");
return sb.toString();
}
return null;
[2/2] git commit: updated refs/heads/4.5 to 921ad05
Posted by bh...@apache.org.
CLOUDSTACK-8037: Require signed AuthnRequest, adds more security
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6bec6984
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6bec6984
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6bec6984
Branch: refs/heads/4.5
Commit: 6bec69844d196e9b66fffa54f6998d8e45fc27e8
Parents: 2ed76b2
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Wed Jan 14 02:19:10 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Wed Jan 14 02:40:00 2015 +0530
----------------------------------------------------------------------
.../api/command/GetServiceProviderMetaDataCmd.java | 12 ++++++++++--
.../org/apache/cloudstack/saml/SAML2AuthManager.java | 2 +-
.../apache/cloudstack/saml/SAML2AuthManagerImpl.java | 5 ++++-
.../src/org/apache/cloudstack/utils/auth/SAMLUtils.java | 8 ++++----
4 files changed, 19 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6bec6984/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmd.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmd.java
index 194d94f..995405d 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmd.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmd.java
@@ -121,7 +121,7 @@ public class GetServiceProviderMetaDataCmd extends BaseCmd implements APIAuthent
SPSSODescriptor spSSODescriptor = new SPSSODescriptorBuilder().buildObject();
spSSODescriptor.setWantAssertionsSigned(true);
- spSSODescriptor.setAuthnRequestsSigned(false);
+ spSSODescriptor.setAuthnRequestsSigned(true);
X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
keyInfoGeneratorFactory.setEmitEntityCertificate(true);
@@ -134,7 +134,7 @@ public class GetServiceProviderMetaDataCmd extends BaseCmd implements APIAuthent
signKeyDescriptor.setUse(UsageType.SIGNING);
BasicX509Credential credential = new BasicX509Credential();
- credential.setEntityCertificate(_samlAuthManager.getSpX509Key());
+ credential.setEntityCertificate(_samlAuthManager.getSpX509Certificate());
try {
encKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(credential));
signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(credential));
@@ -148,6 +148,14 @@ public class GetServiceProviderMetaDataCmd extends BaseCmd implements APIAuthent
nameIDFormat.setFormat(NameIDType.PERSISTENT);
spSSODescriptor.getNameIDFormats().add(nameIDFormat);
+ NameIDFormat emailNameIDFormat = new NameIDFormatBuilder().buildObject();
+ emailNameIDFormat.setFormat(NameIDType.EMAIL);
+ spSSODescriptor.getNameIDFormats().add(emailNameIDFormat);
+
+ NameIDFormat transientNameIDFormat = new NameIDFormatBuilder().buildObject();
+ transientNameIDFormat.setFormat(NameIDType.TRANSIENT);
+ spSSODescriptor.getNameIDFormats().add(transientNameIDFormat);
+
AssertionConsumerService assertionConsumerService = new AssertionConsumerServiceBuilder().buildObject();
assertionConsumerService.setIndex(0);
assertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6bec6984/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
index 3ee7522..9c0d4b4 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
@@ -28,7 +28,7 @@ public interface SAML2AuthManager extends PluggableAPIAuthenticator {
public X509Certificate getIdpSigningKey();
public X509Certificate getIdpEncryptionKey();
- public X509Certificate getSpX509Key();
+ public X509Certificate getSpX509Certificate();
public KeyPair getSpKeyPair();
public String getSpSingleSignOnUrl();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6bec6984/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
index f175081..36c9da5 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
@@ -202,6 +202,9 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
s_logger.error("SAML2 Authentication may be unavailable");
} catch (ConfigurationException | FactoryConfigurationError e) {
s_logger.error("OpenSAML bootstrapping failed: error: " + e.getMessage());
+ } catch (NullPointerException e) {
+ s_logger.error("Unable to setup SAML Auth Plugin due to NullPointerException" +
+ " please check the SAML IDP metadata URL and entity ID in global settings: " + e.getMessage());
}
if (this.idpSingleLogOutUrl == null || this.idpSingleSignOnUrl == null) {
@@ -259,7 +262,7 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
return Boolean.valueOf(_configDao.getValue(Config.SAMLIsPluginEnabled.key()));
}
- public X509Certificate getSpX509Key() {
+ public X509Certificate getSpX509Certificate() {
return spX509Key;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6bec6984/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
index bb4af3a..c75422f 100644
--- a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
@@ -148,7 +148,7 @@ public class SAMLUtils {
RequestedAuthnContextBuilder requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
requestedAuthnContext
- .setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
+ .setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
requestedAuthnContext.getAuthnContextClassRefs().add(
authnContextClassRef);
@@ -166,7 +166,7 @@ public class SAMLUtils {
authnRequest.setAssertionConsumerServiceURL(consumerUrl);
authnRequest.setProviderName(spId);
authnRequest.setNameIDPolicy(nameIdPolicy);
- //authnRequest.setRequestedAuthnContext(requestedAuthnContext);
+ authnRequest.setRequestedAuthnContext(requestedAuthnContext);
return authnRequest;
}
@@ -315,8 +315,8 @@ public class SAMLUtils {
public static X509Certificate generateRandomX509Certificate(KeyPair keyPair) throws NoSuchAlgorithmException, NoSuchProviderException, CertificateEncodingException, SignatureException, InvalidKeyException {
Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
- Date validityEndDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000);
- X500Principal dnName = new X500Principal("CN=Apache CloudStack");
+ Date validityEndDate = new Date(System.currentTimeMillis() + 3 * 365 * 24 * 60 * 60 * 1000);
+ X500Principal dnName = new X500Principal("CN=ApacheCloudStack");
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setSubjectDN(dnName);