You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ra...@apache.org on 2014/11/05 11:44:58 UTC
[04/50] [abbrv] git commit: updated refs/heads/master to 4c5f792
CLOUDSTACK-7814: Fix default passphrase for keystores
In upgrade case, the db.properties file is not changed, but the following commit
would require passphrase for keystore in it, thus result in error(NPE in fact
due to there is no such properity).
commit 918c320438980f070150f872e3a3ba907572af83
Author: Upendra Moturi <up...@sungard.com>
Date: Fri Jun 20 11:41:58 2014 +0530
CLOUDSTACK-6847.Link.java and console proxy files have hardcoded value
This commit fix it by put default value for passphrases, also set correct
passphrase if fail-safe keystore is used.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/865b2e67
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/865b2e67
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/865b2e67
Branch: refs/heads/master
Commit: 865b2e6791a37371fff4c43c974c90f44d24c418
Parents: 4929625
Author: Sheng Yang <sh...@citrix.com>
Authored: Mon Oct 27 18:59:55 2014 -0700
Committer: Sheng Yang <sh...@citrix.com>
Committed: Tue Oct 28 16:29:29 2014 -0700
----------------------------------------------------------------------
.../ConsoleProxySecureServerFactoryImpl.java | 32 ++++++++++----------
utils/src/com/cloud/utils/nio/Link.java | 9 ++++--
2 files changed, 22 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/865b2e67/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
----------------------------------------------------------------------
diff --git a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
index 7af4c7b..75d23b1 100644
--- a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
+++ b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
@@ -16,12 +16,12 @@
// under the License.
package com.cloud.consoleproxy;
-import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.security.KeyStore;
-import java.util.Properties;
+import com.cloud.utils.db.DbProperties;
+import com.sun.net.httpserver.HttpServer;
+import com.sun.net.httpserver.HttpsConfigurator;
+import com.sun.net.httpserver.HttpsParameters;
+import com.sun.net.httpserver.HttpsServer;
+import org.apache.log4j.Logger;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
@@ -29,14 +29,11 @@ import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManagerFactory;
-
-import org.apache.log4j.Logger;
-
-import com.cloud.utils.db.DbProperties;
-import com.sun.net.httpserver.HttpServer;
-import com.sun.net.httpserver.HttpsConfigurator;
-import com.sun.net.httpserver.HttpsParameters;
-import com.sun.net.httpserver.HttpsServer;
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.security.KeyStore;
public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFactory {
private static final Logger s_logger = Logger.getLogger(ConsoleProxySecureServerFactoryImpl.class);
@@ -54,8 +51,11 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa
try {
s_logger.info("Initializing SSL from built-in default certificate");
- final Properties dbProps = DbProperties.getDbProperties();
- char[] passphrase = dbProps.getProperty("db.cloud.keyStorePassphrase").toCharArray();
+ final String pass = DbProperties.getDbProperties().getProperty("db.cloud.keyStorePassphrase");
+ char[] passphrase = "vmops.com".toCharArray();
+ if (pass != null) {
+ passphrase = pass.toCharArray();
+ }
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("certs/realhostip.keystore"), passphrase);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/865b2e67/utils/src/com/cloud/utils/nio/Link.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/nio/Link.java b/utils/src/com/cloud/utils/nio/Link.java
index c295caf..a15b8a4 100755
--- a/utils/src/com/cloud/utils/nio/Link.java
+++ b/utils/src/com/cloud/utils/nio/Link.java
@@ -33,7 +33,6 @@ import java.nio.channels.SelectionKey;
import java.nio.channels.SocketChannel;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
-import java.util.Properties;
import java.util.concurrent.ConcurrentLinkedQueue;
import javax.net.ssl.KeyManagerFactory;
@@ -418,8 +417,11 @@ public class Link {
File confFile = PropertiesUtil.findConfigFile("db.properties");
if (null != confFile && !isClient) {
- final Properties dbProps = DbProperties.getDbProperties();
- char[] passphrase = dbProps.getProperty("db.cloud.keyStorePassphrase").toCharArray();
+ final String pass = DbProperties.getDbProperties().getProperty("db.cloud.keyStorePassphrase");
+ char[] passphrase = "vmops.com".toCharArray();
+ if (pass != null) {
+ passphrase = pass.toCharArray();
+ }
String confPath = confFile.getParent();
String keystorePath = confPath + keystoreFile;
if (new File(keystorePath).exists()) {
@@ -427,6 +429,7 @@ public class Link {
} else {
s_logger.warn("SSL: Fail to find the generated keystore. Loading fail-safe one to continue.");
stream = NioConnection.class.getResourceAsStream("/cloud.keystore");
+ passphrase = "vmops.com".toCharArray();
}
ks.load(stream, passphrase);
stream.close();