You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ah...@apache.org on 2014/01/10 01:48:36 UTC
[1/4] Moved security out into its own jar. Will be adding more to it.
Fixed a few white space issues brought up by checkstyle in eclipse.
Updated Branches:
refs/heads/master 64b8d1044 -> bc1eec9f7
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/usage/test/resources/cloud3.xml
----------------------------------------------------------------------
diff --git a/usage/test/resources/cloud3.xml b/usage/test/resources/cloud3.xml
index 4188c1c..a4687ff 100644
--- a/usage/test/resources/cloud3.xml
+++ b/usage/test/resources/cloud3.xml
@@ -1,11 +1,11 @@
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
- license agreements. See the NOTICE file distributed with this work for additional
- information regarding copyright ownership. The ASF licenses this file to you under
- the Apache License, Version 2.0 (the "License"); you may not use this file except
- in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software distributed under
- the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
- OF ANY KIND, either express or implied. See the License for the specific language
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to you under
+ the Apache License, Version 2.0 (the "License"); you may not use this file except
+ in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software distributed under
+ the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific language
governing permissions and limitations under the License. -->
<!-- cloud -->
<dataset>
[3/4] git commit: updated refs/heads/master to bc1eec9
Posted by ah...@apache.org.
Changed the package to name to org.apache.cloudstack
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/5fb6edd6
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/5fb6edd6
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/5fb6edd6
Branch: refs/heads/master
Commit: 5fb6edd68495437973f37fab523a74333b737063
Parents: ae8560b
Author: Alex Huang <al...@citrix.com>
Authored: Thu Jan 9 16:12:06 2014 -0800
Committer: Alex Huang <al...@citrix.com>
Committed: Thu Jan 9 16:12:26 2014 -0800
----------------------------------------------------------------------
.../cloud/agent/api/SecStorageSetupCommand.java | 3 +-
.../spring-framework-security-core-context.xml | 3 +-
.../src/com/cloud/keystore/KeystoreDao.java | 31 ----
.../src/com/cloud/keystore/KeystoreDaoImpl.java | 121 ---------------
.../src/com/cloud/keystore/KeystoreManager.java | 64 --------
.../com/cloud/keystore/KeystoreManagerImpl.java | 154 -------------------
.../src/com/cloud/keystore/KeystoreVO.java | 102 ------------
.../security/keystore/KeystoreDao.java | 31 ++++
.../security/keystore/KeystoreDaoImpl.java | 121 +++++++++++++++
.../security/keystore/KeystoreManager.java | 64 ++++++++
.../security/keystore/KeystoreManagerImpl.java | 154 +++++++++++++++++++
.../framework/security/keystore/KeystoreVO.java | 102 ++++++++++++
.../AgentBasedConsoleProxyManager.java | 2 +-
.../com/cloud/consoleproxy/AgentHookBase.java | 2 +-
.../consoleproxy/ConsoleProxyManagerImpl.java | 6 +-
.../consoleproxy/StaticConsoleProxyManager.java | 4 +-
.../com/cloud/server/ManagementServerImpl.java | 2 +-
.../secondary/SecondaryStorageManagerImpl.java | 2 +-
.../resource/NfsSecondaryStorageResource.java | 2 +-
19 files changed, 485 insertions(+), 485 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/core/src/com/cloud/agent/api/SecStorageSetupCommand.java
----------------------------------------------------------------------
diff --git a/core/src/com/cloud/agent/api/SecStorageSetupCommand.java b/core/src/com/cloud/agent/api/SecStorageSetupCommand.java
index aafb1de..1871032 100644
--- a/core/src/com/cloud/agent/api/SecStorageSetupCommand.java
+++ b/core/src/com/cloud/agent/api/SecStorageSetupCommand.java
@@ -16,8 +16,9 @@
// under the License.
package com.cloud.agent.api;
+import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
+
import com.cloud.agent.api.to.DataStoreTO;
-import com.cloud.keystore.KeystoreManager;
public class SecStorageSetupCommand extends Command {
private DataStoreTO store;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
----------------------------------------------------------------------
diff --git a/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml b/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
index 38b4bd0..29aad7e 100644
--- a/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
+++ b/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
@@ -26,6 +26,5 @@
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd"
>
- <bean id="keystoreManagerImpl" class="com.cloud.keystore.KeystoreManagerImpl" />
-
+ <bean id="keystoreManagerImpl" class="org.apache.cloudstack.framework.security.KeystoreManagerImpl" />
</beans>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/com/cloud/keystore/KeystoreDao.java
----------------------------------------------------------------------
diff --git a/framework/security/src/com/cloud/keystore/KeystoreDao.java b/framework/security/src/com/cloud/keystore/KeystoreDao.java
deleted file mode 100644
index 333eb24..0000000
--- a/framework/security/src/com/cloud/keystore/KeystoreDao.java
+++ /dev/null
@@ -1,31 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.keystore;
-
-import java.util.List;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface KeystoreDao extends GenericDao<KeystoreVO, Long> {
- KeystoreVO findByName(String name);
-
- void save(String name, String certificate, String key, String domainSuffix);
-
- void save(String alias, String certificate, Integer index, String domainSuffix);
-
- List<KeystoreVO> findCertChain();
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/com/cloud/keystore/KeystoreDaoImpl.java
----------------------------------------------------------------------
diff --git a/framework/security/src/com/cloud/keystore/KeystoreDaoImpl.java b/framework/security/src/com/cloud/keystore/KeystoreDaoImpl.java
deleted file mode 100644
index 6c51a26..0000000
--- a/framework/security/src/com/cloud/keystore/KeystoreDaoImpl.java
+++ /dev/null
@@ -1,121 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.keystore;
-
-import java.sql.PreparedStatement;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.List;
-
-import javax.ejb.Local;
-
-import org.springframework.stereotype.Component;
-
-import com.cloud.utils.db.DB;
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-import com.cloud.utils.db.SearchCriteria.Op;
-import com.cloud.utils.db.TransactionLegacy;
-import com.cloud.utils.exception.CloudRuntimeException;
-
-@Component
-@Local(value = {KeystoreDao.class})
-public class KeystoreDaoImpl extends GenericDaoBase<KeystoreVO, Long> implements KeystoreDao {
- protected final SearchBuilder<KeystoreVO> FindByNameSearch;
- protected final SearchBuilder<KeystoreVO> CertChainSearch;
-
- public KeystoreDaoImpl() {
- FindByNameSearch = createSearchBuilder();
- FindByNameSearch.and("name", FindByNameSearch.entity().getName(), Op.EQ);
- FindByNameSearch.done();
-
- CertChainSearch = createSearchBuilder();
- CertChainSearch.and("key", CertChainSearch.entity().getKey(), Op.NULL);
- CertChainSearch.done();
- }
-
- @Override
- public List<KeystoreVO> findCertChain() {
- SearchCriteria<KeystoreVO> sc = CertChainSearch.create();
- List<KeystoreVO> ks = listBy(sc);
- Collections.sort(ks, new Comparator() {
- @Override
- public int compare(Object o1, Object o2) {
- Integer seq1 = ((KeystoreVO)o1).getIndex();
- Integer seq2 = ((KeystoreVO)o2).getIndex();
- return seq1.compareTo(seq2);
- }
- });
- return ks;
- }
-
- @Override
- public KeystoreVO findByName(String name) {
- assert (name != null);
-
- SearchCriteria<KeystoreVO> sc = FindByNameSearch.create();
- sc.setParameters("name", name);
- return findOneBy(sc);
- }
-
- @Override
- @DB
- public void save(String name, String certificate, String key, String domainSuffix) {
- TransactionLegacy txn = TransactionLegacy.currentTxn();
- try {
- txn.start();
-
- String sql =
- "INSERT INTO keystore (`name`, `certificate`, `key`, `domain_suffix`) VALUES (?, ?, ?, ?) ON DUPLICATE KEY UPDATE `certificate`=?, `key`=?, `domain_suffix`=?";
- PreparedStatement pstmt = txn.prepareAutoCloseStatement(sql);
- pstmt.setString(1, name);
- pstmt.setString(2, certificate);
- pstmt.setString(3, key);
- pstmt.setString(4, domainSuffix);
- pstmt.setString(5, certificate);
- pstmt.setString(6, key);
- pstmt.setString(7, domainSuffix);
-
- pstmt.executeUpdate();
- txn.commit();
- } catch (Exception e) {
- txn.rollback();
- throw new CloudRuntimeException("Unable to save certificate under name " + name + " due to exception", e);
- }
- }
-
- @Override
- @DB
- public void save(String alias, String certificate, Integer index, String domainSuffix) {
- KeystoreVO ks = findByName(alias);
- if (ks != null) {
- ks.setCertificate(certificate);
- ks.setName(alias);
- ks.setIndex(index);
- ks.setDomainSuffix(domainSuffix);
- this.update(ks.getId(), ks);
- } else {
- KeystoreVO newks = new KeystoreVO();
- newks.setCertificate(certificate);
- newks.setName(alias);
- newks.setIndex(index);
- newks.setDomainSuffix(domainSuffix);
- persist(newks);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/com/cloud/keystore/KeystoreManager.java
----------------------------------------------------------------------
diff --git a/framework/security/src/com/cloud/keystore/KeystoreManager.java b/framework/security/src/com/cloud/keystore/KeystoreManager.java
deleted file mode 100644
index 48d5a40..0000000
--- a/framework/security/src/com/cloud/keystore/KeystoreManager.java
+++ /dev/null
@@ -1,64 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.keystore;
-
-import com.cloud.agent.api.LogLevel;
-import com.cloud.agent.api.LogLevel.Log4jLevel;
-import com.cloud.utils.component.Manager;
-
-public interface KeystoreManager extends Manager {
- public static class Certificates {
- @LogLevel(Log4jLevel.Off)
- private String privKey;
- @LogLevel(Log4jLevel.Off)
- private String privCert;
- @LogLevel(Log4jLevel.Off)
- private String certChain;
-
- public Certificates() {
-
- }
-
- public Certificates(String prvKey, String privCert, String certChain) {
- privKey = prvKey;
- this.privCert = privCert;
- this.certChain = certChain;
- }
-
- public String getPrivKey() {
- return privKey;
- }
-
- public String getPrivCert() {
- return privCert;
- }
-
- public String getCertChain() {
- return certChain;
- }
- }
-
- boolean validateCertificate(String certificate, String key, String domainSuffix);
-
- void saveCertificate(String name, String certificate, String key, String domainSuffix);
-
- byte[] getKeystoreBits(String name, String aliasForCertificateInStore, String storePassword);
-
- void saveCertificate(String name, String certificate, Integer index, String domainSuffix);
-
- Certificates getCertificates(String name);
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java
----------------------------------------------------------------------
diff --git a/framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java b/framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java
deleted file mode 100644
index 8e5735a..0000000
--- a/framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java
+++ /dev/null
@@ -1,154 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.keystore;
-
-import java.io.IOException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.spec.InvalidKeySpecException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
-
-import com.cloud.utils.Ternary;
-import com.cloud.utils.component.ManagerBase;
-import com.cloud.utils.exception.CloudRuntimeException;
-import com.cloud.utils.security.CertificateHelper;
-
-@Component
-@Local(value = KeystoreManager.class)
-public class KeystoreManagerImpl extends ManagerBase implements KeystoreManager {
- private static final Logger s_logger = Logger.getLogger(KeystoreManagerImpl.class);
-
- @Inject
- private KeystoreDao _ksDao;
-
- @Override
- public boolean validateCertificate(String certificate, String key, String domainSuffix) {
- if (certificate == null || certificate.isEmpty() || key == null || key.isEmpty() || domainSuffix == null || domainSuffix.isEmpty()) {
- s_logger.error("Invalid parameter found in (certificate, key, domainSuffix) tuple for domain: " + domainSuffix);
- return false;
- }
-
- try {
- String ksPassword = "passwordForValidation";
- byte[] ksBits = CertificateHelper.buildAndSaveKeystore(domainSuffix, certificate, getKeyContent(key), ksPassword);
- KeyStore ks = CertificateHelper.loadKeystore(ksBits, ksPassword);
- if (ks != null)
- return true;
-
- s_logger.error("Unabled to construct keystore for domain: " + domainSuffix);
- } catch (Exception e) {
- s_logger.error("Certificate validation failed due to exception for domain: " + domainSuffix, e);
- }
- return false;
- }
-
- @Override
- public void saveCertificate(String name, String certificate, String key, String domainSuffix) {
- if (name == null || name.isEmpty() || certificate == null || certificate.isEmpty() || key == null || key.isEmpty() || domainSuffix == null ||
- domainSuffix.isEmpty())
- throw new CloudRuntimeException("invalid parameter in saveCerticate");
-
- _ksDao.save(name, certificate, key, domainSuffix);
- }
-
- @Override
- public void saveCertificate(String name, String certificate, Integer index, String domainSuffix) {
- if (name == null || name.isEmpty() || certificate == null || certificate.isEmpty() || index == null || domainSuffix == null || domainSuffix.isEmpty())
- throw new CloudRuntimeException("invalid parameter in saveCerticate");
-
- _ksDao.save(name, certificate, index, domainSuffix);
- }
-
- @Override
- public byte[] getKeystoreBits(String name, String aliasForCertificateInStore, String storePassword) {
- assert (name != null);
- assert (aliasForCertificateInStore != null);
- assert (storePassword != null);
-
- KeystoreVO ksVo = _ksDao.findByName(name);
- if (ksVo == null)
- throw new CloudRuntimeException("Unable to find keystore " + name);
-
- List<Ternary<String, String, String>> certs = new ArrayList<Ternary<String, String, String>>();
- List<KeystoreVO> certChains = _ksDao.findCertChain();
-
- for (KeystoreVO ks : certChains) {
- Ternary<String, String, String> cert = new Ternary<String, String, String>(ks.getName(), ks.getCertificate(), null);
- certs.add(cert);
- }
-
- Ternary<String, String, String> cert = new Ternary<String, String, String>(ksVo.getName(), ksVo.getCertificate(), getKeyContent(ksVo.getKey()));
- certs.add(cert);
-
- try {
- return CertificateHelper.buildAndSaveKeystore(certs, storePassword);
- } catch (KeyStoreException e) {
- s_logger.warn("Unable to build keystore for " + name + " due to KeyStoreException");
- } catch (CertificateException e) {
- s_logger.warn("Unable to build keystore for " + name + " due to CertificateException");
- } catch (NoSuchAlgorithmException e) {
- s_logger.warn("Unable to build keystore for " + name + " due to NoSuchAlgorithmException");
- } catch (InvalidKeySpecException e) {
- s_logger.warn("Unable to build keystore for " + name + " due to InvalidKeySpecException");
- } catch (IOException e) {
- s_logger.warn("Unable to build keystore for " + name + " due to IOException");
- }
- return null;
- }
-
- @Override
- public Certificates getCertificates(String name) {
- KeystoreVO ksVo = _ksDao.findByName(name);
- if (ksVo == null) {
- return null;
- }
- String prvKey = ksVo.getKey();
- String prvCert = ksVo.getCertificate();
- String certChain = null;
- List<KeystoreVO> certchains = _ksDao.findCertChain();
- if (certchains.size() > 0) {
- StringBuilder chains = new StringBuilder();
- for (KeystoreVO cert : certchains) {
- chains.append(cert.getCertificate());
- chains.append("\n");
- }
- certChain = chains.toString();
- }
- Certificates certs = new Certificates(prvKey, prvCert, certChain);
- return certs;
- }
-
- private static String getKeyContent(String key) {
- Pattern regex = Pattern.compile("(^[\\-]+[^\\-]+[\\-]+[\\n]?)([^\\-]+)([\\-]+[^\\-]+[\\-]+$)");
- Matcher m = regex.matcher(key);
- if (m.find())
- return m.group(2);
-
- return key;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/com/cloud/keystore/KeystoreVO.java
----------------------------------------------------------------------
diff --git a/framework/security/src/com/cloud/keystore/KeystoreVO.java b/framework/security/src/com/cloud/keystore/KeystoreVO.java
deleted file mode 100644
index 66dfac1..0000000
--- a/framework/security/src/com/cloud/keystore/KeystoreVO.java
+++ /dev/null
@@ -1,102 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.keystore;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import org.apache.cloudstack.api.InternalIdentity;
-
-@Entity
-@Table(name = "keystore")
-public class KeystoreVO implements InternalIdentity {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private Long id;
-
- @Column(name = "name")
- private String name;
-
- @Column(name = "certificate", length = 65535)
- private String certificate;
-
- @Column(name = "key", length = 65535)
- private String key;
-
- @Column(name = "domain_suffix")
- private String domainSuffix;
-
- @Column(name = "seq")
- private Integer index;
-
- public KeystoreVO() {
- }
-
- @Override
- public long getId() {
- return id;
- }
-
- public void setId(Long id) {
- this.id = id;
- }
-
- public String getName() {
- return name;
- }
-
- public void setName(String name) {
- this.name = name;
- }
-
- public String getCertificate() {
- return certificate;
- }
-
- public void setCertificate(String certificate) {
- this.certificate = certificate;
- }
-
- public String getKey() {
- return key;
- }
-
- public void setKey(String key) {
- this.key = key;
- }
-
- public String getDomainSuffix() {
- return domainSuffix;
- }
-
- public void setDomainSuffix(String domainSuffix) {
- this.domainSuffix = domainSuffix;
- }
-
- public void setIndex(Integer index) {
- this.index = index;
- }
-
- public Integer getIndex() {
- return this.index;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreDao.java
----------------------------------------------------------------------
diff --git a/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreDao.java b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreDao.java
new file mode 100644
index 0000000..e60e4b0
--- /dev/null
+++ b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreDao.java
@@ -0,0 +1,31 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.framework.security.keystore;
+
+import java.util.List;
+
+import com.cloud.utils.db.GenericDao;
+
+public interface KeystoreDao extends GenericDao<KeystoreVO, Long> {
+ KeystoreVO findByName(String name);
+
+ void save(String name, String certificate, String key, String domainSuffix);
+
+ void save(String alias, String certificate, Integer index, String domainSuffix);
+
+ List<KeystoreVO> findCertChain();
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreDaoImpl.java
----------------------------------------------------------------------
diff --git a/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreDaoImpl.java b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreDaoImpl.java
new file mode 100644
index 0000000..cd24611
--- /dev/null
+++ b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreDaoImpl.java
@@ -0,0 +1,121 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.framework.security.keystore;
+
+import java.sql.PreparedStatement;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.List;
+
+import javax.ejb.Local;
+
+import org.springframework.stereotype.Component;
+
+import com.cloud.utils.db.DB;
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.db.SearchCriteria.Op;
+import com.cloud.utils.db.TransactionLegacy;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@Component
+@Local(value = {KeystoreDao.class})
+public class KeystoreDaoImpl extends GenericDaoBase<KeystoreVO, Long> implements KeystoreDao {
+ protected final SearchBuilder<KeystoreVO> FindByNameSearch;
+ protected final SearchBuilder<KeystoreVO> CertChainSearch;
+
+ public KeystoreDaoImpl() {
+ FindByNameSearch = createSearchBuilder();
+ FindByNameSearch.and("name", FindByNameSearch.entity().getName(), Op.EQ);
+ FindByNameSearch.done();
+
+ CertChainSearch = createSearchBuilder();
+ CertChainSearch.and("key", CertChainSearch.entity().getKey(), Op.NULL);
+ CertChainSearch.done();
+ }
+
+ @Override
+ public List<KeystoreVO> findCertChain() {
+ SearchCriteria<KeystoreVO> sc = CertChainSearch.create();
+ List<KeystoreVO> ks = listBy(sc);
+ Collections.sort(ks, new Comparator() {
+ @Override
+ public int compare(Object o1, Object o2) {
+ Integer seq1 = ((KeystoreVO)o1).getIndex();
+ Integer seq2 = ((KeystoreVO)o2).getIndex();
+ return seq1.compareTo(seq2);
+ }
+ });
+ return ks;
+ }
+
+ @Override
+ public KeystoreVO findByName(String name) {
+ assert (name != null);
+
+ SearchCriteria<KeystoreVO> sc = FindByNameSearch.create();
+ sc.setParameters("name", name);
+ return findOneBy(sc);
+ }
+
+ @Override
+ @DB
+ public void save(String name, String certificate, String key, String domainSuffix) {
+ TransactionLegacy txn = TransactionLegacy.currentTxn();
+ try {
+ txn.start();
+
+ String sql =
+ "INSERT INTO keystore (`name`, `certificate`, `key`, `domain_suffix`) VALUES (?, ?, ?, ?) ON DUPLICATE KEY UPDATE `certificate`=?, `key`=?, `domain_suffix`=?";
+ PreparedStatement pstmt = txn.prepareAutoCloseStatement(sql);
+ pstmt.setString(1, name);
+ pstmt.setString(2, certificate);
+ pstmt.setString(3, key);
+ pstmt.setString(4, domainSuffix);
+ pstmt.setString(5, certificate);
+ pstmt.setString(6, key);
+ pstmt.setString(7, domainSuffix);
+
+ pstmt.executeUpdate();
+ txn.commit();
+ } catch (Exception e) {
+ txn.rollback();
+ throw new CloudRuntimeException("Unable to save certificate under name " + name + " due to exception", e);
+ }
+ }
+
+ @Override
+ @DB
+ public void save(String alias, String certificate, Integer index, String domainSuffix) {
+ KeystoreVO ks = findByName(alias);
+ if (ks != null) {
+ ks.setCertificate(certificate);
+ ks.setName(alias);
+ ks.setIndex(index);
+ ks.setDomainSuffix(domainSuffix);
+ this.update(ks.getId(), ks);
+ } else {
+ KeystoreVO newks = new KeystoreVO();
+ newks.setCertificate(certificate);
+ newks.setName(alias);
+ newks.setIndex(index);
+ newks.setDomainSuffix(domainSuffix);
+ persist(newks);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreManager.java
----------------------------------------------------------------------
diff --git a/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreManager.java b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreManager.java
new file mode 100644
index 0000000..3b99947
--- /dev/null
+++ b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreManager.java
@@ -0,0 +1,64 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.framework.security.keystore;
+
+import com.cloud.agent.api.LogLevel;
+import com.cloud.agent.api.LogLevel.Log4jLevel;
+import com.cloud.utils.component.Manager;
+
+public interface KeystoreManager extends Manager {
+ public static class Certificates {
+ @LogLevel(Log4jLevel.Off)
+ private String privKey;
+ @LogLevel(Log4jLevel.Off)
+ private String privCert;
+ @LogLevel(Log4jLevel.Off)
+ private String certChain;
+
+ public Certificates() {
+
+ }
+
+ public Certificates(String prvKey, String privCert, String certChain) {
+ privKey = prvKey;
+ this.privCert = privCert;
+ this.certChain = certChain;
+ }
+
+ public String getPrivKey() {
+ return privKey;
+ }
+
+ public String getPrivCert() {
+ return privCert;
+ }
+
+ public String getCertChain() {
+ return certChain;
+ }
+ }
+
+ boolean validateCertificate(String certificate, String key, String domainSuffix);
+
+ void saveCertificate(String name, String certificate, String key, String domainSuffix);
+
+ byte[] getKeystoreBits(String name, String aliasForCertificateInStore, String storePassword);
+
+ void saveCertificate(String name, String certificate, Integer index, String domainSuffix);
+
+ Certificates getCertificates(String name);
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreManagerImpl.java
----------------------------------------------------------------------
diff --git a/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreManagerImpl.java b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreManagerImpl.java
new file mode 100644
index 0000000..3060834
--- /dev/null
+++ b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreManagerImpl.java
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.framework.security.keystore;
+
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+import org.springframework.stereotype.Component;
+
+import com.cloud.utils.Ternary;
+import com.cloud.utils.component.ManagerBase;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.security.CertificateHelper;
+
+@Component
+@Local(value = KeystoreManager.class)
+public class KeystoreManagerImpl extends ManagerBase implements KeystoreManager {
+ private static final Logger s_logger = Logger.getLogger(KeystoreManagerImpl.class);
+
+ @Inject
+ private KeystoreDao _ksDao;
+
+ @Override
+ public boolean validateCertificate(String certificate, String key, String domainSuffix) {
+ if (certificate == null || certificate.isEmpty() || key == null || key.isEmpty() || domainSuffix == null || domainSuffix.isEmpty()) {
+ s_logger.error("Invalid parameter found in (certificate, key, domainSuffix) tuple for domain: " + domainSuffix);
+ return false;
+ }
+
+ try {
+ String ksPassword = "passwordForValidation";
+ byte[] ksBits = CertificateHelper.buildAndSaveKeystore(domainSuffix, certificate, getKeyContent(key), ksPassword);
+ KeyStore ks = CertificateHelper.loadKeystore(ksBits, ksPassword);
+ if (ks != null)
+ return true;
+
+ s_logger.error("Unabled to construct keystore for domain: " + domainSuffix);
+ } catch (Exception e) {
+ s_logger.error("Certificate validation failed due to exception for domain: " + domainSuffix, e);
+ }
+ return false;
+ }
+
+ @Override
+ public void saveCertificate(String name, String certificate, String key, String domainSuffix) {
+ if (name == null || name.isEmpty() || certificate == null || certificate.isEmpty() || key == null || key.isEmpty() || domainSuffix == null ||
+ domainSuffix.isEmpty())
+ throw new CloudRuntimeException("invalid parameter in saveCerticate");
+
+ _ksDao.save(name, certificate, key, domainSuffix);
+ }
+
+ @Override
+ public void saveCertificate(String name, String certificate, Integer index, String domainSuffix) {
+ if (name == null || name.isEmpty() || certificate == null || certificate.isEmpty() || index == null || domainSuffix == null || domainSuffix.isEmpty())
+ throw new CloudRuntimeException("invalid parameter in saveCerticate");
+
+ _ksDao.save(name, certificate, index, domainSuffix);
+ }
+
+ @Override
+ public byte[] getKeystoreBits(String name, String aliasForCertificateInStore, String storePassword) {
+ assert (name != null);
+ assert (aliasForCertificateInStore != null);
+ assert (storePassword != null);
+
+ KeystoreVO ksVo = _ksDao.findByName(name);
+ if (ksVo == null)
+ throw new CloudRuntimeException("Unable to find keystore " + name);
+
+ List<Ternary<String, String, String>> certs = new ArrayList<Ternary<String, String, String>>();
+ List<KeystoreVO> certChains = _ksDao.findCertChain();
+
+ for (KeystoreVO ks : certChains) {
+ Ternary<String, String, String> cert = new Ternary<String, String, String>(ks.getName(), ks.getCertificate(), null);
+ certs.add(cert);
+ }
+
+ Ternary<String, String, String> cert = new Ternary<String, String, String>(ksVo.getName(), ksVo.getCertificate(), getKeyContent(ksVo.getKey()));
+ certs.add(cert);
+
+ try {
+ return CertificateHelper.buildAndSaveKeystore(certs, storePassword);
+ } catch (KeyStoreException e) {
+ s_logger.warn("Unable to build keystore for " + name + " due to KeyStoreException");
+ } catch (CertificateException e) {
+ s_logger.warn("Unable to build keystore for " + name + " due to CertificateException");
+ } catch (NoSuchAlgorithmException e) {
+ s_logger.warn("Unable to build keystore for " + name + " due to NoSuchAlgorithmException");
+ } catch (InvalidKeySpecException e) {
+ s_logger.warn("Unable to build keystore for " + name + " due to InvalidKeySpecException");
+ } catch (IOException e) {
+ s_logger.warn("Unable to build keystore for " + name + " due to IOException");
+ }
+ return null;
+ }
+
+ @Override
+ public Certificates getCertificates(String name) {
+ KeystoreVO ksVo = _ksDao.findByName(name);
+ if (ksVo == null) {
+ return null;
+ }
+ String prvKey = ksVo.getKey();
+ String prvCert = ksVo.getCertificate();
+ String certChain = null;
+ List<KeystoreVO> certchains = _ksDao.findCertChain();
+ if (certchains.size() > 0) {
+ StringBuilder chains = new StringBuilder();
+ for (KeystoreVO cert : certchains) {
+ chains.append(cert.getCertificate());
+ chains.append("\n");
+ }
+ certChain = chains.toString();
+ }
+ Certificates certs = new Certificates(prvKey, prvCert, certChain);
+ return certs;
+ }
+
+ private static String getKeyContent(String key) {
+ Pattern regex = Pattern.compile("(^[\\-]+[^\\-]+[\\-]+[\\n]?)([^\\-]+)([\\-]+[^\\-]+[\\-]+$)");
+ Matcher m = regex.matcher(key);
+ if (m.find())
+ return m.group(2);
+
+ return key;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreVO.java
----------------------------------------------------------------------
diff --git a/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreVO.java b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreVO.java
new file mode 100644
index 0000000..2e4b9fe
--- /dev/null
+++ b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreVO.java
@@ -0,0 +1,102 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.framework.security.keystore;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import org.apache.cloudstack.api.InternalIdentity;
+
+@Entity
+@Table(name = "keystore")
+public class KeystoreVO implements InternalIdentity {
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ private Long id;
+
+ @Column(name = "name")
+ private String name;
+
+ @Column(name = "certificate", length = 65535)
+ private String certificate;
+
+ @Column(name = "key", length = 65535)
+ private String key;
+
+ @Column(name = "domain_suffix")
+ private String domainSuffix;
+
+ @Column(name = "seq")
+ private Integer index;
+
+ public KeystoreVO() {
+ }
+
+ @Override
+ public long getId() {
+ return id;
+ }
+
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getCertificate() {
+ return certificate;
+ }
+
+ public void setCertificate(String certificate) {
+ this.certificate = certificate;
+ }
+
+ public String getKey() {
+ return key;
+ }
+
+ public void setKey(String key) {
+ this.key = key;
+ }
+
+ public String getDomainSuffix() {
+ return domainSuffix;
+ }
+
+ public void setDomainSuffix(String domainSuffix) {
+ this.domainSuffix = domainSuffix;
+ }
+
+ public void setIndex(Integer index) {
+ this.index = index;
+ }
+
+ public Integer getIndex() {
+ return this.index;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java b/server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java
index 0f4b27a..2036609 100755
--- a/server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java
+++ b/server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java
@@ -25,6 +25,7 @@ import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.GetVncPortAnswer;
@@ -33,7 +34,6 @@ import com.cloud.agent.api.StartupProxyCommand;
import com.cloud.host.HostVO;
import com.cloud.host.dao.HostDao;
import com.cloud.info.ConsoleProxyInfo;
-import com.cloud.keystore.KeystoreManager;
import com.cloud.server.ManagementServer;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.component.ManagerBase;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/server/src/com/cloud/consoleproxy/AgentHookBase.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/consoleproxy/AgentHookBase.java b/server/src/com/cloud/consoleproxy/AgentHookBase.java
index 62777f5..57fa43a 100644
--- a/server/src/com/cloud/consoleproxy/AgentHookBase.java
+++ b/server/src/com/cloud/consoleproxy/AgentHookBase.java
@@ -26,6 +26,7 @@ import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.AgentControlAnswer;
@@ -44,7 +45,6 @@ import com.cloud.host.Host;
import com.cloud.host.HostVO;
import com.cloud.host.Status;
import com.cloud.host.dao.HostDao;
-import com.cloud.keystore.KeystoreManager;
import com.cloud.server.ManagementServer;
import com.cloud.servlet.ConsoleProxyPasswordBasedEncryptor;
import com.cloud.servlet.ConsoleProxyServlet;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
index 9e5c0b3..466ebc2 100755
--- a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
+++ b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
@@ -36,6 +36,9 @@ import com.google.gson.GsonBuilder;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.framework.security.keystore.KeystoreDao;
+import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
+import org.apache.cloudstack.framework.security.keystore.KeystoreVO;
import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao;
import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
import org.apache.cloudstack.storage.datastore.db.TemplateDataStoreDao;
@@ -80,9 +83,6 @@ import com.cloud.info.ConsoleProxyStatus;
import com.cloud.info.RunningHostCountInfo;
import com.cloud.info.RunningHostInfoAgregator;
import com.cloud.info.RunningHostInfoAgregator.ZoneHostInfo;
-import com.cloud.keystore.KeystoreDao;
-import com.cloud.keystore.KeystoreManager;
-import com.cloud.keystore.KeystoreVO;
import com.cloud.network.Network;
import com.cloud.network.NetworkModel;
import com.cloud.network.Networks.TrafficType;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java b/server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java
index de1b34f..27bdcbe 100755
--- a/server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java
+++ b/server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java
@@ -27,6 +27,8 @@ import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.framework.security.keystore.KeystoreDao;
+import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
import com.cloud.agent.api.StartupCommand;
import com.cloud.agent.api.StartupProxyCommand;
@@ -34,8 +36,6 @@ import com.cloud.host.Host.Type;
import com.cloud.host.HostVO;
import com.cloud.host.dao.HostDao;
import com.cloud.info.ConsoleProxyInfo;
-import com.cloud.keystore.KeystoreDao;
-import com.cloud.keystore.KeystoreManager;
import com.cloud.resource.ResourceManager;
import com.cloud.resource.ResourceStateAdapter;
import com.cloud.resource.ServerResource;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/server/src/com/cloud/server/ManagementServerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index 1ccdbfc..d056620 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -445,6 +445,7 @@ import org.apache.cloudstack.framework.config.ConfigDepot;
import org.apache.cloudstack.framework.config.ConfigKey;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.cloudstack.framework.config.impl.ConfigurationVO;
+import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
import org.apache.cloudstack.managed.context.ManagedContextRunnable;
import org.apache.cloudstack.storage.datastore.db.ImageStoreDao;
import org.apache.cloudstack.storage.datastore.db.ImageStoreVO;
@@ -517,7 +518,6 @@ import com.cloud.hypervisor.HypervisorCapabilities;
import com.cloud.hypervisor.HypervisorCapabilitiesVO;
import com.cloud.hypervisor.dao.HypervisorCapabilitiesDao;
import com.cloud.info.ConsoleProxyInfo;
-import com.cloud.keystore.KeystoreManager;
import com.cloud.network.IpAddress;
import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.IPAddressVO;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
index 1ebe3b6..f42bca0 100755
--- a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
+++ b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
@@ -38,6 +38,7 @@ import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStoreManager;
import org.apache.cloudstack.engine.subsystem.api.storage.ZoneScope;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
import org.apache.cloudstack.storage.datastore.db.ImageStoreDao;
import org.apache.cloudstack.storage.datastore.db.ImageStoreVO;
import org.apache.cloudstack.storage.datastore.db.TemplateDataStoreDao;
@@ -80,7 +81,6 @@ import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.info.RunningHostCountInfo;
import com.cloud.info.RunningHostInfoAgregator;
import com.cloud.info.RunningHostInfoAgregator.ZoneHostInfo;
-import com.cloud.keystore.KeystoreManager;
import com.cloud.network.Network;
import com.cloud.network.NetworkModel;
import com.cloud.network.Networks.TrafficType;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
----------------------------------------------------------------------
diff --git a/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java b/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
index d158de3..30722e2 100755
--- a/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
+++ b/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
@@ -61,6 +61,7 @@ import org.apache.log4j.Logger;
import com.amazonaws.services.s3.model.S3ObjectSummary;
+import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
import org.apache.cloudstack.storage.command.CopyCmdAnswer;
import org.apache.cloudstack.storage.command.CopyCommand;
import org.apache.cloudstack.storage.command.DeleteCommand;
@@ -112,7 +113,6 @@ import com.cloud.exception.InternalErrorException;
import com.cloud.host.Host;
import com.cloud.host.Host.Type;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
-import com.cloud.keystore.KeystoreManager;
import com.cloud.resource.ServerResourceBase;
import com.cloud.storage.DataStoreRole;
import com.cloud.storage.Storage.ImageFormat;
[2/4] git commit: updated refs/heads/master to bc1eec9
Posted by ah...@apache.org.
Moved security out into its own jar. Will be adding more to it. Fixed a few white space issues brought up by checkstyle in eclipse.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ae8560b1
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ae8560b1
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ae8560b1
Branch: refs/heads/master
Commit: ae8560b19563ba7418a3a488245f26295088b05f
Parents: 64b8d10
Author: Alex Huang <al...@citrix.com>
Authored: Thu Jan 9 16:08:45 2014 -0800
Committer: Alex Huang <al...@citrix.com>
Committed: Thu Jan 9 16:12:25 2014 -0800
----------------------------------------------------------------------
core/pom.xml | 5 +
.../cloud/agent/api/SecStorageSetupCommand.java | 40 +----
.../src/com/cloud/keystore/KeystoreDao.java | 31 ----
.../src/com/cloud/keystore/KeystoreDaoImpl.java | 121 ---------------
.../src/com/cloud/keystore/KeystoreVO.java | 102 ------------
.../service/src/main/webapp/WEB-INF/beans.xml | 6 +-
.../resources/StorageAllocatorTestContext.xml | 18 +--
framework/pom.xml | 1 +
framework/security/pom.xml | 56 +++++++
.../spring-framework-security-core-context.xml | 31 ++++
.../src/com/cloud/keystore/KeystoreDao.java | 31 ++++
.../src/com/cloud/keystore/KeystoreDaoImpl.java | 121 +++++++++++++++
.../src/com/cloud/keystore/KeystoreManager.java | 64 ++++++++
.../com/cloud/keystore/KeystoreManagerImpl.java | 154 ++++++++++++++++++
.../src/com/cloud/keystore/KeystoreVO.java | 102 ++++++++++++
.../lifecycle/registry/ExtensionRegistry.java | 3 +-
.../cloudstack/ssp/spring-ssp-context.xml | 1 -
server/pom.xml | 5 +
server/src/com/cloud/api/ApiDBUtils.java | 4 -
server/src/com/cloud/api/ApiResponseHelper.java | 153 +-----------------
.../src/com/cloud/keystore/KeystoreManager.java | 32 ----
.../com/cloud/keystore/KeystoreManagerImpl.java | 155 -------------------
.../src/com/cloud/server/ManagementServer.java | 6 -
.../com/cloud/server/ManagementServerImpl.java | 52 -------
.../secondary/SecondaryStorageManagerImpl.java | 3 +-
.../SecurityGroupManagerTestContext.xml | 20 +--
.../test/resources/SnapshotDaoTestContext.xml | 20 +--
.../resources/StoragePoolDaoTestContext.xml | 20 +--
.../resource/NfsSecondaryStorageResource.java | 8 +-
.../test/resources/UsageManagerTestContext.xml | 20 +--
usage/test/resources/cloud1.xml | 16 +-
usage/test/resources/cloud2.xml | 16 +-
usage/test/resources/cloud3.xml | 16 +-
33 files changed, 659 insertions(+), 774 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/core/pom.xml
----------------------------------------------------------------------
diff --git a/core/pom.xml b/core/pom.xml
index cdcfd53..975e9f6 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -37,6 +37,11 @@
<version>${project.version}</version>
</dependency>
<dependency>
+ <groupId>org.apache.cloudstack</groupId>
+ <artifactId>cloud-framework-security</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</dependency>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/core/src/com/cloud/agent/api/SecStorageSetupCommand.java
----------------------------------------------------------------------
diff --git a/core/src/com/cloud/agent/api/SecStorageSetupCommand.java b/core/src/com/cloud/agent/api/SecStorageSetupCommand.java
index 3c8d730..aafb1de 100644
--- a/core/src/com/cloud/agent/api/SecStorageSetupCommand.java
+++ b/core/src/com/cloud/agent/api/SecStorageSetupCommand.java
@@ -16,50 +16,20 @@
// under the License.
package com.cloud.agent.api;
-import com.cloud.agent.api.LogLevel.Log4jLevel;
import com.cloud.agent.api.to.DataStoreTO;
+import com.cloud.keystore.KeystoreManager;
public class SecStorageSetupCommand extends Command {
private DataStoreTO store;
private String secUrl;
- private Certificates certs;
+ private KeystoreManager.Certificates certs;
- public static class Certificates {
- @LogLevel(Log4jLevel.Off)
- private String privKey;
- @LogLevel(Log4jLevel.Off)
- private String privCert;
- @LogLevel(Log4jLevel.Off)
- private String certChain;
-
- public Certificates() {
-
- }
-
- public Certificates(String prvKey, String privCert, String certChain) {
- this.privKey = prvKey;
- this.privCert = privCert;
- this.certChain = certChain;
- }
-
- public String getPrivKey() {
- return this.privKey;
- }
-
- public String getPrivCert() {
- return this.privCert;
- }
-
- public String getCertChain() {
- return this.certChain;
- }
- }
public SecStorageSetupCommand() {
super();
}
- public SecStorageSetupCommand(DataStoreTO store, String secUrl, Certificates certs) {
+ public SecStorageSetupCommand(DataStoreTO store, String secUrl, KeystoreManager.Certificates certs) {
super();
this.secUrl = secUrl;
this.certs = certs;
@@ -75,8 +45,8 @@ public class SecStorageSetupCommand extends Command {
return secUrl;
}
- public Certificates getCerts() {
- return this.certs;
+ public KeystoreManager.Certificates getCerts() {
+ return certs;
}
public void setSecUrl(String secUrl) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/engine/schema/src/com/cloud/keystore/KeystoreDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/keystore/KeystoreDao.java b/engine/schema/src/com/cloud/keystore/KeystoreDao.java
deleted file mode 100644
index 333eb24..0000000
--- a/engine/schema/src/com/cloud/keystore/KeystoreDao.java
+++ /dev/null
@@ -1,31 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.keystore;
-
-import java.util.List;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface KeystoreDao extends GenericDao<KeystoreVO, Long> {
- KeystoreVO findByName(String name);
-
- void save(String name, String certificate, String key, String domainSuffix);
-
- void save(String alias, String certificate, Integer index, String domainSuffix);
-
- List<KeystoreVO> findCertChain();
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/engine/schema/src/com/cloud/keystore/KeystoreDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/keystore/KeystoreDaoImpl.java b/engine/schema/src/com/cloud/keystore/KeystoreDaoImpl.java
deleted file mode 100644
index 6c51a26..0000000
--- a/engine/schema/src/com/cloud/keystore/KeystoreDaoImpl.java
+++ /dev/null
@@ -1,121 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.keystore;
-
-import java.sql.PreparedStatement;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.List;
-
-import javax.ejb.Local;
-
-import org.springframework.stereotype.Component;
-
-import com.cloud.utils.db.DB;
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-import com.cloud.utils.db.SearchCriteria.Op;
-import com.cloud.utils.db.TransactionLegacy;
-import com.cloud.utils.exception.CloudRuntimeException;
-
-@Component
-@Local(value = {KeystoreDao.class})
-public class KeystoreDaoImpl extends GenericDaoBase<KeystoreVO, Long> implements KeystoreDao {
- protected final SearchBuilder<KeystoreVO> FindByNameSearch;
- protected final SearchBuilder<KeystoreVO> CertChainSearch;
-
- public KeystoreDaoImpl() {
- FindByNameSearch = createSearchBuilder();
- FindByNameSearch.and("name", FindByNameSearch.entity().getName(), Op.EQ);
- FindByNameSearch.done();
-
- CertChainSearch = createSearchBuilder();
- CertChainSearch.and("key", CertChainSearch.entity().getKey(), Op.NULL);
- CertChainSearch.done();
- }
-
- @Override
- public List<KeystoreVO> findCertChain() {
- SearchCriteria<KeystoreVO> sc = CertChainSearch.create();
- List<KeystoreVO> ks = listBy(sc);
- Collections.sort(ks, new Comparator() {
- @Override
- public int compare(Object o1, Object o2) {
- Integer seq1 = ((KeystoreVO)o1).getIndex();
- Integer seq2 = ((KeystoreVO)o2).getIndex();
- return seq1.compareTo(seq2);
- }
- });
- return ks;
- }
-
- @Override
- public KeystoreVO findByName(String name) {
- assert (name != null);
-
- SearchCriteria<KeystoreVO> sc = FindByNameSearch.create();
- sc.setParameters("name", name);
- return findOneBy(sc);
- }
-
- @Override
- @DB
- public void save(String name, String certificate, String key, String domainSuffix) {
- TransactionLegacy txn = TransactionLegacy.currentTxn();
- try {
- txn.start();
-
- String sql =
- "INSERT INTO keystore (`name`, `certificate`, `key`, `domain_suffix`) VALUES (?, ?, ?, ?) ON DUPLICATE KEY UPDATE `certificate`=?, `key`=?, `domain_suffix`=?";
- PreparedStatement pstmt = txn.prepareAutoCloseStatement(sql);
- pstmt.setString(1, name);
- pstmt.setString(2, certificate);
- pstmt.setString(3, key);
- pstmt.setString(4, domainSuffix);
- pstmt.setString(5, certificate);
- pstmt.setString(6, key);
- pstmt.setString(7, domainSuffix);
-
- pstmt.executeUpdate();
- txn.commit();
- } catch (Exception e) {
- txn.rollback();
- throw new CloudRuntimeException("Unable to save certificate under name " + name + " due to exception", e);
- }
- }
-
- @Override
- @DB
- public void save(String alias, String certificate, Integer index, String domainSuffix) {
- KeystoreVO ks = findByName(alias);
- if (ks != null) {
- ks.setCertificate(certificate);
- ks.setName(alias);
- ks.setIndex(index);
- ks.setDomainSuffix(domainSuffix);
- this.update(ks.getId(), ks);
- } else {
- KeystoreVO newks = new KeystoreVO();
- newks.setCertificate(certificate);
- newks.setName(alias);
- newks.setIndex(index);
- newks.setDomainSuffix(domainSuffix);
- persist(newks);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/engine/schema/src/com/cloud/keystore/KeystoreVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/keystore/KeystoreVO.java b/engine/schema/src/com/cloud/keystore/KeystoreVO.java
deleted file mode 100644
index 66dfac1..0000000
--- a/engine/schema/src/com/cloud/keystore/KeystoreVO.java
+++ /dev/null
@@ -1,102 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.keystore;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import org.apache.cloudstack.api.InternalIdentity;
-
-@Entity
-@Table(name = "keystore")
-public class KeystoreVO implements InternalIdentity {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private Long id;
-
- @Column(name = "name")
- private String name;
-
- @Column(name = "certificate", length = 65535)
- private String certificate;
-
- @Column(name = "key", length = 65535)
- private String key;
-
- @Column(name = "domain_suffix")
- private String domainSuffix;
-
- @Column(name = "seq")
- private Integer index;
-
- public KeystoreVO() {
- }
-
- @Override
- public long getId() {
- return id;
- }
-
- public void setId(Long id) {
- this.id = id;
- }
-
- public String getName() {
- return name;
- }
-
- public void setName(String name) {
- this.name = name;
- }
-
- public String getCertificate() {
- return certificate;
- }
-
- public void setCertificate(String certificate) {
- this.certificate = certificate;
- }
-
- public String getKey() {
- return key;
- }
-
- public void setKey(String key) {
- this.key = key;
- }
-
- public String getDomainSuffix() {
- return domainSuffix;
- }
-
- public void setDomainSuffix(String domainSuffix) {
- this.domainSuffix = domainSuffix;
- }
-
- public void setIndex(Integer index) {
- this.index = index;
- }
-
- public Integer getIndex() {
- return this.index;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/engine/service/src/main/webapp/WEB-INF/beans.xml
----------------------------------------------------------------------
diff --git a/engine/service/src/main/webapp/WEB-INF/beans.xml b/engine/service/src/main/webapp/WEB-INF/beans.xml
index 1be2c22..33bd4ad 100644
--- a/engine/service/src/main/webapp/WEB-INF/beans.xml
+++ b/engine/service/src/main/webapp/WEB-INF/beans.xml
@@ -42,7 +42,7 @@
<bean class="com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider" />
</jaxrs:providers>
</jaxrs:server>
-
+
<bean id="onwireRegistry" class="org.apache.cloudstack.framework.serializer.OnwireClassRegistry"
init-method="scan" >
<property name="packages">
@@ -51,7 +51,7 @@
</list>
</property>
</bean>
-
+
<bean id="messageSerializer" class="org.apache.cloudstack.framework.serializer.JsonMessageSerializer">
<property name="onwireClassRegistry" ref="onwireRegistry" />
</bean>
@@ -61,7 +61,7 @@
<property name="nodeId" value="Node1" />
<property name="messageSerializer" ref="messageSerializer" />
</bean>
-
+
<bean id="rpcProvider" class="org.apache.cloudstack.framework.rpc.RpcProviderImpl" init-method="initialize">
<constructor-arg ref="transportProvider" />
<property name="messageSerializer" ref="messageSerializer" />
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/engine/storage/integration-test/test/resources/StorageAllocatorTestContext.xml
----------------------------------------------------------------------
diff --git a/engine/storage/integration-test/test/resources/StorageAllocatorTestContext.xml b/engine/storage/integration-test/test/resources/StorageAllocatorTestContext.xml
index 72e5c84..a981b8e 100644
--- a/engine/storage/integration-test/test/resources/StorageAllocatorTestContext.xml
+++ b/engine/storage/integration-test/test/resources/StorageAllocatorTestContext.xml
@@ -1,19 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
- license agreements. See the NOTICE file distributed with this work for additional
- information regarding copyright ownership. The ASF licenses this file to you under
- the Apache License, Version 2.0 (the "License"); you may not use this file except
- in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software distributed under
- the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
- OF ANY KIND, either express or implied. See the License for the specific language
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to you under
+ the Apache License, Version 2.0 (the "License"); you may not use this file except
+ in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software distributed under
+ the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific language
governing permissions and limitations under the License. -->
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/tx
+ http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/framework/pom.xml
----------------------------------------------------------------------
diff --git a/framework/pom.xml b/framework/pom.xml
index c7e61df..505c49e 100644
--- a/framework/pom.xml
+++ b/framework/pom.xml
@@ -40,5 +40,6 @@
<module>managed-context</module>
<module>spring/lifecycle</module>
<module>spring/module</module>
+ <module>security</module>
</modules>
</project>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/framework/security/pom.xml
----------------------------------------------------------------------
diff --git a/framework/security/pom.xml b/framework/security/pom.xml
new file mode 100644
index 0000000..a5fa5f0
--- /dev/null
+++ b/framework/security/pom.xml
@@ -0,0 +1,56 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>cloud-framework-security</artifactId>
+ <name>Apache CloudStack Framework - Security</name>
+ <parent>
+ <groupId>org.apache.cloudstack</groupId>
+ <artifactId>cloudstack-framework</artifactId>
+ <version>4.4.0-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.cloudstack</groupId>
+ <artifactId>cloud-utils</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cloudstack</groupId>
+ <artifactId>cloud-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cloudstack</groupId>
+ <artifactId>cloud-framework-ipc</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cloudstack</groupId>
+ <artifactId>cloud-framework-db</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cloudstack</groupId>
+ <artifactId>cloud-framework-config</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
----------------------------------------------------------------------
diff --git a/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml b/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
new file mode 100644
index 0000000..38b4bd0
--- /dev/null
+++ b/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
@@ -0,0 +1,31 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+ http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-3.0.xsd"
+ >
+ <bean id="keystoreManagerImpl" class="com.cloud.keystore.KeystoreManagerImpl" />
+
+</beans>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/framework/security/src/com/cloud/keystore/KeystoreDao.java
----------------------------------------------------------------------
diff --git a/framework/security/src/com/cloud/keystore/KeystoreDao.java b/framework/security/src/com/cloud/keystore/KeystoreDao.java
new file mode 100644
index 0000000..333eb24
--- /dev/null
+++ b/framework/security/src/com/cloud/keystore/KeystoreDao.java
@@ -0,0 +1,31 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.keystore;
+
+import java.util.List;
+
+import com.cloud.utils.db.GenericDao;
+
+public interface KeystoreDao extends GenericDao<KeystoreVO, Long> {
+ KeystoreVO findByName(String name);
+
+ void save(String name, String certificate, String key, String domainSuffix);
+
+ void save(String alias, String certificate, Integer index, String domainSuffix);
+
+ List<KeystoreVO> findCertChain();
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/framework/security/src/com/cloud/keystore/KeystoreDaoImpl.java
----------------------------------------------------------------------
diff --git a/framework/security/src/com/cloud/keystore/KeystoreDaoImpl.java b/framework/security/src/com/cloud/keystore/KeystoreDaoImpl.java
new file mode 100644
index 0000000..6c51a26
--- /dev/null
+++ b/framework/security/src/com/cloud/keystore/KeystoreDaoImpl.java
@@ -0,0 +1,121 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.keystore;
+
+import java.sql.PreparedStatement;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.List;
+
+import javax.ejb.Local;
+
+import org.springframework.stereotype.Component;
+
+import com.cloud.utils.db.DB;
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.db.SearchCriteria.Op;
+import com.cloud.utils.db.TransactionLegacy;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@Component
+@Local(value = {KeystoreDao.class})
+public class KeystoreDaoImpl extends GenericDaoBase<KeystoreVO, Long> implements KeystoreDao {
+ protected final SearchBuilder<KeystoreVO> FindByNameSearch;
+ protected final SearchBuilder<KeystoreVO> CertChainSearch;
+
+ public KeystoreDaoImpl() {
+ FindByNameSearch = createSearchBuilder();
+ FindByNameSearch.and("name", FindByNameSearch.entity().getName(), Op.EQ);
+ FindByNameSearch.done();
+
+ CertChainSearch = createSearchBuilder();
+ CertChainSearch.and("key", CertChainSearch.entity().getKey(), Op.NULL);
+ CertChainSearch.done();
+ }
+
+ @Override
+ public List<KeystoreVO> findCertChain() {
+ SearchCriteria<KeystoreVO> sc = CertChainSearch.create();
+ List<KeystoreVO> ks = listBy(sc);
+ Collections.sort(ks, new Comparator() {
+ @Override
+ public int compare(Object o1, Object o2) {
+ Integer seq1 = ((KeystoreVO)o1).getIndex();
+ Integer seq2 = ((KeystoreVO)o2).getIndex();
+ return seq1.compareTo(seq2);
+ }
+ });
+ return ks;
+ }
+
+ @Override
+ public KeystoreVO findByName(String name) {
+ assert (name != null);
+
+ SearchCriteria<KeystoreVO> sc = FindByNameSearch.create();
+ sc.setParameters("name", name);
+ return findOneBy(sc);
+ }
+
+ @Override
+ @DB
+ public void save(String name, String certificate, String key, String domainSuffix) {
+ TransactionLegacy txn = TransactionLegacy.currentTxn();
+ try {
+ txn.start();
+
+ String sql =
+ "INSERT INTO keystore (`name`, `certificate`, `key`, `domain_suffix`) VALUES (?, ?, ?, ?) ON DUPLICATE KEY UPDATE `certificate`=?, `key`=?, `domain_suffix`=?";
+ PreparedStatement pstmt = txn.prepareAutoCloseStatement(sql);
+ pstmt.setString(1, name);
+ pstmt.setString(2, certificate);
+ pstmt.setString(3, key);
+ pstmt.setString(4, domainSuffix);
+ pstmt.setString(5, certificate);
+ pstmt.setString(6, key);
+ pstmt.setString(7, domainSuffix);
+
+ pstmt.executeUpdate();
+ txn.commit();
+ } catch (Exception e) {
+ txn.rollback();
+ throw new CloudRuntimeException("Unable to save certificate under name " + name + " due to exception", e);
+ }
+ }
+
+ @Override
+ @DB
+ public void save(String alias, String certificate, Integer index, String domainSuffix) {
+ KeystoreVO ks = findByName(alias);
+ if (ks != null) {
+ ks.setCertificate(certificate);
+ ks.setName(alias);
+ ks.setIndex(index);
+ ks.setDomainSuffix(domainSuffix);
+ this.update(ks.getId(), ks);
+ } else {
+ KeystoreVO newks = new KeystoreVO();
+ newks.setCertificate(certificate);
+ newks.setName(alias);
+ newks.setIndex(index);
+ newks.setDomainSuffix(domainSuffix);
+ persist(newks);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/framework/security/src/com/cloud/keystore/KeystoreManager.java
----------------------------------------------------------------------
diff --git a/framework/security/src/com/cloud/keystore/KeystoreManager.java b/framework/security/src/com/cloud/keystore/KeystoreManager.java
new file mode 100644
index 0000000..48d5a40
--- /dev/null
+++ b/framework/security/src/com/cloud/keystore/KeystoreManager.java
@@ -0,0 +1,64 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.keystore;
+
+import com.cloud.agent.api.LogLevel;
+import com.cloud.agent.api.LogLevel.Log4jLevel;
+import com.cloud.utils.component.Manager;
+
+public interface KeystoreManager extends Manager {
+ public static class Certificates {
+ @LogLevel(Log4jLevel.Off)
+ private String privKey;
+ @LogLevel(Log4jLevel.Off)
+ private String privCert;
+ @LogLevel(Log4jLevel.Off)
+ private String certChain;
+
+ public Certificates() {
+
+ }
+
+ public Certificates(String prvKey, String privCert, String certChain) {
+ privKey = prvKey;
+ this.privCert = privCert;
+ this.certChain = certChain;
+ }
+
+ public String getPrivKey() {
+ return privKey;
+ }
+
+ public String getPrivCert() {
+ return privCert;
+ }
+
+ public String getCertChain() {
+ return certChain;
+ }
+ }
+
+ boolean validateCertificate(String certificate, String key, String domainSuffix);
+
+ void saveCertificate(String name, String certificate, String key, String domainSuffix);
+
+ byte[] getKeystoreBits(String name, String aliasForCertificateInStore, String storePassword);
+
+ void saveCertificate(String name, String certificate, Integer index, String domainSuffix);
+
+ Certificates getCertificates(String name);
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java
----------------------------------------------------------------------
diff --git a/framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java b/framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java
new file mode 100644
index 0000000..8e5735a
--- /dev/null
+++ b/framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.keystore;
+
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+import org.springframework.stereotype.Component;
+
+import com.cloud.utils.Ternary;
+import com.cloud.utils.component.ManagerBase;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.security.CertificateHelper;
+
+@Component
+@Local(value = KeystoreManager.class)
+public class KeystoreManagerImpl extends ManagerBase implements KeystoreManager {
+ private static final Logger s_logger = Logger.getLogger(KeystoreManagerImpl.class);
+
+ @Inject
+ private KeystoreDao _ksDao;
+
+ @Override
+ public boolean validateCertificate(String certificate, String key, String domainSuffix) {
+ if (certificate == null || certificate.isEmpty() || key == null || key.isEmpty() || domainSuffix == null || domainSuffix.isEmpty()) {
+ s_logger.error("Invalid parameter found in (certificate, key, domainSuffix) tuple for domain: " + domainSuffix);
+ return false;
+ }
+
+ try {
+ String ksPassword = "passwordForValidation";
+ byte[] ksBits = CertificateHelper.buildAndSaveKeystore(domainSuffix, certificate, getKeyContent(key), ksPassword);
+ KeyStore ks = CertificateHelper.loadKeystore(ksBits, ksPassword);
+ if (ks != null)
+ return true;
+
+ s_logger.error("Unabled to construct keystore for domain: " + domainSuffix);
+ } catch (Exception e) {
+ s_logger.error("Certificate validation failed due to exception for domain: " + domainSuffix, e);
+ }
+ return false;
+ }
+
+ @Override
+ public void saveCertificate(String name, String certificate, String key, String domainSuffix) {
+ if (name == null || name.isEmpty() || certificate == null || certificate.isEmpty() || key == null || key.isEmpty() || domainSuffix == null ||
+ domainSuffix.isEmpty())
+ throw new CloudRuntimeException("invalid parameter in saveCerticate");
+
+ _ksDao.save(name, certificate, key, domainSuffix);
+ }
+
+ @Override
+ public void saveCertificate(String name, String certificate, Integer index, String domainSuffix) {
+ if (name == null || name.isEmpty() || certificate == null || certificate.isEmpty() || index == null || domainSuffix == null || domainSuffix.isEmpty())
+ throw new CloudRuntimeException("invalid parameter in saveCerticate");
+
+ _ksDao.save(name, certificate, index, domainSuffix);
+ }
+
+ @Override
+ public byte[] getKeystoreBits(String name, String aliasForCertificateInStore, String storePassword) {
+ assert (name != null);
+ assert (aliasForCertificateInStore != null);
+ assert (storePassword != null);
+
+ KeystoreVO ksVo = _ksDao.findByName(name);
+ if (ksVo == null)
+ throw new CloudRuntimeException("Unable to find keystore " + name);
+
+ List<Ternary<String, String, String>> certs = new ArrayList<Ternary<String, String, String>>();
+ List<KeystoreVO> certChains = _ksDao.findCertChain();
+
+ for (KeystoreVO ks : certChains) {
+ Ternary<String, String, String> cert = new Ternary<String, String, String>(ks.getName(), ks.getCertificate(), null);
+ certs.add(cert);
+ }
+
+ Ternary<String, String, String> cert = new Ternary<String, String, String>(ksVo.getName(), ksVo.getCertificate(), getKeyContent(ksVo.getKey()));
+ certs.add(cert);
+
+ try {
+ return CertificateHelper.buildAndSaveKeystore(certs, storePassword);
+ } catch (KeyStoreException e) {
+ s_logger.warn("Unable to build keystore for " + name + " due to KeyStoreException");
+ } catch (CertificateException e) {
+ s_logger.warn("Unable to build keystore for " + name + " due to CertificateException");
+ } catch (NoSuchAlgorithmException e) {
+ s_logger.warn("Unable to build keystore for " + name + " due to NoSuchAlgorithmException");
+ } catch (InvalidKeySpecException e) {
+ s_logger.warn("Unable to build keystore for " + name + " due to InvalidKeySpecException");
+ } catch (IOException e) {
+ s_logger.warn("Unable to build keystore for " + name + " due to IOException");
+ }
+ return null;
+ }
+
+ @Override
+ public Certificates getCertificates(String name) {
+ KeystoreVO ksVo = _ksDao.findByName(name);
+ if (ksVo == null) {
+ return null;
+ }
+ String prvKey = ksVo.getKey();
+ String prvCert = ksVo.getCertificate();
+ String certChain = null;
+ List<KeystoreVO> certchains = _ksDao.findCertChain();
+ if (certchains.size() > 0) {
+ StringBuilder chains = new StringBuilder();
+ for (KeystoreVO cert : certchains) {
+ chains.append(cert.getCertificate());
+ chains.append("\n");
+ }
+ certChain = chains.toString();
+ }
+ Certificates certs = new Certificates(prvKey, prvCert, certChain);
+ return certs;
+ }
+
+ private static String getKeyContent(String key) {
+ Pattern regex = Pattern.compile("(^[\\-]+[^\\-]+[\\-]+[\\n]?)([^\\-]+)([\\-]+[^\\-]+[\\-]+$)");
+ Matcher m = regex.matcher(key);
+ if (m.find())
+ return m.group(2);
+
+ return key;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/framework/security/src/com/cloud/keystore/KeystoreVO.java
----------------------------------------------------------------------
diff --git a/framework/security/src/com/cloud/keystore/KeystoreVO.java b/framework/security/src/com/cloud/keystore/KeystoreVO.java
new file mode 100644
index 0000000..66dfac1
--- /dev/null
+++ b/framework/security/src/com/cloud/keystore/KeystoreVO.java
@@ -0,0 +1,102 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.keystore;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import org.apache.cloudstack.api.InternalIdentity;
+
+@Entity
+@Table(name = "keystore")
+public class KeystoreVO implements InternalIdentity {
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ private Long id;
+
+ @Column(name = "name")
+ private String name;
+
+ @Column(name = "certificate", length = 65535)
+ private String certificate;
+
+ @Column(name = "key", length = 65535)
+ private String key;
+
+ @Column(name = "domain_suffix")
+ private String domainSuffix;
+
+ @Column(name = "seq")
+ private Integer index;
+
+ public KeystoreVO() {
+ }
+
+ @Override
+ public long getId() {
+ return id;
+ }
+
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getCertificate() {
+ return certificate;
+ }
+
+ public void setCertificate(String certificate) {
+ this.certificate = certificate;
+ }
+
+ public String getKey() {
+ return key;
+ }
+
+ public void setKey(String key) {
+ this.key = key;
+ }
+
+ public String getDomainSuffix() {
+ return domainSuffix;
+ }
+
+ public void setDomainSuffix(String domainSuffix) {
+ this.domainSuffix = domainSuffix;
+ }
+
+ public void setIndex(Integer index) {
+ this.index = index;
+ }
+
+ public Integer getIndex() {
+ return this.index;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/framework/spring/lifecycle/src/main/java/org/apache/cloudstack/spring/lifecycle/registry/ExtensionRegistry.java
----------------------------------------------------------------------
diff --git a/framework/spring/lifecycle/src/main/java/org/apache/cloudstack/spring/lifecycle/registry/ExtensionRegistry.java b/framework/spring/lifecycle/src/main/java/org/apache/cloudstack/spring/lifecycle/registry/ExtensionRegistry.java
index 6927d2f..321e365 100644
--- a/framework/spring/lifecycle/src/main/java/org/apache/cloudstack/spring/lifecycle/registry/ExtensionRegistry.java
+++ b/framework/spring/lifecycle/src/main/java/org/apache/cloudstack/spring/lifecycle/registry/ExtensionRegistry.java
@@ -159,7 +159,6 @@ public class ExtensionRegistry implements Registry<Object>, Configurable, BeanNa
if (name == null) {
for (String part : beanName.replaceAll("([A-Z])", " $1").split("\\s+")) {
part = StringUtils.capitalize(part.toLowerCase());
- ;
name = name == null ? part : name + " " + part;
}
@@ -219,7 +218,7 @@ public class ExtensionRegistry implements Registry<Object>, Configurable, BeanNa
@Override
public void setBeanName(String name) {
- this.beanName = name;
+ beanName = name;
}
public List<Object> getPreRegistered() {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/plugins/network-elements/stratosphere-ssp/resources/META-INF/cloudstack/ssp/spring-ssp-context.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/stratosphere-ssp/resources/META-INF/cloudstack/ssp/spring-ssp-context.xml b/plugins/network-elements/stratosphere-ssp/resources/META-INF/cloudstack/ssp/spring-ssp-context.xml
index 528f3e3..7e8fe6c 100644
--- a/plugins/network-elements/stratosphere-ssp/resources/META-INF/cloudstack/ssp/spring-ssp-context.xml
+++ b/plugins/network-elements/stratosphere-ssp/resources/META-INF/cloudstack/ssp/spring-ssp-context.xml
@@ -38,5 +38,4 @@
<bean id="StratosphereSsp" class="org.apache.cloudstack.network.element.SspElement">
<property name="name" value="StratosphereSsp" />
</bean>
-
</beans>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/server/pom.xml
----------------------------------------------------------------------
diff --git a/server/pom.xml b/server/pom.xml
index 82a6888..86e7b76 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -37,6 +37,11 @@
<version>${project.version}</version>
</dependency>
<dependency>
+ <groupId>org.apache.cloudstack</groupId>
+ <artifactId>cloud-framework-security</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<scope>provided</scope>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/server/src/com/cloud/api/ApiDBUtils.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java
index 3bdb2e6..4414e3b 100755
--- a/server/src/com/cloud/api/ApiDBUtils.java
+++ b/server/src/com/cloud/api/ApiDBUtils.java
@@ -779,10 +779,6 @@ public class ApiDBUtils {
return s_userVmMgr.searchForUserVMs(c, s_accountDao.findById(Account.ACCOUNT_ID_SYSTEM), null, false, permittedAccounts, false, null, null).first();
}
- public static List<? extends StoragePoolVO> searchForStoragePools(Criteria c) {
- return s_ms.searchForStoragePools(c).first();
- }
-
// ///////////////////////////////////////////////////////////
// Manager methods //
// ///////////////////////////////////////////////////////////
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/server/src/com/cloud/api/ApiResponseHelper.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java
index cfec2b1..c9e5581 100755
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -26,11 +26,12 @@ import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
-import java.util.StringTokenizer;
import java.util.TimeZone;
import javax.inject.Inject;
+import org.apache.log4j.Logger;
+
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.affinity.AffinityGroup;
@@ -143,11 +144,9 @@ import org.apache.cloudstack.network.lb.ApplicationLoadBalancerRule;
import org.apache.cloudstack.region.PortableIp;
import org.apache.cloudstack.region.PortableIpRange;
import org.apache.cloudstack.region.Region;
-import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
import org.apache.cloudstack.usage.Usage;
import org.apache.cloudstack.usage.UsageService;
import org.apache.cloudstack.usage.UsageTypes;
-import org.apache.log4j.Logger;
import com.cloud.api.query.ViewResponseHelper;
import com.cloud.api.query.vo.AccountJoinVO;
@@ -258,7 +257,6 @@ import com.cloud.projects.Project;
import com.cloud.projects.ProjectAccount;
import com.cloud.projects.ProjectInvitation;
import com.cloud.region.ha.GlobalLoadBalancerRule;
-import com.cloud.server.Criteria;
import com.cloud.server.ResourceTag;
import com.cloud.server.ResourceTag.ResourceObjectType;
import com.cloud.service.ServiceOfferingVO;
@@ -269,7 +267,6 @@ import com.cloud.storage.GuestOSCategoryVO;
import com.cloud.storage.ImageStore;
import com.cloud.storage.Snapshot;
import com.cloud.storage.SnapshotVO;
-import com.cloud.storage.Storage.StoragePoolType;
import com.cloud.storage.StoragePool;
import com.cloud.storage.Upload;
import com.cloud.storage.UploadVO;
@@ -1670,152 +1667,6 @@ public class ApiResponseHelper implements ResponseGenerator {
return ApiDBUtils.newEventResponse(vEvent);
}
- private List<CapacityVO> sumCapacities(List<? extends Capacity> hostCapacities) {
- Map<String, Long> totalCapacityMap = new HashMap<String, Long>();
- Map<String, Long> usedCapacityMap = new HashMap<String, Long>();
-
- Set<Long> poolIdsToIgnore = new HashSet<Long>();
- Criteria c = new Criteria();
- // TODO: implement
- List<? extends StoragePoolVO> allStoragePools = ApiDBUtils.searchForStoragePools(c);
- for (StoragePoolVO pool : allStoragePools) {
- StoragePoolType poolType = pool.getPoolType();
- if (!(poolType.isShared())) {// All the non shared storages
- // shouldn't show up in the capacity
- // calculation
- poolIdsToIgnore.add(pool.getId());
- }
- }
-
- float cpuOverprovisioningFactor = ApiDBUtils.getCpuOverprovisioningFactor();
-
- // collect all the capacity types, sum allocated/used and sum
- // total...get one capacity number for each
- for (Capacity capacity : hostCapacities) {
-
- // check if zone exist
- DataCenter zone = ApiDBUtils.findZoneById(capacity.getDataCenterId());
- if (zone == null) {
- continue;
- }
-
- short capacityType = capacity.getCapacityType();
-
- // If local storage then ignore
- if ((capacityType == Capacity.CAPACITY_TYPE_STORAGE_ALLOCATED || capacityType == Capacity.CAPACITY_TYPE_STORAGE)
- && poolIdsToIgnore.contains(capacity.getHostOrPoolId())) {
- continue;
- }
-
- String key = capacity.getCapacityType() + "_" + capacity.getDataCenterId();
- String keyForPodTotal = key + "_-1";
-
- boolean sumPodCapacity = false;
- if (capacity.getPodId() != null) {
- key += "_" + capacity.getPodId();
- sumPodCapacity = true;
- }
-
- Long totalCapacity = totalCapacityMap.get(key);
- Long usedCapacity = usedCapacityMap.get(key);
-
- // reset overprovisioning factor to 1
- float overprovisioningFactor = 1;
- if (capacityType == Capacity.CAPACITY_TYPE_CPU) {
- overprovisioningFactor = cpuOverprovisioningFactor;
- }
-
- if (totalCapacity == null) {
- totalCapacity = new Long((long)(capacity.getTotalCapacity() * overprovisioningFactor));
- } else {
- totalCapacity = new Long((long)(capacity.getTotalCapacity() * overprovisioningFactor)) + totalCapacity;
- }
-
- if (usedCapacity == null) {
- usedCapacity = new Long(capacity.getUsedCapacity());
- } else {
- usedCapacity = new Long(capacity.getUsedCapacity() + usedCapacity);
- }
-
- if (capacityType == Capacity.CAPACITY_TYPE_CPU || capacityType == Capacity.CAPACITY_TYPE_MEMORY) { // Reserved
- // Capacity
- // accounts
- // for
- // stopped
- // vms
- // that
- // have been
- // stopped
- // within
- // an
- // interval
- usedCapacity += capacity.getReservedCapacity();
- }
-
- totalCapacityMap.put(key, totalCapacity);
- usedCapacityMap.put(key, usedCapacity);
-
- if (sumPodCapacity) {
- totalCapacity = totalCapacityMap.get(keyForPodTotal);
- usedCapacity = usedCapacityMap.get(keyForPodTotal);
-
- overprovisioningFactor = 1;
- if (capacityType == Capacity.CAPACITY_TYPE_CPU) {
- overprovisioningFactor = cpuOverprovisioningFactor;
- }
-
- if (totalCapacity == null) {
- totalCapacity = new Long((long)(capacity.getTotalCapacity() * overprovisioningFactor));
- } else {
- totalCapacity = new Long((long)(capacity.getTotalCapacity() * overprovisioningFactor)) + totalCapacity;
- }
-
- if (usedCapacity == null) {
- usedCapacity = new Long(capacity.getUsedCapacity());
- } else {
- usedCapacity = new Long(capacity.getUsedCapacity() + usedCapacity);
- }
-
- if (capacityType == Capacity.CAPACITY_TYPE_CPU || capacityType == Capacity.CAPACITY_TYPE_MEMORY) { // Reserved
- // Capacity
- // accounts
- // for
- // stopped
- // vms
- // that
- // have
- // been
- // stopped
- // within
- // an
- // interval
- usedCapacity += capacity.getReservedCapacity();
- }
-
- totalCapacityMap.put(keyForPodTotal, totalCapacity);
- usedCapacityMap.put(keyForPodTotal, usedCapacity);
- }
- }
-
- List<CapacityVO> summedCapacities = new ArrayList<CapacityVO>();
- for (String key : totalCapacityMap.keySet()) {
- CapacityVO summedCapacity = new CapacityVO();
-
- StringTokenizer st = new StringTokenizer(key, "_");
- summedCapacity.setCapacityType(Short.parseShort(st.nextToken()));
- summedCapacity.setDataCenterId(Long.parseLong(st.nextToken()));
- if (st.hasMoreTokens()) {
- summedCapacity.setPodId(Long.parseLong(st.nextToken()));
- }
-
- summedCapacity.setTotalCapacity(totalCapacityMap.get(key));
- summedCapacity.setUsedCapacity(usedCapacityMap.get(key));
-
- summedCapacities.add(summedCapacity);
- }
- return summedCapacities;
- }
-
@Override
public List<CapacityResponse> createCapacityResponse(List<? extends Capacity> result, DecimalFormat format) {
List<CapacityResponse> capacityResponses = new ArrayList<CapacityResponse>();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/server/src/com/cloud/keystore/KeystoreManager.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/keystore/KeystoreManager.java b/server/src/com/cloud/keystore/KeystoreManager.java
deleted file mode 100644
index 8a7d553..0000000
--- a/server/src/com/cloud/keystore/KeystoreManager.java
+++ /dev/null
@@ -1,32 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.keystore;
-
-import com.cloud.agent.api.SecStorageSetupCommand.Certificates;
-import com.cloud.utils.component.Manager;
-
-public interface KeystoreManager extends Manager {
- boolean validateCertificate(String certificate, String key, String domainSuffix);
-
- void saveCertificate(String name, String certificate, String key, String domainSuffix);
-
- byte[] getKeystoreBits(String name, String aliasForCertificateInStore, String storePassword);
-
- void saveCertificate(String name, String certificate, Integer index, String domainSuffix);
-
- Certificates getCertificates(String name);
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/server/src/com/cloud/keystore/KeystoreManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/keystore/KeystoreManagerImpl.java b/server/src/com/cloud/keystore/KeystoreManagerImpl.java
deleted file mode 100644
index 2b798fe..0000000
--- a/server/src/com/cloud/keystore/KeystoreManagerImpl.java
+++ /dev/null
@@ -1,155 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.keystore;
-
-import java.io.IOException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.spec.InvalidKeySpecException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
-
-import com.cloud.agent.api.SecStorageSetupCommand;
-import com.cloud.utils.Ternary;
-import com.cloud.utils.component.ManagerBase;
-import com.cloud.utils.exception.CloudRuntimeException;
-import com.cloud.utils.security.CertificateHelper;
-
-@Component
-@Local(value = KeystoreManager.class)
-public class KeystoreManagerImpl extends ManagerBase implements KeystoreManager {
- private static final Logger s_logger = Logger.getLogger(KeystoreManagerImpl.class);
-
- @Inject
- private KeystoreDao _ksDao;
-
- @Override
- public boolean validateCertificate(String certificate, String key, String domainSuffix) {
- if (certificate == null || certificate.isEmpty() || key == null || key.isEmpty() || domainSuffix == null || domainSuffix.isEmpty()) {
- s_logger.error("Invalid parameter found in (certificate, key, domainSuffix) tuple for domain: " + domainSuffix);
- return false;
- }
-
- try {
- String ksPassword = "passwordForValidation";
- byte[] ksBits = CertificateHelper.buildAndSaveKeystore(domainSuffix, certificate, getKeyContent(key), ksPassword);
- KeyStore ks = CertificateHelper.loadKeystore(ksBits, ksPassword);
- if (ks != null)
- return true;
-
- s_logger.error("Unabled to construct keystore for domain: " + domainSuffix);
- } catch (Exception e) {
- s_logger.error("Certificate validation failed due to exception for domain: " + domainSuffix, e);
- }
- return false;
- }
-
- @Override
- public void saveCertificate(String name, String certificate, String key, String domainSuffix) {
- if (name == null || name.isEmpty() || certificate == null || certificate.isEmpty() || key == null || key.isEmpty() || domainSuffix == null ||
- domainSuffix.isEmpty())
- throw new CloudRuntimeException("invalid parameter in saveCerticate");
-
- _ksDao.save(name, certificate, key, domainSuffix);
- }
-
- @Override
- public void saveCertificate(String name, String certificate, Integer index, String domainSuffix) {
- if (name == null || name.isEmpty() || certificate == null || certificate.isEmpty() || index == null || domainSuffix == null || domainSuffix.isEmpty())
- throw new CloudRuntimeException("invalid parameter in saveCerticate");
-
- _ksDao.save(name, certificate, index, domainSuffix);
- }
-
- @Override
- public byte[] getKeystoreBits(String name, String aliasForCertificateInStore, String storePassword) {
- assert (name != null);
- assert (aliasForCertificateInStore != null);
- assert (storePassword != null);
-
- KeystoreVO ksVo = _ksDao.findByName(name);
- if (ksVo == null)
- throw new CloudRuntimeException("Unable to find keystore " + name);
-
- List<Ternary<String, String, String>> certs = new ArrayList<Ternary<String, String, String>>();
- List<KeystoreVO> certChains = _ksDao.findCertChain();
-
- for (KeystoreVO ks : certChains) {
- Ternary<String, String, String> cert = new Ternary<String, String, String>(ks.getName(), ks.getCertificate(), null);
- certs.add(cert);
- }
-
- Ternary<String, String, String> cert = new Ternary<String, String, String>(ksVo.getName(), ksVo.getCertificate(), getKeyContent(ksVo.getKey()));
- certs.add(cert);
-
- try {
- return CertificateHelper.buildAndSaveKeystore(certs, storePassword);
- } catch (KeyStoreException e) {
- s_logger.warn("Unable to build keystore for " + name + " due to KeyStoreException");
- } catch (CertificateException e) {
- s_logger.warn("Unable to build keystore for " + name + " due to CertificateException");
- } catch (NoSuchAlgorithmException e) {
- s_logger.warn("Unable to build keystore for " + name + " due to NoSuchAlgorithmException");
- } catch (InvalidKeySpecException e) {
- s_logger.warn("Unable to build keystore for " + name + " due to InvalidKeySpecException");
- } catch (IOException e) {
- s_logger.warn("Unable to build keystore for " + name + " due to IOException");
- }
- return null;
- }
-
- @Override
- public SecStorageSetupCommand.Certificates getCertificates(String name) {
- KeystoreVO ksVo = _ksDao.findByName(name);
- if (ksVo == null) {
- return null;
- }
- String prvKey = ksVo.getKey();
- String prvCert = ksVo.getCertificate();
- String certChain = null;
- List<KeystoreVO> certchains = _ksDao.findCertChain();
- if (certchains.size() > 0) {
- StringBuilder chains = new StringBuilder();
- for (KeystoreVO cert : certchains) {
- chains.append(cert.getCertificate());
- chains.append("\n");
- }
- certChain = chains.toString();
- }
- SecStorageSetupCommand.Certificates certs = new SecStorageSetupCommand.Certificates(prvKey, prvCert, certChain);
- return certs;
- }
-
- private static String getKeyContent(String key) {
- Pattern regex = Pattern.compile("(^[\\-]+[^\\-]+[\\-]+[\\n]?)([^\\-]+)([\\-]+[^\\-]+[\\-]+$)");
- Matcher m = regex.matcher(key);
- if (m.find())
- return m.group(2);
-
- return key;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/server/src/com/cloud/server/ManagementServer.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/server/ManagementServer.java b/server/src/com/cloud/server/ManagementServer.java
index 5a751e8..b93e027 100755
--- a/server/src/com/cloud/server/ManagementServer.java
+++ b/server/src/com/cloud/server/ManagementServer.java
@@ -16,10 +16,6 @@
// under the License.
package com.cloud.server;
-import java.util.List;
-
-import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
-
import com.cloud.host.HostVO;
import com.cloud.storage.GuestOSVO;
import com.cloud.utils.Pair;
@@ -65,8 +61,6 @@ public interface ManagementServer extends ManagementService, PluggableService {
public long getMemoryOrCpuCapacityByHost(Long hostId, short capacityType);
- Pair<List<StoragePoolVO>, Integer> searchForStoragePools(Criteria c);
-
String getHashKey();
String getEncryptionKey();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/server/src/com/cloud/server/ManagementServerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index 28cc1fd..1ccdbfc 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -2954,58 +2954,6 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
}
}
- @Override
- public Pair<List<StoragePoolVO>, Integer> searchForStoragePools(Criteria c) {
- Filter searchFilter = new Filter(StoragePoolVO.class, c.getOrderBy(), c.getAscending(), c.getOffset(), c.getLimit());
- SearchCriteria<StoragePoolVO> sc = _poolDao.createSearchCriteria();
-
- Object id = c.getCriteria(Criteria.ID);
- Object name = c.getCriteria(Criteria.NAME);
- Object host = c.getCriteria(Criteria.HOST);
- Object path = c.getCriteria(Criteria.PATH);
- Object zone = c.getCriteria(Criteria.DATACENTERID);
- Object pod = c.getCriteria(Criteria.PODID);
- Object cluster = c.getCriteria(Criteria.CLUSTERID);
- Object address = c.getCriteria(Criteria.ADDRESS);
- Object keyword = c.getCriteria(Criteria.KEYWORD);
-
- if (keyword != null) {
- SearchCriteria<StoragePoolVO> ssc = _poolDao.createSearchCriteria();
- ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%");
- ssc.addOr("poolType", SearchCriteria.Op.LIKE, "%" + keyword + "%");
-
- sc.addAnd("name", SearchCriteria.Op.SC, ssc);
- }
-
- if (id != null) {
- sc.addAnd("id", SearchCriteria.Op.EQ, id);
- }
-
- if (name != null) {
- sc.addAnd("name", SearchCriteria.Op.LIKE, "%" + name + "%");
- }
- if (host != null) {
- sc.addAnd("host", SearchCriteria.Op.EQ, host);
- }
- if (path != null) {
- sc.addAnd("path", SearchCriteria.Op.EQ, path);
- }
- if (zone != null) {
- sc.addAnd("dataCenterId", SearchCriteria.Op.EQ, zone);
- }
- if (pod != null) {
- sc.addAnd("podId", SearchCriteria.Op.EQ, pod);
- }
- if (address != null) {
- sc.addAnd("hostAddress", SearchCriteria.Op.EQ, address);
- }
- if (cluster != null) {
- sc.addAnd("clusterId", SearchCriteria.Op.EQ, cluster);
- }
-
- return _poolDao.searchAndCount(sc, searchFilter);
- }
-
private SecondaryStorageVmVO startSecondaryStorageVm(long instanceId) {
return _secStorageVmMgr.startSecStorageVm(instanceId);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
index 114d06f..1ebe3b6 100755
--- a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
+++ b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
@@ -50,7 +50,6 @@ import com.cloud.agent.api.RebootCommand;
import com.cloud.agent.api.SecStorageFirewallCfgCommand;
import com.cloud.agent.api.SecStorageSetupAnswer;
import com.cloud.agent.api.SecStorageSetupCommand;
-import com.cloud.agent.api.SecStorageSetupCommand.Certificates;
import com.cloud.agent.api.SecStorageVMSetupCommand;
import com.cloud.agent.api.StartupCommand;
import com.cloud.agent.api.StartupSecondaryStorageCommand;
@@ -304,7 +303,7 @@ public class SecondaryStorageManagerImpl extends ManagerBase implements Secondar
if (!_useSSlCopy) {
setupCmd = new SecStorageSetupCommand(ssStore.getTO(), secUrl, null);
} else {
- Certificates certs = _keystoreMgr.getCertificates(ConsoleProxyManager.CERTIFICATE_NAME);
+ KeystoreManager.Certificates certs = _keystoreMgr.getCertificates(ConsoleProxyManager.CERTIFICATE_NAME);
setupCmd = new SecStorageSetupCommand(ssStore.getTO(), secUrl, certs);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/server/test/resources/SecurityGroupManagerTestContext.xml
----------------------------------------------------------------------
diff --git a/server/test/resources/SecurityGroupManagerTestContext.xml b/server/test/resources/SecurityGroupManagerTestContext.xml
index 7ff2976..3b9a752 100644
--- a/server/test/resources/SecurityGroupManagerTestContext.xml
+++ b/server/test/resources/SecurityGroupManagerTestContext.xml
@@ -1,19 +1,19 @@
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
- license agreements. See the NOTICE file distributed with this work for additional
- information regarding copyright ownership. The ASF licenses this file to
- you under the Apache License, Version 2.0 (the "License"); you may not use
- this file except in compliance with the License. You may obtain a copy of
- the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
- by applicable law or agreed to in writing, software distributed under the
- License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
- OF ANY KIND, either express or implied. See the License for the specific
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
language governing permissions and limitations under the License. -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/tx
+ http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/server/test/resources/SnapshotDaoTestContext.xml
----------------------------------------------------------------------
diff --git a/server/test/resources/SnapshotDaoTestContext.xml b/server/test/resources/SnapshotDaoTestContext.xml
index 3b87888..30151b5 100644
--- a/server/test/resources/SnapshotDaoTestContext.xml
+++ b/server/test/resources/SnapshotDaoTestContext.xml
@@ -1,19 +1,19 @@
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
- license agreements. See the NOTICE file distributed with this work for additional
- information regarding copyright ownership. The ASF licenses this file to
- you under the Apache License, Version 2.0 (the "License"); you may not use
- this file except in compliance with the License. You may obtain a copy of
- the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
- by applicable law or agreed to in writing, software distributed under the
- License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
- OF ANY KIND, either express or implied. See the License for the specific
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
language governing permissions and limitations under the License. -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/tx
+ http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/server/test/resources/StoragePoolDaoTestContext.xml
----------------------------------------------------------------------
diff --git a/server/test/resources/StoragePoolDaoTestContext.xml b/server/test/resources/StoragePoolDaoTestContext.xml
index 345827e..afaad87 100644
--- a/server/test/resources/StoragePoolDaoTestContext.xml
+++ b/server/test/resources/StoragePoolDaoTestContext.xml
@@ -1,19 +1,19 @@
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
- license agreements. See the NOTICE file distributed with this work for additional
- information regarding copyright ownership. The ASF licenses this file to
- you under the Apache License, Version 2.0 (the "License"); you may not use
- this file except in compliance with the License. You may obtain a copy of
- the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
- by applicable law or agreed to in writing, software distributed under the
- License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
- OF ANY KIND, either express or implied. See the License for the specific
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
language governing permissions and limitations under the License. -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/tx
+ http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
----------------------------------------------------------------------
diff --git a/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java b/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
index 6964bf4..d158de3 100755
--- a/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
+++ b/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
@@ -91,7 +91,6 @@ import com.cloud.agent.api.SecStorageFirewallCfgCommand;
import com.cloud.agent.api.SecStorageFirewallCfgCommand.PortConfig;
import com.cloud.agent.api.SecStorageSetupAnswer;
import com.cloud.agent.api.SecStorageSetupCommand;
-import com.cloud.agent.api.SecStorageSetupCommand.Certificates;
import com.cloud.agent.api.SecStorageVMSetupCommand;
import com.cloud.agent.api.StartupCommand;
import com.cloud.agent.api.StartupSecondaryStorageCommand;
@@ -113,11 +112,13 @@ import com.cloud.exception.InternalErrorException;
import com.cloud.host.Host;
import com.cloud.host.Host.Type;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
+import com.cloud.keystore.KeystoreManager;
import com.cloud.resource.ServerResourceBase;
import com.cloud.storage.DataStoreRole;
import com.cloud.storage.Storage.ImageFormat;
import com.cloud.storage.StorageLayer;
import com.cloud.storage.VMTemplateStorageResourceAssoc;
+import com.cloud.storage.template.OVAProcessor;
import com.cloud.storage.template.Processor;
import com.cloud.storage.template.Processor.FormatInfo;
import com.cloud.storage.template.QCOW2Processor;
@@ -125,7 +126,6 @@ import com.cloud.storage.template.RawImageProcessor;
import com.cloud.storage.template.TemplateLocation;
import com.cloud.storage.template.TemplateProp;
import com.cloud.storage.template.VhdProcessor;
-import com.cloud.storage.template.OVAProcessor;
import com.cloud.storage.template.VmdkProcessor;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.S3Utils;
@@ -152,7 +152,7 @@ public class NfsSecondaryStorageResource extends ServerResourceBase implements S
}
public void setTimeout(int timeout) {
- this._timeout = timeout;
+ _timeout = timeout;
}
String _instance;
@@ -1201,7 +1201,7 @@ public class NfsSecondaryStorageResource extends ServerResourceBase implements S
return new Answer(cmd, true, checksum);
}
- private void configCerts(Certificates certs) {
+ private void configCerts(KeystoreManager.Certificates certs) {
if (certs == null) {
configureSSL();
} else {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/usage/test/resources/UsageManagerTestContext.xml
----------------------------------------------------------------------
diff --git a/usage/test/resources/UsageManagerTestContext.xml b/usage/test/resources/UsageManagerTestContext.xml
index ad4757a..52f9bf0 100644
--- a/usage/test/resources/UsageManagerTestContext.xml
+++ b/usage/test/resources/UsageManagerTestContext.xml
@@ -1,19 +1,19 @@
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
- license agreements. See the NOTICE file distributed with this work for additional
- information regarding copyright ownership. The ASF licenses this file to
- you under the Apache License, Version 2.0 (the "License"); you may not use
- this file except in compliance with the License. You may obtain a copy of
- the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
- by applicable law or agreed to in writing, software distributed under the
- License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
- OF ANY KIND, either express or implied. See the License for the specific
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
language governing permissions and limitations under the License. -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/tx
+ http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/usage/test/resources/cloud1.xml
----------------------------------------------------------------------
diff --git a/usage/test/resources/cloud1.xml b/usage/test/resources/cloud1.xml
index e148c58..2b139fd 100644
--- a/usage/test/resources/cloud1.xml
+++ b/usage/test/resources/cloud1.xml
@@ -1,11 +1,11 @@
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
- license agreements. See the NOTICE file distributed with this work for additional
- information regarding copyright ownership. The ASF licenses this file to you under
- the Apache License, Version 2.0 (the "License"); you may not use this file except
- in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software distributed under
- the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
- OF ANY KIND, either express or implied. See the License for the specific language
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to you under
+ the Apache License, Version 2.0 (the "License"); you may not use this file except
+ in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software distributed under
+ the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific language
governing permissions and limitations under the License. -->
<!-- cloud -->
<dataset>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ae8560b1/usage/test/resources/cloud2.xml
----------------------------------------------------------------------
diff --git a/usage/test/resources/cloud2.xml b/usage/test/resources/cloud2.xml
index e148c58..2b139fd 100644
--- a/usage/test/resources/cloud2.xml
+++ b/usage/test/resources/cloud2.xml
@@ -1,11 +1,11 @@
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
- license agreements. See the NOTICE file distributed with this work for additional
- information regarding copyright ownership. The ASF licenses this file to you under
- the Apache License, Version 2.0 (the "License"); you may not use this file except
- in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software distributed under
- the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
- OF ANY KIND, either express or implied. See the License for the specific language
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to you under
+ the Apache License, Version 2.0 (the "License"); you may not use this file except
+ in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software distributed under
+ the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific language
governing permissions and limitations under the License. -->
<!-- cloud -->
<dataset>
[4/4] git commit: updated refs/heads/master to bc1eec9
Posted by ah...@apache.org.
Fixed a missing package name
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/bc1eec9f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/bc1eec9f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/bc1eec9f
Branch: refs/heads/master
Commit: bc1eec9f70b9779dfea432cb23586b4de2d51162
Parents: 5fb6edd
Author: Alex Huang <al...@citrix.com>
Authored: Thu Jan 9 16:48:19 2014 -0800
Committer: Alex Huang <al...@citrix.com>
Committed: Thu Jan 9 16:48:19 2014 -0800
----------------------------------------------------------------------
.../cloudstack/core/spring-engine-schema-core-daos-context.xml | 1 -
.../cloudstack/core/spring-framework-security-core-context.xml | 3 ++-
2 files changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bc1eec9f/engine/schema/resources/META-INF/cloudstack/core/spring-engine-schema-core-daos-context.xml
----------------------------------------------------------------------
diff --git a/engine/schema/resources/META-INF/cloudstack/core/spring-engine-schema-core-daos-context.xml b/engine/schema/resources/META-INF/cloudstack/core/spring-engine-schema-core-daos-context.xml
index 627cc9f..6dd1d4b 100644
--- a/engine/schema/resources/META-INF/cloudstack/core/spring-engine-schema-core-daos-context.xml
+++ b/engine/schema/resources/META-INF/cloudstack/core/spring-engine-schema-core-daos-context.xml
@@ -184,7 +184,6 @@
<bean id="instanceGroupJoinDaoImpl" class="com.cloud.api.query.dao.InstanceGroupJoinDaoImpl" />
<bean id="instanceGroupVMMapDaoImpl" class="com.cloud.vm.dao.InstanceGroupVMMapDaoImpl" />
<bean id="itWorkDaoImpl" class="com.cloud.vm.ItWorkDaoImpl" />
- <bean id="keystoreDaoImpl" class="com.cloud.keystore.KeystoreDaoImpl" />
<bean id="lBHealthCheckPolicyDaoImpl" class="com.cloud.network.dao.LBHealthCheckPolicyDaoImpl" />
<bean id="lBStickinessPolicyDaoImpl" class="com.cloud.network.dao.LBStickinessPolicyDaoImpl" />
<bean id="launchPermissionDaoImpl" class="com.cloud.storage.dao.LaunchPermissionDaoImpl" />
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bc1eec9f/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
----------------------------------------------------------------------
diff --git a/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml b/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
index 29aad7e..3775565 100644
--- a/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
+++ b/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
@@ -26,5 +26,6 @@
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd"
>
- <bean id="keystoreManagerImpl" class="org.apache.cloudstack.framework.security.KeystoreManagerImpl" />
+ <bean id="keystoreManagerImpl" class="org.apache.cloudstack.framework.security.keystore.KeystoreManagerImpl" />
+ <bean id="keystoreDaoImpl" class="org.apache.cloudstack.framework.security.keystore.KeystoreDaoImpl" />
</beans>