You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/03/13 10:32:51 UTC
[1/9] git commit: updated refs/heads/4.5 to b79f13c
Repository: cloudstack
Updated Branches:
refs/heads/4.5 4b45d2515 -> b79f13ccb
Fix encoding for user account label in header
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/bfcdbeca
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/bfcdbeca
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/bfcdbeca
Branch: refs/heads/4.5
Commit: bfcdbeca29dcf234d5aecbb4f2d9ca1ec315e0da
Parents: 4b45d25
Author: Brian Federle <br...@citrix.com>
Authored: Thu Oct 9 10:47:31 2014 -0700
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 12:47:32 2015 +0530
----------------------------------------------------------------------
ui/scripts/ui/core.js | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bfcdbeca/ui/scripts/ui/core.js
----------------------------------------------------------------------
diff --git a/ui/scripts/ui/core.js b/ui/scripts/ui/core.js
index add7d06..6912d1b 100644
--- a/ui/scripts/ui/core.js
+++ b/ui/scripts/ui/core.js
@@ -50,7 +50,7 @@
.addClass('navigation-item')
.addClass(sectionID)
.append($('<span>').addClass('icon').html(' '))
- .append($('<span>').html(_l(args.title)))
+ .append($('<span>').text(_l(args.title)))
.data('cloudStack-section-id', sectionID);
if (args.customIcon) {
@@ -223,7 +223,7 @@
id: 'user'
}).addClass('button')
.append(
- $('<div>').addClass('name').html(
+ $('<div>').addClass('name').text(
args.context && args.context.users ?
cloudStack.concat(userLabel, 14) : 'Invalid User'
)
@@ -258,7 +258,7 @@
$('<div>').attr({
id: 'breadcrumbs'
})
- .append($('<div>').addClass('home').html(_l('label.home')))
+ .append($('<div>').addClass('home').text(_l('label.home')))
.append($('<div>').addClass('end'))
)
@@ -309,7 +309,7 @@
.attr({
href: '#'
})
- .html(_l(this.toString()))
+ .text(_l(this.toString()))
.appendTo($options);
if (this == 'label.help') {
@@ -323,8 +323,8 @@
}
if (this == 'label.about') {
$link.addClass('about').click(function() {
- var $logo = $('<div>').addClass('logo').html(_l('label.app.name')),
- $version = $('<div>').addClass('version').html(g_cloudstackversion),
+ var $logo = $('<div>').addClass('logo').text(_l('label.app.name')),
+ $version = $('<div>').addClass('version').text(g_cloudstackversion),
$about = $('<div>').addClass('about').append($logo).append($version);
$about.dialog({
modal: true,
[4/9] git commit: updated refs/heads/4.5 to b79f13c
Posted by bh...@apache.org.
CS-19734:Session cookie is exposed to scripts.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0b5b9c91
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0b5b9c91
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0b5b9c91
Branch: refs/heads/4.5
Commit: 0b5b9c91e451d069c501a08a34523eccd22dff05
Parents: c5754e6
Author: Min Chen <mi...@citrix.com>
Authored: Fri Jul 18 12:08:07 2014 -0700
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 12:51:06 2015 +0530
----------------------------------------------------------------------
client/tomcatconf/context.xml.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0b5b9c91/client/tomcatconf/context.xml.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/context.xml.in b/client/tomcatconf/context.xml.in
index 9913dd1..a78215c 100644
--- a/client/tomcatconf/context.xml.in
+++ b/client/tomcatconf/context.xml.in
@@ -16,7 +16,7 @@
limitations under the License.
-->
<!-- The contents of this file will be loaded for each web application -->
-<Context allowLinking="true">
+<Context allowLinking="true" useHttpOnly="true">
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
[9/9] git commit: updated refs/heads/4.5 to b79f13c
Posted by bh...@apache.org.
ui: if session cookie exists, use it to set global session holder and invalidate it
The 19e3c0168e744a76b5e1dc24a5eafa776d342404 commit breaks SAML login and any
login where redirection is used.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b79f13cc
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b79f13cc
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b79f13cc
Branch: refs/heads/4.5
Commit: b79f13ccb54c6afc48c42bc94c61621dc6cac32d
Parents: 32fe64c
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Fri Mar 13 15:01:11 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 15:01:51 2015 +0530
----------------------------------------------------------------------
.../api/command/SAML2LoginAPIAuthenticatorCmd.java | 2 +-
ui/scripts/cloudStack.js | 14 ++++++++++++--
2 files changed, 13 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b79f13cc/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index d1cc546..f40a4ee 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -284,7 +284,7 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent
resp.addCookie(new Cookie("domainid", URLEncoder.encode(loginResponse.getDomainId(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("role", URLEncoder.encode(loginResponse.getType(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("username", URLEncoder.encode(loginResponse.getUsername(), HttpUtils.UTF_8)));
- resp.addCookie(new Cookie("sessionKey", URLEncoder.encode(loginResponse.getSessionKey(), HttpUtils.UTF_8)));
+ resp.addCookie(new Cookie("sessionkey", URLEncoder.encode(loginResponse.getSessionKey(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("account", URLEncoder.encode(loginResponse.getAccount(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("timezone", URLEncoder.encode(loginResponse.getTimeZone(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("userfullname", URLEncoder.encode(loginResponse.getFirstName() + " " + loginResponse.getLastName(), HttpUtils.UTF_8).replace("+", "%20")));
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b79f13cc/ui/scripts/cloudStack.js
----------------------------------------------------------------------
diff --git a/ui/scripts/cloudStack.js b/ui/scripts/cloudStack.js
index 19d6bd0..479b162 100644
--- a/ui/scripts/cloudStack.js
+++ b/ui/scripts/cloudStack.js
@@ -117,14 +117,22 @@
}
return cookieValue;
};
- g_sessionKey = unBoxCookieValue('JSESSIONID');
+ unBoxCookieValue('sessionkey');
+ // if sessionkey cookie exists use this to set g_sessionKey
+ // and destroy sessionkey cookie
+ if ($.cookie('sessionkey')) {
+ g_sessionKey = $.cookie('sessionkey');
+ $.cookie('sessionkey', null);
+ } else {
+ g_sessionKey = unBoxCookieValue('JSESSIONID');
+ }
g_role = unBoxCookieValue('role');
g_userid = unBoxCookieValue('userid');
g_domainid = unBoxCookieValue('domainid');
g_account = unBoxCookieValue('account');
g_username = unBoxCookieValue('username');
g_userfullname = unBoxCookieValue('userfullname');
- g_timezone = unBoxCookieValue('timezone');
+ g_timezone = unBoxCookieValue('timezone');
} else { //single-sign-on (bypass login screen)
g_sessionKey = encodeURIComponent(g_loginResponse.sessionkey);
g_role = g_loginResponse.type;
@@ -322,6 +330,7 @@
g_loginCmdText = null;
$.cookie('JSESSIONID', null);
+ $.cookie('sessionkey', null);
$.cookie('username', null);
$.cookie('account', null);
$.cookie('domainid', null);
@@ -345,6 +354,7 @@
samlLoginAction: function(args) {
$.cookie('JSESSIONID', null);
+ $.cookie('sessionkey', null);
$.cookie('username', null);
$.cookie('account', null);
$.cookie('domainid', null);
[3/9] git commit: updated refs/heads/4.5 to b79f13c
Posted by bh...@apache.org.
CS-20680: The user's secret key is not encrypted in the UserCredentialsVO class
Changes:
-Added annotation to encrypt the secret key while persisting to the DB
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/c5754e69
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/c5754e69
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/c5754e69
Branch: refs/heads/4.5
Commit: c5754e693f0272b29fc0aa89278a30ee967f12f9
Parents: 0d36f2e
Author: Prachi Damle <pr...@citrix.com>
Authored: Wed Oct 15 14:53:45 2014 -0700
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 12:50:19 2015 +0530
----------------------------------------------------------------------
awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java | 3 +++
1 file changed, 3 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c5754e69/awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java
----------------------------------------------------------------------
diff --git a/awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java b/awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java
index 9a10c2e..fe009cd 100644
--- a/awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java
+++ b/awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java
@@ -23,6 +23,8 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
+import com.cloud.utils.db.Encrypt;
+
@Entity
@Table(name = "usercredentials")
public class UserCredentialsVO {
@@ -36,6 +38,7 @@ public class UserCredentialsVO {
@Column(name = "AccessKey")
private String accessKey;
+ @Encrypt
@Column(name = "SecretKey")
private String secretKey;
[6/9] git commit: updated refs/heads/4.5 to b79f13c
Posted by bh...@apache.org.
CS-17504: Weak SSL ciphers supported by the management server
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/f947fad1
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/f947fad1
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/f947fad1
Branch: refs/heads/4.5
Commit: f947fad197f8ffde51231dc80733cf16aa2f1fa1
Parents: 19e3c01
Author: Harikrishna Patnala <ha...@citrix.com>
Authored: Tue Nov 4 17:47:04 2014 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 13:25:33 2015 +0530
----------------------------------------------------------------------
client/tomcatconf/java.security.ciphers.in | 18 ++++++++++++++++++
client/tomcatconf/tomcat6-nonssl.conf.in | 2 +-
client/tomcatconf/tomcat6-ssl.conf.in | 2 +-
debian/cloudstack-management.install | 1 +
packaging/centos63/cloud.spec | 2 +-
5 files changed, 22 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f947fad1/client/tomcatconf/java.security.ciphers.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/java.security.ciphers.in b/client/tomcatconf/java.security.ciphers.in
new file mode 100644
index 0000000..986abf6
--- /dev/null
+++ b/client/tomcatconf/java.security.ciphers.in
@@ -0,0 +1,18 @@
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements. See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership. The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing,
+ # software distributed under the License is distributed on an
+ # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ # KIND, either express or implied. See the License for the
+ # specific language governing permissions and limitations
+ # under the License.
+
+jdk.tls.disabledAlgorithms=DH keySize < 128, RSA keySize < 128, DES keySize < 128, SHA1 keySize < 128, MD5 keySize < 128, RC4
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f947fad1/client/tomcatconf/tomcat6-nonssl.conf.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/tomcat6-nonssl.conf.in b/client/tomcatconf/tomcat6-nonssl.conf.in
index 5ce724c..3f08c90 100644
--- a/client/tomcatconf/tomcat6-nonssl.conf.in
+++ b/client/tomcatconf/tomcat6-nonssl.conf.in
@@ -41,7 +41,7 @@ CATALINA_TMPDIR="@MSENVIRON@/temp"
# Use JAVA_OPTS to set java.library.path for libtcnative.so
#JAVA_OPTS="-Djava.library.path=/usr/lib64"
-JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:PermSize=512M -XX:MaxPermSize=800m"
+JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:PermSize=512M -XX:MaxPermSize=800m -Djava.security.properties=/etc/cloudstack/management/java.security.ciphers"
# What user should run tomcat
TOMCAT_USER="@MSUSER@"
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f947fad1/client/tomcatconf/tomcat6-ssl.conf.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/tomcat6-ssl.conf.in b/client/tomcatconf/tomcat6-ssl.conf.in
index c967a98..e7c53ac 100644
--- a/client/tomcatconf/tomcat6-ssl.conf.in
+++ b/client/tomcatconf/tomcat6-ssl.conf.in
@@ -40,7 +40,7 @@ CATALINA_TMPDIR="@MSENVIRON@/temp"
# Use JAVA_OPTS to set java.library.path for libtcnative.so
#JAVA_OPTS="-Djava.library.path=/usr/lib64"
-JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Djavax.net.ssl.trustStore=/etc/cloudstack/management/cloudmanagementserver.keystore -Djavax.net.ssl.trustStorePassword=vmops.com -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:MaxPermSize=800m -XX:PermSize=512M"
+JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Djavax.net.ssl.trustStore=/etc/cloudstack/management/cloudmanagementserver.keystore -Djavax.net.ssl.trustStorePassword=vmops.com -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:MaxPermSize=800m -XX:PermSize=512M -Djava.security.properties=/etc/cloudstack/management/java.security.ciphers"
# What user should run tomcat
TOMCAT_USER="@MSUSER@"
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f947fad1/debian/cloudstack-management.install
----------------------------------------------------------------------
diff --git a/debian/cloudstack-management.install b/debian/cloudstack-management.install
index ea3f93b..4e016df 100644
--- a/debian/cloudstack-management.install
+++ b/debian/cloudstack-management.install
@@ -30,6 +30,7 @@
/etc/cloudstack/management/tomcat6.conf
/etc/cloudstack/management/web.xml
/etc/cloudstack/management/environment.properties
+/etc/cloudstack/management/java.security.ciphers
/etc/cloudstack/management/log4j-cloud.xml
/etc/cloudstack/management/tomcat-users.xml
/etc/cloudstack/management/context.xml
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f947fad1/packaging/centos63/cloud.spec
----------------------------------------------------------------------
diff --git a/packaging/centos63/cloud.spec b/packaging/centos63/cloud.spec
index 9c88383..9cca67d 100644
--- a/packaging/centos63/cloud.spec
+++ b/packaging/centos63/cloud.spec
@@ -294,7 +294,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/cl
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/vms
for name in db.properties log4j-cloud.xml tomcat6-nonssl.conf tomcat6-ssl.conf %{_serverxmlname}-ssl.xml %{_serverxmlname}-nonssl.xml \
- catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties ; do
+ catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties java.security.ciphers; do
mv ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/$name \
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/$name
done
[7/9] git commit: updated refs/heads/4.5 to b79f13c
Posted by bh...@apache.org.
Avoid distributing private key for realhostip.com
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d94a5720
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d94a5720
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d94a5720
Branch: refs/heads/4.5
Commit: d94a5720efbadb2e538dc68c45c88288486b68f6
Parents: f947fad
Author: Nitin Mehta <ni...@citrix.com>
Authored: Fri Mar 13 13:33:48 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 13:33:48 2015 +0530
----------------------------------------------------------------------
.../cloud/upgrade/dao/Upgrade2213to2214.java | 35 +-------
.../schema/src/com/cloud/vm/ConsoleProxyVO.java | 91 ++------------------
.../com/cloud/consoleproxy/AgentHookBase.java | 14 +--
.../consoleproxy/ConsoleProxyManagerImpl.java | 36 ++------
.../ConsoleProxySecureServerFactoryImpl.java | 34 +-------
5 files changed, 29 insertions(+), 181 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d94a5720/engine/schema/src/com/cloud/upgrade/dao/Upgrade2213to2214.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade2213to2214.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade2213to2214.java
index f3293ba..a8bf80c 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade2213to2214.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade2213to2214.java
@@ -19,7 +19,6 @@ package com.cloud.upgrade.dao;
import java.io.File;
import java.sql.Connection;
import java.sql.PreparedStatement;
-import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
@@ -28,7 +27,6 @@ import org.apache.log4j.Logger;
import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.utils.script.Script;
-import com.cloud.vm.ConsoleProxyVO;
public class Upgrade2213to2214 implements DbUpgrade {
final static Logger s_logger = Logger.getLogger(Upgrade2213to2214.class);
@@ -58,40 +56,11 @@ public class Upgrade2213to2214 implements DbUpgrade {
return new File[] {new File(script)};
}
- private void upgradeCerts(Connection conn) {
- PreparedStatement pstmt;
- try {
- pstmt = conn.prepareStatement("select md5(`cloud`.`keystore`.key) from `cloud`.`keystore` where name = 'CPVMCertificate'");
- ResultSet rs = pstmt.executeQuery();
- while (rs.next()) {
- String privateKeyMd5 = rs.getString(1);
- if (privateKeyMd5.equalsIgnoreCase("432ea1370f57ccd774f4f36052c5fd73")) {
- s_logger.debug("Need to upgrade cloudstack provided certificate");
- pstmt = conn.prepareStatement("update `cloud`.`keystore` set `cloud`.`keystore`.key = ?, certificate = ? where name = 'CPVMCertificate'");
- pstmt.setString(1, ConsoleProxyVO.keyContent);
- pstmt.setString(2, ConsoleProxyVO.certContent);
- pstmt.executeUpdate();
-
- pstmt = conn.prepareStatement("insert into `cloud`.`keystore` (name, certificate, seq, domain_suffix) VALUES (?,?,?,?)");
- pstmt.setString(1, "root");
- pstmt.setString(2, ConsoleProxyVO.rootCa);
- pstmt.setInt(3, 0);
- pstmt.setString(4, "realhostip.com");
- pstmt.executeUpdate();
- }
- }
- rs.close();
- pstmt.close();
- } catch (SQLException e) {
- s_logger.debug("Failed to upgrade keystore: " + e.toString());
- }
-
- }
-
@Override
public void performDataMigration(Connection conn) {
fixIndexes(conn);
- upgradeCerts(conn);
+ //Remove certificate upgrade since RHIP is being retired
+ //upgradeCerts(conn);
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d94a5720/engine/schema/src/com/cloud/vm/ConsoleProxyVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/vm/ConsoleProxyVO.java b/engine/schema/src/com/cloud/vm/ConsoleProxyVO.java
index 670bc6a..306cbf9 100644
--- a/engine/schema/src/com/cloud/vm/ConsoleProxyVO.java
+++ b/engine/schema/src/com/cloud/vm/ConsoleProxyVO.java
@@ -38,81 +38,6 @@ import com.cloud.hypervisor.Hypervisor.HypervisorType;
@PrimaryKeyJoinColumn(name = "id")
@DiscriminatorValue(value = "ConsoleProxy")
public class ConsoleProxyVO extends VMInstanceVO implements ConsoleProxy {
- public static final String keyContent = "-----BEGIN PRIVATE KEY-----\n" + "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCDT9AtEfs+s/I8QXp6rrCw0iNJ\n"
- + "0+GgsybNHheU+JpL39LMTZykCrZhZnyDvwdxCoOfE38Sa32baHKNds+y2SHnMNsOkw8OcNucHEBX\n"
- + "1FIpOBGph9D6xC+umx9od6xMWETUv7j6h2u+WC3OhBM8fHCBqIiAol31/IkcqDxxsHlQ8S/oCfTl\n"
- + "XJUY6Yn628OA1XijKdRnadV0hZ829cv/PZKljjwQUTyrd0KHQeksBH+YAYSo2JUl8ekNLsOi8/cP\n"
- + "tfojnltzRI1GXi0ZONs8VnDzJ0a2gqZY+uxlz+CGbLnGnlN4j9cBpE+MfUE+35Dq121sTpsSgF85\n"
- + "Mz+pVhn2S633AgMBAAECggEAH/Szd9RxbVADenCA6wxKSa3KErRyq1YN8ksJeCKMAj0FIt0caruE\n"
- + "qO11DebWW8cwQu1Otl/cYI6pmg24/BBldMrp9IELX/tNJo+lhPpRyGAxxC0eSXinFfoASb8d+jJd\n"
- + "Bd1mmemM6fSxqRlxSP4LrzIhjhR1g2CiyYuTsiM9UtoVKGyHwe7KfFwirUOJo3Mr18zUVNm7YqY4\n"
- + "IVhOSq59zkH3ULBlYq4bG50jpxa5mNSCZ7IpafPY/kE/CbR+FWNt30+rk69T+qb5abg6+XGm+OAm\n"
- + "bnQ18yZEqX6nJLk7Ch0cfA5orGgrTMOrM71wK7tBBDQ308kOxDGebx6j0qD36QKBgQDTRDr8kuhA\n"
- + "9sUyKr9vk2DQCMpNvEeiwI3JRMqmmxpNAtg01aJ3Ya57vX5Fc+zcuV87kP6FM1xgpHQvnw5LWo2J\n"
- + "s7ANwQcP8ricEW5zkZhSjI4ssMeAubmsHOloGxmLFYZqwx0JI7CWViGTLMcUlqKblmHcjeQDeDfP\n"
- + "P1TaCItFmwKBgQCfHZwVvIcaDs5vxVpZ4ftvflIrW8qq0uOVK6QIf9A/YTGhCXl2qxxTg2A6+0rg\n"
- + "ZqI7zKzUDxIbVv0KlgCbpHDC9d5+sdtDB3wW2pimuJ3p1z4/RHb4n/lDwXCACZl1S5l24yXX2pFZ\n"
- + "wdPCXmy5PYkHMssFLNhI24pprUIQs66M1QKBgQDQwjAjWisD3pRXESSfZRsaFkWJcM28hdbVFhPF\n"
- + "c6gWhwQLmTp0CuL2RPXcPUPFi6sN2iWWi3zxxi9Eyz+9uBn6AsOpo56N5MME/LiOnETO9TKb+Ib6\n"
- + "rQtKhjshcv3XkIqFPo2XdVvOAgglPO7vajX91iiXXuH7h7RmJud6l0y/lwKBgE+bi90gLuPtpoEr\n"
- + "VzIDKz40ED5bNYHT80NNy0rpT7J2GVN9nwStRYXPBBVeZq7xCpgqpgmO5LtDAWULeZBlbHlOdBwl\n"
- + "NhNKKl5wzdEUKwW0yBL1WSS5PQgWPwgARYP25/ggW22sj+49WIo1neXsEKPGWObk8e050f1fTt92\n"
- + "Vo1lAoGAb1gCoyBCzvi7sqFxm4V5oapnJeiQQJFjhoYWqGa26rQ+AvXXNuBcigIeDXNJPctSF0Uc\n"
- + "p11KbbCgiruBbckvM1vGsk6Sx4leRk+IFHRpJktFUek4o0eUg0shOsyyvyet48Dfg0a8FvcxROs0\n" + "gD+IYds5doiob/hcm1hnNB/3vk4=\n" + "-----END PRIVATE KEY-----\n";
-
- public static final String certContent = "-----BEGIN CERTIFICATE-----\n" + "MIIFZTCCBE2gAwIBAgIHKBCduBUoKDANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE\n"
- + "BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY\n" + "BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlm\n"
- + "aWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5\n" + "IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5Njky\n"
- + "ODcwHhcNMTIwMjAzMDMzMDQwWhcNMTcwMjA3MDUxMTIzWjBZMRkwFwYDVQQKDBAq\n" + "LnJlYWxob3N0aXAuY29tMSEwHwYDVQQLDBhEb21haW4gQ29udHJvbCBWYWxpZGF0\n"
- + "ZWQxGTAXBgNVBAMMECoucmVhbGhvc3RpcC5jb20wggEiMA0GCSqGSIb3DQEBAQUA\n" + "A4IBDwAwggEKAoIBAQCDT9AtEfs+s/I8QXp6rrCw0iNJ0+GgsybNHheU+JpL39LM\n"
- + "TZykCrZhZnyDvwdxCoOfE38Sa32baHKNds+y2SHnMNsOkw8OcNucHEBX1FIpOBGp\n" + "h9D6xC+umx9od6xMWETUv7j6h2u+WC3OhBM8fHCBqIiAol31/IkcqDxxsHlQ8S/o\n"
- + "CfTlXJUY6Yn628OA1XijKdRnadV0hZ829cv/PZKljjwQUTyrd0KHQeksBH+YAYSo\n" + "2JUl8ekNLsOi8/cPtfojnltzRI1GXi0ZONs8VnDzJ0a2gqZY+uxlz+CGbLnGnlN4\n"
- + "j9cBpE+MfUE+35Dq121sTpsSgF85Mz+pVhn2S633AgMBAAGjggG+MIIBujAPBgNV\n" + "HRMBAf8EBTADAQEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNV\n"
- + "HQ8BAf8EBAMCBaAwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nb2RhZGR5\n" + "LmNvbS9nZHMxLTY0LmNybDBTBgNVHSAETDBKMEgGC2CGSAGG/W0BBxcBMDkwNwYI\n"
- + "KwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3Np\n" + "dG9yeS8wgYAGCCsGAQUFBwEBBHQwcjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Au\n"
- + "Z29kYWRkeS5jb20vMEoGCCsGAQUFBzAChj5odHRwOi8vY2VydGlmaWNhdGVzLmdv\n" + "ZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RfaW50ZXJtZWRpYXRlLmNydDAfBgNVHSME\n"
- + "GDAWgBT9rGEyk2xF1uLuhV+auud2mWjM5zArBgNVHREEJDAighAqLnJlYWxob3N0\n" + "aXAuY29tgg5yZWFsaG9zdGlwLmNvbTAdBgNVHQ4EFgQUZyJz9/QLy5TWIIscTXID\n"
- + "E8Xk47YwDQYJKoZIhvcNAQEFBQADggEBAKiUV3KK16mP0NpS92fmQkCLqm+qUWyN\n" + "BfBVgf9/M5pcT8EiTZlS5nAtzAE/eRpBeR3ubLlaAogj4rdH7YYVJcDDLLoB2qM3\n"
- + "qeCHu8LFoblkb93UuFDWqRaVPmMlJRnhsRkL1oa2gM2hwQTkBDkP7w5FG1BELCgl\n" + "gZI2ij2yxjge6pOEwSyZCzzbCcg9pN+dNrYyGEtB4k+BBnPA3N4r14CWbk+uxjrQ\n"
- + "6j2Ip+b7wOc5IuMEMl8xwTyjuX3lsLbAZyFI9RCyofwA9NqIZ1GeB6Zd196rubQp\n" + "93cmBqGGjZUs3wMrGlm7xdjlX6GQ9UvmvkMub9+lL99A5W50QgCmFeI=\n"
- + "-----END CERTIFICATE-----\n";
-
- public static final String rootCa = "-----BEGIN CERTIFICATE-----\n" + "MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx\n"
- + "ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g\n" + "RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw\n"
- + "MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH\n" + "QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j\n"
- + "b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j\n" + "b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj\n"
- + "YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN\n" + "AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H\n"
- + "KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm\n" + "VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR\n"
- + "SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT\n" + "cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ\n"
- + "6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu\n" + "MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS\n"
- + "kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB\n" + "BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f\n"
- + "BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv\n" + "c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH\n"
- + "AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO\n" + "BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG\n"
- + "OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU\n" + "A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o\n"
- + "0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX\n" + "RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH\n"
- + "qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV\n" + "U+4=\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n"
- + "MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh\n" + "bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu\n"
- + "Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g\n" + "QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAe\n"
- + "BgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDYyOTE3MDYyMFoX\n" + "DTI0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBE\n"
- + "YWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0\n" + "aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgC\n"
- + "ggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv\n" + "2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+q\n"
- + "N1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiO\n" + "r18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lN\n"
- + "f4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEH\n" + "U1jPEX44dMX4/7VpkI+EdOqXG68CAQOjggHhMIIB3TAdBgNVHQ4EFgQU0sSw0pHU\n"
- + "TBFxs2HLPaH+3ahq1OMwgdIGA1UdIwSByjCBx6GBwaSBvjCBuzEkMCIGA1UEBxMb\n" + "VmFsaUNlcnQgVmFsaWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwg\n"
- + "SW5jLjE1MDMGA1UECxMsVmFsaUNlcnQgQ2xhc3MgMiBQb2xpY3kgVmFsaWRhdGlv\n" + "biBBdXRob3JpdHkxITAfBgNVBAMTGGh0dHA6Ly93d3cudmFsaWNlcnQuY29tLzEg\n"
- + "MB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5jb22CAQEwDwYDVR0TAQH/BAUw\n" + "AwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmdv\n"
- + "ZGFkZHkuY29tMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jZXJ0aWZpY2F0ZXMu\n" + "Z29kYWRkeS5jb20vcmVwb3NpdG9yeS9yb290LmNybDBLBgNVHSAERDBCMEAGBFUd\n"
- + "IAAwODA2BggrBgEFBQcCARYqaHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv\n" + "bS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQC1\n"
- + "QPmnHfbq/qQaQlpE9xXUhUaJwL6e4+PrxeNYiY+Sn1eocSxI0YGyeR+sBjUZsE4O\n" + "WBsUs5iB0QQeyAfJg594RAoYC5jcdnplDQ1tgMQLARzLrUc+cb53S8wGd9D0Vmsf\n"
- + "SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw==\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n"
- + "MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0\n" + "IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz\n"
- + "BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y\n" + "aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG\n"
- + "9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy\n" + "NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y\n"
- + "azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs\n" + "YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw\n"
- + "Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl\n" + "cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY\n"
- + "dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9\n" + "WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS\n"
- + "v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v\n" + "UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu\n"
- + "IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC\n" + "W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd\n" + "-----END CERTIFICATE-----\n";
@Column(name = "public_ip_address", nullable = false)
private String publicIpAddress;
@@ -170,41 +95,41 @@ public class ConsoleProxyVO extends VMInstanceVO implements ConsoleProxy {
}
public void setLastUpdateTime(Date time) {
- this.lastUpdateTime = time;
+ lastUpdateTime = time;
}
public void setSessionDetails(byte[] details) {
- this.sessionDetails = details;
+ sessionDetails = details;
}
@Override
public String getPublicIpAddress() {
- return this.publicIpAddress;
+ return publicIpAddress;
}
@Override
public String getPublicNetmask() {
- return this.publicNetmask;
+ return publicNetmask;
}
@Override
public String getPublicMacAddress() {
- return this.publicMacAddress;
+ return publicMacAddress;
}
@Override
public int getActiveSession() {
- return this.activeSession;
+ return activeSession;
}
@Override
public Date getLastUpdateTime() {
- return this.lastUpdateTime;
+ return lastUpdateTime;
}
@Override
public byte[] getSessionDetails() {
- return this.sessionDetails;
+ return sessionDetails;
}
public boolean isSslEnabled() {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d94a5720/server/src/com/cloud/consoleproxy/AgentHookBase.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/consoleproxy/AgentHookBase.java b/server/src/com/cloud/consoleproxy/AgentHookBase.java
index b61ba13..c391182 100644
--- a/server/src/com/cloud/consoleproxy/AgentHookBase.java
+++ b/server/src/com/cloud/consoleproxy/AgentHookBase.java
@@ -42,6 +42,7 @@ import com.cloud.agent.api.GetVncPortCommand;
import com.cloud.agent.api.StartupCommand;
import com.cloud.agent.api.StartupProxyCommand;
import com.cloud.agent.api.proxy.StartConsoleProxyAgentHttpHandlerCommand;
+import com.cloud.configuration.Config;
import com.cloud.exception.AgentUnavailableException;
import com.cloud.exception.OperationTimedoutException;
import com.cloud.host.Host;
@@ -196,12 +197,15 @@ public abstract class AgentHookBase implements AgentHook {
random.nextBytes(randomBytes);
String storePassword = Base64.encodeBase64String(randomBytes);
- byte[] ksBits = _ksMgr.getKeystoreBits(ConsoleProxyManager.CERTIFICATE_NAME, ConsoleProxyManager.CERTIFICATE_NAME, storePassword);
-
- assert (ksBits != null);
- if (ksBits == null) {
- s_logger.error("Could not find and construct a valid SSL certificate");
+ byte[] ksBits = null;
+ String consoleProxyUrlDomain = _configDao.getValue(Config.ConsoleProxyUrlDomain.key());
+ if (consoleProxyUrlDomain == null || consoleProxyUrlDomain.isEmpty()) {
+ s_logger.debug("SSL is disabled for console proxy based on global config, skip loading certificates");
+ } else {
+ ksBits = _ksMgr.getKeystoreBits(ConsoleProxyManager.CERTIFICATE_NAME, ConsoleProxyManager.CERTIFICATE_NAME, storePassword);
+ //ks manager raises exception if ksBits are null, hence no need to explicltly handle the condition
}
+
cmd = new StartConsoleProxyAgentHttpHandlerCommand(ksBits, storePassword);
cmd.setEncryptorPassword(getEncryptorPassword());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d94a5720/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
index ec23e95..2db4be4 100755
--- a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
+++ b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
@@ -30,8 +30,12 @@ import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
-import org.apache.cloudstack.config.ApiServiceConfiguration;
+import org.apache.log4j.Logger;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import org.apache.cloudstack.config.ApiServiceConfiguration;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
@@ -43,7 +47,6 @@ import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao;
import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
import org.apache.cloudstack.storage.datastore.db.TemplateDataStoreDao;
import org.apache.cloudstack.storage.datastore.db.TemplateDataStoreVO;
-import org.apache.log4j.Logger;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.Answer;
@@ -137,8 +140,6 @@ import com.cloud.vm.VirtualMachineProfile;
import com.cloud.vm.dao.ConsoleProxyDao;
import com.cloud.vm.dao.UserVmDetailsDao;
import com.cloud.vm.dao.VMInstanceDao;
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
//
// Possible console proxy state transition cases
@@ -380,7 +381,9 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
}
KeystoreVO ksVo = _ksDao.findByName(ConsoleProxyManager.CERTIFICATE_NAME);
- assert (ksVo != null);
+ if (proxy.isSslEnabled() && ksVo == null) {
+ s_logger.warn("SSL enabled for console proxy but no server certificate found in database");
+ }
if (_staticPublicIp == null) {
return new ConsoleProxyInfo(proxy.isSslEnabled(), proxy.getPublicIpAddress(), _consoleProxyPort, proxy.getPort(), _consoleProxyUrlDomain);
@@ -1168,27 +1171,6 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
return "consoleproxy.alloc";
}
- private void prepareDefaultCertificate() {
- GlobalLock lock = GlobalLock.getInternLock("consoleproxy.cert.setup");
- try {
- if (lock.lock(ACQUIRE_GLOBAL_LOCK_TIMEOUT_FOR_SYNC)) {
- KeystoreVO ksVo = _ksDao.findByName(CERTIFICATE_NAME);
- if (ksVo == null) {
- _ksDao.save(CERTIFICATE_NAME, ConsoleProxyVO.certContent, ConsoleProxyVO.keyContent, "realhostip.com");
- KeystoreVO caRoot = new KeystoreVO();
- caRoot.setCertificate(ConsoleProxyVO.rootCa);
- caRoot.setDomainSuffix("realhostip.com");
- caRoot.setName("root");
- caRoot.setIndex(0);
- _ksDao.persist(caRoot);
- }
- lock.unlock();
- }
- } finally {
- lock.releaseRef();
- }
- }
-
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
if (s_logger.isInfoEnabled()) {
@@ -1246,8 +1228,6 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
_instance = "DEFAULT";
}
- prepareDefaultCertificate();
-
Map<String, String> agentMgrConfigs = _configDao.getConfiguration("AgentManager", params);
value = agentMgrConfigs.get("port");
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d94a5720/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
----------------------------------------------------------------------
diff --git a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
index e15ddd4..5df971c 100644
--- a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
+++ b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
@@ -16,7 +16,6 @@
// under the License.
package com.cloud.consoleproxy;
-import com.cloud.utils.db.DbProperties;
import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsParameters;
@@ -31,7 +30,6 @@ import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.KeyStore;
@@ -49,36 +47,8 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa
s_logger.info("Start initializing SSL");
if (ksBits == null) {
- try {
- s_logger.info("Initializing SSL from built-in default certificate");
-
- final String pass = DbProperties.getDbProperties().getProperty("db.cloud.keyStorePassphrase");
- char[] passphrase = "vmops.com".toCharArray();
- if (pass != null) {
- passphrase = pass.toCharArray();
- }
- KeyStore ks = KeyStore.getInstance("JKS");
-
- ks.load(new FileInputStream("certs/realhostip.keystore"), passphrase);
- // ks.load(ConsoleProxy.class.getResourceAsStream("/realhostip.keystore"), passphrase);
-
- s_logger.info("SSL certificate loaded");
-
- KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
- kmf.init(ks, passphrase);
- s_logger.info("Key manager factory is initialized");
-
- TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
- tmf.init(ks);
- s_logger.info("Trust manager factory is initialized");
-
- sslContext = SSLUtils.getSSLContext();
- sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
- s_logger.info("SSL context is initialized");
- } catch (Exception ioe) {
- s_logger.error(ioe.toString(), ioe);
- }
-
+ // this should not be the case
+ s_logger.info("No certificates passed, recheck global configuration and certificates");
} else {
char[] passphrase = ksPassword != null ? ksPassword.toCharArray() : null;
try {
[5/9] git commit: updated refs/heads/4.5 to b79f13c
Posted by bh...@apache.org.
CS-18149: UI - no longer store sessionKey in cookie. After
... this change, opening the 2nd browser window (of the same
domain) will show login screen (i.e. user has to enter
credentials again) and will cause the 1st browser window
session timeout.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/19e3c016
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/19e3c016
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/19e3c016
Branch: refs/heads/4.5
Commit: 19e3c0168e744a76b5e1dc24a5eafa776d342404
Parents: 0b5b9c9
Author: Jessica Wang <je...@apache.org>
Authored: Fri Mar 13 13:14:42 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 13:14:42 2015 +0530
----------------------------------------------------------------------
ui/scripts/cloudStack.js | 17 +++++++----------
1 file changed, 7 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/19e3c016/ui/scripts/cloudStack.js
----------------------------------------------------------------------
diff --git a/ui/scripts/cloudStack.js b/ui/scripts/cloudStack.js
index 046843d..19d6bd0 100644
--- a/ui/scripts/cloudStack.js
+++ b/ui/scripts/cloudStack.js
@@ -105,10 +105,10 @@
bypassLoginCheck: function(args) { //determine to show or bypass login screen
if (g_loginResponse == null) { //show login screen
/*
- but if this is a 2nd browser window (of the same domain), login screen still won't show because $.cookie('sessionKey') is valid for 2nd browser window (of the same domain) as well.
- i.e. calling listCapabilities API with g_sessionKey from $.cookie('sessionKey') will succeed,
- then userValid will be set to true, then an user object (instead of "false") will be returned, then login screen will be bypassed.
- */
+ * Since we no longer store sessionKey in cookie, opening the
+ * 2nd browser window (of the same domain) will show login screen (i.e. user has to
+ * enter credentials again) and will cause the 1st browser window session timeout.
+ */
var unBoxCookieValue = function (cookieName) {
var cookieValue = $.cookie(cookieName);
if (cookieValue && cookieValue.length > 2 && cookieValue[0] === '"' && cookieValue[cookieValue.length-1] === '"') {
@@ -117,7 +117,7 @@
}
return cookieValue;
};
- g_sessionKey = unBoxCookieValue('sessionKey');
+ g_sessionKey = unBoxCookieValue('JSESSIONID');
g_role = unBoxCookieValue('role');
g_userid = unBoxCookieValue('userid');
g_domainid = unBoxCookieValue('domainid');
@@ -226,9 +226,6 @@
g_timezone = loginresponse.timezone;
g_userfullname = loginresponse.firstname + ' ' + loginresponse.lastname;
- $.cookie('sessionKey', g_sessionKey, {
- expires: 1
- });
$.cookie('username', g_username, {
expires: 1
});
@@ -324,7 +321,7 @@
g_regionsecondaryenabled = null;
g_loginCmdText = null;
- $.cookie('sessionKey', null);
+ $.cookie('JSESSIONID', null);
$.cookie('username', null);
$.cookie('account', null);
$.cookie('domainid', null);
@@ -347,7 +344,7 @@
},
samlLoginAction: function(args) {
- $.cookie('sessionKey', null);
+ $.cookie('JSESSIONID', null);
$.cookie('username', null);
$.cookie('account', null);
$.cookie('domainid', null);
[2/9] git commit: updated refs/heads/4.5 to b79f13c
Posted by bh...@apache.org.
Error message exposes domain Id when deployVirtualMachine() is attempted on a shared network to which the user doesnot have access to.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0d36f2e4
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0d36f2e4
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0d36f2e4
Branch: refs/heads/4.5
Commit: 0d36f2e4b520ecc85342ab8660e5547f675db12a
Parents: bfcdbec
Author: Min Chen <mi...@citrix.com>
Authored: Wed Sep 17 15:34:12 2014 -0700
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 12:47:56 2015 +0530
----------------------------------------------------------------------
server/src/com/cloud/acl/AffinityGroupAccessChecker.java | 9 ++++++++-
server/src/com/cloud/network/NetworkModelImpl.java | 6 +++++-
2 files changed, 13 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0d36f2e4/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
index 7bcecf0..57f7b37 100644
--- a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
+++ b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
@@ -28,9 +28,11 @@ import org.apache.cloudstack.affinity.AffinityGroup;
import org.apache.cloudstack.affinity.AffinityGroupService;
import org.apache.cloudstack.affinity.dao.AffinityGroupDomainMapDao;
+import com.cloud.domain.DomainVO;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.user.Account;
import com.cloud.user.AccountManager;
+import com.cloud.utils.exception.CloudRuntimeException;
@Component
@Local(value = SecurityChecker.class)
@@ -58,7 +60,12 @@ public class AffinityGroupAccessChecker extends DomainChecker {
if (group.getAclType() == ACLType.Domain) {
if (!_affinityGroupService.isAffinityGroupAvailableInDomain(group.getId(), caller.getDomainId())) {
- throw new PermissionDeniedException("Affinity group is not available in domain id=" + caller.getDomainId());
+ DomainVO callerDomain = _domainDao.findById(caller.getDomainId());
+ if (callerDomain == null) {
+ throw new CloudRuntimeException("cannot check permission on account " + caller.getAccountName() + " whose domain does not exist");
+ }
+
+ throw new PermissionDeniedException("Affinity group is not available in domain id=" + callerDomain.getUuid());
} else {
return true;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0d36f2e4/server/src/com/cloud/network/NetworkModelImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkModelImpl.java b/server/src/com/cloud/network/NetworkModelImpl.java
index 6088212..ff525e0 100755
--- a/server/src/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/com/cloud/network/NetworkModelImpl.java
@@ -1592,8 +1592,12 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel {
} else {
if (!isNetworkAvailableInDomain(network.getId(), owner.getDomainId())) {
+ DomainVO ownerDomain = _domainDao.findById(owner.getDomainId());
+ if (ownerDomain == null) {
+ throw new CloudRuntimeException("cannot check permission on account " + owner.getAccountName() + " whose domain does not exist");
+ }
throw new PermissionDeniedException("Shared network id=" + ((NetworkVO)network).getUuid() + " is not available in domain id=" +
- owner.getDomainId());
+ ownerDomain.getUuid());
}
}
}
[8/9] git commit: updated refs/heads/4.5 to b79f13c
Posted by bh...@apache.org.
Avoid logging password when adding srx device
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/32fe64ce
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/32fe64ce
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/32fe64ce
Branch: refs/heads/4.5
Commit: 32fe64ce1bef9c496ac13f405442d30589c9b34c
Parents: d94a572
Author: Jayapal <ja...@apache.org>
Authored: Fri Mar 13 13:38:23 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 15:01:06 2015 +0530
----------------------------------------------------------------------
.../cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/32fe64ce/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java
----------------------------------------------------------------------
diff --git a/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java b/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java
index e7d95a9..c3c79c9 100644
--- a/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java
+++ b/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java
@@ -61,6 +61,7 @@ import com.cloud.cluster.ManagementServerHost;
import com.cloud.utils.DateUtil;
import com.cloud.utils.Pair;
import com.cloud.utils.Predicate;
+import com.cloud.utils.StringUtils;
import com.cloud.utils.component.ComponentLifecycle;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.concurrency.NamedThreadFactory;
@@ -179,7 +180,7 @@ public class AsyncJobManagerImpl extends ManagerBase implements AsyncJobManager,
publishOnEventBus(job, "submit");
scheduleExecution(job, scheduleJobExecutionInContext);
if (s_logger.isDebugEnabled()) {
- s_logger.debug("submit async job-" + job.getId() + ", details: " + job.toString());
+ s_logger.debug("submit async job-" + job.getId() + ", details: " + StringUtils.cleanString(job.toString()));
}
return job.getId();
}
@@ -518,7 +519,7 @@ public class AsyncJobManagerImpl extends ManagerBase implements AsyncJobManager,
// execute the job
if (s_logger.isDebugEnabled()) {
- s_logger.debug("Executing " + job);
+ s_logger.debug("Executing " + StringUtils.cleanString(job.toString()));
}
if ((getAndResetPendingSignals(job) & AsyncJob.Constants.SIGNAL_MASK_WAKEUP) != 0) {