You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by da...@apache.org on 2014/06/20 12:36:22 UTC
git commit: updated refs/heads/master to 918c320
Repository: cloudstack
Updated Branches:
refs/heads/master 06fbaf59c -> 918c32043
CLOUDSTACK-6847.Link.java and console proxy files have hardcoded value
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/918c3204
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/918c3204
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/918c3204
Branch: refs/heads/master
Commit: 918c320438980f070150f872e3a3ba907572af83
Parents: 06fbaf5
Author: Upendra Moturi <up...@sungard.com>
Authored: Fri Jun 20 11:41:58 2014 +0530
Committer: Daan Hoogland <da...@onecht.net>
Committed: Fri Jun 20 12:07:50 2014 +0200
----------------------------------------------------------------------
client/tomcatconf/db.properties.in | 1 +
.../consoleproxy/ConsoleProxySecureServerFactoryImpl.java | 5 ++++-
setup/bindir/cloud-setup-encryption.in | 8 ++++++++
utils/src/com/cloud/utils/nio/Link.java | 5 ++++-
4 files changed, 17 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/918c3204/client/tomcatconf/db.properties.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/db.properties.in b/client/tomcatconf/db.properties.in
index b224cec..8f6980b 100644
--- a/client/tomcatconf/db.properties.in
+++ b/client/tomcatconf/db.properties.in
@@ -46,6 +46,7 @@ db.cloud.keyStore=
db.cloud.keyStorePassword=
db.cloud.trustStore=
db.cloud.trustStorePassword=
+db.cloud.keyStorePassphrase=vmops.com
# Encryption Settings
db.cloud.encryption.type=none
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/918c3204/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
----------------------------------------------------------------------
diff --git a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
index 81d623a..7af4c7b 100644
--- a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
+++ b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
@@ -21,6 +21,7 @@ import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.KeyStore;
+import java.util.Properties;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
@@ -31,6 +32,7 @@ import javax.net.ssl.TrustManagerFactory;
import org.apache.log4j.Logger;
+import com.cloud.utils.db.DbProperties;
import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsParameters;
@@ -52,7 +54,8 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa
try {
s_logger.info("Initializing SSL from built-in default certificate");
- char[] passphrase = "vmops.com".toCharArray();
+ final Properties dbProps = DbProperties.getDbProperties();
+ char[] passphrase = dbProps.getProperty("db.cloud.keyStorePassphrase").toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("certs/realhostip.keystore"), passphrase);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/918c3204/setup/bindir/cloud-setup-encryption.in
----------------------------------------------------------------------
diff --git a/setup/bindir/cloud-setup-encryption.in b/setup/bindir/cloud-setup-encryption.in
index cf27b37..35a1737 100755
--- a/setup/bindir/cloud-setup-encryption.in
+++ b/setup/bindir/cloud-setup-encryption.in
@@ -58,6 +58,7 @@ class DBDeployer(object):
isDebug = False
mgmtsecretkey = None
dbsecretkey = None
+ keyStorePassphrase = "vmops.com"
encryptiontype = None
dbConfPath = r"@MSCONF@"
dbDotProperties = {}
@@ -196,6 +197,9 @@ for example:
def encryptDBSecretKey():
self.putDbProperty('db.cloud.encrypt.secret', formatEncryptResult(encrypt(self.dbsecretkey)))
+
+ def encryptKeyStorePassphrase():
+ self.putDbProperty('db.cloud.keyStorePassphrase', formatEncryptResult(encrypt(self.keyStorePassphrase)))
def encryptDBPassword():
dbPassword = self.getDbProperty('db.cloud.password')
@@ -212,6 +216,7 @@ for example:
self.putDbProperty("db.cloud.encryption.type", self.encryptiontype)
saveMgmtServerSecretKey()
encryptDBSecretKey()
+ encryptKeyStorePassphrase()
encryptDBPassword()
self.info(None, True)
@@ -220,6 +225,7 @@ for example:
self.encryptiontype = self.options.encryptiontype
self.mgmtsecretkey = self.options.mgmtsecretkey
self.dbsecretkey = self.options.dbsecretkey
+ self.keyStorePassphrase = self.options.keyStorePassphrase
self.isDebug = self.options.debug
@@ -242,6 +248,8 @@ for example:
help="Secret key used to encrypt confidential parameters in db.properties. A string, default is password")
self.parser.add_option("-k", "--database-secretkey", action="store", type="string", dest="dbsecretkey", default="password",
help="Secret key used to encrypt sensitive database values. A string, default is password")
+ self.parser.add_option("-p", "--keystore-passphrase", action="store", type="string", dest="keyStorePassphrase", default="vmops.com",
+ help="Passphrase used while generating jks file for ssl communication. A string, default is vmops.com")
(self.options, self.args) = self.parser.parse_args()
parseOtherOptions()
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/918c3204/utils/src/com/cloud/utils/nio/Link.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/nio/Link.java b/utils/src/com/cloud/utils/nio/Link.java
index 0767815..39ca1d8 100755
--- a/utils/src/com/cloud/utils/nio/Link.java
+++ b/utils/src/com/cloud/utils/nio/Link.java
@@ -32,6 +32,7 @@ import java.nio.channels.ReadableByteChannel;
import java.nio.channels.SelectionKey;
import java.nio.channels.SocketChannel;
import java.security.KeyStore;
+import java.util.Properties;
import java.util.concurrent.ConcurrentLinkedQueue;
import javax.net.ssl.KeyManagerFactory;
@@ -46,6 +47,7 @@ import javax.net.ssl.TrustManagerFactory;
import org.apache.log4j.Logger;
import com.cloud.utils.PropertiesUtil;
+import com.cloud.utils.db.DbProperties;
/**
*/
@@ -412,7 +414,8 @@ public class Link {
File confFile = PropertiesUtil.findConfigFile("db.properties");
if (null != confFile && !isClient) {
- char[] passphrase = "vmops.com".toCharArray();
+ final Properties dbProps = DbProperties.getDbProperties();
+ char[] passphrase = dbProps.getProperty("db.cloud.keyStorePassphrase").toCharArray();
String confPath = confFile.getParent();
String keystorePath = confPath + "/cloud.keystore";
if (new File(keystorePath).exists()) {