You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ah...@apache.org on 2014/01/10 01:48:38 UTC
[3/4] git commit: updated refs/heads/master to bc1eec9
Changed the package to name to org.apache.cloudstack
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/5fb6edd6
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/5fb6edd6
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/5fb6edd6
Branch: refs/heads/master
Commit: 5fb6edd68495437973f37fab523a74333b737063
Parents: ae8560b
Author: Alex Huang <al...@citrix.com>
Authored: Thu Jan 9 16:12:06 2014 -0800
Committer: Alex Huang <al...@citrix.com>
Committed: Thu Jan 9 16:12:26 2014 -0800
----------------------------------------------------------------------
.../cloud/agent/api/SecStorageSetupCommand.java | 3 +-
.../spring-framework-security-core-context.xml | 3 +-
.../src/com/cloud/keystore/KeystoreDao.java | 31 ----
.../src/com/cloud/keystore/KeystoreDaoImpl.java | 121 ---------------
.../src/com/cloud/keystore/KeystoreManager.java | 64 --------
.../com/cloud/keystore/KeystoreManagerImpl.java | 154 -------------------
.../src/com/cloud/keystore/KeystoreVO.java | 102 ------------
.../security/keystore/KeystoreDao.java | 31 ++++
.../security/keystore/KeystoreDaoImpl.java | 121 +++++++++++++++
.../security/keystore/KeystoreManager.java | 64 ++++++++
.../security/keystore/KeystoreManagerImpl.java | 154 +++++++++++++++++++
.../framework/security/keystore/KeystoreVO.java | 102 ++++++++++++
.../AgentBasedConsoleProxyManager.java | 2 +-
.../com/cloud/consoleproxy/AgentHookBase.java | 2 +-
.../consoleproxy/ConsoleProxyManagerImpl.java | 6 +-
.../consoleproxy/StaticConsoleProxyManager.java | 4 +-
.../com/cloud/server/ManagementServerImpl.java | 2 +-
.../secondary/SecondaryStorageManagerImpl.java | 2 +-
.../resource/NfsSecondaryStorageResource.java | 2 +-
19 files changed, 485 insertions(+), 485 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/core/src/com/cloud/agent/api/SecStorageSetupCommand.java
----------------------------------------------------------------------
diff --git a/core/src/com/cloud/agent/api/SecStorageSetupCommand.java b/core/src/com/cloud/agent/api/SecStorageSetupCommand.java
index aafb1de..1871032 100644
--- a/core/src/com/cloud/agent/api/SecStorageSetupCommand.java
+++ b/core/src/com/cloud/agent/api/SecStorageSetupCommand.java
@@ -16,8 +16,9 @@
// under the License.
package com.cloud.agent.api;
+import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
+
import com.cloud.agent.api.to.DataStoreTO;
-import com.cloud.keystore.KeystoreManager;
public class SecStorageSetupCommand extends Command {
private DataStoreTO store;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
----------------------------------------------------------------------
diff --git a/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml b/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
index 38b4bd0..29aad7e 100644
--- a/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
+++ b/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
@@ -26,6 +26,5 @@
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd"
>
- <bean id="keystoreManagerImpl" class="com.cloud.keystore.KeystoreManagerImpl" />
-
+ <bean id="keystoreManagerImpl" class="org.apache.cloudstack.framework.security.KeystoreManagerImpl" />
</beans>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/com/cloud/keystore/KeystoreDao.java
----------------------------------------------------------------------
diff --git a/framework/security/src/com/cloud/keystore/KeystoreDao.java b/framework/security/src/com/cloud/keystore/KeystoreDao.java
deleted file mode 100644
index 333eb24..0000000
--- a/framework/security/src/com/cloud/keystore/KeystoreDao.java
+++ /dev/null
@@ -1,31 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.keystore;
-
-import java.util.List;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface KeystoreDao extends GenericDao<KeystoreVO, Long> {
- KeystoreVO findByName(String name);
-
- void save(String name, String certificate, String key, String domainSuffix);
-
- void save(String alias, String certificate, Integer index, String domainSuffix);
-
- List<KeystoreVO> findCertChain();
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/com/cloud/keystore/KeystoreDaoImpl.java
----------------------------------------------------------------------
diff --git a/framework/security/src/com/cloud/keystore/KeystoreDaoImpl.java b/framework/security/src/com/cloud/keystore/KeystoreDaoImpl.java
deleted file mode 100644
index 6c51a26..0000000
--- a/framework/security/src/com/cloud/keystore/KeystoreDaoImpl.java
+++ /dev/null
@@ -1,121 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.keystore;
-
-import java.sql.PreparedStatement;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.List;
-
-import javax.ejb.Local;
-
-import org.springframework.stereotype.Component;
-
-import com.cloud.utils.db.DB;
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-import com.cloud.utils.db.SearchCriteria.Op;
-import com.cloud.utils.db.TransactionLegacy;
-import com.cloud.utils.exception.CloudRuntimeException;
-
-@Component
-@Local(value = {KeystoreDao.class})
-public class KeystoreDaoImpl extends GenericDaoBase<KeystoreVO, Long> implements KeystoreDao {
- protected final SearchBuilder<KeystoreVO> FindByNameSearch;
- protected final SearchBuilder<KeystoreVO> CertChainSearch;
-
- public KeystoreDaoImpl() {
- FindByNameSearch = createSearchBuilder();
- FindByNameSearch.and("name", FindByNameSearch.entity().getName(), Op.EQ);
- FindByNameSearch.done();
-
- CertChainSearch = createSearchBuilder();
- CertChainSearch.and("key", CertChainSearch.entity().getKey(), Op.NULL);
- CertChainSearch.done();
- }
-
- @Override
- public List<KeystoreVO> findCertChain() {
- SearchCriteria<KeystoreVO> sc = CertChainSearch.create();
- List<KeystoreVO> ks = listBy(sc);
- Collections.sort(ks, new Comparator() {
- @Override
- public int compare(Object o1, Object o2) {
- Integer seq1 = ((KeystoreVO)o1).getIndex();
- Integer seq2 = ((KeystoreVO)o2).getIndex();
- return seq1.compareTo(seq2);
- }
- });
- return ks;
- }
-
- @Override
- public KeystoreVO findByName(String name) {
- assert (name != null);
-
- SearchCriteria<KeystoreVO> sc = FindByNameSearch.create();
- sc.setParameters("name", name);
- return findOneBy(sc);
- }
-
- @Override
- @DB
- public void save(String name, String certificate, String key, String domainSuffix) {
- TransactionLegacy txn = TransactionLegacy.currentTxn();
- try {
- txn.start();
-
- String sql =
- "INSERT INTO keystore (`name`, `certificate`, `key`, `domain_suffix`) VALUES (?, ?, ?, ?) ON DUPLICATE KEY UPDATE `certificate`=?, `key`=?, `domain_suffix`=?";
- PreparedStatement pstmt = txn.prepareAutoCloseStatement(sql);
- pstmt.setString(1, name);
- pstmt.setString(2, certificate);
- pstmt.setString(3, key);
- pstmt.setString(4, domainSuffix);
- pstmt.setString(5, certificate);
- pstmt.setString(6, key);
- pstmt.setString(7, domainSuffix);
-
- pstmt.executeUpdate();
- txn.commit();
- } catch (Exception e) {
- txn.rollback();
- throw new CloudRuntimeException("Unable to save certificate under name " + name + " due to exception", e);
- }
- }
-
- @Override
- @DB
- public void save(String alias, String certificate, Integer index, String domainSuffix) {
- KeystoreVO ks = findByName(alias);
- if (ks != null) {
- ks.setCertificate(certificate);
- ks.setName(alias);
- ks.setIndex(index);
- ks.setDomainSuffix(domainSuffix);
- this.update(ks.getId(), ks);
- } else {
- KeystoreVO newks = new KeystoreVO();
- newks.setCertificate(certificate);
- newks.setName(alias);
- newks.setIndex(index);
- newks.setDomainSuffix(domainSuffix);
- persist(newks);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/com/cloud/keystore/KeystoreManager.java
----------------------------------------------------------------------
diff --git a/framework/security/src/com/cloud/keystore/KeystoreManager.java b/framework/security/src/com/cloud/keystore/KeystoreManager.java
deleted file mode 100644
index 48d5a40..0000000
--- a/framework/security/src/com/cloud/keystore/KeystoreManager.java
+++ /dev/null
@@ -1,64 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.keystore;
-
-import com.cloud.agent.api.LogLevel;
-import com.cloud.agent.api.LogLevel.Log4jLevel;
-import com.cloud.utils.component.Manager;
-
-public interface KeystoreManager extends Manager {
- public static class Certificates {
- @LogLevel(Log4jLevel.Off)
- private String privKey;
- @LogLevel(Log4jLevel.Off)
- private String privCert;
- @LogLevel(Log4jLevel.Off)
- private String certChain;
-
- public Certificates() {
-
- }
-
- public Certificates(String prvKey, String privCert, String certChain) {
- privKey = prvKey;
- this.privCert = privCert;
- this.certChain = certChain;
- }
-
- public String getPrivKey() {
- return privKey;
- }
-
- public String getPrivCert() {
- return privCert;
- }
-
- public String getCertChain() {
- return certChain;
- }
- }
-
- boolean validateCertificate(String certificate, String key, String domainSuffix);
-
- void saveCertificate(String name, String certificate, String key, String domainSuffix);
-
- byte[] getKeystoreBits(String name, String aliasForCertificateInStore, String storePassword);
-
- void saveCertificate(String name, String certificate, Integer index, String domainSuffix);
-
- Certificates getCertificates(String name);
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java
----------------------------------------------------------------------
diff --git a/framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java b/framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java
deleted file mode 100644
index 8e5735a..0000000
--- a/framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java
+++ /dev/null
@@ -1,154 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.keystore;
-
-import java.io.IOException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.spec.InvalidKeySpecException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
-
-import com.cloud.utils.Ternary;
-import com.cloud.utils.component.ManagerBase;
-import com.cloud.utils.exception.CloudRuntimeException;
-import com.cloud.utils.security.CertificateHelper;
-
-@Component
-@Local(value = KeystoreManager.class)
-public class KeystoreManagerImpl extends ManagerBase implements KeystoreManager {
- private static final Logger s_logger = Logger.getLogger(KeystoreManagerImpl.class);
-
- @Inject
- private KeystoreDao _ksDao;
-
- @Override
- public boolean validateCertificate(String certificate, String key, String domainSuffix) {
- if (certificate == null || certificate.isEmpty() || key == null || key.isEmpty() || domainSuffix == null || domainSuffix.isEmpty()) {
- s_logger.error("Invalid parameter found in (certificate, key, domainSuffix) tuple for domain: " + domainSuffix);
- return false;
- }
-
- try {
- String ksPassword = "passwordForValidation";
- byte[] ksBits = CertificateHelper.buildAndSaveKeystore(domainSuffix, certificate, getKeyContent(key), ksPassword);
- KeyStore ks = CertificateHelper.loadKeystore(ksBits, ksPassword);
- if (ks != null)
- return true;
-
- s_logger.error("Unabled to construct keystore for domain: " + domainSuffix);
- } catch (Exception e) {
- s_logger.error("Certificate validation failed due to exception for domain: " + domainSuffix, e);
- }
- return false;
- }
-
- @Override
- public void saveCertificate(String name, String certificate, String key, String domainSuffix) {
- if (name == null || name.isEmpty() || certificate == null || certificate.isEmpty() || key == null || key.isEmpty() || domainSuffix == null ||
- domainSuffix.isEmpty())
- throw new CloudRuntimeException("invalid parameter in saveCerticate");
-
- _ksDao.save(name, certificate, key, domainSuffix);
- }
-
- @Override
- public void saveCertificate(String name, String certificate, Integer index, String domainSuffix) {
- if (name == null || name.isEmpty() || certificate == null || certificate.isEmpty() || index == null || domainSuffix == null || domainSuffix.isEmpty())
- throw new CloudRuntimeException("invalid parameter in saveCerticate");
-
- _ksDao.save(name, certificate, index, domainSuffix);
- }
-
- @Override
- public byte[] getKeystoreBits(String name, String aliasForCertificateInStore, String storePassword) {
- assert (name != null);
- assert (aliasForCertificateInStore != null);
- assert (storePassword != null);
-
- KeystoreVO ksVo = _ksDao.findByName(name);
- if (ksVo == null)
- throw new CloudRuntimeException("Unable to find keystore " + name);
-
- List<Ternary<String, String, String>> certs = new ArrayList<Ternary<String, String, String>>();
- List<KeystoreVO> certChains = _ksDao.findCertChain();
-
- for (KeystoreVO ks : certChains) {
- Ternary<String, String, String> cert = new Ternary<String, String, String>(ks.getName(), ks.getCertificate(), null);
- certs.add(cert);
- }
-
- Ternary<String, String, String> cert = new Ternary<String, String, String>(ksVo.getName(), ksVo.getCertificate(), getKeyContent(ksVo.getKey()));
- certs.add(cert);
-
- try {
- return CertificateHelper.buildAndSaveKeystore(certs, storePassword);
- } catch (KeyStoreException e) {
- s_logger.warn("Unable to build keystore for " + name + " due to KeyStoreException");
- } catch (CertificateException e) {
- s_logger.warn("Unable to build keystore for " + name + " due to CertificateException");
- } catch (NoSuchAlgorithmException e) {
- s_logger.warn("Unable to build keystore for " + name + " due to NoSuchAlgorithmException");
- } catch (InvalidKeySpecException e) {
- s_logger.warn("Unable to build keystore for " + name + " due to InvalidKeySpecException");
- } catch (IOException e) {
- s_logger.warn("Unable to build keystore for " + name + " due to IOException");
- }
- return null;
- }
-
- @Override
- public Certificates getCertificates(String name) {
- KeystoreVO ksVo = _ksDao.findByName(name);
- if (ksVo == null) {
- return null;
- }
- String prvKey = ksVo.getKey();
- String prvCert = ksVo.getCertificate();
- String certChain = null;
- List<KeystoreVO> certchains = _ksDao.findCertChain();
- if (certchains.size() > 0) {
- StringBuilder chains = new StringBuilder();
- for (KeystoreVO cert : certchains) {
- chains.append(cert.getCertificate());
- chains.append("\n");
- }
- certChain = chains.toString();
- }
- Certificates certs = new Certificates(prvKey, prvCert, certChain);
- return certs;
- }
-
- private static String getKeyContent(String key) {
- Pattern regex = Pattern.compile("(^[\\-]+[^\\-]+[\\-]+[\\n]?)([^\\-]+)([\\-]+[^\\-]+[\\-]+$)");
- Matcher m = regex.matcher(key);
- if (m.find())
- return m.group(2);
-
- return key;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/com/cloud/keystore/KeystoreVO.java
----------------------------------------------------------------------
diff --git a/framework/security/src/com/cloud/keystore/KeystoreVO.java b/framework/security/src/com/cloud/keystore/KeystoreVO.java
deleted file mode 100644
index 66dfac1..0000000
--- a/framework/security/src/com/cloud/keystore/KeystoreVO.java
+++ /dev/null
@@ -1,102 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.keystore;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import org.apache.cloudstack.api.InternalIdentity;
-
-@Entity
-@Table(name = "keystore")
-public class KeystoreVO implements InternalIdentity {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private Long id;
-
- @Column(name = "name")
- private String name;
-
- @Column(name = "certificate", length = 65535)
- private String certificate;
-
- @Column(name = "key", length = 65535)
- private String key;
-
- @Column(name = "domain_suffix")
- private String domainSuffix;
-
- @Column(name = "seq")
- private Integer index;
-
- public KeystoreVO() {
- }
-
- @Override
- public long getId() {
- return id;
- }
-
- public void setId(Long id) {
- this.id = id;
- }
-
- public String getName() {
- return name;
- }
-
- public void setName(String name) {
- this.name = name;
- }
-
- public String getCertificate() {
- return certificate;
- }
-
- public void setCertificate(String certificate) {
- this.certificate = certificate;
- }
-
- public String getKey() {
- return key;
- }
-
- public void setKey(String key) {
- this.key = key;
- }
-
- public String getDomainSuffix() {
- return domainSuffix;
- }
-
- public void setDomainSuffix(String domainSuffix) {
- this.domainSuffix = domainSuffix;
- }
-
- public void setIndex(Integer index) {
- this.index = index;
- }
-
- public Integer getIndex() {
- return this.index;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreDao.java
----------------------------------------------------------------------
diff --git a/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreDao.java b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreDao.java
new file mode 100644
index 0000000..e60e4b0
--- /dev/null
+++ b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreDao.java
@@ -0,0 +1,31 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.framework.security.keystore;
+
+import java.util.List;
+
+import com.cloud.utils.db.GenericDao;
+
+public interface KeystoreDao extends GenericDao<KeystoreVO, Long> {
+ KeystoreVO findByName(String name);
+
+ void save(String name, String certificate, String key, String domainSuffix);
+
+ void save(String alias, String certificate, Integer index, String domainSuffix);
+
+ List<KeystoreVO> findCertChain();
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreDaoImpl.java
----------------------------------------------------------------------
diff --git a/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreDaoImpl.java b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreDaoImpl.java
new file mode 100644
index 0000000..cd24611
--- /dev/null
+++ b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreDaoImpl.java
@@ -0,0 +1,121 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.framework.security.keystore;
+
+import java.sql.PreparedStatement;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.List;
+
+import javax.ejb.Local;
+
+import org.springframework.stereotype.Component;
+
+import com.cloud.utils.db.DB;
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.db.SearchCriteria.Op;
+import com.cloud.utils.db.TransactionLegacy;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@Component
+@Local(value = {KeystoreDao.class})
+public class KeystoreDaoImpl extends GenericDaoBase<KeystoreVO, Long> implements KeystoreDao {
+ protected final SearchBuilder<KeystoreVO> FindByNameSearch;
+ protected final SearchBuilder<KeystoreVO> CertChainSearch;
+
+ public KeystoreDaoImpl() {
+ FindByNameSearch = createSearchBuilder();
+ FindByNameSearch.and("name", FindByNameSearch.entity().getName(), Op.EQ);
+ FindByNameSearch.done();
+
+ CertChainSearch = createSearchBuilder();
+ CertChainSearch.and("key", CertChainSearch.entity().getKey(), Op.NULL);
+ CertChainSearch.done();
+ }
+
+ @Override
+ public List<KeystoreVO> findCertChain() {
+ SearchCriteria<KeystoreVO> sc = CertChainSearch.create();
+ List<KeystoreVO> ks = listBy(sc);
+ Collections.sort(ks, new Comparator() {
+ @Override
+ public int compare(Object o1, Object o2) {
+ Integer seq1 = ((KeystoreVO)o1).getIndex();
+ Integer seq2 = ((KeystoreVO)o2).getIndex();
+ return seq1.compareTo(seq2);
+ }
+ });
+ return ks;
+ }
+
+ @Override
+ public KeystoreVO findByName(String name) {
+ assert (name != null);
+
+ SearchCriteria<KeystoreVO> sc = FindByNameSearch.create();
+ sc.setParameters("name", name);
+ return findOneBy(sc);
+ }
+
+ @Override
+ @DB
+ public void save(String name, String certificate, String key, String domainSuffix) {
+ TransactionLegacy txn = TransactionLegacy.currentTxn();
+ try {
+ txn.start();
+
+ String sql =
+ "INSERT INTO keystore (`name`, `certificate`, `key`, `domain_suffix`) VALUES (?, ?, ?, ?) ON DUPLICATE KEY UPDATE `certificate`=?, `key`=?, `domain_suffix`=?";
+ PreparedStatement pstmt = txn.prepareAutoCloseStatement(sql);
+ pstmt.setString(1, name);
+ pstmt.setString(2, certificate);
+ pstmt.setString(3, key);
+ pstmt.setString(4, domainSuffix);
+ pstmt.setString(5, certificate);
+ pstmt.setString(6, key);
+ pstmt.setString(7, domainSuffix);
+
+ pstmt.executeUpdate();
+ txn.commit();
+ } catch (Exception e) {
+ txn.rollback();
+ throw new CloudRuntimeException("Unable to save certificate under name " + name + " due to exception", e);
+ }
+ }
+
+ @Override
+ @DB
+ public void save(String alias, String certificate, Integer index, String domainSuffix) {
+ KeystoreVO ks = findByName(alias);
+ if (ks != null) {
+ ks.setCertificate(certificate);
+ ks.setName(alias);
+ ks.setIndex(index);
+ ks.setDomainSuffix(domainSuffix);
+ this.update(ks.getId(), ks);
+ } else {
+ KeystoreVO newks = new KeystoreVO();
+ newks.setCertificate(certificate);
+ newks.setName(alias);
+ newks.setIndex(index);
+ newks.setDomainSuffix(domainSuffix);
+ persist(newks);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreManager.java
----------------------------------------------------------------------
diff --git a/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreManager.java b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreManager.java
new file mode 100644
index 0000000..3b99947
--- /dev/null
+++ b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreManager.java
@@ -0,0 +1,64 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.framework.security.keystore;
+
+import com.cloud.agent.api.LogLevel;
+import com.cloud.agent.api.LogLevel.Log4jLevel;
+import com.cloud.utils.component.Manager;
+
+public interface KeystoreManager extends Manager {
+ public static class Certificates {
+ @LogLevel(Log4jLevel.Off)
+ private String privKey;
+ @LogLevel(Log4jLevel.Off)
+ private String privCert;
+ @LogLevel(Log4jLevel.Off)
+ private String certChain;
+
+ public Certificates() {
+
+ }
+
+ public Certificates(String prvKey, String privCert, String certChain) {
+ privKey = prvKey;
+ this.privCert = privCert;
+ this.certChain = certChain;
+ }
+
+ public String getPrivKey() {
+ return privKey;
+ }
+
+ public String getPrivCert() {
+ return privCert;
+ }
+
+ public String getCertChain() {
+ return certChain;
+ }
+ }
+
+ boolean validateCertificate(String certificate, String key, String domainSuffix);
+
+ void saveCertificate(String name, String certificate, String key, String domainSuffix);
+
+ byte[] getKeystoreBits(String name, String aliasForCertificateInStore, String storePassword);
+
+ void saveCertificate(String name, String certificate, Integer index, String domainSuffix);
+
+ Certificates getCertificates(String name);
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreManagerImpl.java
----------------------------------------------------------------------
diff --git a/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreManagerImpl.java b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreManagerImpl.java
new file mode 100644
index 0000000..3060834
--- /dev/null
+++ b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreManagerImpl.java
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.framework.security.keystore;
+
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+import org.springframework.stereotype.Component;
+
+import com.cloud.utils.Ternary;
+import com.cloud.utils.component.ManagerBase;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.security.CertificateHelper;
+
+@Component
+@Local(value = KeystoreManager.class)
+public class KeystoreManagerImpl extends ManagerBase implements KeystoreManager {
+ private static final Logger s_logger = Logger.getLogger(KeystoreManagerImpl.class);
+
+ @Inject
+ private KeystoreDao _ksDao;
+
+ @Override
+ public boolean validateCertificate(String certificate, String key, String domainSuffix) {
+ if (certificate == null || certificate.isEmpty() || key == null || key.isEmpty() || domainSuffix == null || domainSuffix.isEmpty()) {
+ s_logger.error("Invalid parameter found in (certificate, key, domainSuffix) tuple for domain: " + domainSuffix);
+ return false;
+ }
+
+ try {
+ String ksPassword = "passwordForValidation";
+ byte[] ksBits = CertificateHelper.buildAndSaveKeystore(domainSuffix, certificate, getKeyContent(key), ksPassword);
+ KeyStore ks = CertificateHelper.loadKeystore(ksBits, ksPassword);
+ if (ks != null)
+ return true;
+
+ s_logger.error("Unabled to construct keystore for domain: " + domainSuffix);
+ } catch (Exception e) {
+ s_logger.error("Certificate validation failed due to exception for domain: " + domainSuffix, e);
+ }
+ return false;
+ }
+
+ @Override
+ public void saveCertificate(String name, String certificate, String key, String domainSuffix) {
+ if (name == null || name.isEmpty() || certificate == null || certificate.isEmpty() || key == null || key.isEmpty() || domainSuffix == null ||
+ domainSuffix.isEmpty())
+ throw new CloudRuntimeException("invalid parameter in saveCerticate");
+
+ _ksDao.save(name, certificate, key, domainSuffix);
+ }
+
+ @Override
+ public void saveCertificate(String name, String certificate, Integer index, String domainSuffix) {
+ if (name == null || name.isEmpty() || certificate == null || certificate.isEmpty() || index == null || domainSuffix == null || domainSuffix.isEmpty())
+ throw new CloudRuntimeException("invalid parameter in saveCerticate");
+
+ _ksDao.save(name, certificate, index, domainSuffix);
+ }
+
+ @Override
+ public byte[] getKeystoreBits(String name, String aliasForCertificateInStore, String storePassword) {
+ assert (name != null);
+ assert (aliasForCertificateInStore != null);
+ assert (storePassword != null);
+
+ KeystoreVO ksVo = _ksDao.findByName(name);
+ if (ksVo == null)
+ throw new CloudRuntimeException("Unable to find keystore " + name);
+
+ List<Ternary<String, String, String>> certs = new ArrayList<Ternary<String, String, String>>();
+ List<KeystoreVO> certChains = _ksDao.findCertChain();
+
+ for (KeystoreVO ks : certChains) {
+ Ternary<String, String, String> cert = new Ternary<String, String, String>(ks.getName(), ks.getCertificate(), null);
+ certs.add(cert);
+ }
+
+ Ternary<String, String, String> cert = new Ternary<String, String, String>(ksVo.getName(), ksVo.getCertificate(), getKeyContent(ksVo.getKey()));
+ certs.add(cert);
+
+ try {
+ return CertificateHelper.buildAndSaveKeystore(certs, storePassword);
+ } catch (KeyStoreException e) {
+ s_logger.warn("Unable to build keystore for " + name + " due to KeyStoreException");
+ } catch (CertificateException e) {
+ s_logger.warn("Unable to build keystore for " + name + " due to CertificateException");
+ } catch (NoSuchAlgorithmException e) {
+ s_logger.warn("Unable to build keystore for " + name + " due to NoSuchAlgorithmException");
+ } catch (InvalidKeySpecException e) {
+ s_logger.warn("Unable to build keystore for " + name + " due to InvalidKeySpecException");
+ } catch (IOException e) {
+ s_logger.warn("Unable to build keystore for " + name + " due to IOException");
+ }
+ return null;
+ }
+
+ @Override
+ public Certificates getCertificates(String name) {
+ KeystoreVO ksVo = _ksDao.findByName(name);
+ if (ksVo == null) {
+ return null;
+ }
+ String prvKey = ksVo.getKey();
+ String prvCert = ksVo.getCertificate();
+ String certChain = null;
+ List<KeystoreVO> certchains = _ksDao.findCertChain();
+ if (certchains.size() > 0) {
+ StringBuilder chains = new StringBuilder();
+ for (KeystoreVO cert : certchains) {
+ chains.append(cert.getCertificate());
+ chains.append("\n");
+ }
+ certChain = chains.toString();
+ }
+ Certificates certs = new Certificates(prvKey, prvCert, certChain);
+ return certs;
+ }
+
+ private static String getKeyContent(String key) {
+ Pattern regex = Pattern.compile("(^[\\-]+[^\\-]+[\\-]+[\\n]?)([^\\-]+)([\\-]+[^\\-]+[\\-]+$)");
+ Matcher m = regex.matcher(key);
+ if (m.find())
+ return m.group(2);
+
+ return key;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreVO.java
----------------------------------------------------------------------
diff --git a/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreVO.java b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreVO.java
new file mode 100644
index 0000000..2e4b9fe
--- /dev/null
+++ b/framework/security/src/org/apache/cloudstack/framework/security/keystore/KeystoreVO.java
@@ -0,0 +1,102 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.framework.security.keystore;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import org.apache.cloudstack.api.InternalIdentity;
+
+@Entity
+@Table(name = "keystore")
+public class KeystoreVO implements InternalIdentity {
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Column(name = "id")
+ private Long id;
+
+ @Column(name = "name")
+ private String name;
+
+ @Column(name = "certificate", length = 65535)
+ private String certificate;
+
+ @Column(name = "key", length = 65535)
+ private String key;
+
+ @Column(name = "domain_suffix")
+ private String domainSuffix;
+
+ @Column(name = "seq")
+ private Integer index;
+
+ public KeystoreVO() {
+ }
+
+ @Override
+ public long getId() {
+ return id;
+ }
+
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getCertificate() {
+ return certificate;
+ }
+
+ public void setCertificate(String certificate) {
+ this.certificate = certificate;
+ }
+
+ public String getKey() {
+ return key;
+ }
+
+ public void setKey(String key) {
+ this.key = key;
+ }
+
+ public String getDomainSuffix() {
+ return domainSuffix;
+ }
+
+ public void setDomainSuffix(String domainSuffix) {
+ this.domainSuffix = domainSuffix;
+ }
+
+ public void setIndex(Integer index) {
+ this.index = index;
+ }
+
+ public Integer getIndex() {
+ return this.index;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java b/server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java
index 0f4b27a..2036609 100755
--- a/server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java
+++ b/server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java
@@ -25,6 +25,7 @@ import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.GetVncPortAnswer;
@@ -33,7 +34,6 @@ import com.cloud.agent.api.StartupProxyCommand;
import com.cloud.host.HostVO;
import com.cloud.host.dao.HostDao;
import com.cloud.info.ConsoleProxyInfo;
-import com.cloud.keystore.KeystoreManager;
import com.cloud.server.ManagementServer;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.component.ManagerBase;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/server/src/com/cloud/consoleproxy/AgentHookBase.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/consoleproxy/AgentHookBase.java b/server/src/com/cloud/consoleproxy/AgentHookBase.java
index 62777f5..57fa43a 100644
--- a/server/src/com/cloud/consoleproxy/AgentHookBase.java
+++ b/server/src/com/cloud/consoleproxy/AgentHookBase.java
@@ -26,6 +26,7 @@ import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.AgentControlAnswer;
@@ -44,7 +45,6 @@ import com.cloud.host.Host;
import com.cloud.host.HostVO;
import com.cloud.host.Status;
import com.cloud.host.dao.HostDao;
-import com.cloud.keystore.KeystoreManager;
import com.cloud.server.ManagementServer;
import com.cloud.servlet.ConsoleProxyPasswordBasedEncryptor;
import com.cloud.servlet.ConsoleProxyServlet;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
index 9e5c0b3..466ebc2 100755
--- a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
+++ b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
@@ -36,6 +36,9 @@ import com.google.gson.GsonBuilder;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.framework.security.keystore.KeystoreDao;
+import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
+import org.apache.cloudstack.framework.security.keystore.KeystoreVO;
import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao;
import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
import org.apache.cloudstack.storage.datastore.db.TemplateDataStoreDao;
@@ -80,9 +83,6 @@ import com.cloud.info.ConsoleProxyStatus;
import com.cloud.info.RunningHostCountInfo;
import com.cloud.info.RunningHostInfoAgregator;
import com.cloud.info.RunningHostInfoAgregator.ZoneHostInfo;
-import com.cloud.keystore.KeystoreDao;
-import com.cloud.keystore.KeystoreManager;
-import com.cloud.keystore.KeystoreVO;
import com.cloud.network.Network;
import com.cloud.network.NetworkModel;
import com.cloud.network.Networks.TrafficType;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java b/server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java
index de1b34f..27bdcbe 100755
--- a/server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java
+++ b/server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java
@@ -27,6 +27,8 @@ import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.framework.security.keystore.KeystoreDao;
+import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
import com.cloud.agent.api.StartupCommand;
import com.cloud.agent.api.StartupProxyCommand;
@@ -34,8 +36,6 @@ import com.cloud.host.Host.Type;
import com.cloud.host.HostVO;
import com.cloud.host.dao.HostDao;
import com.cloud.info.ConsoleProxyInfo;
-import com.cloud.keystore.KeystoreDao;
-import com.cloud.keystore.KeystoreManager;
import com.cloud.resource.ResourceManager;
import com.cloud.resource.ResourceStateAdapter;
import com.cloud.resource.ServerResource;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/server/src/com/cloud/server/ManagementServerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index 1ccdbfc..d056620 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -445,6 +445,7 @@ import org.apache.cloudstack.framework.config.ConfigDepot;
import org.apache.cloudstack.framework.config.ConfigKey;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.cloudstack.framework.config.impl.ConfigurationVO;
+import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
import org.apache.cloudstack.managed.context.ManagedContextRunnable;
import org.apache.cloudstack.storage.datastore.db.ImageStoreDao;
import org.apache.cloudstack.storage.datastore.db.ImageStoreVO;
@@ -517,7 +518,6 @@ import com.cloud.hypervisor.HypervisorCapabilities;
import com.cloud.hypervisor.HypervisorCapabilitiesVO;
import com.cloud.hypervisor.dao.HypervisorCapabilitiesDao;
import com.cloud.info.ConsoleProxyInfo;
-import com.cloud.keystore.KeystoreManager;
import com.cloud.network.IpAddress;
import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.IPAddressVO;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
index 1ebe3b6..f42bca0 100755
--- a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
+++ b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
@@ -38,6 +38,7 @@ import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStoreManager;
import org.apache.cloudstack.engine.subsystem.api.storage.ZoneScope;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
import org.apache.cloudstack.storage.datastore.db.ImageStoreDao;
import org.apache.cloudstack.storage.datastore.db.ImageStoreVO;
import org.apache.cloudstack.storage.datastore.db.TemplateDataStoreDao;
@@ -80,7 +81,6 @@ import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.info.RunningHostCountInfo;
import com.cloud.info.RunningHostInfoAgregator;
import com.cloud.info.RunningHostInfoAgregator.ZoneHostInfo;
-import com.cloud.keystore.KeystoreManager;
import com.cloud.network.Network;
import com.cloud.network.NetworkModel;
import com.cloud.network.Networks.TrafficType;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5fb6edd6/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
----------------------------------------------------------------------
diff --git a/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java b/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
index d158de3..30722e2 100755
--- a/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
+++ b/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
@@ -61,6 +61,7 @@ import org.apache.log4j.Logger;
import com.amazonaws.services.s3.model.S3ObjectSummary;
+import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
import org.apache.cloudstack.storage.command.CopyCmdAnswer;
import org.apache.cloudstack.storage.command.CopyCommand;
import org.apache.cloudstack.storage.command.DeleteCommand;
@@ -112,7 +113,6 @@ import com.cloud.exception.InternalErrorException;
import com.cloud.host.Host;
import com.cloud.host.Host.Type;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
-import com.cloud.keystore.KeystoreManager;
import com.cloud.resource.ServerResourceBase;
import com.cloud.storage.DataStoreRole;
import com.cloud.storage.Storage.ImageFormat;