Return-Path: X-Original-To: apmail-cloudstack-commits-archive@www.apache.org Delivered-To: apmail-cloudstack-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 65D4110B00 for ; Fri, 17 Jan 2014 22:41:39 +0000 (UTC) Received: (qmail 1829 invoked by uid 500); 17 Jan 2014 22:40:38 -0000 Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org Received: (qmail 895 invoked by uid 500); 17 Jan 2014 22:40:11 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 549 invoked by uid 99); 17 Jan 2014 22:40:05 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Jan 2014 22:40:05 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 6447E379D0; Fri, 17 Jan 2014 22:40:04 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: mchen@apache.org To: commits@cloudstack.apache.org Date: Fri, 17 Jan 2014 22:40:29 -0000 Message-Id: <5e540010e7bc4a999078e9b8a20d8a66@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [27/50] [abbrv] git commit: updated refs/heads/rbac to 929fbab CLOUDSTACK-5880: Communication between management server and hyper-v agent should be secure. Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/823abe6a Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/823abe6a Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/823abe6a Branch: refs/heads/rbac Commit: 823abe6a2389371116c189069bb26ed41f62f467 Parents: fcd21eb Author: Anshul Gangwar Authored: Fri Jan 10 17:18:35 2014 +0530 Committer: Devdeep Singh Committed: Thu Jan 16 14:48:28 2014 +0530 ---------------------------------------------------------------------- .../ServerResource/AgentShell/AgentService.cs | 2 +- .../resource/HypervDirectConnectResource.java | 47 ++++++++++++++++++-- 2 files changed, 45 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/823abe6a/plugins/hypervisors/hyperv/DotNet/ServerResource/AgentShell/AgentService.cs ---------------------------------------------------------------------- diff --git a/plugins/hypervisors/hyperv/DotNet/ServerResource/AgentShell/AgentService.cs b/plugins/hypervisors/hyperv/DotNet/ServerResource/AgentShell/AgentService.cs index e187097..9d66a5c 100644 --- a/plugins/hypervisors/hyperv/DotNet/ServerResource/AgentShell/AgentService.cs +++ b/plugins/hypervisors/hyperv/DotNet/ServerResource/AgentShell/AgentService.cs @@ -47,7 +47,7 @@ namespace CloudStack.Plugin.AgentShell logger.Info("Starting CloudStack agent"); InitializeComponent(); - UriBuilder baseUri = new UriBuilder("http", AgentSettings.Default.private_ip_address, AgentSettings.Default.port); + UriBuilder baseUri = new UriBuilder("https", AgentSettings.Default.private_ip_address, AgentSettings.Default.port); var config = new HttpSelfHostConfiguration(baseUri.Uri); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/823abe6a/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java ---------------------------------------------------------------------- diff --git a/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java b/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java index 72a5921..519f457 100644 --- a/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java +++ b/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java @@ -25,6 +25,12 @@ import java.net.URISyntaxException; import java.net.URL; import java.nio.channels.SocketChannel; import java.rmi.RemoteException; +import java.security.KeyManagementException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -40,8 +46,15 @@ import org.apache.http.HttpStatus; import org.apache.http.client.ClientProtocolException; import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpPost; +import org.apache.http.conn.ClientConnectionManager; +import org.apache.http.conn.scheme.Scheme; +import org.apache.http.conn.scheme.SchemeRegistry; +import org.apache.http.conn.ssl.AllowAllHostnameVerifier; +import org.apache.http.conn.ssl.SSLSocketFactory; +import org.apache.http.conn.ssl.TrustStrategy; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.DefaultHttpClient; +import org.apache.http.impl.conn.BasicClientConnectionManager; import org.apache.http.util.EntityUtils; import org.apache.log4j.Logger; @@ -302,7 +315,9 @@ public class HypervDirectConnectResource extends ServerResourceBase implements S URI agentUri = null; try { String cmdName = StartupCommand.class.getName(); - agentUri = new URI("http", null, _agentIp, _port, "/api/HypervResource/" + cmdName, null, null); + agentUri = + new URI("https", null, _agentIp, _port, + "/api/HypervResource/" + cmdName, null, null); } catch (URISyntaxException e) { // TODO add proper logging String errMsg = "Could not generate URI for Hyper-V agent"; @@ -339,7 +354,9 @@ public class HypervDirectConnectResource extends ServerResourceBase implements S Answer answer = null; try { String cmdName = cmd.getClass().getName(); - agentUri = new URI("http", null, _agentIp, _port, "/api/HypervResource/" + cmdName, null, null); + agentUri = + new URI("https", null, _agentIp, _port, + "/api/HypervResource/" + cmdName, null, null); } catch (URISyntaxException e) { // TODO add proper logging String errMsg = "Could not generate URI for Hyper-V agent"; @@ -1665,7 +1682,31 @@ public class HypervDirectConnectResource extends ServerResourceBase implements S s_logger.debug("POST request to" + agentUri.toString() + " with contents" + jsonCmd); // Create request - HttpClient httpClient = new DefaultHttpClient(); + HttpClient httpClient = null; + TrustStrategy easyStrategy = new TrustStrategy() { + @Override + public boolean isTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + return true; + } + }; + + try { + SSLSocketFactory sf = new SSLSocketFactory(easyStrategy, new AllowAllHostnameVerifier()); + SchemeRegistry registry = new SchemeRegistry(); + registry.register(new Scheme("https", DEFAULT_AGENT_PORT, sf)); + ClientConnectionManager ccm = new BasicClientConnectionManager(registry); + httpClient = new DefaultHttpClient(ccm); + } catch (KeyManagementException e) { + s_logger.error("failed to initialize http client " + e.getMessage()); + } catch (UnrecoverableKeyException e) { + s_logger.error("failed to initialize http client " + e.getMessage()); + } catch (NoSuchAlgorithmException e) { + s_logger.error("failed to initialize http client " + e.getMessage()); + } catch (KeyStoreException e) { + s_logger.error("failed to initialize http client " + e.getMessage()); + } + String result = null; // TODO: are there timeout settings and worker thread settings to tweak?