cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rajeshbatt...@apache.org
Subject git commit: updated refs/heads/master to ea740aa
Date Fri, 25 Jul 2014 09:28:30 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/master c61c636ce -> ea740aa0e


fixed CLOUDSTACK-7090 Console proxy key store password should be securely generated


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ea740aa0
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ea740aa0
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ea740aa0

Branch: refs/heads/master
Commit: ea740aa0e10e22da751ff1d0405ac307f2f7e7ce
Parents: c61c636
Author: Rajesh Battala <rajesh.battala@citrix.com>
Authored: Fri Jul 25 13:38:15 2014 +0530
Committer: Rajesh Battala <rajesh.battala@citrix.com>
Committed: Fri Jul 25 14:20:52 2014 +0530

----------------------------------------------------------------------
 .../com/cloud/consoleproxy/AgentHookBase.java   | 30 +++++++++++++-------
 1 file changed, 19 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ea740aa0/server/src/com/cloud/consoleproxy/AgentHookBase.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/consoleproxy/AgentHookBase.java b/server/src/com/cloud/consoleproxy/AgentHookBase.java
index 9dfffd4..9864cae 100644
--- a/server/src/com/cloud/consoleproxy/AgentHookBase.java
+++ b/server/src/com/cloud/consoleproxy/AgentHookBase.java
@@ -17,9 +17,11 @@
 
 package com.cloud.consoleproxy;
 
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.Date;
-import java.util.Random;
 
+import org.apache.commons.codec.binary.Base64;
 import org.apache.log4j.Logger;
 
 import com.google.gson.Gson;
@@ -65,7 +67,6 @@ public abstract class AgentHookBase implements AgentHook {
     ConfigurationDao _configDao;
     AgentManager _agentMgr;
     KeystoreManager _ksMgr;
-    final Random _random = new Random(System.currentTimeMillis());
     KeysManager _keysMgr;
 
     public AgentHookBase(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao,
KeystoreManager ksMgr, AgentManager agentMgr, KeysManager keysMgr) {
@@ -187,17 +188,22 @@ public abstract class AgentHookBase implements AgentHook {
     @Override
     public void startAgentHttpHandlerInVM(StartupProxyCommand startupCmd) {
         StartConsoleProxyAgentHttpHandlerCommand cmd = null;
-        String storePassword = String.valueOf(_random.nextLong());
-        byte[] ksBits = _ksMgr.getKeystoreBits(ConsoleProxyManager.CERTIFICATE_NAME, ConsoleProxyManager.CERTIFICATE_NAME,
storePassword);
-
-        assert (ksBits != null);
-        if (ksBits == null) {
-            s_logger.error("Could not find and construct a valid SSL certificate");
-        }
-        cmd = new StartConsoleProxyAgentHttpHandlerCommand(ksBits, storePassword);
-        cmd.setEncryptorPassword(getEncryptorPassword());
 
         try {
+            SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+
+            byte[] randomBytes = new byte[16];
+            random.nextBytes(randomBytes);
+            String storePassword = Base64.encodeBase64String(randomBytes);
+
+            byte[] ksBits = _ksMgr.getKeystoreBits(ConsoleProxyManager.CERTIFICATE_NAME,
ConsoleProxyManager.CERTIFICATE_NAME, storePassword);
+
+            assert (ksBits != null);
+            if (ksBits == null) {
+                s_logger.error("Could not find and construct a valid SSL certificate");
+            }
+            cmd = new StartConsoleProxyAgentHttpHandlerCommand(ksBits, storePassword);
+            cmd.setEncryptorPassword(getEncryptorPassword());
 
             HostVO consoleProxyHost = findConsoleProxyHost(startupCmd);
 
@@ -209,6 +215,8 @@ public abstract class AgentHookBase implements AgentHook {
             } else {
                 s_logger.info("Successfully sent out command to start HTTP handling in console
proxy agent");
             }
+        }catch (NoSuchAlgorithmException e) {
+            s_logger.error("Unexpected exception in SecureRandom Algorithm selection ", e);
         } catch (AgentUnavailableException e) {
             s_logger.error("Unable to send http handling startup command to the console proxy
resource for proxy:" + startupCmd.getProxyVmId(), e);
         } catch (OperationTimedoutException e) {


Mime
View raw message