cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject git commit: updated refs/heads/master to c8901a7
Date Fri, 13 Mar 2015 12:02:22 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/master 6c71d3bae -> c8901a799


utils: use a better extended implementation of SSLSocketFactory

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit b4a5a32a7488ecd93f295670e7f641fc32198aa7)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/c8901a79
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/c8901a79
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/c8901a79

Branch: refs/heads/master
Commit: c8901a799076859f9bc0100ad0ace2677d2270d9
Parents: 6c71d3b
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Authored: Fri Mar 13 17:31:30 2015 +0530
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Fri Mar 13 17:32:07 2015 +0530

----------------------------------------------------------------------
 .../resource/XenServerConnectionPool.java       |  45 ++++---
 .../opendaylight/api/NeutronRestApi.java        |  38 +++---
 .../storage/datastore/util/ElastistorUtil.java  |  45 ++++---
 .../main/java/streamer/SocketWrapperImpl.java   |  29 +++--
 .../com/cloud/consoleproxy/util/RawHTTP.java    |  16 +--
 .../cloud/utils/rest/RESTServiceConnector.java  |  60 +++++----
 .../cloudstack/utils/security/SSLUtils.java     |   7 ++
 .../utils/security/SecureSSLSocketFactory.java  | 124 +++++++++++++++++++
 .../hypervisor/vmware/util/VmwareClient.java    |  36 +++---
 .../hypervisor/vmware/util/VmwareContext.java   |  44 ++++---
 10 files changed, 282 insertions(+), 162 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c8901a79/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/XenServerConnectionPool.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/XenServerConnectionPool.java
b/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/XenServerConnectionPool.java
index 8df415e..9bc8d9e 100644
--- a/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/XenServerConnectionPool.java
+++ b/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/XenServerConnectionPool.java
@@ -16,6 +16,26 @@
 // under the License.
 package com.cloud.hypervisor.xenserver.resource;
 
+import com.cloud.utils.NumbersUtil;
+import com.cloud.utils.PropertiesUtil;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.xensource.xenapi.APIVersion;
+import com.xensource.xenapi.Connection;
+import com.xensource.xenapi.Host;
+import com.xensource.xenapi.Pool;
+import com.xensource.xenapi.Session;
+import com.xensource.xenapi.Types;
+import com.xensource.xenapi.Types.BadServerResponse;
+import com.xensource.xenapi.Types.XenAPIException;
+import org.apache.cloudstack.utils.security.SSLUtils;
+import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
+import org.apache.log4j.Logger;
+import org.apache.xmlrpc.XmlRpcException;
+import org.apache.xmlrpc.client.XmlRpcClientException;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSession;
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
@@ -27,29 +47,6 @@ import java.util.Map;
 import java.util.Properties;
 import java.util.Queue;
 
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLSession;
-
-import org.apache.log4j.Logger;
-import org.apache.xmlrpc.XmlRpcException;
-import org.apache.xmlrpc.client.XmlRpcClientException;
-
-import org.apache.cloudstack.utils.security.SSLUtils;
-
-import com.xensource.xenapi.APIVersion;
-import com.xensource.xenapi.Connection;
-import com.xensource.xenapi.Host;
-import com.xensource.xenapi.Pool;
-import com.xensource.xenapi.Session;
-import com.xensource.xenapi.Types;
-import com.xensource.xenapi.Types.BadServerResponse;
-import com.xensource.xenapi.Types.XenAPIException;
-
-import com.cloud.utils.NumbersUtil;
-import com.cloud.utils.PropertiesUtil;
-import com.cloud.utils.exception.CloudRuntimeException;
-
 public class XenServerConnectionPool {
     private static final Logger s_logger = Logger.getLogger(XenServerConnectionPool.class);
     protected HashMap<String /* poolUuid */, XenServerConnection> _conns = new HashMap<String,
XenServerConnection>();
@@ -81,7 +78,7 @@ public class XenServerConnectionPool {
             trustAllCerts[0] = tm;
             javax.net.ssl.SSLContext sc = SSLUtils.getSSLContext();
             sc.init(null, trustAllCerts, null);
-            javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+            javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(new SecureSSLSocketFactory(sc));
             HostnameVerifier hv = new HostnameVerifier() {
                 @Override
                 public boolean verify(String hostName, SSLSession session) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c8901a79/plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java
b/plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java
index 528a4ac..ab6595e 100644
--- a/plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java
+++ b/plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java
@@ -20,6 +20,24 @@
 package org.apache.cloudstack.network.opendaylight.api;
 
 import org.apache.cloudstack.utils.security.SSLUtils;
+import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpException;
+import org.apache.commons.httpclient.HttpMethodBase;
+import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
+import org.apache.commons.httpclient.cookie.CookiePolicy;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+import org.apache.log4j.Logger;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
 import java.io.IOException;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
@@ -33,24 +51,6 @@ import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
 
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-
-import org.apache.commons.httpclient.ConnectTimeoutException;
-import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.HttpException;
-import org.apache.commons.httpclient.HttpMethodBase;
-import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
-import org.apache.commons.httpclient.cookie.CookiePolicy;
-import org.apache.commons.httpclient.params.HttpConnectionParams;
-import org.apache.commons.httpclient.protocol.Protocol;
-import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
-import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
-import org.apache.log4j.Logger;
-
 public class NeutronRestApi {
 
     private static final Logger s_logger = Logger.getLogger(NeutronRestApi.class);
@@ -179,7 +179,7 @@ public class NeutronRestApi {
                 // Install the all-trusting trust manager
                 SSLContext sc = SSLUtils.getSSLContext();
                 sc.init(null, trustAllCerts, new java.security.SecureRandom());
-                ssf = sc.getSocketFactory();
+                ssf = new SecureSSLSocketFactory(sc);
             } catch (KeyManagementException e) {
                 throw new IOException(e);
             } catch (NoSuchAlgorithmException e) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c8901a79/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
----------------------------------------------------------------------
diff --git a/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
b/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
index 564ba8e..861c180 100644
--- a/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
+++ b/plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
@@ -19,11 +19,21 @@
 
 package org.apache.cloudstack.storage.datastore.util;
 
-import java.net.ConnectException;
-import java.security.InvalidParameterException;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-import java.util.HashMap;
+import com.cloud.agent.api.Answer;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.google.gson.Gson;
+import com.google.gson.annotations.SerializedName;
+import com.sun.jersey.api.client.Client;
+import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.WebResource;
+import com.sun.jersey.api.client.config.ClientConfig;
+import com.sun.jersey.api.client.config.DefaultClientConfig;
+import com.sun.jersey.core.util.MultivaluedMapImpl;
+import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.utils.security.SSLUtils;
+import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
+import org.apache.http.auth.InvalidCredentialsException;
+import org.apache.log4j.Logger;
 
 import javax.naming.ServiceUnavailableException;
 import javax.net.ssl.HostnameVerifier;
@@ -36,24 +46,11 @@ import javax.net.ssl.X509TrustManager;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.UriBuilder;
-
-import org.apache.http.auth.InvalidCredentialsException;
-import org.apache.log4j.Logger;
-import org.apache.cloudstack.utils.security.SSLUtils;
-
-import com.google.gson.Gson;
-import com.google.gson.annotations.SerializedName;
-import com.sun.jersey.api.client.Client;
-import com.sun.jersey.api.client.ClientResponse;
-import com.sun.jersey.api.client.WebResource;
-import com.sun.jersey.api.client.config.ClientConfig;
-import com.sun.jersey.api.client.config.DefaultClientConfig;
-import com.sun.jersey.core.util.MultivaluedMapImpl;
-
-import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
-
-import com.cloud.agent.api.Answer;
-import com.cloud.utils.exception.CloudRuntimeException;
+import java.net.ConnectException;
+import java.security.InvalidParameterException;
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
+import java.util.HashMap;
 
 public class ElastistorUtil {
 
@@ -1098,7 +1095,7 @@ public class ElastistorUtil {
                 try {
                     SSLContext sc = SSLUtils.getSSLContext();
                     sc.init(null, trustAllCerts, new SecureRandom());
-                    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+                    HttpsURLConnection.setDefaultSSLSocketFactory(new SecureSSLSocketFactory(sc));
                     HttpsURLConnection.setDefaultHostnameVerifier(hv);
                 } catch (Exception e) {
                     ;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c8901a79/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
----------------------------------------------------------------------
diff --git a/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
b/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
index 14089ce..4713173 100644
--- a/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
+++ b/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
@@ -16,9 +16,18 @@
 // under the License.
 package streamer;
 
-import static streamer.debug.MockServer.Packet.PacketType.CLIENT;
-import static streamer.debug.MockServer.Packet.PacketType.SERVER;
+import org.apache.cloudstack.utils.security.SSLUtils;
+import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
+import streamer.debug.MockServer;
+import streamer.debug.MockServer.Packet;
+import streamer.ssl.SSLState;
+import streamer.ssl.TrustAllX509TrustManager;
 
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -26,18 +35,8 @@ import java.net.InetSocketAddress;
 import java.net.Socket;
 import java.util.HashMap;
 
-import javax.net.SocketFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-
-import org.apache.cloudstack.utils.security.SSLUtils;
-
-import streamer.debug.MockServer;
-import streamer.debug.MockServer.Packet;
-import streamer.ssl.SSLState;
-import streamer.ssl.TrustAllX509TrustManager;
+import static streamer.debug.MockServer.Packet.PacketType.CLIENT;
+import static streamer.debug.MockServer.Packet.PacketType.SERVER;
 
 public class SocketWrapperImpl extends PipelineImpl implements SocketWrapper {
 
@@ -137,7 +136,7 @@ public class SocketWrapperImpl extends PipelineImpl implements SocketWrapper
{
             // Trust all certificates (FIXME: insecure)
             sslContext.init(null, new TrustManager[] {new TrustAllX509TrustManager(sslState)},
null);
 
-            SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
+            SSLSocketFactory sslSocketFactory = new SecureSSLSocketFactory(sslContext);
             sslSocket = (SSLSocket)sslSocketFactory.createSocket(socket, address.getHostName(),
address.getPort(), true);
             sslSocket.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslSocket.getEnabledProtocols()));
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c8901a79/services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java
----------------------------------------------------------------------
diff --git a/services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java b/services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java
index 8f78fb3..21b6241 100644
--- a/services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java
+++ b/services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java
@@ -17,7 +17,13 @@
 package com.cloud.consoleproxy.util;
 
 import org.apache.cloudstack.utils.security.SSLUtils;
+import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
 
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -32,12 +38,6 @@ import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import javax.net.SocketFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-
 //
 // This file is originally from XenConsole with modifications
 //
@@ -151,7 +151,7 @@ public final class RawHTTP {
             SSLSocket ssl = null;
             try {
                 context.init(null, trustAllCerts, new SecureRandom());
-                SocketFactory factory = context.getSocketFactory();
+                SocketFactory factory = new SecureSSLSocketFactory(context);
                 ssl = (SSLSocket)factory.createSocket(host, port);
                 ssl.setEnabledProtocols(SSLUtils.getSupportedProtocols(ssl.getEnabledProtocols()));
                 /* ssl.setSSLParameters(context.getDefaultSSLParameters()); */
@@ -160,6 +160,8 @@ public final class RawHTTP {
                 throw e;
             } catch (KeyManagementException e) {
                 s_logger.error("KeyManagementException: " + e.getMessage(), e);
+            } catch (NoSuchAlgorithmException e) {
+                s_logger.error("NoSuchAlgorithmException: " + e.getMessage(), e);
             }
             return ssl;
         } else {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c8901a79/utils/src/com/cloud/utils/rest/RESTServiceConnector.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/rest/RESTServiceConnector.java b/utils/src/com/cloud/utils/rest/RESTServiceConnector.java
index cdacd1f..6ededcb 100644
--- a/utils/src/com/cloud/utils/rest/RESTServiceConnector.java
+++ b/utils/src/com/cloud/utils/rest/RESTServiceConnector.java
@@ -19,29 +19,13 @@
 
 package com.cloud.utils.rest;
 
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.lang.reflect.Type;
-import java.net.InetAddress;
-import java.net.InetSocketAddress;
-import java.net.MalformedURLException;
-import java.net.Socket;
-import java.net.URL;
-import java.net.UnknownHostException;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-
+import com.google.gson.FieldNamingPolicy;
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonDeserializer;
+import com.google.gson.reflect.TypeToken;
+import org.apache.cloudstack.utils.security.SSLUtils;
+import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
 import org.apache.commons.httpclient.ConnectTimeoutException;
 import org.apache.commons.httpclient.HttpClient;
 import org.apache.commons.httpclient.HttpException;
@@ -62,13 +46,27 @@ import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
 import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.utils.security.SSLUtils;
-
-import com.google.gson.FieldNamingPolicy;
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.google.gson.JsonDeserializer;
-import com.google.gson.reflect.TypeToken;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.lang.reflect.Type;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.MalformedURLException;
+import java.net.Socket;
+import java.net.URL;
+import java.net.UnknownHostException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
 
 /**
  * This abstraction encapsulates client side code for REST service communication. It encapsulates
@@ -339,7 +337,7 @@ public class RESTServiceConnector {
                 // Install the all-trusting trust manager
                 final SSLContext sc = SSLUtils.getSSLContext();
                 sc.init(null, trustAllCerts, new java.security.SecureRandom());
-                ssf = sc.getSocketFactory();
+                ssf = new SecureSSLSocketFactory(sc);
             } catch (final KeyManagementException e) {
                 throw new IOException(e);
             } catch (final NoSuchAlgorithmException e) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c8901a79/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java b/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java
index 3de4c50..5ea89b1 100644
--- a/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/security/SSLUtils.java
@@ -24,6 +24,7 @@ import org.apache.log4j.Logger;
 import javax.net.ssl.SSLContext;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
+import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Set;
 
@@ -41,6 +42,12 @@ public class SSLUtils {
         return (String[]) set.toArray(new String[set.size()]);
     }
 
+    public static String[] getSupportedCiphers() throws NoSuchAlgorithmException {
+        String[] availableCiphers = getSSLContext().getSocketFactory().getSupportedCipherSuites();
+        Arrays.sort(availableCiphers);
+        return availableCiphers;
+    }
+
     public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
         return SSLContext.getInstance("TLSv1");
     }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c8901a79/utils/src/org/apache/cloudstack/utils/security/SecureSSLSocketFactory.java
----------------------------------------------------------------------
diff --git a/utils/src/org/apache/cloudstack/utils/security/SecureSSLSocketFactory.java b/utils/src/org/apache/cloudstack/utils/security/SecureSSLSocketFactory.java
new file mode 100644
index 0000000..fa9d492
--- /dev/null
+++ b/utils/src/org/apache/cloudstack/utils/security/SecureSSLSocketFactory.java
@@ -0,0 +1,124 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+
+package org.apache.cloudstack.utils.security;
+
+import org.apache.log4j.Logger;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+public class SecureSSLSocketFactory extends SSLSocketFactory {
+
+    public static final Logger s_logger = Logger.getLogger(SecureSSLSocketFactory.class);
+    private SSLContext _sslContext;
+
+    public SecureSSLSocketFactory() throws NoSuchAlgorithmException {
+        _sslContext = SSLUtils.getSSLContext();
+    }
+
+    public SecureSSLSocketFactory(SSLContext sslContext) throws NoSuchAlgorithmException
{
+        if (sslContext != null) {
+            _sslContext = sslContext;
+        } else {
+            _sslContext = SSLUtils.getSSLContext();
+        }
+    }
+
+    public SecureSSLSocketFactory(KeyManager[] km, TrustManager[] tm, SecureRandom random)
throws NoSuchAlgorithmException, KeyManagementException, IOException {
+        _sslContext = SSLUtils.getSSLContext();
+        _sslContext.init(km, tm, random);
+    }
+
+    @Override
+    public String[] getDefaultCipherSuites() {
+        return getSupportedCipherSuites();
+    }
+
+    @Override
+    public String[] getSupportedCipherSuites() {
+        String[] ciphers = null;
+        try {
+            ciphers = SSLUtils.getSupportedCiphers();
+        } catch (NoSuchAlgorithmException e) {
+            s_logger.error("SecureSSLSocketFactory::getDefaultCipherSuites found no cipher
suites");
+        }
+        return ciphers;
+    }
+
+    @Override
+    public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws
IOException {
+        SSLSocketFactory factory = _sslContext.getSocketFactory();
+        Socket socket = factory.createSocket(s, host, port, autoClose);
+        if (socket instanceof SSLSocket) {
+            ((SSLSocket)socket).setEnabledProtocols(SSLUtils.getSupportedProtocols(((SSLSocket)socket).getEnabledProtocols()));
+        }
+        return socket;
+    }
+
+    @Override
+    public Socket createSocket(String host, int port) throws IOException, UnknownHostException
{
+        SSLSocketFactory factory = _sslContext.getSocketFactory();
+        Socket socket = factory.createSocket(host, port);
+        if (socket instanceof SSLSocket) {
+            ((SSLSocket)socket).setEnabledProtocols(SSLUtils.getSupportedProtocols(((SSLSocket)socket).getEnabledProtocols()));
+        }
+        return socket;
+    }
+
+    @Override
+    public Socket createSocket(String host, int port, InetAddress inetAddress, int localPort)
throws IOException, UnknownHostException {
+        SSLSocketFactory factory = _sslContext.getSocketFactory();
+        Socket socket = factory.createSocket(host, port, inetAddress, localPort);
+        if (socket instanceof SSLSocket) {
+            ((SSLSocket)socket).setEnabledProtocols(SSLUtils.getSupportedProtocols(((SSLSocket)socket).getEnabledProtocols()));
+        }
+        return socket;
+    }
+
+    @Override
+    public Socket createSocket(InetAddress inetAddress, int localPort) throws IOException
{
+        SSLSocketFactory factory = _sslContext.getSocketFactory();
+        Socket socket = factory.createSocket(inetAddress, localPort);
+        if (socket instanceof SSLSocket) {
+            ((SSLSocket)socket).setEnabledProtocols(SSLUtils.getSupportedProtocols(((SSLSocket)socket).getEnabledProtocols()));
+        }
+        return socket;
+    }
+
+    @Override
+    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int
localPort) throws IOException {
+        SSLSocketFactory factory = this._sslContext.getSocketFactory();
+        Socket socket = factory.createSocket(address, port, localAddress, localPort);
+        if (socket instanceof SSLSocket) {
+            ((SSLSocket)socket).setEnabledProtocols(SSLUtils.getSupportedProtocols(((SSLSocket)socket).getEnabledProtocols()));
+        }
+        return socket;
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c8901a79/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java
----------------------------------------------------------------------
diff --git a/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java b/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java
index cc657a6..f3f7e0c 100644
--- a/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java
+++ b/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java
@@ -16,24 +16,6 @@
 // under the License.
 package com.cloud.hypervisor.vmware.util;
 
-import java.lang.reflect.Method;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Map;
-import java.util.StringTokenizer;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLSession;
-import javax.xml.ws.BindingProvider;
-import javax.xml.ws.WebServiceException;
-import javax.xml.ws.handler.MessageContext;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.utils.security.SSLUtils;
-
 import com.vmware.vim25.DynamicProperty;
 import com.vmware.vim25.InvalidCollectorVersionFaultMsg;
 import com.vmware.vim25.InvalidPropertyFaultMsg;
@@ -56,6 +38,22 @@ import com.vmware.vim25.TraversalSpec;
 import com.vmware.vim25.UpdateSet;
 import com.vmware.vim25.VimPortType;
 import com.vmware.vim25.VimService;
+import org.apache.cloudstack.utils.security.SSLUtils;
+import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
+import org.apache.log4j.Logger;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSession;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.WebServiceException;
+import javax.xml.ws.handler.MessageContext;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.StringTokenizer;
 
 /**
  * A wrapper class to handle Vmware vsphere connection and disconnection.
@@ -109,7 +107,7 @@ public class VmwareClient {
         javax.net.ssl.SSLSessionContext sslsc = sc.getServerSessionContext();
         sslsc.setSessionTimeout(0);
         sc.init(null, trustAllCerts, null);
-        javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+        javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(new SecureSSLSocketFactory(sc));
     }
 
     private final ManagedObjectReference svcInstRef = new ManagedObjectReference();

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c8901a79/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java
----------------------------------------------------------------------
diff --git a/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java b/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java
index cb0c4d7..bec4b37 100644
--- a/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java
+++ b/vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java
@@ -16,6 +16,26 @@
 // under the License.
 package com.cloud.hypervisor.vmware.util;
 
+import com.cloud.hypervisor.vmware.mo.DatacenterMO;
+import com.cloud.hypervisor.vmware.mo.DatastoreFile;
+import com.cloud.utils.ActionDelegate;
+import com.vmware.vim25.ManagedObjectReference;
+import com.vmware.vim25.ObjectContent;
+import com.vmware.vim25.ObjectSpec;
+import com.vmware.vim25.PropertyFilterSpec;
+import com.vmware.vim25.PropertySpec;
+import com.vmware.vim25.ServiceContent;
+import com.vmware.vim25.TaskInfo;
+import com.vmware.vim25.TraversalSpec;
+import com.vmware.vim25.VimPortType;
+import org.apache.cloudstack.utils.security.SSLUtils;
+import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
+import org.apache.log4j.Logger;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSession;
+import javax.xml.ws.soap.SOAPFaultException;
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
 import java.io.BufferedReader;
@@ -35,28 +55,6 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLSession;
-import javax.xml.ws.soap.SOAPFaultException;
-
-import org.apache.log4j.Logger;
-import org.apache.cloudstack.utils.security.SSLUtils;
-
-import com.vmware.vim25.ManagedObjectReference;
-import com.vmware.vim25.ObjectContent;
-import com.vmware.vim25.ObjectSpec;
-import com.vmware.vim25.PropertyFilterSpec;
-import com.vmware.vim25.PropertySpec;
-import com.vmware.vim25.ServiceContent;
-import com.vmware.vim25.TaskInfo;
-import com.vmware.vim25.TraversalSpec;
-import com.vmware.vim25.VimPortType;
-
-import com.cloud.hypervisor.vmware.mo.DatacenterMO;
-import com.cloud.hypervisor.vmware.mo.DatastoreFile;
-import com.cloud.utils.ActionDelegate;
-
 public class VmwareContext {
     private static final Logger s_logger = Logger.getLogger(VmwareContext.class);
 
@@ -82,7 +80,7 @@ public class VmwareContext {
             trustAllCerts[0] = tm;
             javax.net.ssl.SSLContext sc = SSLUtils.getSSLContext();
             sc.init(null, trustAllCerts, null);
-            javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+            javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(new SecureSSLSocketFactory(sc));
 
             HostnameVerifier hv = new HostnameVerifier() {
                 @Override


Mime
View raw message