cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@apache.org
Subject git commit: updated refs/heads/4.4 to c2dc53c
Date Wed, 18 Mar 2015 19:35:36 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/4.4 e8f7215b2 -> c2dc53c2a


Avoid distributing private key for realhostip.com

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

Conflicts:
	server/src/com/cloud/consoleproxy/AgentHookBase.java
	server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
	services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/c2dc53c2
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/c2dc53c2
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/c2dc53c2

Branch: refs/heads/4.4
Commit: c2dc53c2a1fca893b3926bf87d3cc2a9f5de3987
Parents: e8f7215
Author: Nitin Mehta <nitin.mehta@citrix.com>
Authored: Fri Mar 13 13:33:48 2015 +0530
Committer: Daan Hoogland <daan@onecht.net>
Committed: Wed Mar 18 20:35:18 2015 +0100

----------------------------------------------------------------------
 .../cloud/upgrade/dao/Upgrade2213to2214.java    | 35 +-------
 .../schema/src/com/cloud/vm/ConsoleProxyVO.java | 91 ++------------------
 .../com/cloud/consoleproxy/AgentHookBase.java   | 25 ++++--
 .../consoleproxy/ConsoleProxyManagerImpl.java   | 27 +-----
 .../ConsoleProxySecureServerFactoryImpl.java    | 49 +++--------
 5 files changed, 41 insertions(+), 186 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c2dc53c2/engine/schema/src/com/cloud/upgrade/dao/Upgrade2213to2214.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade2213to2214.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade2213to2214.java
index f3293ba..a8bf80c 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade2213to2214.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade2213to2214.java
@@ -19,7 +19,6 @@ package com.cloud.upgrade.dao;
 import java.io.File;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
-import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.List;
@@ -28,7 +27,6 @@ import org.apache.log4j.Logger;
 
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.script.Script;
-import com.cloud.vm.ConsoleProxyVO;
 
 public class Upgrade2213to2214 implements DbUpgrade {
     final static Logger s_logger = Logger.getLogger(Upgrade2213to2214.class);
@@ -58,40 +56,11 @@ public class Upgrade2213to2214 implements DbUpgrade {
         return new File[] {new File(script)};
     }
 
-    private void upgradeCerts(Connection conn) {
-        PreparedStatement pstmt;
-        try {
-            pstmt = conn.prepareStatement("select md5(`cloud`.`keystore`.key) from `cloud`.`keystore`
where name = 'CPVMCertificate'");
-            ResultSet rs = pstmt.executeQuery();
-            while (rs.next()) {
-                String privateKeyMd5 = rs.getString(1);
-                if (privateKeyMd5.equalsIgnoreCase("432ea1370f57ccd774f4f36052c5fd73")) {
-                    s_logger.debug("Need to upgrade cloudstack provided certificate");
-                    pstmt = conn.prepareStatement("update `cloud`.`keystore` set `cloud`.`keystore`.key
= ?, certificate = ? where name = 'CPVMCertificate'");
-                    pstmt.setString(1, ConsoleProxyVO.keyContent);
-                    pstmt.setString(2, ConsoleProxyVO.certContent);
-                    pstmt.executeUpdate();
-
-                    pstmt = conn.prepareStatement("insert into `cloud`.`keystore` (name,
certificate, seq, domain_suffix) VALUES (?,?,?,?)");
-                    pstmt.setString(1, "root");
-                    pstmt.setString(2, ConsoleProxyVO.rootCa);
-                    pstmt.setInt(3, 0);
-                    pstmt.setString(4, "realhostip.com");
-                    pstmt.executeUpdate();
-                }
-            }
-            rs.close();
-            pstmt.close();
-        } catch (SQLException e) {
-            s_logger.debug("Failed to upgrade keystore: " + e.toString());
-        }
-
-    }
-
     @Override
     public void performDataMigration(Connection conn) {
         fixIndexes(conn);
-        upgradeCerts(conn);
+        //Remove certificate upgrade since RHIP is being retired
+        //upgradeCerts(conn);
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c2dc53c2/engine/schema/src/com/cloud/vm/ConsoleProxyVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/vm/ConsoleProxyVO.java b/engine/schema/src/com/cloud/vm/ConsoleProxyVO.java
index 670bc6a..306cbf9 100644
--- a/engine/schema/src/com/cloud/vm/ConsoleProxyVO.java
+++ b/engine/schema/src/com/cloud/vm/ConsoleProxyVO.java
@@ -38,81 +38,6 @@ import com.cloud.hypervisor.Hypervisor.HypervisorType;
 @PrimaryKeyJoinColumn(name = "id")
 @DiscriminatorValue(value = "ConsoleProxy")
 public class ConsoleProxyVO extends VMInstanceVO implements ConsoleProxy {
-    public static final String keyContent = "-----BEGIN PRIVATE KEY-----\n" + "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCDT9AtEfs+s/I8QXp6rrCw0iNJ\n"
-        + "0+GgsybNHheU+JpL39LMTZykCrZhZnyDvwdxCoOfE38Sa32baHKNds+y2SHnMNsOkw8OcNucHEBX\n"
-        + "1FIpOBGph9D6xC+umx9od6xMWETUv7j6h2u+WC3OhBM8fHCBqIiAol31/IkcqDxxsHlQ8S/oCfTl\n"
-        + "XJUY6Yn628OA1XijKdRnadV0hZ829cv/PZKljjwQUTyrd0KHQeksBH+YAYSo2JUl8ekNLsOi8/cP\n"
-        + "tfojnltzRI1GXi0ZONs8VnDzJ0a2gqZY+uxlz+CGbLnGnlN4j9cBpE+MfUE+35Dq121sTpsSgF85\n"
-        + "Mz+pVhn2S633AgMBAAECggEAH/Szd9RxbVADenCA6wxKSa3KErRyq1YN8ksJeCKMAj0FIt0caruE\n"
-        + "qO11DebWW8cwQu1Otl/cYI6pmg24/BBldMrp9IELX/tNJo+lhPpRyGAxxC0eSXinFfoASb8d+jJd\n"
-        + "Bd1mmemM6fSxqRlxSP4LrzIhjhR1g2CiyYuTsiM9UtoVKGyHwe7KfFwirUOJo3Mr18zUVNm7YqY4\n"
-        + "IVhOSq59zkH3ULBlYq4bG50jpxa5mNSCZ7IpafPY/kE/CbR+FWNt30+rk69T+qb5abg6+XGm+OAm\n"
-        + "bnQ18yZEqX6nJLk7Ch0cfA5orGgrTMOrM71wK7tBBDQ308kOxDGebx6j0qD36QKBgQDTRDr8kuhA\n"
-        + "9sUyKr9vk2DQCMpNvEeiwI3JRMqmmxpNAtg01aJ3Ya57vX5Fc+zcuV87kP6FM1xgpHQvnw5LWo2J\n"
-        + "s7ANwQcP8ricEW5zkZhSjI4ssMeAubmsHOloGxmLFYZqwx0JI7CWViGTLMcUlqKblmHcjeQDeDfP\n"
-        + "P1TaCItFmwKBgQCfHZwVvIcaDs5vxVpZ4ftvflIrW8qq0uOVK6QIf9A/YTGhCXl2qxxTg2A6+0rg\n"
-        + "ZqI7zKzUDxIbVv0KlgCbpHDC9d5+sdtDB3wW2pimuJ3p1z4/RHb4n/lDwXCACZl1S5l24yXX2pFZ\n"
-        + "wdPCXmy5PYkHMssFLNhI24pprUIQs66M1QKBgQDQwjAjWisD3pRXESSfZRsaFkWJcM28hdbVFhPF\n"
-        + "c6gWhwQLmTp0CuL2RPXcPUPFi6sN2iWWi3zxxi9Eyz+9uBn6AsOpo56N5MME/LiOnETO9TKb+Ib6\n"
-        + "rQtKhjshcv3XkIqFPo2XdVvOAgglPO7vajX91iiXXuH7h7RmJud6l0y/lwKBgE+bi90gLuPtpoEr\n"
-        + "VzIDKz40ED5bNYHT80NNy0rpT7J2GVN9nwStRYXPBBVeZq7xCpgqpgmO5LtDAWULeZBlbHlOdBwl\n"
-        + "NhNKKl5wzdEUKwW0yBL1WSS5PQgWPwgARYP25/ggW22sj+49WIo1neXsEKPGWObk8e050f1fTt92\n"
-        + "Vo1lAoGAb1gCoyBCzvi7sqFxm4V5oapnJeiQQJFjhoYWqGa26rQ+AvXXNuBcigIeDXNJPctSF0Uc\n"
-        + "p11KbbCgiruBbckvM1vGsk6Sx4leRk+IFHRpJktFUek4o0eUg0shOsyyvyet48Dfg0a8FvcxROs0\n"
+ "gD+IYds5doiob/hcm1hnNB/3vk4=\n" + "-----END PRIVATE KEY-----\n";
-
-    public static final String certContent = "-----BEGIN CERTIFICATE-----\n" + "MIIFZTCCBE2gAwIBAgIHKBCduBUoKDANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE\n"
-        + "BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY\n" + "BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlm\n"
-        + "aWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5\n" + "IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5Njky\n"
-        + "ODcwHhcNMTIwMjAzMDMzMDQwWhcNMTcwMjA3MDUxMTIzWjBZMRkwFwYDVQQKDBAq\n" + "LnJlYWxob3N0aXAuY29tMSEwHwYDVQQLDBhEb21haW4gQ29udHJvbCBWYWxpZGF0\n"
-        + "ZWQxGTAXBgNVBAMMECoucmVhbGhvc3RpcC5jb20wggEiMA0GCSqGSIb3DQEBAQUA\n" + "A4IBDwAwggEKAoIBAQCDT9AtEfs+s/I8QXp6rrCw0iNJ0+GgsybNHheU+JpL39LM\n"
-        + "TZykCrZhZnyDvwdxCoOfE38Sa32baHKNds+y2SHnMNsOkw8OcNucHEBX1FIpOBGp\n" + "h9D6xC+umx9od6xMWETUv7j6h2u+WC3OhBM8fHCBqIiAol31/IkcqDxxsHlQ8S/o\n"
-        + "CfTlXJUY6Yn628OA1XijKdRnadV0hZ829cv/PZKljjwQUTyrd0KHQeksBH+YAYSo\n" + "2JUl8ekNLsOi8/cPtfojnltzRI1GXi0ZONs8VnDzJ0a2gqZY+uxlz+CGbLnGnlN4\n"
-        + "j9cBpE+MfUE+35Dq121sTpsSgF85Mz+pVhn2S633AgMBAAGjggG+MIIBujAPBgNV\n" + "HRMBAf8EBTADAQEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNV\n"
-        + "HQ8BAf8EBAMCBaAwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nb2RhZGR5\n" + "LmNvbS9nZHMxLTY0LmNybDBTBgNVHSAETDBKMEgGC2CGSAGG/W0BBxcBMDkwNwYI\n"
-        + "KwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3Np\n" + "dG9yeS8wgYAGCCsGAQUFBwEBBHQwcjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Au\n"
-        + "Z29kYWRkeS5jb20vMEoGCCsGAQUFBzAChj5odHRwOi8vY2VydGlmaWNhdGVzLmdv\n" + "ZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RfaW50ZXJtZWRpYXRlLmNydDAfBgNVHSME\n"
-        + "GDAWgBT9rGEyk2xF1uLuhV+auud2mWjM5zArBgNVHREEJDAighAqLnJlYWxob3N0\n" + "aXAuY29tgg5yZWFsaG9zdGlwLmNvbTAdBgNVHQ4EFgQUZyJz9/QLy5TWIIscTXID\n"
-        + "E8Xk47YwDQYJKoZIhvcNAQEFBQADggEBAKiUV3KK16mP0NpS92fmQkCLqm+qUWyN\n" + "BfBVgf9/M5pcT8EiTZlS5nAtzAE/eRpBeR3ubLlaAogj4rdH7YYVJcDDLLoB2qM3\n"
-        + "qeCHu8LFoblkb93UuFDWqRaVPmMlJRnhsRkL1oa2gM2hwQTkBDkP7w5FG1BELCgl\n" + "gZI2ij2yxjge6pOEwSyZCzzbCcg9pN+dNrYyGEtB4k+BBnPA3N4r14CWbk+uxjrQ\n"
-        + "6j2Ip+b7wOc5IuMEMl8xwTyjuX3lsLbAZyFI9RCyofwA9NqIZ1GeB6Zd196rubQp\n" + "93cmBqGGjZUs3wMrGlm7xdjlX6GQ9UvmvkMub9+lL99A5W50QgCmFeI=\n"
-        + "-----END CERTIFICATE-----\n";
-
-    public static final String rootCa = "-----BEGIN CERTIFICATE-----\n" + "MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx\n"
-        + "ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g\n" + "RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw\n"
-        + "MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH\n" + "QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j\n"
-        + "b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j\n" + "b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj\n"
-        + "YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN\n" + "AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H\n"
-        + "KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm\n" + "VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR\n"
-        + "SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT\n" + "cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ\n"
-        + "6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu\n" + "MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS\n"
-        + "kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB\n" + "BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f\n"
-        + "BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv\n" + "c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH\n"
-        + "AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO\n" + "BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG\n"
-        + "OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU\n" + "A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o\n"
-        + "0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX\n" + "RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH\n"
-        + "qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV\n" + "U+4=\n"
+ "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n"
-        + "MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh\n" + "bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu\n"
-        + "Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g\n" + "QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAe\n"
-        + "BgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDYyOTE3MDYyMFoX\n" + "DTI0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBE\n"
-        + "YWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0\n" + "aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgC\n"
-        + "ggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv\n" + "2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+q\n"
-        + "N1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiO\n" + "r18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lN\n"
-        + "f4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEH\n" + "U1jPEX44dMX4/7VpkI+EdOqXG68CAQOjggHhMIIB3TAdBgNVHQ4EFgQU0sSw0pHU\n"
-        + "TBFxs2HLPaH+3ahq1OMwgdIGA1UdIwSByjCBx6GBwaSBvjCBuzEkMCIGA1UEBxMb\n" + "VmFsaUNlcnQgVmFsaWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwg\n"
-        + "SW5jLjE1MDMGA1UECxMsVmFsaUNlcnQgQ2xhc3MgMiBQb2xpY3kgVmFsaWRhdGlv\n" + "biBBdXRob3JpdHkxITAfBgNVBAMTGGh0dHA6Ly93d3cudmFsaWNlcnQuY29tLzEg\n"
-        + "MB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5jb22CAQEwDwYDVR0TAQH/BAUw\n" + "AwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmdv\n"
-        + "ZGFkZHkuY29tMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jZXJ0aWZpY2F0ZXMu\n" + "Z29kYWRkeS5jb20vcmVwb3NpdG9yeS9yb290LmNybDBLBgNVHSAERDBCMEAGBFUd\n"
-        + "IAAwODA2BggrBgEFBQcCARYqaHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv\n" + "bS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQC1\n"
-        + "QPmnHfbq/qQaQlpE9xXUhUaJwL6e4+PrxeNYiY+Sn1eocSxI0YGyeR+sBjUZsE4O\n" + "WBsUs5iB0QQeyAfJg594RAoYC5jcdnplDQ1tgMQLARzLrUc+cb53S8wGd9D0Vmsf\n"
-        + "SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw==\n" + "-----END CERTIFICATE-----\n"
+ "-----BEGIN CERTIFICATE-----\n"
-        + "MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0\n" + "IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz\n"
-        + "BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y\n" + "aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG\n"
-        + "9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy\n" + "NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y\n"
-        + "azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs\n" + "YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw\n"
-        + "Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl\n" + "cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY\n"
-        + "dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9\n" + "WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS\n"
-        + "v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v\n" + "UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu\n"
-        + "IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC\n" + "W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd\n"
+ "-----END CERTIFICATE-----\n";
 
     @Column(name = "public_ip_address", nullable = false)
     private String publicIpAddress;
@@ -170,41 +95,41 @@ public class ConsoleProxyVO extends VMInstanceVO implements ConsoleProxy
{
     }
 
     public void setLastUpdateTime(Date time) {
-        this.lastUpdateTime = time;
+        lastUpdateTime = time;
     }
 
     public void setSessionDetails(byte[] details) {
-        this.sessionDetails = details;
+        sessionDetails = details;
     }
 
     @Override
     public String getPublicIpAddress() {
-        return this.publicIpAddress;
+        return publicIpAddress;
     }
 
     @Override
     public String getPublicNetmask() {
-        return this.publicNetmask;
+        return publicNetmask;
     }
 
     @Override
     public String getPublicMacAddress() {
-        return this.publicMacAddress;
+        return publicMacAddress;
     }
 
     @Override
     public int getActiveSession() {
-        return this.activeSession;
+        return activeSession;
     }
 
     @Override
     public Date getLastUpdateTime() {
-        return this.lastUpdateTime;
+        return lastUpdateTime;
     }
 
     @Override
     public byte[] getSessionDetails() {
-        return this.sessionDetails;
+        return sessionDetails;
     }
 
     public boolean isSslEnabled() {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c2dc53c2/server/src/com/cloud/consoleproxy/AgentHookBase.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/consoleproxy/AgentHookBase.java b/server/src/com/cloud/consoleproxy/AgentHookBase.java
index e9fd4e5..05f2b44 100644
--- a/server/src/com/cloud/consoleproxy/AgentHookBase.java
+++ b/server/src/com/cloud/consoleproxy/AgentHookBase.java
@@ -40,6 +40,7 @@ import com.cloud.agent.api.GetVncPortCommand;
 import com.cloud.agent.api.StartupCommand;
 import com.cloud.agent.api.StartupProxyCommand;
 import com.cloud.agent.api.proxy.StartConsoleProxyAgentHttpHandlerCommand;
+import com.cloud.configuration.Config;
 import com.cloud.exception.AgentUnavailableException;
 import com.cloud.exception.OperationTimedoutException;
 import com.cloud.host.Host;
@@ -190,14 +191,24 @@ public abstract class AgentHookBase implements AgentHook {
         String storePassword = String.valueOf(_random.nextLong());
         byte[] ksBits = _ksMgr.getKeystoreBits(ConsoleProxyManager.CERTIFICATE_NAME, ConsoleProxyManager.CERTIFICATE_NAME,
storePassword);
 
-        assert (ksBits != null);
-        if (ksBits == null) {
-            s_logger.error("Could not find and construct a valid SSL certificate");
-        }
-        cmd = new StartConsoleProxyAgentHttpHandlerCommand(ksBits, storePassword);
-        cmd.setEncryptorPassword(getEncryptorPassword());
-
         try {
+            SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+
+            byte[] randomBytes = new byte[16];
+            random.nextBytes(randomBytes);
+            String storePassword = Base64.encodeBase64String(randomBytes);
+
+            byte[] ksBits = null;
+            String consoleProxyUrlDomain = _configDao.getValue(Config.ConsoleProxyUrlDomain.key());
+            if (consoleProxyUrlDomain == null || consoleProxyUrlDomain.isEmpty()) {
+                s_logger.debug("SSL is disabled for console proxy based on global config,
skip loading certificates");
+            } else {
+                ksBits = _ksMgr.getKeystoreBits(ConsoleProxyManager.CERTIFICATE_NAME, ConsoleProxyManager.CERTIFICATE_NAME,
storePassword);
+                //ks manager raises exception if ksBits are null, hence no need to explicltly
handle the condition
+            }
+
+            cmd = new StartConsoleProxyAgentHttpHandlerCommand(ksBits, storePassword);
+            cmd.setEncryptorPassword(getEncryptorPassword());
 
             HostVO consoleProxyHost = findConsoleProxyHost(startupCmd);
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c2dc53c2/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
index aee89c5..70db741 100755
--- a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
+++ b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
@@ -382,7 +382,9 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
         }
 
         KeystoreVO ksVo = _ksDao.findByName(ConsoleProxyManager.CERTIFICATE_NAME);
-        assert (ksVo != null);
+        if (proxy.isSslEnabled() && ksVo == null) {
+            s_logger.warn("SSL enabled for console proxy but no server certificate found
in database");
+        }
 
         if (_staticPublicIp == null) {
             return new ConsoleProxyInfo(proxy.isSslEnabled(), proxy.getPublicIpAddress(),
_consoleProxyPort, proxy.getPort(), _consoleProxyUrlDomain);
@@ -1156,27 +1158,6 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements
ConsoleProxy
         return "consoleproxy.alloc";
     }
 
-    private void prepareDefaultCertificate() {
-        GlobalLock lock = GlobalLock.getInternLock("consoleproxy.cert.setup");
-        try {
-            if (lock.lock(ACQUIRE_GLOBAL_LOCK_TIMEOUT_FOR_SYNC)) {
-                KeystoreVO ksVo = _ksDao.findByName(CERTIFICATE_NAME);
-                if (ksVo == null) {
-                    _ksDao.save(CERTIFICATE_NAME, ConsoleProxyVO.certContent, ConsoleProxyVO.keyContent,
"realhostip.com");
-                    KeystoreVO caRoot = new KeystoreVO();
-                    caRoot.setCertificate(ConsoleProxyVO.rootCa);
-                    caRoot.setDomainSuffix("realhostip.com");
-                    caRoot.setName("root");
-                    caRoot.setIndex(0);
-                    _ksDao.persist(caRoot);
-                }
-                lock.unlock();
-            }
-        } finally {
-            lock.releaseRef();
-        }
-    }
-
     @Override
     public boolean configure(String name, Map<String, Object> params) throws ConfigurationException
{
         if (s_logger.isInfoEnabled()) {
@@ -1234,8 +1215,6 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements
ConsoleProxy
             _instance = "DEFAULT";
         }
 
-        prepareDefaultCertificate();
-
         Map<String, String> agentMgrConfigs = _configDao.getConfiguration("AgentManager",
params);
 
         value = agentMgrConfigs.get("port");

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c2dc53c2/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
----------------------------------------------------------------------
diff --git a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
index 16c6266..d111527 100644
--- a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
+++ b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
@@ -16,12 +16,10 @@
 // under the License.
 package com.cloud.consoleproxy;
 
-import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.security.KeyStore;
-
+import com.sun.net.httpserver.HttpServer;
+import com.sun.net.httpserver.HttpsConfigurator;
+import com.sun.net.httpserver.HttpsParameters;
+import com.sun.net.httpserver.HttpsServer;
 import org.apache.cloudstack.utils.security.SSLUtils;
 
 import javax.net.ssl.KeyManagerFactory;
@@ -30,13 +28,10 @@ import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLServerSocket;
 import javax.net.ssl.SSLServerSocketFactory;
 import javax.net.ssl.TrustManagerFactory;
-
-import org.apache.log4j.Logger;
-
-import com.sun.net.httpserver.HttpServer;
-import com.sun.net.httpserver.HttpsConfigurator;
-import com.sun.net.httpserver.HttpsParameters;
-import com.sun.net.httpserver.HttpsServer;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.security.KeyStore;
 
 public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFactory {
     private static final Logger s_logger = Logger.getLogger(ConsoleProxySecureServerFactoryImpl.class);
@@ -51,32 +46,8 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa
         s_logger.info("Start initializing SSL");
 
         if (ksBits == null) {
-            try {
-                s_logger.info("Initializing SSL from built-in default certificate");
-
-                char[] passphrase = "vmops.com".toCharArray();
-                KeyStore ks = KeyStore.getInstance("JKS");
-
-                ks.load(new FileInputStream("certs/realhostip.keystore"), passphrase);
-                // ks.load(ConsoleProxy.class.getResourceAsStream("/realhostip.keystore"),
passphrase);
-
-                s_logger.info("SSL certificate loaded");
-
-                KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
-                kmf.init(ks, passphrase);
-                s_logger.info("Key manager factory is initialized");
-
-                TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
-                tmf.init(ks);
-                s_logger.info("Trust manager factory is initialized");
-
-                sslContext = SSLUtils.getSSLContext();
-                sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
-                s_logger.info("SSL context is initialized");
-            } catch (Exception ioe) {
-                s_logger.error(ioe.toString(), ioe);
-            }
-
+            // this should not be the case
+            s_logger.info("No certificates passed, recheck global configuration and certificates");
         } else {
             char[] passphrase = ksPassword != null ? ksPassword.toCharArray() : null;
             try {


Mime
View raw message