etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bug 12980: added trust store for ssl

This commit is contained in:
abhi 2012-02-08 13:07:19 +05:30
parent 1fc0afe3f2
commit 44c172bdc2
4 changed files with 49 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/src/com/cloud/api/ApiConstants.java
View File

@ -187,6 +187,8 @@ public class ApiConstants {
public static final String TIMEOUT = "timeout";
public static final String TIMEZONE = "timezone";
public static final String TYPE = "type";
public static final String TRUST_STORE = "truststore";
public static final String TRUST_STORE_PASSWORD = "truststorepass";
public static final String URL = "url";
public static final String USAGE_INTERFACE = "usageinterface";
public static final String USER_DATA = "userdata";
@ -338,7 +340,7 @@ public class ApiConstants {
}
public enum LDAPParams {
hostname, port, usessl, queryfilter, searchbase, dn, passwd;
hostname, port, usessl, queryfilter, searchbase, dn, passwd, truststore, truststorepass;
@Override
public String toString(){

15
api/src/com/cloud/api/commands/LDAPConfigCmd.java
View File

@ -65,6 +65,11 @@ public class LDAPConfigCmd extends BaseCmd {
@Parameter(name=ApiConstants.BIND_PASSWORD, type=CommandType.STRING, description="Enter the password.")
private String bindPassword;
@Parameter(name=ApiConstants.TRUST_STORE, type=CommandType.STRING, description="Enter the path to trust certificates store.")
private String trustStore;
@Parameter(name=ApiConstants.TRUST_STORE_PASSWORD, type=CommandType.STRING, description="Enter the password for trust store.")
private String trustStorePassword;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
@ -98,6 +103,16 @@ public class LDAPConfigCmd extends BaseCmd {
return port <= 0 ? 389 : port;
}
public String getTrustStore() {
return trustStore;
}
public String getTrustStorePassword() {
return trustStorePassword;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////

32
server/src/com/cloud/configuration/ConfigurationManagerImpl.java
View File

@ -1244,14 +1244,13 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
Boolean useSSL = cmd.getUseSSL();
String bindDN = cmd.getBindDN();
String bindPasswd = cmd.getBindPassword();
String trustStore = cmd.getTrustStore();
String trustStorePassword = cmd.getTrustStorePassword();
if (bindDN != null && bindPasswd == null) {
throw new InvalidParameterValueException("If you specify a bind name then you need to provide bind password too.");
}
// System.setProperty("javax.net.ssl.keyStore", "/cygdrive/c/citrix/info/cacerts.jks");
// System.setProperty("javax.net.ssl.keyStorePassword", "1111_aaaa");
// check if the info is correct
Hashtable<String, String> env = new Hashtable<String, String>(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
@ -1259,9 +1258,15 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
if (new Boolean(useSSL)) {
env.put(Context.SECURITY_PROTOCOL, "ssl");
protocol = "ldaps://";
if (trustStore == null || trustStorePassword==null ){
throw new InvalidParameterValueException("If you plan to use SSL then you need to configure the trust store.");
}
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
}
env.put(Context.PROVIDER_URL, protocol + hostname + ":" + port);
if (bindDN != null && bindPasswd != null) {
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, bindDN);
env.put(Context.SECURITY_CREDENTIALS, bindPasswd);
}
@ -1320,13 +1325,30 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
}
cvo.setValue(DBEncryptionUtil.encrypt(bindPasswd));
_configDao.persist(cvo);
cvo = _configDao.findByName(LDAPParams.truststore.toString());
if (cvo == null) {
cvo = new ConfigurationVO("Advanced", "DEFAULT", "management-server", LDAPParams.truststore.toString(), null, "Enter the path to trusted keystore");
}
cvo.setValue(trustStore);
_configDao.persist(cvo);
cvo = _configDao.findByName(LDAPParams.truststorepass.toString());
if (cvo == null) {
cvo = new ConfigurationVO("Advanced", "DEFAULT", "management-server", LDAPParams.truststorepass.toString(), null, "Enter the password for trusted keystore");
}
cvo.setValue(DBEncryptionUtil.encrypt(trustStorePassword));
_configDao.persist(cvo);
s_logger.debug("The ldap server is configured: " + hostname);
} catch (NamingException ne) {
ne.printStackTrace();
throw new InvalidParameterValueException("Naming Exception, check you ldap data ! " + ne.getMessage() + (ne.getCause() != null ? ("Caused by:" + ne.getCause().getMessage()) : ""));
}
return true;
}
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_ZONE_EDIT, eventDescription = "editing zone", async = false)

4
server/src/com/cloud/server/auth/LDAPUserAuthenticator.java
View File

@ -74,6 +74,8 @@ public class LDAPUserAuthenticator extends DefaultUserAuthenticator {
String useSSL = _configDao.getValue(LDAPParams.usessl.toString());
String bindDN = _configDao.getValue(LDAPParams.dn.toString());
String bindPasswd = DBEncryptionUtil.decrypt(_configDao.getValue(LDAPParams.passwd.toString()));
String trustStore = _configDao.getValue(LDAPParams.truststore.toString());
String trustStorePassword = DBEncryptionUtil.decrypt(_configDao.getValue(LDAPParams.truststorepass.toString()));
try {
// get all params
@ -83,6 +85,8 @@ public class LDAPUserAuthenticator extends DefaultUserAuthenticator {
if (new Boolean(useSSL)){
env.put(Context.SECURITY_PROTOCOL, "ssl");
protocol="ldaps://" ;
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
}
env.put(Context.PROVIDER_URL, protocol + url + ":" + port);