From 570d162692b74cfcfc81db548cd73ae8f0ac6f5f Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan.hoogland@gmail.com>
Date: Thu, 4 Jun 2015 16:48:14 +0200
Subject: [PATCH] CLOUDSTACK-8537 add check for unique public key and account
 on ssh keypair registration

Signed-off-by: Daan Hoogland <daan.hoogland@gmail.com>
---
 .../src/com/cloud/user/dao/SSHKeyPairDao.java   |  2 ++
 .../com/cloud/user/dao/SSHKeyPairDaoImpl.java   |  9 +++++++++
 .../com/cloud/server/ManagementServerImpl.java  | 17 +++++++++++------
 3 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/engine/schema/src/com/cloud/user/dao/SSHKeyPairDao.java b/engine/schema/src/com/cloud/user/dao/SSHKeyPairDao.java
index 7a4ac403636..e035e9688c3 100644
--- a/engine/schema/src/com/cloud/user/dao/SSHKeyPairDao.java
+++ b/engine/schema/src/com/cloud/user/dao/SSHKeyPairDao.java
@@ -35,4 +35,6 @@ public interface SSHKeyPairDao extends GenericDao<SSHKeyPairVO, Long> {
 
     public boolean deleteByName(long accountId, long domainId, String name);
 
+    public SSHKeyPairVO findByPublicKey(long accountId, long domainId, String publicKey);
+
 }
diff --git a/engine/schema/src/com/cloud/user/dao/SSHKeyPairDaoImpl.java b/engine/schema/src/com/cloud/user/dao/SSHKeyPairDaoImpl.java
index cfaa993e605..51e5fbeefd4 100644
--- a/engine/schema/src/com/cloud/user/dao/SSHKeyPairDaoImpl.java
+++ b/engine/schema/src/com/cloud/user/dao/SSHKeyPairDaoImpl.java
@@ -72,6 +72,15 @@ public class SSHKeyPairDaoImpl extends GenericDaoBase<SSHKeyPairVO, Long> implem
         return findOneBy(sc);
     }
 
+    @Override
+    public SSHKeyPairVO findByPublicKey(long accountId, long domainId, String publicKey) {
+        SearchCriteria<SSHKeyPairVO> sc = createSearchCriteria();
+        sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId);
+        sc.addAnd("domainId", SearchCriteria.Op.EQ, domainId);
+        sc.addAnd("publicKey", SearchCriteria.Op.EQ, publicKey);
+        return findOneBy(sc);
+    }
+
     @Override
     public boolean deleteByName(long accountId, long domainId, String name) {
         SSHKeyPairVO pair = findByName(accountId, domainId, name);
diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index 33fb7781c18..e9f2e0bc9f1 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -37,9 +37,6 @@ import javax.crypto.spec.SecretKeySpec;
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
-import org.apache.cloudstack.api.command.user.snapshot.UpdateSnapshotPolicyCmd;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.log4j.Logger;
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.affinity.AffinityGroupProcessor;
 import org.apache.cloudstack.affinity.dao.AffinityGroupVMMapDao;
@@ -408,6 +405,7 @@ import org.apache.cloudstack.api.command.user.snapshot.DeleteSnapshotPoliciesCmd
 import org.apache.cloudstack.api.command.user.snapshot.ListSnapshotPoliciesCmd;
 import org.apache.cloudstack.api.command.user.snapshot.ListSnapshotsCmd;
 import org.apache.cloudstack.api.command.user.snapshot.RevertSnapshotCmd;
+import org.apache.cloudstack.api.command.user.snapshot.UpdateSnapshotPolicyCmd;
 import org.apache.cloudstack.api.command.user.ssh.CreateSSHKeyPairCmd;
 import org.apache.cloudstack.api.command.user.ssh.DeleteSSHKeyPairCmd;
 import org.apache.cloudstack.api.command.user.ssh.ListSSHKeyPairsCmd;
@@ -511,6 +509,8 @@ import org.apache.cloudstack.storage.datastore.db.ImageStoreVO;
 import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao;
 import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
 import org.apache.cloudstack.utils.identity.ManagementServerNode;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.log4j.Logger;
 
 import com.cloud.agent.AgentManager;
 import com.cloud.agent.api.GetVncPortAnswer;
@@ -3616,9 +3616,14 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
 
         Account owner = _accountMgr.finalizeOwner(caller, cmd.getAccountName(), cmd.getDomainId(), cmd.getProjectId());
 
-        SSHKeyPairVO s = _sshKeyPairDao.findByName(owner.getAccountId(), owner.getDomainId(), cmd.getName());
-        if (s != null) {
-            throw new InvalidParameterValueException("A key pair with name '" + cmd.getName() + "' already exists.");
+        SSHKeyPairVO existingPair = _sshKeyPairDao.findByName(owner.getAccountId(), owner.getDomainId(), cmd.getName());
+        if (existingPair != null) {
+            throw new InvalidParameterValueException("A key pair with name '" + cmd.getName() + "' already exists for this account.");
+        }
+
+        existingPair = _sshKeyPairDao.findByPublicKey(owner.getAccountId(), owner.getDomainId(), cmd.getPublicKey());
+        if (existingPair != null) {
+            throw new InvalidParameterValueException("A key pair with name '" + cmd.getPublicKey() + "' already exists for this account.");
         }
 
         String name = cmd.getName();