etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-7814: Fix default passphrase for keystores 

In upgrade case, the db.properties file is not changed, but the following commit
would require passphrase for keystore in it, thus result in error(NPE in fact
due to there is no such properity).

commit 918c320438
Author: Upendra Moturi <upendra.moturi@sungard.com>
Date: Fri Jun 20 11:41:58 2014 +0530
CLOUDSTACK-6847.Link.java and console proxy files have hardcoded value

This commit fix it by put default value for passphrases, also set correct
passphrase if fail-safe keystore is used.
This commit is contained in:
Sheng Yang 2014-10-27 18:59:55 -07:00
parent 4d06eef3b5
commit 57c4841403
2 changed files with 22 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
View File

@ -16,12 +16,12 @@
// under the License.
package com.cloud.consoleproxy;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.KeyStore;
import java.util.Properties;
import com.cloud.utils.db.DbProperties;
import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsParameters;
import com.sun.net.httpserver.HttpsServer;
import org.apache.log4j.Logger;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
@ -29,14 +29,11 @@ import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.log4j.Logger;
import com.cloud.utils.db.DbProperties;
import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsParameters;
import com.sun.net.httpserver.HttpsServer;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.KeyStore;
public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFactory {
private static final Logger s_logger = Logger.getLogger(ConsoleProxySecureServerFactoryImpl.class);
@ -54,8 +51,11 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa
try {
s_logger.info("Initializing SSL from built-in default certificate");
final Properties dbProps = DbProperties.getDbProperties();
char[] passphrase = dbProps.getProperty("db.cloud.keyStorePassphrase").toCharArray();
final String pass = DbProperties.getDbProperties().getProperty("db.cloud.keyStorePassphrase");
char[] passphrase = "vmops.com".toCharArray();
if (pass != null) {
passphrase = pass.toCharArray();
}
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("certs/realhostip.keystore"), passphrase);

9
utils/src/com/cloud/utils/nio/Link.java
View File

@ -33,7 +33,6 @@ import java.nio.channels.SelectionKey;
import java.nio.channels.SocketChannel;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.Properties;
import java.util.concurrent.ConcurrentLinkedQueue;
import javax.net.ssl.KeyManagerFactory;
@ -418,8 +417,11 @@ public class Link {
File confFile = PropertiesUtil.findConfigFile("db.properties");
if (null != confFile && !isClient) {
final Properties dbProps = DbProperties.getDbProperties();
char[] passphrase = dbProps.getProperty("db.cloud.keyStorePassphrase").toCharArray();
final String pass = DbProperties.getDbProperties().getProperty("db.cloud.keyStorePassphrase");
char[] passphrase = "vmops.com".toCharArray();
if (pass != null) {
passphrase = pass.toCharArray();
}
String confPath = confFile.getParent();
String keystorePath = confPath + keystoreFile;
if (new File(keystorePath).exists()) {
@ -427,6 +429,7 @@ public class Link {
} else {
s_logger.warn("SSL: Fail to find the generated keystore. Loading fail-safe one to continue.");
stream = NioConnection.class.getResourceAsStream("/cloud.keystore");
passphrase = "vmops.com".toCharArray();
}
ks.load(stream, passphrase);
stream.close();