From 57c48414030a9961e82d7e6f39a24b84ccc7e371 Mon Sep 17 00:00:00 2001
From: Sheng Yang <sheng.yang@citrix.com>
Date: Mon, 27 Oct 2014 18:59:55 -0700
Subject: [PATCH] CLOUDSTACK-7814: Fix default passphrase for keystores

In upgrade case, the db.properties file is not changed, but the following commit
would require passphrase for keystore in it, thus result in error(NPE in fact
due to there is no such properity).

commit 918c320438980f070150f872e3a3ba907572af83
Author: Upendra Moturi <upendra.moturi@sungard.com>
Date: Fri Jun 20 11:41:58 2014 +0530
CLOUDSTACK-6847.Link.java and console proxy files have hardcoded value

This commit fix it by put default value for passphrases, also set correct
passphrase if fail-safe keystore is used.
---
 .../ConsoleProxySecureServerFactoryImpl.java  | 32 +++++++++----------
 utils/src/com/cloud/utils/nio/Link.java       |  9 ++++--
 2 files changed, 22 insertions(+), 19 deletions(-)

diff --git a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
index 7af4c7b2de3..75d23b15d82 100644
--- a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
+++ b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
@@ -16,12 +16,12 @@
 // under the License.
 package com.cloud.consoleproxy;
 
-import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.security.KeyStore;
-import java.util.Properties;
+import com.cloud.utils.db.DbProperties;
+import com.sun.net.httpserver.HttpServer;
+import com.sun.net.httpserver.HttpsConfigurator;
+import com.sun.net.httpserver.HttpsParameters;
+import com.sun.net.httpserver.HttpsServer;
+import org.apache.log4j.Logger;
 
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
@@ -29,14 +29,11 @@ import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLServerSocket;
 import javax.net.ssl.SSLServerSocketFactory;
 import javax.net.ssl.TrustManagerFactory;
-
-import org.apache.log4j.Logger;
-
-import com.cloud.utils.db.DbProperties;
-import com.sun.net.httpserver.HttpServer;
-import com.sun.net.httpserver.HttpsConfigurator;
-import com.sun.net.httpserver.HttpsParameters;
-import com.sun.net.httpserver.HttpsServer;
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.security.KeyStore;
 
 public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFactory {
     private static final Logger s_logger = Logger.getLogger(ConsoleProxySecureServerFactoryImpl.class);
@@ -54,8 +51,11 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa
             try {
                 s_logger.info("Initializing SSL from built-in default certificate");
 
-                final Properties dbProps = DbProperties.getDbProperties();
-                char[] passphrase = dbProps.getProperty("db.cloud.keyStorePassphrase").toCharArray();
+                final String pass = DbProperties.getDbProperties().getProperty("db.cloud.keyStorePassphrase");
+                char[] passphrase = "vmops.com".toCharArray();
+                if (pass != null) {
+                    passphrase = pass.toCharArray();
+                }
                 KeyStore ks = KeyStore.getInstance("JKS");
 
                 ks.load(new FileInputStream("certs/realhostip.keystore"), passphrase);
diff --git a/utils/src/com/cloud/utils/nio/Link.java b/utils/src/com/cloud/utils/nio/Link.java
index c295caf5bd9..a15b8a4e1b6 100755
--- a/utils/src/com/cloud/utils/nio/Link.java
+++ b/utils/src/com/cloud/utils/nio/Link.java
@@ -33,7 +33,6 @@ import java.nio.channels.SelectionKey;
 import java.nio.channels.SocketChannel;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
-import java.util.Properties;
 import java.util.concurrent.ConcurrentLinkedQueue;
 
 import javax.net.ssl.KeyManagerFactory;
@@ -418,8 +417,11 @@ public class Link {
 
         File confFile = PropertiesUtil.findConfigFile("db.properties");
         if (null != confFile && !isClient) {
-            final Properties dbProps = DbProperties.getDbProperties();
-            char[] passphrase = dbProps.getProperty("db.cloud.keyStorePassphrase").toCharArray();
+            final String pass = DbProperties.getDbProperties().getProperty("db.cloud.keyStorePassphrase");
+            char[] passphrase = "vmops.com".toCharArray();
+            if (pass != null) {
+                passphrase = pass.toCharArray();
+            }
             String confPath = confFile.getParent();
             String keystorePath = confPath + keystoreFile;
             if (new File(keystorePath).exists()) {
@@ -427,6 +429,7 @@ public class Link {
             } else {
                 s_logger.warn("SSL: Fail to find the generated keystore. Loading fail-safe one to continue.");
                 stream = NioConnection.class.getResourceAsStream("/cloud.keystore");
+                passphrase = "vmops.com".toCharArray();
             }
             ks.load(stream, passphrase);
             stream.close();