Removed all reminants of the IdentityService. Created the KeysManager to move the management

of keys out of management server
2014-01-14 11:21:25 -08:00 · 2014-01-14 11:21:25 -08:00 · 68b8891c62
parent 2893120f2a
commit 68b8891c62
36 changed files with 337 additions and 757 deletions
--- a/api/src/com/cloud/server/ResourceTag.java
+++ b/api/src/com/cloud/server/ResourceTag.java
@ -24,25 +24,49 @@ public interface ResourceTag extends ControlledEntity, Identity, InternalIdentit
    // FIXME - extract enum to another interface as its used both by resourceTags and resourceMetaData code
    public enum ResourceObjectType {
-        UserVm(true, true), Template(true, true), ISO(true, false), Volume(true, true), Snapshot(true, false), Network(true, true), Nic(false, true), LoadBalancer(true, true), PortForwardingRule(
+        UserVm(true, true),
-                true, true), FirewallRule(true, true), SecurityGroup(true, false), PublicIpAddress(true, true), Project(true, false), Vpc(true, true), NetworkACL(true, true), StaticRoute(
+        Template(true, true),
-                true, false), VMSnapshot(true, false), RemoteAccessVpn(true, true), Zone(false, true), ServiceOffering(false, true), Storage(false, true), PrivateGateway(false,
+        ISO(true, false),
-                true), NetworkACLList(false, true), VpnGateway(false, true), CustomerGateway(false, true), VpnConnection(false, true), User(true, true), DiskOffering(false, true);
+        Volume(true, true),
        Snapshot(true, false),
        Network(true, true),
        Nic(false, true),
        LoadBalancer(true, true),
        PortForwardingRule(true, true),
        FirewallRule(true, true),
        SecurityGroup(true, false),
        PublicIpAddress(true, true),
        Project(true, false),
        Vpc(true, true),
        NetworkACL(true, true),
        StaticRoute(true, false),
        VMSnapshot(true, false),
        RemoteAccessVpn(true, true),
        Zone(false, true),
        ServiceOffering(false, true),
        Storage(false, true),
        PrivateGateway(false, true),
        NetworkACLList(false, true),
        VpnGateway(false, true),
        CustomerGateway(false, true),
        VpnConnection(false, true),
        User(true, true),
        DiskOffering(false, true);
        ResourceObjectType(boolean resourceTagsSupport, boolean resourceMetadataSupport) {
            this.resourceTagsSupport = resourceTagsSupport;
-            this.metadataSupport = resourceMetadataSupport;
+            metadataSupport = resourceMetadataSupport;
        }
        private final boolean resourceTagsSupport;
        private final boolean metadataSupport;
        public boolean resourceTagsSupport() {
-            return this.resourceTagsSupport;
+            return resourceTagsSupport;
        }
        public boolean resourceMetadataSupport() {
-            return this.metadataSupport;
+            return metadataSupport;
        }
    }
--- a/api/src/org/apache/cloudstack/api/BaseCmd.java
+++ b/api/src/org/apache/cloudstack/api/BaseCmd.java
@ -26,6 +26,8 @@ import java.util.regex.Pattern;
 import javax.inject.Inject;
 import org.apache.log4j.Logger;
 import org.apache.cloudstack.affinity.AffinityGroupService;
 import org.apache.cloudstack.alert.AlertService;
 import org.apache.cloudstack.network.element.InternalLoadBalancerElementService;
@ -33,7 +35,6 @@ import org.apache.cloudstack.network.lb.ApplicationLoadBalancerService;
 import org.apache.cloudstack.network.lb.InternalLoadBalancerVMService;
 import org.apache.cloudstack.query.QueryService;
 import org.apache.cloudstack.usage.UsageService;
 import org.apache.log4j.Logger;
 import com.cloud.configuration.ConfigurationService;
 import com.cloud.domain.Domain;
@ -153,8 +154,6 @@ public abstract class BaseCmd {
    @Inject
    public ResourceLimitService _resourceLimitService;
    @Inject
    public IdentityService _identityService;
    @Inject
    public StorageNetworkService _storageNetworkService;
    @Inject
    public TaggedResourceService _taggedResourceService;
@ -358,11 +357,11 @@ public abstract class BaseCmd {
    }
    public void setFullUrlParams(Map<String, String> map) {
-        this.fullUrlParams = map;
+        fullUrlParams = map;
    }
    public Map<String, String> getFullUrlParams() {
-        return this.fullUrlParams;
+        return fullUrlParams;
    }
    public Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly) {
--- a/api/src/org/apache/cloudstack/api/IdentityService.java
+++ b/api/src/org/apache/cloudstack/api/IdentityService.java
@ -1,23 +0,0 @@
 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 package org.apache.cloudstack.api;
 public interface IdentityService {
    Long getIdentityId(String tableName, String identityString);
    String getIdentityUuid(String tableName, String identityString);
 }
--- a/awsapi/pom.xml
+++ b/awsapi/pom.xml
@ -223,7 +223,6 @@
    <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-api</artifactId>
      <version>1.6.1</version>
      <scope>runtime</scope>
    </dependency>
    <dependency>
@ -271,8 +270,6 @@
    <dependency>
      <groupId>org.bouncycastle</groupId>
      <artifactId>bcprov-jdk16</artifactId>
      <!--  TODO: do we need this explicit version override? -->
      <version>1.45</version>
      <scope>runtime</scope>
    </dependency>
    <dependency>
@ -320,7 +317,6 @@
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-checkstyle-plugin</artifactId>
        <version>${cs.checkstyle.version}</version>
        <executions>
          <execution>
            <phase>none</phase>
--- a/deps/XenServerJava/pom.xml
+++ b/deps/XenServerJava/pom.xml
@ -40,7 +40,6 @@
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-checkstyle-plugin</artifactId>
        <version>${cs.checkstyle.version}</version>
        <executions>
          <execution>
            <phase>none</phase>
--- a/engine/schema/resources/META-INF/cloudstack/core/spring-engine-schema-core-daos-context.xml
+++ b/engine/schema/resources/META-INF/cloudstack/core/spring-engine-schema-core-daos-context.xml
@ -171,7 +171,6 @@
  <bean id="hostTagsDaoImpl" class="com.cloud.host.dao.HostTagsDaoImpl" />
  <bean id="hostTransferMapDaoImpl" class="com.cloud.cluster.agentlb.dao.HostTransferMapDaoImpl" />
  <bean id="iPAddressDaoImpl" class="com.cloud.network.dao.IPAddressDaoImpl" />
  <bean id="identityDaoImpl" class="com.cloud.uuididentity.dao.IdentityDaoImpl" />
  <bean id="imageStoreDaoImpl" class="org.apache.cloudstack.storage.image.db.ImageStoreDaoImpl" />
  <bean id="imageStoreDetailsDaoImpl" class="org.apache.cloudstack.storage.image.db.ImageStoreDetailsDaoImpl" /> 
  <bean id="imageStoreJoinDaoImpl" class="com.cloud.api.query.dao.ImageStoreJoinDaoImpl" />   
--- a/engine/storage/integration-test/pom.xml
+++ b/engine/storage/integration-test/pom.xml
@ -119,8 +119,6 @@
    <dependency>
      <groupId>org.apache.httpcomponents</groupId>
      <artifactId>httpclient</artifactId>
      <!--  TODO: Is this version override required -->
      <version>4.2.2</version>
      <scope>compile</scope>
    </dependency>
    <dependency>
--- a/framework/config/src/org/apache/cloudstack/framework/config/ConfigDepot.java
+++ b/framework/config/src/org/apache/cloudstack/framework/config/ConfigDepot.java
@ -27,4 +27,6 @@ public interface ConfigDepot {
    ConfigKey<?> get(String paramName);
    Set<ConfigKey<?>> getConfigListByScope(String scope);
    <T> void set(ConfigKey<T> key, T value);
 }
--- a/framework/config/src/org/apache/cloudstack/framework/config/impl/ConfigDepotImpl.java
+++ b/framework/config/src/org/apache/cloudstack/framework/config/impl/ConfigDepotImpl.java
@ -172,7 +172,7 @@ public class ConfigDepotImpl implements ConfigDepot, ConfigDepotAdmin {
    @Inject
    public void setScopedStorages(List<ScopedConfigStorage> scopedStorages) {
-        this._scopedStorages = scopedStorages;
+        _scopedStorages = scopedStorages;
    }
    public List<Configurable> getConfigurables() {
@ -181,7 +181,7 @@ public class ConfigDepotImpl implements ConfigDepot, ConfigDepotAdmin {
    @Inject
    public void setConfigurables(List<Configurable> configurables) {
-        this._configurables = configurables;
+        _configurables = configurables;
    }
    @Override
@ -189,4 +189,8 @@ public class ConfigDepotImpl implements ConfigDepot, ConfigDepotAdmin {
        return _scopeLevelConfigsMap.get(ConfigKey.Scope.valueOf(scope));
    }
    @Override
    public <T> void set(ConfigKey<T> key, T value) {
        _configDao.update(key.key(), value.toString());
    }
 }
--- a/framework/security/pom.xml
+++ b/framework/security/pom.xml
@ -25,7 +25,7 @@
    <artifactId>cloudstack-framework</artifactId>
    <version>4.4.0-SNAPSHOT</version>
    <relativePath>../pom.xml</relativePath>
-  </parent>  
+  </parent>
  <dependencies>
    <dependency>
      <groupId>org.apache.cloudstack</groupId>
@ -42,6 +42,10 @@
      <artifactId>cloud-framework-ipc</artifactId>
      <version>${project.version}</version>
    </dependency>
    <dependency>
      <groupId>commons-codec</groupId>
      <artifactId>commons-codec</artifactId>
    </dependency>
    <dependency>
      <groupId>org.apache.cloudstack</groupId>
      <artifactId>cloud-framework-db</artifactId>
@ -51,6 +55,6 @@
      <groupId>org.apache.cloudstack</groupId>
      <artifactId>cloud-framework-config</artifactId>
      <version>${project.version}</version>
-    </dependency>    
+    </dependency>
  </dependencies>
 </project>
--- a/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
+++ b/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
@ -28,4 +28,5 @@
                      >
    <bean id="keystoreManagerImpl" class="org.apache.cloudstack.framework.security.keystore.KeystoreManagerImpl" />
    <bean id="keystoreDaoImpl" class="org.apache.cloudstack.framework.security.keystore.KeystoreDaoImpl" />
    <bean id="keysManagerImpl" class="org.apache.cloudstack.framework.security.keys.KeysManagerImpl"/>
 </beans>
--- a/framework/security/src/org/apache/cloudstack/framework/security/keys/KeysManager.java
+++ b/framework/security/src/org/apache/cloudstack/framework/security/keys/KeysManager.java
@ -14,12 +14,25 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-package com.cloud.uuididentity.dao;
+package org.apache.cloudstack.framework.security.keys;
-import javax.persistence.Entity;
+import org.apache.cloudstack.framework.config.ConfigKey;
 /**
 *
 * Started this file to manage keys.  Will be needed by other services.
 *
 */
-@Entity
+public interface KeysManager {
-public class IdentityVO {
+    final ConfigKey<String> EncryptionKey = new ConfigKey<String>("Hidden", String.class, "security.encryption.key", null, "base64 encoded key data", false);
    final ConfigKey<String> EncryptionIV = new ConfigKey<String>("Hidden", String.class, "security.encryption.iv", null, "base64 encoded IV data", false);
    final ConfigKey<String> HashKey = new ConfigKey<String>("Hidden", String.class, "security.hash.key", null, "for generic key-ed hash", false);
    String getEncryptionKey();
    String getEncryptionIV();
    void resetEncryptionKeyIV();
    String getHashKey();
 }
--- a/framework/security/src/org/apache/cloudstack/framework/security/keys/KeysManagerImpl.java
+++ b/framework/security/src/org/apache/cloudstack/framework/security/keys/KeysManagerImpl.java
@ -0,0 +1,127 @@
 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 package org.apache.cloudstack.framework.security.keys;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import javax.inject.Inject;
 import javax.net.ssl.KeyManager;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.log4j.Logger;
 import org.apache.cloudstack.framework.config.ConfigDepot;
 import org.apache.cloudstack.framework.config.ConfigKey;
 import org.apache.cloudstack.framework.config.Configurable;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
 import org.apache.cloudstack.framework.config.impl.ConfigurationVO;
 import com.cloud.utils.db.DB;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
 /**
 * To be perfectly honest, I'm not sure why we need this class.  This used
 * to be in ManagementServerImpl.  I moved the functionality because it seems
 * many features will need this.  However, the right thing will be for setup
 * and upgrade to take care of key generation.  Here, the methods appear to
 * mainly be used for dynamic generation.  I added this class because after
 * talking to Kelven, we think there will be other functionalities we need
 * to centralize to this class.  We'll see how that works out.
 *
 * There's multiple problems here that we need to fix.
 *   - Multiple servers can be generating keys.  This is not atomic.
 *   - The functionality of generating the keys should be moved over to setup/upgrade.
 *
 */
 public class KeysManagerImpl implements KeysManager, Configurable {
    private static final Logger s_logger = Logger.getLogger(KeysManagerImpl.class);
    @Inject
    ConfigurationDao _configDao;
    @Inject
    ConfigDepot _configDepot;
    @Override
    public String getHashKey() {
        String value = HashKey.value();
        if (value == null) {
            _configDepot.set(HashKey, getBase64EncodedRandomKey(128));
        }
        return HashKey.value();
    }
    @Override
    public String getEncryptionKey() {
        String value = EncryptionKey.value();
        if (value == null) {
            _configDepot.set(EncryptionKey, getBase64EncodedRandomKey(128));
        }
        return EncryptionKey.value();
    }
    @Override
    public String getEncryptionIV() {
        String value = EncryptionIV.value();
        if (value == null) {
            _configDepot.set(EncryptionIV, getBase64EncodedRandomKey(128));
        }
        return EncryptionIV.value();
    }
    private static String getBase64EncodedRandomKey(int nBits) {
        SecureRandom random;
        try {
            random = SecureRandom.getInstance("SHA1PRNG");
            byte[] keyBytes = new byte[nBits / 8];
            random.nextBytes(keyBytes);
            return Base64.encodeBase64URLSafeString(keyBytes);
        } catch (NoSuchAlgorithmException e) {
            s_logger.error("Unhandled exception: ", e);
        }
        return null;
    }
    @Override
    @DB
    public void resetEncryptionKeyIV() {
        SearchBuilder<ConfigurationVO> sb = _configDao.createSearchBuilder();
        sb.and("name1", sb.entity().getName(), SearchCriteria.Op.EQ);
        sb.or("name2", sb.entity().getName(), SearchCriteria.Op.EQ);
        sb.done();
        SearchCriteria<ConfigurationVO> sc = sb.create();
        sc.setParameters("name1", EncryptionKey.key());
        sc.setParameters("name2", EncryptionIV.key());
        _configDao.expunge(sc);
    }
    @Override
    public String getConfigComponentName() {
        return KeyManager.class.getSimpleName();
    }
    @Override
    public ConfigKey<?>[] getConfigKeys() {
        return new ConfigKey<?>[] {EncryptionKey, EncryptionIV, HashKey};
    }
 }
--- a/plugins/hypervisors/hyperv/pom.xml
+++ b/plugins/hypervisors/hyperv/pom.xml
@ -90,7 +90,6 @@
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-surefire-plugin</artifactId>
        <version>2.12</version>
        <configuration>
          <!-- Exclude tests that require an agent, they appear under a different profile -->
            <excludes>
--- a/plugins/hypervisors/kvm/pom.xml
+++ b/plugins/hypervisors/kvm/pom.xml
@ -67,7 +67,6 @@
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-dependency-plugin</artifactId>
        <version>2.5.1</version>
        <executions>
          <execution>
            <id>copy-dependencies</id>
@ -85,7 +84,6 @@
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-surefire-plugin</artifactId>
        <version>2.14</version>
        <configuration>
          <excludes>
            <exclude>**/Qemu*.java</exclude>
--- a/plugins/hypervisors/xen/pom.xml
+++ b/plugins/hypervisors/xen/pom.xml
@ -33,8 +33,6 @@
    <dependency>
      <groupId>org.apache.httpcomponents</groupId>
      <artifactId>httpclient</artifactId>
      <!-- TODO: Check if we need this version override -->
      <version>4.2.2</version>
      <scope>compile</scope>
    </dependency>
    <dependency>
--- a/plugins/network-elements/dns-notifier/resources/components-example.xml
+++ b/plugins/network-elements/dns-notifier/resources/components-example.xml
@ -185,7 +185,6 @@ under the License.
        <dao name="UserDao" class="com.cloud.user.dao.UserDaoImpl" singleton="false"/>
        <dao name="NetworkOfferingServiceDao" class="com.cloud.offerings.dao.NetworkOfferingServiceMapDaoImpl" singleton="false"/>
        <dao name="VirtualRouterProviderDao" class="com.cloud.network.dao.VirtualRouterProviderDaoImpl" singleton="false"/>
        <dao name="IdentityDao" class="com.cloud.uuididentity.dao.IdentityDaoImpl" singleton="false"/>
        <dao name="Site2SiteCustomerGatewayDao" class="com.cloud.network.dao.Site2SiteCustomerGatewayDaoImpl" singleton="false"/>
        <dao name="Site2SiteVpnGatewayDao" class="com.cloud.network.dao.Site2SiteVpnGatewayDaoImpl" singleton="false"/>
        <dao name="Site2SiteVpnConnectionDao" class="com.cloud.network.dao.Site2SiteVpnConnectionDaoImpl" singleton="false"/>
--- a/plugins/network-elements/juniper-contrail/pom.xml
+++ b/plugins/network-elements/juniper-contrail/pom.xml
@ -85,7 +85,6 @@
    <dependency>
      <groupId>com.google.guava</groupId>
      <artifactId>guava</artifactId>
      <version>${cs.guava.version}</version>
    </dependency>
    <dependency>
      <groupId>net.juniper.contrail</groupId>
@ -95,7 +94,6 @@
    <dependency>
      <groupId>mysql</groupId>
      <artifactId>mysql-connector-java</artifactId>
      <version>${cs.mysql.version}</version>
      <scope>provided</scope>
    </dependency>
    <dependency>
--- a/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/IntegrationTestConfiguration.java
+++ b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/IntegrationTestConfiguration.java
@ -21,6 +21,7 @@ import java.io.IOException;
 import javax.inject.Inject;
 import org.eclipse.jetty.security.IdentityService;
 import org.mockito.Matchers;
 import org.mockito.Mockito;
 import org.mockito.invocation.InvocationOnMock;
@ -42,7 +43,6 @@ import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
 import org.apache.cloudstack.affinity.dao.AffinityGroupDaoImpl;
 import org.apache.cloudstack.affinity.dao.AffinityGroupDomainMapDaoImpl;
 import org.apache.cloudstack.affinity.dao.AffinityGroupVMMapDaoImpl;
 import org.apache.cloudstack.api.IdentityService;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.engine.datacenter.entity.api.db.dao.DcDetailsDaoImpl;
 import org.apache.cloudstack.engine.orchestration.service.VolumeOrchestrationService;
@ -270,7 +270,6 @@ import com.cloud.utils.db.EntityManager;
 import com.cloud.utils.db.Transaction;
 import com.cloud.utils.db.TransactionCallbackNoReturn;
 import com.cloud.utils.db.TransactionStatus;
 import com.cloud.uuididentity.dao.IdentityDaoImpl;
 import com.cloud.vm.ItWorkDaoImpl;
 import com.cloud.vm.dao.ConsoleProxyDaoImpl;
 import com.cloud.vm.dao.DomainRouterDaoImpl;
@ -298,7 +297,7 @@ import com.cloud.vm.snapshot.dao.VMSnapshotDaoImpl;
    EventDaoImpl.class, EventJoinDaoImpl.class, EventUtils.class, EventUtils.class, FirewallManagerImpl.class, FirewallRulesCidrsDaoImpl.class,
    FirewallRulesDaoImpl.class, GuestOSCategoryDaoImpl.class, GuestOSDaoImpl.class, HostDaoImpl.class, HostDetailsDaoImpl.class, HostJoinDaoImpl.class,
    HostPodDaoImpl.class, HostTagsDaoImpl.class, HostTransferMapDaoImpl.class, HypervisorCapabilitiesDaoImpl.class, HypervisorGuruManagerImpl.class,
-    IdentityDaoImpl.class, ImageStoreDaoImpl.class, ImageStoreJoinDaoImpl.class, InstanceGroupDaoImpl.class, InstanceGroupJoinDaoImpl.class,
+ ImageStoreDaoImpl.class, ImageStoreJoinDaoImpl.class, InstanceGroupDaoImpl.class, InstanceGroupJoinDaoImpl.class,
    InstanceGroupVMMapDaoImpl.class, IpAddressManagerImpl.class, Ipv6AddressManagerImpl.class, ItWorkDaoImpl.class, LBHealthCheckPolicyDaoImpl.class,
    LBStickinessPolicyDaoImpl.class, LaunchPermissionDao.class, LoadBalancerDaoImpl.class, LoadBalancerVMMapDaoImpl.class, LoadBalancingRulesManagerImpl.class,
    ManagementServerHostDaoImpl.class, MockAccountManager.class, NetworkACLDaoImpl.class, NetworkACLItemDaoImpl.class, NetworkACLManagerImpl.class,
--- a/server/pom.xml
+++ b/server/pom.xml
@ -189,7 +189,6 @@
      </plugin>
      <plugin>
        <artifactId>maven-antrun-plugin</artifactId>
        <version>1.7</version>
        <executions>
          <execution>
            <id>generate-resource</id>
--- a/server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml
+++ b/server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml
@ -120,12 +120,8 @@
        <property name="hvGuruList" value="#{hypervisorGurusRegistry.registered}" />
    </bean>
    <bean id="identityServiceImpl" class="com.cloud.uuididentity.IdentityServiceImpl" />
    <bean id="uUIDManagerImpl" class="com.cloud.uuididentity.UUIDManagerImpl" />
    <bean id="keystoreManagerImpl" class="org.apache.cloudstack.framework.security.keystore.KeystoreManagerImpl" />
    <bean id="loadBalancingRulesManagerImpl" class="com.cloud.network.lb.LoadBalancingRulesManagerImpl" >
        <property name="lbProviders" value="#{loadBalancingServiceProvidersRegistry.registered}" />
    </bean>
--- a/server/src/com/cloud/api/ApiDBUtils.java
+++ b/server/src/com/cloud/api/ApiDBUtils.java
@ -738,14 +738,6 @@ public class ApiDBUtils {
        return s_vmDao.findById(vmId);
    }
    public static long getMemoryOrCpuCapacitybyHost(Long hostId, short capacityType) {
        // TODO: This method is for the API only, but it has configuration values (ramSize for system vms)
        // so if this Utils class can have some kind of config rather than a static initializer (maybe from
        // management server instantiation?) then maybe the management server method can be moved entirely
        // into this utils class.
        return s_ms.getMemoryOrCpuCapacityByHost(hostId, capacityType);
    }
    public static long getStorageCapacitybyPool(Long poolId, short capacityType) {
        // TODO: This method is for the API only, but it has configuration values (ramSize for system vms)
        // so if this Utils class can have some kind of config rather than a static initializer (maybe from
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@ -1372,9 +1372,6 @@ public enum Config {
            "The allowable clock difference in milliseconds between when an SSO login request is made and when it is received.",
            null),
    //NetworkType("Hidden", ManagementServer.class, String.class, "network.type", "vlan", "The type of network that this deployment will use.", "vlan,direct"),
    HashKey("Hidden", ManagementServer.class, String.class, "security.hash.key", null, "for generic key-ed hash", null),
    EncryptionKey("Hidden", ManagementServer.class, String.class, "security.encryption.key", null, "base64 encoded key data", null),
    EncryptionIV("Hidden", ManagementServer.class, String.class, "security.encryption.iv", null, "base64 encoded IV data", null),
    RouterRamSize("Hidden", NetworkOrchestrationService.class, Integer.class, "router.ram.size", "128", "Default RAM for router VM (in MB).", null),
    DefaultPageSize("Advanced", ManagementServer.class, Long.class, "default.page.size", "500", "Default page size for API list* commands", null),
--- a/server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java
+++ b/server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java
@ -25,6 +25,7 @@ import javax.naming.ConfigurationException;
 import org.apache.log4j.Logger;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
 import org.apache.cloudstack.framework.security.keys.KeysManager;
 import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
 import com.cloud.agent.AgentManager;
@ -53,7 +54,6 @@ public class AgentBasedConsoleProxyManager extends ManagerBase implements Consol
    protected HostDao _hostDao;
    @Inject
    protected UserVmDao _userVmDao;
    private String _instance;
    protected String _consoleProxyUrlDomain;
    @Inject
    private VMInstanceDao _instanceDao;
@ -74,11 +74,13 @@ public class AgentBasedConsoleProxyManager extends ManagerBase implements Consol
    ConfigurationDao _configDao;
    @Inject
    ManagementServer _ms;
    @Inject
    KeysManager _keysMgr;
    public class AgentBasedAgentHook extends AgentHookBase {
-        public AgentBasedAgentHook(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao, KeystoreManager ksMgr, AgentManager agentMgr, ManagementServer ms) {
+        public AgentBasedAgentHook(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao, KeystoreManager ksMgr, AgentManager agentMgr, KeysManager keysMgr) {
-            super(instanceDao, hostDao, cfgDao, ksMgr, agentMgr, ms);
+            super(instanceDao, hostDao, cfgDao, ksMgr, agentMgr, keysMgr);
        }
        @Override
@ -119,11 +121,9 @@ public class AgentBasedConsoleProxyManager extends ManagerBase implements Consol
            _sslEnabled = true;
        }
        _instance = configs.get("instance.name");
        _consoleProxyUrlDomain = configs.get("consoleproxy.url.domain");
-        _listener = new ConsoleProxyListener(new AgentBasedAgentHook(_instanceDao, _hostDao, _configDao, _ksMgr, _agentMgr, _ms));
+        _listener = new ConsoleProxyListener(new AgentBasedAgentHook(_instanceDao, _hostDao, _configDao, _ksMgr, _agentMgr, _keysMgr));
        _agentMgr.registerForHostEvents(_listener, true, true, false);
        if (s_logger.isInfoEnabled()) {
--- a/server/src/com/cloud/consoleproxy/AgentHookBase.java
+++ b/server/src/com/cloud/consoleproxy/AgentHookBase.java
@ -26,6 +26,7 @@ import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
 import org.apache.cloudstack.framework.security.keys.KeysManager;
 import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
 import com.cloud.agent.AgentManager;
@ -45,7 +46,6 @@ import com.cloud.host.Host;
 import com.cloud.host.HostVO;
 import com.cloud.host.Status;
 import com.cloud.host.dao.HostDao;
 import com.cloud.server.ManagementServer;
 import com.cloud.servlet.ConsoleProxyPasswordBasedEncryptor;
 import com.cloud.servlet.ConsoleProxyServlet;
 import com.cloud.utils.Ternary;
@ -65,17 +65,16 @@ public abstract class AgentHookBase implements AgentHook {
    ConfigurationDao _configDao;
    AgentManager _agentMgr;
    KeystoreManager _ksMgr;
    ManagementServer _ms;
    final Random _random = new Random(System.currentTimeMillis());
-    private String _hashKey;
+    KeysManager _keysMgr;
-    public AgentHookBase(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao, KeystoreManager ksMgr, AgentManager agentMgr, ManagementServer ms) {
+    public AgentHookBase(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao, KeystoreManager ksMgr, AgentManager agentMgr, KeysManager keysMgr) {
-        this._instanceDao = instanceDao;
+        _instanceDao = instanceDao;
-        this._hostDao = hostDao;
+        _hostDao = hostDao;
-        this._agentMgr = agentMgr;
+        _agentMgr = agentMgr;
-        this._configDao = cfgDao;
+        _configDao = cfgDao;
-        this._ksMgr = ksMgr;
+        _ksMgr = ksMgr;
-        this._ms = ms;
+        _keysMgr = keysMgr;
    }
    @Override
@ -230,15 +229,15 @@ public abstract class AgentHookBase implements AgentHook {
        // if we failed after reset, something is definitely wrong
        for (int i = 0; i < 2; i++) {
-            key = _ms.getEncryptionKey();
+            key = _keysMgr.getEncryptionKey();
-            iv = _ms.getEncryptionIV();
+            iv = _keysMgr.getEncryptionIV();
            keyIvPair = new ConsoleProxyPasswordBasedEncryptor.KeyIVPair(key, iv);
            if (keyIvPair.getIvBytes() == null || keyIvPair.getIvBytes().length != 16 || keyIvPair.getKeyBytes() == null || keyIvPair.getKeyBytes().length != 16) {
                s_logger.warn("Console access AES KeyIV sanity check failed, reset and regenerate");
-                _ms.resetEncryptionKeyIV();
+                _keysMgr.resetEncryptionKeyIV();
            } else {
                break;
            }
--- a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
+++ b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
@ -36,6 +36,7 @@ import com.google.gson.GsonBuilder;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
 import org.apache.cloudstack.framework.security.keys.KeysManager;
 import org.apache.cloudstack.framework.security.keystore.KeystoreDao;
 import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
 import org.apache.cloudstack.framework.security.keystore.KeystoreVO;
@ -54,7 +55,6 @@ import com.cloud.agent.api.check.CheckSshAnswer;
 import com.cloud.agent.api.check.CheckSshCommand;
 import com.cloud.agent.api.proxy.ConsoleProxyLoadAnswer;
 import com.cloud.agent.manager.Commands;
 import com.cloud.certificate.dao.CertificateDao;
 import com.cloud.cluster.ClusterManager;
 import com.cloud.configuration.Config;
 import com.cloud.configuration.ZoneConfig;
@ -99,16 +99,13 @@ import com.cloud.resource.ResourceManager;
 import com.cloud.resource.ResourceStateAdapter;
 import com.cloud.resource.ServerResource;
 import com.cloud.resource.UnableDeleteHostException;
 import com.cloud.server.ManagementServer;
 import com.cloud.service.ServiceOfferingVO;
 import com.cloud.service.dao.ServiceOfferingDao;
 import com.cloud.storage.StorageManager;
 import com.cloud.storage.StoragePoolStatus;
 import com.cloud.storage.VMTemplateStorageResourceAssoc.Status;
 import com.cloud.storage.VMTemplateVO;
 import com.cloud.storage.dao.DiskOfferingDao;
 import com.cloud.storage.dao.VMTemplateDao;
 import com.cloud.template.TemplateManager;
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
 import com.cloud.utils.DateUtil;
@ -182,57 +179,44 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
    @Inject
    private ConfigurationDao _configDao;
    @Inject
    private CertificateDao _certDao;
    @Inject
    private VMInstanceDao _instanceDao;
    @Inject
    private TemplateDataStoreDao _vmTemplateStoreDao;
    @Inject
    private AgentManager _agentMgr;
    @Inject
-    private StorageManager _storageMgr;
+    private NetworkOrchestrationService _networkMgr;
    @Inject
-    NetworkOrchestrationService _networkMgr;
+    private NetworkModel _networkModel;
    @Inject
-    NetworkModel _networkModel;
+    private AccountManager _accountMgr;
    @Inject
-    AccountManager _accountMgr;
+    private ServiceOfferingDao _offeringDao;
    @Inject
-    ServiceOfferingDao _offeringDao;
+    private DiskOfferingDao _diskOfferingDao;
    @Inject
-    DiskOfferingDao _diskOfferingDao;
+    private NetworkOfferingDao _networkOfferingDao;
    @Inject
-    NetworkOfferingDao _networkOfferingDao;
+    private PrimaryDataStoreDao _storagePoolDao;
    @Inject
-    PrimaryDataStoreDao _storagePoolDao;
+    private UserVmDetailsDao _vmDetailsDao;
    @Inject
-    UserVmDetailsDao _vmDetailsDao;
+    private ResourceManager _resourceMgr;
    @Inject
-    ResourceManager _resourceMgr;
+    private NetworkDao _networkDao;
    @Inject
-    NetworkDao _networkDao;
+    private RulesManager _rulesMgr;
    @Inject
-    RulesManager _rulesMgr;
+    private IPAddressDao _ipAddressDao;
    @Inject
-    TemplateManager templateMgr;
+    private KeysManager _keysMgr;
    @Inject
-    IPAddressDao _ipAddressDao;
+    private VirtualMachineManager _itMgr;
    @Inject
    ManagementServer _ms;
    @Inject
    ClusterManager _clusterMgr;
    private ConsoleProxyListener _listener;
    private ServiceOfferingVO _serviceOffering;
    NetworkOffering _publicNetworkOffering;
    NetworkOffering _managementNetworkOffering;
    NetworkOffering _linkLocalNetworkOffering;
    @Inject
    private VirtualMachineManager _itMgr;
    /*
     * private final ExecutorService _requestHandlerScheduler = Executors.newCachedThreadPool(new
     * NamedThreadFactory("Request-handler"));
@ -267,8 +251,8 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
    public class VmBasedAgentHook extends AgentHookBase {
-        public VmBasedAgentHook(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao, KeystoreManager ksMgr, AgentManager agentMgr, ManagementServer ms) {
+        public VmBasedAgentHook(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao, KeystoreManager ksMgr, AgentManager agentMgr, KeysManager keysMgr) {
-            super(instanceDao, hostDao, cfgDao, ksMgr, agentMgr, ms);
+            super(instanceDao, hostDao, cfgDao, ksMgr, agentMgr, keysMgr);
        }
        @Override
@ -884,14 +868,6 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
        return l.size() < launchLimit;
    }
    private HypervisorType currentHypervisorType(long dcId) {
        List<ConsoleProxyVO> l =
            _consoleProxyDao.getProxyListInStates(dcId, VirtualMachine.State.Starting, VirtualMachine.State.Running, VirtualMachine.State.Stopping,
                VirtualMachine.State.Stopped, VirtualMachine.State.Migrating, VirtualMachine.State.Shutdowned, VirtualMachine.State.Unknown);
        return l.size() > 0 ? l.get(0).getHypervisorType() : HypervisorType.Any;
    }
    private boolean checkCapacity(ConsoleProxyLoadInfo proxyCountInfo, ConsoleProxyLoadInfo vmCountInfo) {
        if (proxyCountInfo.getCount() * _capacityPerProxy - vmCountInfo.getCount() <= _standbyCapacity) {
@ -969,11 +945,7 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
                }
            } else {
                if (s_logger.isDebugEnabled()) {
-                    if (template == null) {
+                    s_logger.debug("Zone host is ready, but console proxy template: " + template.getId() + " is not ready on secondary storage.");
                        s_logger.debug("Zone host is ready, but console proxy template is null");
                    } else {
                        s_logger.debug("Zone host is ready, but console proxy template: " + template.getId() + " is not ready on secondary storage.");
                    }
                }
            }
        }
@ -1262,7 +1234,7 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
        value = agentMgrConfigs.get("port");
        _mgmtPort = NumbersUtil.parseInt(value, 8250);
-        _listener = new ConsoleProxyListener(new VmBasedAgentHook(_instanceDao, _hostDao, _configDao, _ksMgr, _agentMgr, _ms));
+        _listener = new ConsoleProxyListener(new VmBasedAgentHook(_instanceDao, _hostDao, _configDao, _ksMgr, _agentMgr, _keysMgr));
        _agentMgr.registerForHostEvents(_listener, true, true, false);
        _itMgr.registerGuru(VirtualMachine.Type.ConsoleProxy, this);
@ -1677,13 +1649,11 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
    @Override
    public HostVO createHostVOForDirectConnectAgent(HostVO host, StartupCommand[] startup, ServerResource resource, Map<String, String> details, List<String> hostTags) {
        // TODO Auto-generated method stub
        return null;
    }
    @Override
    public DeleteHostAnswer deleteHost(HostVO host, boolean isForced, boolean isForceDeleteStorage) throws UnableDeleteHostException {
        // TODO Auto-generated method stub
        return null;
    }
@ -1704,7 +1674,7 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
    @Inject
    public void setConsoleProxyAllocators(List<ConsoleProxyAllocator> consoleProxyAllocators) {
-        this._consoleProxyAllocators = consoleProxyAllocators;
+        _consoleProxyAllocators = consoleProxyAllocators;
    }
 }
--- a/server/src/com/cloud/server/ManagementServer.java
+++ b/server/src/com/cloud/server/ManagementServer.java
@ -61,12 +61,4 @@ public interface ManagementServer extends ManagementService, PluggableService {
    public long getMemoryOrCpuCapacityByHost(Long hostId, short capacityType);
    String getHashKey();
    String getEncryptionKey();
    String getEncryptionIV();
    void resetEncryptionKeyIV();
 }
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@ -19,8 +19,6 @@ package com.cloud.server;
 import java.io.UnsupportedEncodingException;
 import java.lang.reflect.Field;
 import java.net.URLDecoder;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Calendar;
@ -756,9 +754,6 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
    @Inject
    ClusterManager _clusterMgr;
    private String _hashKey = null;
    private String _encryptionKey = null;
    private String _encryptionIV = null;
    @Inject
    protected AffinityGroupVMMapDao _affinityGroupVMMapDao;
@ -942,15 +937,6 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
        return result;
    }
    private Date massageDate(Date date, int hourOfDay, int minute, int second) {
        Calendar cal = Calendar.getInstance();
        cal.setTime(date);
        cal.set(Calendar.HOUR_OF_DAY, hourOfDay);
        cal.set(Calendar.MINUTE, minute);
        cal.set(Calendar.SECOND, second);
        return cal.getTime();
    }
    @Override
    public List<? extends Cluster> searchForClusters(long zoneId, Long startIndex, Long pageSizeVal, String hypervisorType) {
        Filter searchFilter = new Filter(ClusterVO.class, "id", true, startIndex, pageSizeVal);
@ -3391,65 +3377,6 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
        return result;
    }
    @Override
    public String getHashKey() {
        // although we may have race conditioning here, database transaction serialization should
        // give us the same key
        if (_hashKey == null) {
            _hashKey = _configDao.getValueAndInitIfNotExist(Config.HashKey.key(), Config.HashKey.getCategory(), getBase64EncodedRandomKey(128), Config.HashKey.getDescription());
        }
        return _hashKey;
    }
    @Override
    public String getEncryptionKey() {
        if (_encryptionKey == null) {
            _encryptionKey = _configDao.getValueAndInitIfNotExist(Config.EncryptionKey.key(), Config.EncryptionKey.getCategory(), getBase64EncodedRandomKey(128),
                    Config.EncryptionKey.getDescription());
        }
        return _encryptionKey;
    }
    @Override
    public String getEncryptionIV() {
        if (_encryptionIV == null) {
            _encryptionIV = _configDao.getValueAndInitIfNotExist(Config.EncryptionIV.key(), Config.EncryptionIV.getCategory(), getBase64EncodedRandomKey(128),
                    Config.EncryptionIV.getDescription());
        }
        return _encryptionIV;
    }
    @Override
    @DB
    public void resetEncryptionKeyIV() {
        SearchBuilder<ConfigurationVO> sb = _configDao.createSearchBuilder();
        sb.and("name1", sb.entity().getName(), SearchCriteria.Op.EQ);
        sb.or("name2", sb.entity().getName(), SearchCriteria.Op.EQ);
        sb.done();
        SearchCriteria<ConfigurationVO> sc = sb.create();
        sc.setParameters("name1", Config.EncryptionKey.key());
        sc.setParameters("name2", Config.EncryptionIV.key());
        _configDao.expunge(sc);
        _encryptionKey = null;
        _encryptionIV = null;
    }
    private static String getBase64EncodedRandomKey(int nBits) {
        SecureRandom random;
        try {
            random = SecureRandom.getInstance("SHA1PRNG");
            byte[] keyBytes = new byte[nBits / 8];
            random.nextBytes(keyBytes);
            return Base64.encodeBase64URLSafeString(keyBytes);
        } catch (NoSuchAlgorithmException e) {
            s_logger.error("Unhandled exception: ", e);
        }
        return null;
    }
    @Override
    public SSHKeyPair createSSHKeyPair(CreateSSHKeyPairCmd cmd) {
        Account caller = CallContext.current().getCallingAccount();
--- a/server/src/com/cloud/servlet/ConsoleProxyServlet.java
+++ b/server/src/com/cloud/servlet/ConsoleProxyServlet.java
@ -43,7 +43,7 @@ import org.springframework.web.context.support.SpringBeanAutowiringSupport;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
-import org.apache.cloudstack.api.IdentityService;
+import org.apache.cloudstack.framework.security.keys.KeysManager;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.host.HostVO;
@ -81,13 +81,13 @@ public class ConsoleProxyServlet extends HttpServlet {
    @Inject
    ManagementServer _ms;
    @Inject
    IdentityService _identityService;
    @Inject
    EntityManager _entityMgr;
    @Inject
    UserVmDetailsDao _userVmDetailsDao;
    @Inject
    KeysManager _keysMgr;
-    static ManagementServer s_ms;
+    static KeysManager s_keysMgr;
    private final Gson _gson = new GsonBuilder().create();
@ -97,7 +97,7 @@ public class ConsoleProxyServlet extends HttpServlet {
    @Override
    public void init(ServletConfig config) throws ServletException {
        SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this, config.getServletContext());
-        s_ms = _ms;
+        s_keysMgr = _keysMgr;
    }
    @Override
@ -114,7 +114,7 @@ public class ConsoleProxyServlet extends HttpServlet {
                return;
            }
-            if (_ms.getHashKey() == null) {
+            if (_keysMgr.getHashKey() == null) {
                s_logger.debug("Console/thumbnail access denied. Ticket service is not ready yet");
                sendResponse(resp, "Service is not ready");
                return;
@ -165,13 +165,15 @@ public class ConsoleProxyServlet extends HttpServlet {
            }
            String vmIdString = req.getParameter("vm");
-            Long vmId = _identityService.getIdentityId("vm_instance", vmIdString);
+            VirtualMachine vm = _entityMgr.findByUuid(VirtualMachine.class, vmIdString);
-            if (vmId == null) {
+            if (vm == null) {
                s_logger.info("invalid console servlet command parameter: " + vmIdString);
                sendResponse(resp, "");
                return;
            }
            Long vmId = vm.getId();
            if (!checkSessionPermision(req, vmId, accountObj)) {
                sendResponse(resp, "Permission denied");
                return;
@ -344,8 +346,8 @@ public class ConsoleProxyServlet extends HttpServlet {
    }
    private String getEncryptorPassword() {
-        String key = _ms.getEncryptionKey();
+        String key = _keysMgr.getEncryptionKey();
-        String iv = _ms.getEncryptionIV();
+        String iv = _keysMgr.getEncryptionIV();
        ConsoleProxyPasswordBasedEncryptor.KeyIVPair keyIvPair = new ConsoleProxyPasswordBasedEncryptor.KeyIVPair(key, iv);
        return _gson.toJson(keyIvPair);
@ -360,8 +362,7 @@ public class ConsoleProxyServlet extends HttpServlet {
        Ternary<String, String, String> parsedHostInfo = parseHostInfo(portInfo.first());
        String sid = vm.getVncPassword();
-        String tag = String.valueOf(vm.getId());
+        String tag = vm.getUuid();
        tag = _identityService.getIdentityUuid("vm_instance", tag);
        String ticket = genAccessTicket(host, String.valueOf(portInfo.second()), sid, tag);
        ConsoleProxyPasswordBasedEncryptor encryptor = new ConsoleProxyPasswordBasedEncryptor(getEncryptorPassword());
@ -440,7 +441,7 @@ public class ConsoleProxyServlet extends HttpServlet {
            long ts = normalizedHashTime.getTime();
            ts = ts / 60000;        // round up to 1 minute
-            String secretKey = s_ms.getHashKey();
+            String secretKey = s_keysMgr.getHashKey();
            SecretKeySpec keySpec = new SecretKeySpec(secretKey.getBytes(), "HmacSHA1");
            mac.init(keySpec);
--- a/server/src/com/cloud/tags/TaggedResourceManagerImpl.java
+++ b/server/src/com/cloud/tags/TaggedResourceManagerImpl.java
@ -25,70 +25,101 @@ import javax.ejb.Local;
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao;
 import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
+
 import org.apache.cloudstack.api.Identity;
 import org.apache.cloudstack.api.InternalIdentity;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
 import com.cloud.api.query.dao.ResourceTagJoinDao;
-import com.cloud.dc.dao.DataCenterDao;
+import com.cloud.dc.DataCenterVO;
 import com.cloud.domain.Domain;
 import com.cloud.domain.PartOf;
 import com.cloud.event.ActionEvent;
 import com.cloud.event.EventTypes;
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.PermissionDeniedException;
-import com.cloud.network.dao.FirewallRulesDao;
+import com.cloud.network.dao.IPAddressVO;
-import com.cloud.network.dao.IPAddressDao;
+import com.cloud.network.dao.LoadBalancerVO;
-import com.cloud.network.dao.LoadBalancerDao;
+import com.cloud.network.dao.NetworkVO;
-import com.cloud.network.dao.NetworkDao;
+import com.cloud.network.dao.RemoteAccessVpnVO;
-import com.cloud.network.dao.RemoteAccessVpnDao;
+import com.cloud.network.dao.Site2SiteCustomerGatewayVO;
-import com.cloud.network.dao.Site2SiteCustomerGatewayDao;
+import com.cloud.network.dao.Site2SiteVpnConnectionVO;
-import com.cloud.network.dao.Site2SiteVpnConnectionDao;
+import com.cloud.network.dao.Site2SiteVpnGatewayVO;
-import com.cloud.network.dao.Site2SiteVpnGatewayDao;
+import com.cloud.network.rules.FirewallRuleVO;
-import com.cloud.network.rules.dao.PortForwardingRulesDao;
+import com.cloud.network.rules.PortForwardingRuleVO;
-import com.cloud.network.security.dao.SecurityGroupDao;
+import com.cloud.network.security.SecurityGroupVO;
-import com.cloud.network.vpc.NetworkACLItemDao;
+import com.cloud.network.vpc.NetworkACLItemVO;
-import com.cloud.network.vpc.dao.NetworkACLDao;
+import com.cloud.network.vpc.NetworkACLVO;
-import com.cloud.network.vpc.dao.StaticRouteDao;
+import com.cloud.network.vpc.StaticRouteVO;
-import com.cloud.network.vpc.dao.VpcDao;
+import com.cloud.network.vpc.VpcVO;
-import com.cloud.network.vpc.dao.VpcGatewayDao;
+import com.cloud.projects.ProjectVO;
 import com.cloud.projects.dao.ProjectDao;
 import com.cloud.server.ResourceTag;
 import com.cloud.server.ResourceTag.ResourceObjectType;
 import com.cloud.server.TaggedResourceService;
-import com.cloud.service.dao.ServiceOfferingDao;
+import com.cloud.service.ServiceOfferingVO;
-import com.cloud.storage.dao.DiskOfferingDao;
+import com.cloud.storage.DiskOfferingVO;
-import com.cloud.storage.dao.SnapshotDao;
+import com.cloud.storage.SnapshotVO;
-import com.cloud.storage.dao.VMTemplateDao;
+import com.cloud.storage.VMTemplateVO;
-import com.cloud.storage.dao.VolumeDao;
+import com.cloud.storage.VolumeVO;
 import com.cloud.tags.dao.ResourceTagDao;
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
 import com.cloud.user.DomainManager;
-import com.cloud.user.dao.UserDao;
+import com.cloud.user.OwnedBy;
 import com.cloud.user.UserVO;
 import com.cloud.utils.Pair;
 import com.cloud.utils.component.ManagerBase;
 import com.cloud.utils.db.DB;
-import com.cloud.utils.db.DbUtil;
+import com.cloud.utils.db.EntityManager;
 import com.cloud.utils.db.GenericDao;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
 import com.cloud.utils.db.Transaction;
 import com.cloud.utils.db.TransactionCallbackNoReturn;
 import com.cloud.utils.db.TransactionStatus;
-import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.vm.NicVO;
-import com.cloud.uuididentity.dao.IdentityDao;
+import com.cloud.vm.UserVmVO;
-import com.cloud.vm.dao.NicDao;
+import com.cloud.vm.snapshot.VMSnapshotVO;
 import com.cloud.vm.dao.UserVmDao;
 import com.cloud.vm.snapshot.dao.VMSnapshotDao;
@Component
@Local(value = {TaggedResourceService.class})
 public class TaggedResourceManagerImpl extends ManagerBase implements TaggedResourceService {
    public static final Logger s_logger = Logger.getLogger(TaggedResourceManagerImpl.class);
-    private static Map<ResourceObjectType, GenericDao<?, Long>> s_daoMap = new HashMap<ResourceObjectType, GenericDao<?, Long>>();
+    private static final Map<ResourceObjectType, Class<?>> s_typeMap = new HashMap<ResourceObjectType, Class<?>>();
    static {
        s_typeMap.put(ResourceObjectType.UserVm, UserVmVO.class);
        s_typeMap.put(ResourceObjectType.Volume, VolumeVO.class);
        s_typeMap.put(ResourceObjectType.Template, VMTemplateVO.class);
        s_typeMap.put(ResourceObjectType.ISO, VMTemplateVO.class);
        s_typeMap.put(ResourceObjectType.Snapshot, SnapshotVO.class);
        s_typeMap.put(ResourceObjectType.Network, NetworkVO.class);
        s_typeMap.put(ResourceObjectType.LoadBalancer, LoadBalancerVO.class);
        s_typeMap.put(ResourceObjectType.PortForwardingRule, PortForwardingRuleVO.class);
        s_typeMap.put(ResourceObjectType.FirewallRule, FirewallRuleVO.class);
        s_typeMap.put(ResourceObjectType.SecurityGroup, SecurityGroupVO.class);
        s_typeMap.put(ResourceObjectType.PublicIpAddress, IPAddressVO.class);
        s_typeMap.put(ResourceObjectType.Project, ProjectVO.class);
        s_typeMap.put(ResourceObjectType.Vpc, VpcVO.class);
        s_typeMap.put(ResourceObjectType.Nic, NicVO.class);
        s_typeMap.put(ResourceObjectType.NetworkACL, NetworkACLVO.class);
        s_typeMap.put(ResourceObjectType.StaticRoute, StaticRouteVO.class);
        s_typeMap.put(ResourceObjectType.VMSnapshot, VMSnapshotVO.class);
        s_typeMap.put(ResourceObjectType.RemoteAccessVpn, RemoteAccessVpnVO.class);
        s_typeMap.put(ResourceObjectType.Zone, DataCenterVO.class);
        s_typeMap.put(ResourceObjectType.ServiceOffering, ServiceOfferingVO.class);
        s_typeMap.put(ResourceObjectType.Storage, StoragePoolVO.class);
        s_typeMap.put(ResourceObjectType.PrivateGateway, RemoteAccessVpnVO.class);
        s_typeMap.put(ResourceObjectType.NetworkACLList, NetworkACLItemVO.class);
        s_typeMap.put(ResourceObjectType.VpnGateway, Site2SiteVpnGatewayVO.class);
        s_typeMap.put(ResourceObjectType.CustomerGateway, Site2SiteCustomerGatewayVO.class);
        s_typeMap.put(ResourceObjectType.VpnConnection, Site2SiteVpnConnectionVO.class);
        s_typeMap.put(ResourceObjectType.User, UserVO.class);
        s_typeMap.put(ResourceObjectType.DiskOffering, DiskOfferingVO.class);
    }
    @Inject
    EntityManager _entityMgr;
    @Inject
    AccountManager _accountMgr;
    @Inject
@ -96,95 +127,11 @@ public class TaggedResourceManagerImpl extends ManagerBase implements TaggedReso
    @Inject
    ResourceTagJoinDao _resourceTagJoinDao;
    @Inject
    IdentityDao _identityDao;
    @Inject
    DomainManager _domainMgr;
-    @Inject
+
    UserVmDao _userVmDao;
    @Inject
    VolumeDao _volumeDao;
    @Inject
    VMTemplateDao _templateDao;
    @Inject
    SnapshotDao _snapshotDao;
    @Inject
    NetworkDao _networkDao;
    @Inject
    LoadBalancerDao _lbDao;
    @Inject
    PortForwardingRulesDao _pfDao;
    @Inject
    FirewallRulesDao _firewallDao;
    @Inject
    SecurityGroupDao _securityGroupDao;
    @Inject
    RemoteAccessVpnDao _vpnDao;
    @Inject
    IPAddressDao _publicIpDao;
    @Inject
    ProjectDao _projectDao;
    @Inject
    VpcDao _vpcDao;
    @Inject
    StaticRouteDao _staticRouteDao;
    @Inject
    VMSnapshotDao _vmSnapshotDao;
    @Inject
    NicDao _nicDao;
    @Inject
    NetworkACLItemDao _networkACLItemDao;
    @Inject
    DataCenterDao _dataCenterDao;
    @Inject
    ServiceOfferingDao _serviceOffDao;
    @Inject
    PrimaryDataStoreDao _storagePoolDao;
    @Inject
    VpcGatewayDao _vpcGatewayDao;
    @Inject
    NetworkACLDao _networkACLListDao;
    @Inject
    Site2SiteVpnGatewayDao _vpnGatewayDao;
    @Inject
    Site2SiteCustomerGatewayDao _customerGatewayDao;
    @Inject
    Site2SiteVpnConnectionDao _vpnConnectionDao;
    @Inject
    UserDao _userDao;
    @Inject
    DiskOfferingDao _diskOffDao;
    @Override
    public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
        s_daoMap.put(ResourceObjectType.UserVm, _userVmDao);
        s_daoMap.put(ResourceObjectType.Volume, _volumeDao);
        s_daoMap.put(ResourceObjectType.Template, _templateDao);
        s_daoMap.put(ResourceObjectType.ISO, _templateDao);
        s_daoMap.put(ResourceObjectType.Snapshot, _snapshotDao);
        s_daoMap.put(ResourceObjectType.Network, _networkDao);
        s_daoMap.put(ResourceObjectType.LoadBalancer, _lbDao);
        s_daoMap.put(ResourceObjectType.PortForwardingRule, _pfDao);
        s_daoMap.put(ResourceObjectType.FirewallRule, _firewallDao);
        s_daoMap.put(ResourceObjectType.SecurityGroup, _securityGroupDao);
        s_daoMap.put(ResourceObjectType.PublicIpAddress, _publicIpDao);
        s_daoMap.put(ResourceObjectType.Project, _projectDao);
        s_daoMap.put(ResourceObjectType.Vpc, _vpcDao);
        s_daoMap.put(ResourceObjectType.Nic, _nicDao);
        s_daoMap.put(ResourceObjectType.NetworkACL, _networkACLItemDao);
        s_daoMap.put(ResourceObjectType.StaticRoute, _staticRouteDao);
        s_daoMap.put(ResourceObjectType.VMSnapshot, _vmSnapshotDao);
        s_daoMap.put(ResourceObjectType.RemoteAccessVpn, _vpnDao);
        s_daoMap.put(ResourceObjectType.Zone, _dataCenterDao);
        s_daoMap.put(ResourceObjectType.ServiceOffering, _serviceOffDao);
        s_daoMap.put(ResourceObjectType.Storage, _storagePoolDao);
        s_daoMap.put(ResourceObjectType.PrivateGateway, _vpcGatewayDao);
        s_daoMap.put(ResourceObjectType.NetworkACLList, _networkACLListDao);
        s_daoMap.put(ResourceObjectType.VpnGateway, _vpnGatewayDao);
        s_daoMap.put(ResourceObjectType.CustomerGateway, _customerGatewayDao);
        s_daoMap.put(ResourceObjectType.VpnConnection, _vpnConnectionDao);
        s_daoMap.put(ResourceObjectType.User, _userDao);
        s_daoMap.put(ResourceObjectType.DiskOffering, _diskOffDao);
        return true;
    }
@ -200,59 +147,31 @@ public class TaggedResourceManagerImpl extends ManagerBase implements TaggedReso
    @Override
    public long getResourceId(String resourceId, ResourceObjectType resourceType) {
-        GenericDao<?, Long> dao = s_daoMap.get(resourceType);
+        Class<?> clazz = s_typeMap.get(resourceType);
-        if (dao == null) {
+        Object entity = _entityMgr.findByUuid(clazz, resourceId);
-            throw new CloudRuntimeException("Dao is not loaded for the resource type " + resourceType);
+        if (entity != null) {
            return ((InternalIdentity)entity).getId();
        }
-        Class<?> claz = DbUtil.getEntityBeanType(dao);
+        entity = _entityMgr.findById(clazz, resourceId);
-
+        if (entity != null) {
-        Long identityId = null;
+            return ((InternalIdentity)entity).getId();
        while (claz != null && claz != Object.class) {
            try {
                String tableName = DbUtil.getTableName(claz);
                if (tableName == null) {
                    throw new InvalidParameterValueException("Unable to find resource of type " + resourceType + " in the database");
                }
                identityId = _identityDao.getIdentityId(tableName, resourceId);
                if (identityId != null) {
                    break;
                }
            } catch (Exception ex) {
                //do nothing here, it might mean uuid field is missing and we have to search further
            }
            claz = claz.getSuperclass();
        }
-
+        throw new InvalidParameterValueException("Unable to find resource by id " + resourceId + " and type " + resourceType);
        if (identityId == null) {
            throw new InvalidParameterValueException("Unable to find resource by id " + resourceId + " and type " + resourceType);
        }
        return identityId;
    }
    private Pair<Long, Long> getAccountDomain(long resourceId, ResourceObjectType resourceType) {
        Class<?> clazz = s_typeMap.get(resourceType);
-        Pair<Long, Long> pair = null;
+        Object entity = _entityMgr.findById(clazz, resourceId);
-        GenericDao<?, Long> dao = s_daoMap.get(resourceType);
+        Long accountId = null;
-        Class<?> claz = DbUtil.getEntityBeanType(dao);
+        Long domainId = null;
-        while (claz != null && claz != Object.class) {
+        if (entity instanceof OwnedBy) {
-            try {
+            accountId = ((OwnedBy)entity).getAccountId();
                String tableName = DbUtil.getTableName(claz);
                if (tableName == null) {
                    throw new InvalidParameterValueException("Unable to find resource of type " + resourceType + " in the database");
                }
                pair = _identityDao.getAccountDomainInfo(tableName, resourceId, resourceType);
                if (pair.first() != null || pair.second() != null) {
                    break;
                }
            } catch (Exception ex) {
                //do nothing here, it might mean uuid field is missing and we have to search further
            }
            claz = claz.getSuperclass();
        }
-        Long accountId = pair.first();
+        if (entity instanceof PartOf) {
-        Long domainId = pair.second();
+            domainId = ((PartOf)entity).getDomainId();
        }
        if (accountId == null) {
            accountId = Account.ACCOUNT_ID_SYSTEM;
@ -327,32 +246,14 @@ public class TaggedResourceManagerImpl extends ManagerBase implements TaggedReso
    @Override
    public String getUuid(String resourceId, ResourceObjectType resourceType) {
-        GenericDao<?, Long> dao = s_daoMap.get(resourceType);
+        Class<?> clazz = s_typeMap.get(resourceType);
        Class<?> claz = DbUtil.getEntityBeanType(dao);
-        String identiyUUId = null;
+        Object entity = _entityMgr.findById(clazz, resourceId);
-
+        if (entity != null && entity instanceof Identity) {
-        while (claz != null && claz != Object.class) {
+            return ((Identity)entity).getUuid();
            try {
                String tableName = DbUtil.getTableName(claz);
                if (tableName == null) {
                    throw new InvalidParameterValueException("Unable to find resource of type " + resourceType + " in the database");
                }
                claz = claz.getSuperclass();
                if (claz == Object.class) {
                    identiyUUId = _identityDao.getIdentityUuid(tableName, resourceId);
                }
            } catch (Exception ex) {
                //do nothing here, it might mean uuid field is missing and we have to search further
            }
        }
-        if (identiyUUId == null) {
+        return resourceId;
            return resourceId;
        }
        return identiyUUId;
    }
    @Override
--- a/server/src/com/cloud/uuididentity/IdentityServiceImpl.java
+++ b/server/src/com/cloud/uuididentity/IdentityServiceImpl.java
@ -1,44 +0,0 @@
 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 package com.cloud.uuididentity;
 import javax.ejb.Local;
 import javax.inject.Inject;
 import org.springframework.stereotype.Component;
 import org.apache.cloudstack.api.IdentityService;
 import com.cloud.utils.component.ManagerBase;
 import com.cloud.uuididentity.dao.IdentityDao;
@Component
@Local(value = {IdentityService.class})
 public class IdentityServiceImpl extends ManagerBase implements IdentityService {
    @Inject
    private IdentityDao _identityDao;
    @Override
    public Long getIdentityId(String tableName, String identityString) {
        return _identityDao.getIdentityId(tableName, identityString);
    }
    @Override
    public String getIdentityUuid(String tableName, String identityString) {
        return _identityDao.getIdentityUuid(tableName, identityString);
    }
 }
--- a/server/src/com/cloud/uuididentity/dao/IdentityDao.java
+++ b/server/src/com/cloud/uuididentity/dao/IdentityDao.java
@ -1,38 +0,0 @@
 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 package com.cloud.uuididentity.dao;
 import com.cloud.server.ResourceTag.ResourceObjectType;
 import com.cloud.utils.Pair;
 import com.cloud.utils.db.GenericDao;
 public interface IdentityDao extends GenericDao<IdentityVO, Long> {
    Long getIdentityId(String tableName, String identityString);
    String getIdentityUuid(String tableName, String identityString);
    void initializeDefaultUuid(String tableName);
    /**
     * @param tableName
     * @param identityId
     * @param resourceType TODO
     * @return
     */
    Pair<Long, Long> getAccountDomainInfo(String tableName, Long identityId, ResourceObjectType resourceType);
 }
--- a/server/src/com/cloud/uuididentity/dao/IdentityDaoImpl.java
+++ b/server/src/com/cloud/uuididentity/dao/IdentityDaoImpl.java
@ -1,241 +0,0 @@
 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 package com.cloud.uuididentity.dao;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.List;
 import javax.ejb.Local;
 import org.apache.log4j.Logger;
 import org.springframework.stereotype.Component;
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.server.ResourceTag.ResourceObjectType;
 import com.cloud.utils.Pair;
 import com.cloud.utils.db.DB;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.TransactionLegacy;
@Component
@Local(value = {IdentityDao.class})
 public class IdentityDaoImpl extends GenericDaoBase<IdentityVO, Long> implements IdentityDao {
    private static final Logger s_logger = Logger.getLogger(IdentityDaoImpl.class);
    public IdentityDaoImpl() {
    }
    @Override
    @DB
    public Long getIdentityId(String tableName, String identityString) {
        assert (tableName != null);
        assert (identityString != null);
        PreparedStatement pstmt = null;
        TransactionLegacy txn = TransactionLegacy.open(TransactionLegacy.CLOUD_DB);
        try {
            try {
                try {
                    pstmt = txn.prepareAutoCloseStatement(String.format("SELECT uuid FROM `%s`", tableName));
                    pstmt.executeQuery();
                } catch (SQLException e) {
                    throw new InvalidParameterValueException("uuid field doesn't exist in table " + tableName);
                }
                pstmt = txn.prepareAutoCloseStatement(String.format("SELECT id FROM `%s` WHERE id=? OR uuid=?", tableName)
                    // TODO : after graceful period, use following line turn on more secure check
                    // String.format("SELECT id FROM %s WHERE (id=? AND uuid IS NULL) OR uuid=?", mapper.entityTableName())
                    );
                long id = 0;
                try {
                    // TODO : use regular expression to determine
                    id = Long.parseLong(identityString);
                } catch (NumberFormatException e) {
                    // this could happen when it is a uuid string, so catch and ignore it
                }
                pstmt.setLong(1, id);
                pstmt.setString(2, identityString);
                ResultSet rs = pstmt.executeQuery();
                if (rs.next()) {
                    return rs.getLong(1);
                } else {
                    if (id == -1L)
                        return id;
                    throw new InvalidParameterValueException("Object " + tableName + "(uuid: " + identityString + ") does not exist.");
                }
            } catch (SQLException e) {
                s_logger.error("Unexpected exception ", e);
            }
        } finally {
            txn.close();
        }
        return null;
    }
    @DB
    @Override
    public Pair<Long, Long> getAccountDomainInfo(String tableName, Long identityId, ResourceObjectType resourceType) {
        assert (tableName != null);
        PreparedStatement pstmt = null;
        TransactionLegacy txn = TransactionLegacy.open(TransactionLegacy.CLOUD_DB);
        try {
            Long domainId = null;
            Long accountId = null;
            //get domainId
            try {
                pstmt = txn.prepareAutoCloseStatement(String.format("SELECT domain_id FROM `%s` WHERE id=?", tableName));
                pstmt.setLong(1, identityId);
                ResultSet rs = pstmt.executeQuery();
                if (rs.next()) {
                    if (rs.getLong(1) != 0) {
                        domainId = rs.getLong(1);
                    }
                }
            } catch (SQLException e) {
            }
            //get accountId
            try {
                String account = "account_id";
                if (resourceType == ResourceObjectType.Project) {
                    account = "project_account_id";
                }
                pstmt = txn.prepareAutoCloseStatement(String.format("SELECT " + account + " FROM `%s` WHERE id=?", tableName));
                pstmt.setLong(1, identityId);
                ResultSet rs = pstmt.executeQuery();
                if (rs.next()) {
                    if (rs.getLong(1) != 0) {
                        accountId = rs.getLong(1);
                    }
                }
            } catch (SQLException e) {
            }
            return new Pair<Long, Long>(accountId, domainId);
        } finally {
            txn.close();
        }
    }
    @DB
    @Override
    public String getIdentityUuid(String tableName, String identityString) {
        assert (tableName != null);
        assert (identityString != null);
        PreparedStatement pstmt = null;
        TransactionLegacy txn = TransactionLegacy.open(TransactionLegacy.CLOUD_DB);
        try {
            try {
                pstmt = txn.prepareAutoCloseStatement(String.format("SELECT uuid FROM `%s` WHERE id=? OR uuid=?", tableName)
                    // String.format("SELECT uuid FROM %s WHERE (id=? AND uuid IS NULL) OR uuid=?", tableName)
                    );
                long id = 0;
                try {
                    // TODO : use regular expression to determine
                    id = Long.parseLong(identityString);
                } catch (NumberFormatException e) {
                    // this could happen when it is a uuid string, so catch and ignore it
                }
                pstmt.setLong(1, id);
                pstmt.setString(2, identityString);
                ResultSet rs = pstmt.executeQuery();
                if (rs.next()) {
                    String uuid = rs.getString(1);
                    if (uuid != null && !uuid.isEmpty())
                        return uuid;
                    return identityString;
                }
            } catch (SQLException e) {
                s_logger.error("Unexpected exception ", e);
            }
        } finally {
            txn.close();
        }
        return identityString;
    }
    @Override
    @DB
    public void initializeDefaultUuid(String tableName) {
        assert (tableName != null);
        List<Long> l = getNullUuidRecords(tableName);
        TransactionLegacy txn = TransactionLegacy.open(TransactionLegacy.CLOUD_DB);
        try {
            try {
                txn.start();
                for (Long id : l) {
                    setInitialUuid(tableName, id);
                }
                txn.commit();
            } catch (SQLException e) {
                txn.rollback();
                s_logger.error("Unexpected exception ", e);
            }
        } finally {
            txn.close();
        }
    }
    @DB
    List<Long> getNullUuidRecords(String tableName) {
        List<Long> l = new ArrayList<Long>();
        PreparedStatement pstmt = null;
        TransactionLegacy txn = TransactionLegacy.open(TransactionLegacy.CLOUD_DB);
        try {
            try {
                pstmt = txn.prepareAutoCloseStatement(String.format("SELECT id FROM `%s` WHERE uuid IS NULL", tableName));
                ResultSet rs = pstmt.executeQuery();
                while (rs.next()) {
                    l.add(rs.getLong(1));
                }
            } catch (SQLException e) {
                s_logger.error("Unexpected exception ", e);
            }
        } finally {
            txn.close();
        }
        return l;
    }
    @DB
    void setInitialUuid(String tableName, long id) throws SQLException {
        TransactionLegacy txn = TransactionLegacy.currentTxn();
        PreparedStatement pstmtUpdate = null;
        pstmtUpdate = txn.prepareAutoCloseStatement(String.format("UPDATE `%s` SET uuid=? WHERE id=?", tableName));
        pstmtUpdate.setString(1, String.valueOf(id));
        pstmtUpdate.setLong(2, id);
        pstmtUpdate.executeUpdate();
    }
 }
--- a/server/test/resources/network-mgr-component.xml
+++ b/server/test/resources/network-mgr-component.xml
@ -174,7 +174,6 @@ under the License.
        <dao name="UserDao" class="com.cloud.user.dao.UserDaoImpl" singleton="false"/>
        <dao name="NetworkOfferingServiceDao" class="com.cloud.offerings.dao.NetworkOfferingServiceMapDaoImpl" singleton="false"/>
        <dao name="VirtualRouterProviderDao" class="com.cloud.network.dao.VirtualRouterProviderDaoImpl" singleton="false"/>
        <dao name="IdentityDao" class="com.cloud.uuididentity.dao.IdentityDaoImpl" singleton="false"/>
        <dao name="Site2SiteCustomerGatewayDao" class="com.cloud.network.dao.Site2SiteCustomerGatewayDaoImpl" singleton="false"/>
        <dao name="Site2SiteVpnGatewayDao" class="com.cloud.network.dao.Site2SiteVpnGatewayDaoImpl" singleton="false"/>
        <dao name="Site2SiteVpnConnectionDao" class="com.cloud.network.dao.Site2SiteVpnConnectionDaoImpl" singleton="false"/>
--- a/services/console-proxy-rdp/rdpconsole/pom.xml
+++ b/services/console-proxy-rdp/rdpconsole/pom.xml
@ -72,7 +72,6 @@
    <dependency>
      <groupId>org.bouncycastle</groupId>
      <artifactId>bcprov-jdk16</artifactId>
      <version>1.46</version>
    </dependency>
  </dependencies>
 </project>
--- a/systemvm/pom.xml
+++ b/systemvm/pom.xml
@ -51,7 +51,6 @@
    <plugins>
      <plugin>
        <artifactId>maven-assembly-plugin</artifactId>
        <version>2.3</version>
        <configuration>
          <finalName>systemvm</finalName>
          <appendAssemblyId>false</appendAssemblyId>
@ -71,7 +70,6 @@
      </plugin>
      <plugin>
        <artifactId>maven-resources-plugin</artifactId>
        <version>2.6</version>
        <executions>
          <execution>
            <id>copy-resources</id>
@ -102,7 +100,6 @@
      </plugin>
      <plugin>
        <artifactId>maven-antrun-plugin</artifactId>
        <version>1.7</version>
        <executions>
          <execution>
            <id>build-cloud-scripts</id>