CLOUDSTACK-3362: use POST instead of GET and encode/decode cert/key in uploadCustomCertificate

2013-07-11 16:06:21 +02:00 · 2013-07-11 16:06:21 +02:00 · 7b2f68e8cf
parent 5174b002bc
commit 7b2f68e8cf
2 changed files with 24 additions and 7 deletions
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@ -16,12 +16,14 @@
 // under the License.
 package com.cloud.server;

+import java.io.UnsupportedEncodingException;
 import java.lang.reflect.Field;
 import java.net.Inet6Address;
 import java.net.InetAddress;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.UnknownHostException;
+import java.net.URLDecoder;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.ArrayList;
@ -2808,18 +2810,32 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
            }
        }

-        if (cmd.getPrivateKey() != null && !_ksMgr.validateCertificate(cmd.getCertificate(), cmd.getPrivateKey(), cmd.getDomainSuffix())) {
+        String certificate = cmd.getCertificate();
+        String key = cmd.getPrivateKey();
+        try {
+            if (certificate != null)
+                certificate = URLDecoder.decode(certificate, "UTF-8");
+            if (key != null)
+                key = URLDecoder.decode(key, "UTF-8");
+        } catch (UnsupportedEncodingException e) {
+        } finally {
+        }
+
+        if (cmd.getPrivateKey() != null && !_ksMgr.validateCertificate(certificate, key, cmd.getDomainSuffix())) {
            throw new InvalidParameterValueException("Failed to pass certificate validation check");
        }

        if (cmd.getPrivateKey() != null) {
-            _ksMgr.saveCertificate(ConsoleProxyManager.CERTIFICATE_NAME, cmd.getCertificate(), cmd.getPrivateKey(), cmd.getDomainSuffix());
+            _ksMgr.saveCertificate(ConsoleProxyManager.CERTIFICATE_NAME, certificate, key, cmd.getDomainSuffix());
        } else {
-            _ksMgr.saveCertificate(cmd.getAlias(), cmd.getCertificate(), cmd.getCertIndex(), cmd.getDomainSuffix());
+            _ksMgr.saveCertificate(cmd.getAlias(), certificate, cmd.getCertIndex(), cmd.getDomainSuffix());
        }

        _consoleProxyMgr.setManagementState(ConsoleProxyManagementState.ResetSuspending);
-        return "Certificate has been updated, we will stop all running console proxy VMs to propagate the new certificate, please give a few minutes for console access service to be up again";
+        List<SecondaryStorageVmVO> alreadyRunning = _secStorageVmDao.getSecStorageVmListInStates(null, State.Running, State.Migrating, State.Starting);
+        for (SecondaryStorageVmVO ssVmVm : alreadyRunning)
+            _secStorageVmMgr.rebootSecStorageVm(ssVmVm.getId());
+        return "Certificate has been updated, we will stop all running console proxy VMs and secondary storage VMs to propagate the new certificate, please give a few minutes for console access service to be up again";
    }

    @Override
--- a/ui/scripts/ui-custom/physicalResources.js
+++ b/ui/scripts/ui-custom/physicalResources.js
@ -77,10 +77,11 @@
            var $loading = $('<div>').addClass('loading-overlay');
            $('.system-dashboard-view:visible').prepend($loading);
            $.ajax({
+              type: "POST",
              url: createURL('uploadCustomCertificate'),
              data: {
-                certificate: args.data.certificate,
-                privatekey: args.data.privatekey,
+                certificate: encodeURIComponent(args.data.certificate),
+                privatekey: encodeURIComponent(args.data.privatekey),
                domainsuffix: args.data.domainsuffix
              },
              dataType: 'json',
@ -130,4 +131,4 @@
      return resourceChart(args);
    };
  };
-}(cloudStack, jQuery));
+}(cloudStack, jQuery));