etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
25,245 Commits 325 Branches 325 Tags 914 MiB
Commit Graph

836 Commits

Author SHA1 Message Date
Rohit Yadav b6b3494782 CLOUDSTACK-7063, CLOUDSTACK-7064: Add security headers on HTTP response 
- Adds X-XSS-Protection header
- Adds X-Content-Type-Options header
- Fixes to use json content type defined from global settings
- Uses secure cookie if enabled in global settings

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-02-28 18:12:37 +05:30
Rohit Yadav cb08707add CLOUDSTACK-8273: refactor baremetal user name to utils, restrict baremetal user 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-02-26 17:42:21 +05:30
Santhosh Edukulla 78bfaa79cf Fixed few coverity issues like invalid boxing unboxing issues, resource leaks, null dereferences 
(cherry picked from commit ef6ec7b276)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-02-06 16:50:20 +05:30
Rohit Yadav 78b9be07d5 Merge remote-tracking branch 'terbolous/saml2-certvalidity' into 4.5 
This closes #71

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-02-05 17:20:35 +05:30
Erik Weber 03e07c41b5 CLOUDSTACK-8215: Change Date calculation to Joda DateTime 2015-02-05 11:31:42 +01:00
Rohit Yadav 125abe8234 improve protocol enabling based on socket object type 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit d62d511f47)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-02-05 15:49:01 +05:30
Erik Weber b84c8889a3 SAML changing date calculation 
Signed-off-by: Erik Weber <terbolous@gmail.com>
 2015-02-05 10:29:27 +01:00
Damodar 8ec6d0471c CLOUDSTACK-7648: There are new VM State Machine changes introduced which were missed to capture the usage events 
(cherry picked from commit 50185b7c3a)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

Conflicts:
	plugins/hypervisors/baremetal/src/com/cloud/baremetal/manager/BaremetalManagerImpl.java
	server/src/com/cloud/capacity/CapacityManagerImpl.java
	server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
 2015-02-05 14:56:52 +05:30
Rohit Yadav 1172867df0 CLOUDSTACK-8195: Don't break IdP, return metadata XML 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-02-03 16:59:09 +05:30
Santhosh Edukulla 737edd90dc Fixed few coverity patches 
NPE in delete firewall rules observed, cherry-picking fix from master.

(cherry picked from commit 31a42d2b7a)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-02-02 12:48:38 +05:30
Rohit Yadav 1bab1d0855 use a preferable protocol that works on jvm 1.6 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit f5f6c2d1a7)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

Conflicts:
	services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
 2015-01-29 16:02:42 +05:30
Rohit Yadav debfcdef78 CLOUDSTACK-8160: use preferable protocols 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-01-21 18:02:58 +05:30
Rohit Yadav ed69d588ec CLOUDSTACK-5946: Fix keystore filename to avoid warning logs 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-01-21 16:00:29 +05:30
amoghvk 3cb4358270 CLOUDSTACK-7977 
Fix password generator, add guards for minimum length

(cherry picked from commit 960b7bbf74)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-01-20 10:31:05 +05:30
Rohit Yadav 0763b5576d CID 1264632: Rely on a known and widely available encoding UTF8 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-01-20 07:47:34 +05:30
Pierre-Yves Ritschard 5ea7414746 move ConstantTimeComparator to utils 
(cherry picked from commit b2393c31ed)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-01-14 20:25:32 +05:30
Rohit Yadav 6bec69844d CLOUDSTACK-8037: Require signed AuthnRequest, adds more security 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-01-14 02:40:00 +05:30
Rohit Yadav 4358714381 CLOUDSTACK-8035: Generate and store X509Cert and reuse this for SAML 
The fix generates X509Certificate if missing from DB and uses that for eternity.
SAML SP metadata remains same since it's using the same X509 certificate and
it remains same after restarts. The certificate is serialized, base64 encoded
and stored in the keystore table under a specific name. For reading, it's
retrieved, base64 decoded and deserialized.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-01-12 16:47:31 +05:30
Rohit Yadav b2b496288d CLOUDSTACK-8034: Hash user IDs for SAML authentication 
The User table's UUID column is restricted to 40 chars only, since we don't
know how long the nameID/userID of a SAML authenticated user will be - the fix
hashes that user ID and takes a substring of length 40 chars. For hashing,
SHA256 is used which returns a 64 char length string.

- Fix tests, add test cases
- Improve checkSAMLUser method
- Use SHA256 one way hashing to create unique UUID for SAML users

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-01-12 13:33:57 +05:30
Sheng Yang feeafa76a4 CLOUDSTACK-5241: Remove Rot13 cipher 2014-12-03 19:30:31 -08:00
Rohit Yadav 5241d0faf8 CLOUDSTACK-7903: Fix build regression from previous fix 
The previous fix tried to access StatsCollector from UsageManagerImpl
which is not possible due to dependency cycle.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 1e0880cbab)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

Conflicts:
	server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
 2014-12-01 16:39:01 +05:30
Min Chen b85183ede7 CLOUDSTACK-7678:volumes are getting uploaded successfully with wrong 
url.
 2014-11-21 15:18:47 -08:00
Rohit Yadav 6df0b9f677 SAMLUtils: SAML user id should fit within the UUID VARCHAR(40) column 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-10-31 00:39:20 +05:30
Sheng Yang 865b2e6791 CLOUDSTACK-7814: Fix default passphrase for keystores 
In upgrade case, the db.properties file is not changed, but the following commit
would require passphrase for keystore in it, thus result in error(NPE in fact
due to there is no such properity).

commit 918c320438
Author: Upendra Moturi <upendra.moturi@sungard.com>
Date: Fri Jun 20 11:41:58 2014 +0530
CLOUDSTACK-6847.Link.java and console proxy files have hardcoded value

This commit fix it by put default value for passphrases, also set correct
passphrase if fail-safe keystore is used.
 2014-10-28 16:29:29 -07:00
Anshul Gangwar e43d5b1c7d CLOUDSTACK-7575: improved performance of cleanString method in StringUtils 
(cherry picked from commit 7972f53c8d)
 2014-10-13 00:02:11 -04:00
David Nalley ac48aa8e0c cleaning up some from a revert 2014-10-12 23:30:04 -04:00
Hugo Trippaers 6f54d48772 CID-1116298 path can be null, make sure that is properly handled 2014-09-19 11:54:21 +02:00
Frank Zhang 8b89494a35 CLOUDSTACK-6278 
Baremetal Advanced Networking support
 2014-09-18 16:54:37 -07:00
Hugo Trippaers d1d8009c68 Fix a stupid bug i introduced 2014-09-18 16:02:26 +02:00
Rohit Yadav bd1752811c CID-1116250: Lock on s_appContextDelegates before calling get in ComponentContext 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-09-18 11:52:18 +02:00
Rohit Yadav ec134cf010 CID-1116231: Use implicit lock, synchronize _key in Link 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-09-18 11:21:57 +02:00
Hugo Trippaers 577a2f40b3 Merge branch 'bugfix/CID-116538' 2014-09-17 11:40:55 +02:00
Rohit Yadav 88c6072b4d CID-1237196: Fix potential NPE in SAMLUtils 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-09-16 17:10:11 +02:00
Hugo Trippaers de26a7228e Fix resource leaks on exception paths 
Make it clear that the server socket isn't a leaked resource
 2014-09-16 16:43:32 +02:00
Rohit Yadav d46e45991d SAMLUtils: put name id policy on authnrequest 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-09-12 17:11:06 +02:00
Rohit Yadav 84b0e9e96f utils: add missing string to the url in generate saml signature method 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-09-12 16:26:13 +02:00
Rohit Yadav 5a0ed8764b SAMLUtils: Fix NPE incase signature is generated with a null privateKey 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-09-12 15:46:44 +02:00
Rohit Yadav a66127dfb1 utils: add methods to save and load public and private keys 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-09-12 15:40:49 +02:00
Anshul Gangwar d90a2d3962 CLOUDSTACK-7370: Fixed password visible in plain text if password passed is in the end in url 2014-09-12 15:33:24 +05:30
Frank.Zhang 10544e287b CLOUDSTACK-6278 
Baremetal Advanced Networking support
 2014-09-05 16:28:34 -07:00
Rohit Yadav 550762a0dc SAMLUtils: fix signature, refactor generateRandomX509Certificate 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-30 21:37:55 +02:00
Rohit Yadav 2bff5956a9 cisco-vnmc: Don't create Protocol using deprecated SecureProtocolSocketFactory 
Latest httpclient library suggests when creating Protocol object for use
with the apache common httpclient class, they should avoid using the
deprecated Protocol signature which takes in SecureProtocolSocketFactory

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-29 14:39:29 +02:00
Rohit Yadav 5e7928bcb9 utils: fix static certificate value string in SAMLUtils 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:27 +02:00
Rohit Yadav 1ed532fb20 SAMLUtils: add unit test for SAMLUtils and method to randomly generate X509 certs 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:26 +02:00
Rohit Yadav 3bf387c882 SAMLUtils: Create new NameID using passed nameId taking just id and session idx 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:26 +02:00
Rohit Yadav 8dc50927f9 saml: use SAML_RESPONSE from SAMLUtils 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:26 +02:00
Rohit Yadav 230e970569 SAMLUtils: add logout request utility for saml slo 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:25 +02:00
Rohit Yadav 8fa9d2c276 utils: fix SAMLUtils's authnrequest maker 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:25 +02:00
Rohit Yadav 8e6cb04480 SAMLUtils: leave bootstrapping to upper layers 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:24 +02:00
Rohit Yadav 1b0f81ec6f utils: Remove hard coded strings from SAMLUtils 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:23 +02:00