mirror of https://github.com/apache/cloudstack.git
138 lines
4.6 KiB
Java
138 lines
4.6 KiB
Java
/**
|
|
* Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
|
|
*
|
|
* This software is licensed under the GNU General Public License v3 or later.
|
|
*
|
|
* It is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or any later version.
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
package com.cloud.keystore;
|
|
|
|
import java.io.IOException;
|
|
import java.security.KeyStore;
|
|
import java.security.KeyStoreException;
|
|
import java.security.NoSuchAlgorithmException;
|
|
import java.security.cert.CertificateException;
|
|
import java.security.spec.InvalidKeySpecException;
|
|
import java.util.Map;
|
|
import java.util.regex.Matcher;
|
|
import java.util.regex.Pattern;
|
|
|
|
import javax.ejb.Local;
|
|
import javax.naming.ConfigurationException;
|
|
|
|
import org.apache.log4j.Logger;
|
|
|
|
import com.cloud.utils.component.Inject;
|
|
import com.cloud.utils.exception.CloudRuntimeException;
|
|
import com.cloud.utils.security.CertificateHelper;
|
|
|
|
@Local(value=KeystoreManager.class)
|
|
public class KeystoreManagerImpl implements KeystoreManager {
|
|
private static final Logger s_logger = Logger.getLogger(KeystoreManagerImpl.class);
|
|
|
|
private String _name;
|
|
@Inject private KeystoreDao _ksDao;
|
|
|
|
@Override
|
|
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
|
|
_name = name;
|
|
|
|
return true;
|
|
}
|
|
|
|
@Override
|
|
public boolean start() {
|
|
return true;
|
|
}
|
|
|
|
@Override
|
|
public boolean stop() {
|
|
return true;
|
|
}
|
|
|
|
@Override
|
|
public String getName() {
|
|
return _name;
|
|
}
|
|
|
|
@Override
|
|
public boolean validateCertificate(String certificate, String key, String domainSuffix) {
|
|
if(certificate == null || certificate.isEmpty() ||
|
|
key == null || key.isEmpty() ||
|
|
domainSuffix == null || domainSuffix.isEmpty()) {
|
|
s_logger.error("Invalid parameter found in (certificate, key, domainSuffix) tuple for domain: " + domainSuffix);
|
|
return false;
|
|
}
|
|
|
|
try {
|
|
String ksPassword = "passwordForValidation";
|
|
byte[] ksBits = CertificateHelper.buildAndSaveKeystore(domainSuffix, certificate, getKeyContent(key), ksPassword);
|
|
KeyStore ks = CertificateHelper.loadKeystore(ksBits, ksPassword);
|
|
if(ks != null)
|
|
return true;
|
|
|
|
s_logger.error("Unabled to construct keystore for domain: " + domainSuffix);
|
|
} catch(Exception e) {
|
|
s_logger.error("Certificate validation failed due to exception for domain: " + domainSuffix, e);
|
|
}
|
|
return false;
|
|
}
|
|
|
|
@Override
|
|
public void saveCertificate(String name, String certificate, String key, String domainSuffix) {
|
|
if(name == null || name.isEmpty() ||
|
|
certificate == null || certificate.isEmpty() ||
|
|
key == null || key.isEmpty() ||
|
|
domainSuffix == null || domainSuffix.isEmpty())
|
|
throw new CloudRuntimeException("invalid parameter in saveCerticate");
|
|
|
|
_ksDao.save(name, certificate, key, domainSuffix);
|
|
}
|
|
|
|
@Override
|
|
public byte[] getKeystoreBits(String name, String aliasForCertificateInStore, String storePassword) {
|
|
assert(name != null);
|
|
assert(aliasForCertificateInStore != null);
|
|
assert(storePassword != null);
|
|
|
|
KeystoreVO ksVo = _ksDao.findByName(name);
|
|
if(ksVo == null)
|
|
throw new CloudRuntimeException("Unable to find keystore " + name);
|
|
|
|
try {
|
|
return CertificateHelper.buildAndSaveKeystore(aliasForCertificateInStore, ksVo.getCertificate(), getKeyContent(ksVo.getKey()), storePassword);
|
|
} catch(KeyStoreException e) {
|
|
s_logger.warn("Unable to build keystore for " + name + " due to KeyStoreException");
|
|
} catch(CertificateException e) {
|
|
s_logger.warn("Unable to build keystore for " + name + " due to CertificateException");
|
|
} catch(NoSuchAlgorithmException e) {
|
|
s_logger.warn("Unable to build keystore for " + name + " due to NoSuchAlgorithmException");
|
|
} catch(InvalidKeySpecException e) {
|
|
s_logger.warn("Unable to build keystore for " + name + " due to InvalidKeySpecException");
|
|
} catch(IOException e) {
|
|
s_logger.warn("Unable to build keystore for " + name + " due to IOException");
|
|
}
|
|
return null;
|
|
}
|
|
|
|
private static String getKeyContent(String key) {
|
|
Pattern regex = Pattern.compile("(^[\\-]+[^\\-]+[\\-]+[\\n]?)([^\\-]+)([\\-]+[^\\-]+[\\-]+$)");
|
|
Matcher m = regex.matcher(key);
|
|
if(m.find())
|
|
return m.group(2);
|
|
|
|
return key;
|
|
}
|
|
}
|
|
|