CLOUDSTACK-6847.Link.java and console proxy files have hardcoded value

2025-10-26 08:42:29 +01:00 · 2014-06-20 11:41:58 +05:30 · 2014-06-20 11:41:58 +05:30 · 918c320438
commit 918c320438
parent 06fbaf59cc
4 changed files with 17 additions and 2 deletions
--- a/client/tomcatconf/db.properties.in
+++ b/client/tomcatconf/db.properties.in
@ -46,6 +46,7 @@ db.cloud.keyStore=
 db.cloud.keyStorePassword=
 db.cloud.trustStore=
 db.cloud.trustStorePassword=
+db.cloud.keyStorePassphrase=vmops.com

 # Encryption Settings
 db.cloud.encryption.type=none
--- a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
+++ b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
@ -21,6 +21,7 @@ import java.io.FileInputStream;
 import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.security.KeyStore;
+import java.util.Properties;

 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
@ -31,6 +32,7 @@ import javax.net.ssl.TrustManagerFactory;

 import org.apache.log4j.Logger;

+import com.cloud.utils.db.DbProperties;
 import com.sun.net.httpserver.HttpServer;
 import com.sun.net.httpserver.HttpsConfigurator;
 import com.sun.net.httpserver.HttpsParameters;
@ -52,7 +54,8 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa
            try {
                s_logger.info("Initializing SSL from built-in default certificate");

-                char[] passphrase = "vmops.com".toCharArray();
+                final Properties dbProps = DbProperties.getDbProperties();
+                char[] passphrase = dbProps.getProperty("db.cloud.keyStorePassphrase").toCharArray();
                KeyStore ks = KeyStore.getInstance("JKS");

                ks.load(new FileInputStream("certs/realhostip.keystore"), passphrase);
--- a/setup/bindir/cloud-setup-encryption.in
+++ b/setup/bindir/cloud-setup-encryption.in
@ -58,6 +58,7 @@ class DBDeployer(object):
    isDebug = False
    mgmtsecretkey = None
    dbsecretkey = None
+    keyStorePassphrase = "vmops.com"
    encryptiontype = None
    dbConfPath = r"@MSCONF@"
    dbDotProperties = {}
@ -196,6 +197,9 @@ for example:
        
        def encryptDBSecretKey():
            self.putDbProperty('db.cloud.encrypt.secret', formatEncryptResult(encrypt(self.dbsecretkey)))
+
+        def encryptKeyStorePassphrase():
+            self.putDbProperty('db.cloud.keyStorePassphrase', formatEncryptResult(encrypt(self.keyStorePassphrase)))
        
        def encryptDBPassword():
            dbPassword = self.getDbProperty('db.cloud.password')       
@ -212,6 +216,7 @@ for example:
        self.putDbProperty("db.cloud.encryption.type", self.encryptiontype)
        saveMgmtServerSecretKey()
        encryptDBSecretKey()
+	encryptKeyStorePassphrase()
        encryptDBPassword()
        self.info(None, True)
        
@ -220,6 +225,7 @@ for example:
            self.encryptiontype = self.options.encryptiontype
            self.mgmtsecretkey = self.options.mgmtsecretkey
            self.dbsecretkey = self.options.dbsecretkey
+	    self.keyStorePassphrase = self.options.keyStorePassphrase
            self.isDebug = self.options.debug
            
            
@ -242,6 +248,8 @@ for example:
                          help="Secret key used to encrypt confidential parameters in db.properties. A string, default is password")
        self.parser.add_option("-k", "--database-secretkey", action="store", type="string", dest="dbsecretkey", default="password",
                          help="Secret key used to encrypt sensitive database values. A string, default is password")
+        self.parser.add_option("-p", "--keystore-passphrase", action="store", type="string", dest="keyStorePassphrase", default="vmops.com",
+                          help="Passphrase used while generating jks file for ssl communication. A string, default is vmops.com")
        
        (self.options, self.args) = self.parser.parse_args()
        parseOtherOptions()
--- a/utils/src/com/cloud/utils/nio/Link.java
+++ b/utils/src/com/cloud/utils/nio/Link.java
@ -32,6 +32,7 @@ import java.nio.channels.ReadableByteChannel;
 import java.nio.channels.SelectionKey;
 import java.nio.channels.SocketChannel;
 import java.security.KeyStore;
+import java.util.Properties;
 import java.util.concurrent.ConcurrentLinkedQueue;

 import javax.net.ssl.KeyManagerFactory;
@ -46,6 +47,7 @@ import javax.net.ssl.TrustManagerFactory;
 import org.apache.log4j.Logger;

 import com.cloud.utils.PropertiesUtil;
+import com.cloud.utils.db.DbProperties;

 /**
 */
@ -412,7 +414,8 @@ public class Link {

        File confFile = PropertiesUtil.findConfigFile("db.properties");
        if (null != confFile && !isClient) {
-            char[] passphrase = "vmops.com".toCharArray();
+            final Properties dbProps = DbProperties.getDbProperties();
+            char[] passphrase = dbProps.getProperty("db.cloud.keyStorePassphrase").toCharArray();
            String confPath = confFile.getParent();
            String keystorePath = confPath + "/cloud.keystore";
            if (new File(keystorePath).exists()) {