apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-6847.Link.java and console proxy files have hardcoded value

Browse Source
This commit is contained in:
Upendra Moturi 2014-06-20 11:41:58 +05:30 committed by Daan Hoogland
parent 06fbaf59cc
commit 918c320438
4 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
client/tomcatconf/db.properties.in
View File

@ -46,6 +46,7 @@ db.cloud.keyStore=
db.cloud.keyStorePassword= db.cloud.keyStorePassword=
db.cloud.trustStore= db.cloud.trustStore=
db.cloud.trustStorePassword= db.cloud.trustStorePassword=
db.cloud.keyStorePassphrase=vmops.com
# Encryption Settings # Encryption Settings
db.cloud.encryption.type=none db.cloud.encryption.type=none

5
services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
View File

@ -21,6 +21,7 @@ import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.security.KeyStore; import java.security.KeyStore;
import java.util.Properties;
import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
@ -31,6 +32,7 @@ import javax.net.ssl.TrustManagerFactory;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import com.cloud.utils.db.DbProperties;
import com.sun.net.httpserver.HttpServer; import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator; import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsParameters; import com.sun.net.httpserver.HttpsParameters;
@ -52,7 +54,8 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa
try { try {
s_logger.info("Initializing SSL from built-in default certificate"); s_logger.info("Initializing SSL from built-in default certificate");
char[] passphrase = "vmops.com".toCharArray(); final Properties dbProps = DbProperties.getDbProperties();
char[] passphrase = dbProps.getProperty("db.cloud.keyStorePassphrase").toCharArray();
KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("certs/realhostip.keystore"), passphrase); ks.load(new FileInputStream("certs/realhostip.keystore"), passphrase);

8
setup/bindir/cloud-setup-encryption.in
View File

@ -58,6 +58,7 @@ class DBDeployer(object):
isDebug = False isDebug = False
mgmtsecretkey = None mgmtsecretkey = None
dbsecretkey = None dbsecretkey = None
keyStorePassphrase = "vmops.com"
encryptiontype = None encryptiontype = None
dbConfPath = r"@MSCONF@" dbConfPath = r"@MSCONF@"
dbDotProperties = {} dbDotProperties = {}
@ -197,6 +198,9 @@ for example:
def encryptDBSecretKey(): def encryptDBSecretKey():
self.putDbProperty('db.cloud.encrypt.secret', formatEncryptResult(encrypt(self.dbsecretkey))) self.putDbProperty('db.cloud.encrypt.secret', formatEncryptResult(encrypt(self.dbsecretkey)))
def encryptKeyStorePassphrase():
self.putDbProperty('db.cloud.keyStorePassphrase', formatEncryptResult(encrypt(self.keyStorePassphrase)))
def encryptDBPassword(): def encryptDBPassword():
dbPassword = self.getDbProperty('db.cloud.password') dbPassword = self.getDbProperty('db.cloud.password')
if dbPassword == '': return # Don't encrypt empty password if dbPassword == '': return # Don't encrypt empty password
@ -212,6 +216,7 @@ for example:
self.putDbProperty("db.cloud.encryption.type", self.encryptiontype) self.putDbProperty("db.cloud.encryption.type", self.encryptiontype)
saveMgmtServerSecretKey() saveMgmtServerSecretKey()
encryptDBSecretKey() encryptDBSecretKey()
encryptKeyStorePassphrase()
encryptDBPassword() encryptDBPassword()
self.info(None, True) self.info(None, True)
@ -220,6 +225,7 @@ for example:
self.encryptiontype = self.options.encryptiontype self.encryptiontype = self.options.encryptiontype
self.mgmtsecretkey = self.options.mgmtsecretkey self.mgmtsecretkey = self.options.mgmtsecretkey
self.dbsecretkey = self.options.dbsecretkey self.dbsecretkey = self.options.dbsecretkey
self.keyStorePassphrase = self.options.keyStorePassphrase
self.isDebug = self.options.debug self.isDebug = self.options.debug
@ -242,6 +248,8 @@ for example:
help="Secret key used to encrypt confidential parameters in db.properties. A string, default is password") help="Secret key used to encrypt confidential parameters in db.properties. A string, default is password")
self.parser.add_option("-k", "--database-secretkey", action="store", type="string", dest="dbsecretkey", default="password", self.parser.add_option("-k", "--database-secretkey", action="store", type="string", dest="dbsecretkey", default="password",
help="Secret key used to encrypt sensitive database values. A string, default is password") help="Secret key used to encrypt sensitive database values. A string, default is password")
self.parser.add_option("-p", "--keystore-passphrase", action="store", type="string", dest="keyStorePassphrase", default="vmops.com",
help="Passphrase used while generating jks file for ssl communication. A string, default is vmops.com")
(self.options, self.args) = self.parser.parse_args() (self.options, self.args) = self.parser.parse_args()
parseOtherOptions() parseOtherOptions()

5
utils/src/com/cloud/utils/nio/Link.java
View File

@ -32,6 +32,7 @@ import java.nio.channels.ReadableByteChannel;
import java.nio.channels.SelectionKey; import java.nio.channels.SelectionKey;
import java.nio.channels.SocketChannel; import java.nio.channels.SocketChannel;
import java.security.KeyStore; import java.security.KeyStore;
import java.util.Properties;
import java.util.concurrent.ConcurrentLinkedQueue; import java.util.concurrent.ConcurrentLinkedQueue;
import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.KeyManagerFactory;
@ -46,6 +47,7 @@ import javax.net.ssl.TrustManagerFactory;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import com.cloud.utils.PropertiesUtil; import com.cloud.utils.PropertiesUtil;
import com.cloud.utils.db.DbProperties;
/** /**
*/ */
@ -412,7 +414,8 @@ public class Link {
File confFile = PropertiesUtil.findConfigFile("db.properties"); File confFile = PropertiesUtil.findConfigFile("db.properties");
if (null != confFile && !isClient) { if (null != confFile && !isClient) {
char[] passphrase = "vmops.com".toCharArray(); final Properties dbProps = DbProperties.getDbProperties();
char[] passphrase = dbProps.getProperty("db.cloud.keyStorePassphrase").toCharArray();
String confPath = confFile.getParent(); String confPath = confFile.getParent();
String keystorePath = confPath + "/cloud.keystore"; String keystorePath = confPath + "/cloud.keystore";
if (new File(keystorePath).exists()) { if (new File(keystorePath).exists()) {