Moved security out into its own jar. Will be adding more to it. Fixed a few white space issues brought up by checkstyle in eclipse.

2025-10-26 08:42:29 +01:00 · 2014-01-09 16:08:45 -08:00 · 2014-01-09 16:08:45 -08:00 · ae8560b195
commit ae8560b195
parent 64b8d1044d
28 changed files with 222 additions and 337 deletions
--- a/core/pom.xml
+++ b/core/pom.xml
@ -36,6 +36,11 @@
      <artifactId>cloud-engine-api</artifactId>
      <version>${project.version}</version>
    </dependency>    
    <dependency>
      <groupId>org.apache.cloudstack</groupId>
      <artifactId>cloud-framework-security</artifactId>
      <version>${project.version}</version>
    </dependency>
    <dependency>
      <groupId>commons-codec</groupId>
      <artifactId>commons-codec</artifactId>
--- a/core/src/com/cloud/agent/api/SecStorageSetupCommand.java
+++ b/core/src/com/cloud/agent/api/SecStorageSetupCommand.java
@ -16,50 +16,20 @@
 // under the License.
 package com.cloud.agent.api;
 import com.cloud.agent.api.LogLevel.Log4jLevel;
 import com.cloud.agent.api.to.DataStoreTO;
 import com.cloud.keystore.KeystoreManager;
 public class SecStorageSetupCommand extends Command {
    private DataStoreTO store;
    private String secUrl;
-    private Certificates certs;
+    private KeystoreManager.Certificates certs;
    public static class Certificates {
        @LogLevel(Log4jLevel.Off)
        private String privKey;
        @LogLevel(Log4jLevel.Off)
        private String privCert;
        @LogLevel(Log4jLevel.Off)
        private String certChain;
        public Certificates() {
        }
        public Certificates(String prvKey, String privCert, String certChain) {
            this.privKey = prvKey;
            this.privCert = privCert;
            this.certChain = certChain;
        }
        public String getPrivKey() {
            return this.privKey;
        }
        public String getPrivCert() {
            return this.privCert;
        }
        public String getCertChain() {
            return this.certChain;
        }
    }
    public SecStorageSetupCommand() {
        super();
    }
-    public SecStorageSetupCommand(DataStoreTO store, String secUrl, Certificates certs) {
+    public SecStorageSetupCommand(DataStoreTO store, String secUrl, KeystoreManager.Certificates certs) {
        super();
        this.secUrl = secUrl;
        this.certs = certs;
@ -75,8 +45,8 @@ public class SecStorageSetupCommand extends Command {
        return secUrl;
    }
-    public Certificates getCerts() {
+    public KeystoreManager.Certificates getCerts() {
-        return this.certs;
+        return certs;
    }
    public void setSecUrl(String secUrl) {
--- a/engine/service/src/main/webapp/WEB-INF/beans.xml
+++ b/engine/service/src/main/webapp/WEB-INF/beans.xml
@ -42,7 +42,7 @@
      <bean class="com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider" />
    </jaxrs:providers>
  </jaxrs:server>
-  
+
  <bean id="onwireRegistry" class="org.apache.cloudstack.framework.serializer.OnwireClassRegistry"
    init-method="scan" >
    <property name="packages">
@ -51,7 +51,7 @@
      </list>
    </property>
  </bean>
-  
+
  <bean id="messageSerializer" class="org.apache.cloudstack.framework.serializer.JsonMessageSerializer">
    <property name="onwireClassRegistry" ref="onwireRegistry" />
  </bean>
@ -61,7 +61,7 @@
    <property name="nodeId" value="Node1" />
    <property name="messageSerializer" ref="messageSerializer" />
  </bean>
-  
+
  <bean id="rpcProvider" class="org.apache.cloudstack.framework.rpc.RpcProviderImpl" init-method="initialize">
    <constructor-arg ref="transportProvider" />
    <property name="messageSerializer" ref="messageSerializer" />
--- a/engine/storage/integration-test/test/resources/StorageAllocatorTestContext.xml
+++ b/engine/storage/integration-test/test/resources/StorageAllocatorTestContext.xml
@ -1,19 +1,19 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor 
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
-  license agreements. See the NOTICE file distributed with this work for additional 
+  license agreements. See the NOTICE file distributed with this work for additional
-  information regarding copyright ownership. The ASF licenses this file to you under 
+  information regarding copyright ownership. The ASF licenses this file to you under
-  the Apache License, Version 2.0 (the "License"); you may not use this file except 
+  the Apache License, Version 2.0 (the "License"); you may not use this file except
-  in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 
+  in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
-  Unless required by applicable law or agreed to in writing, software distributed under 
+  Unless required by applicable law or agreed to in writing, software distributed under
-  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
+  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
-  OF ANY KIND, either express or implied. See the License for the specific language 
+  OF ANY KIND, either express or implied. See the License for the specific language
  governing permissions and limitations under the License. -->
 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
  xmlns:aop="http://www.springframework.org/schema/aop"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
                      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                      http://www.springframework.org/schema/tx 
+                      http://www.springframework.org/schema/tx
                      http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
                      http://www.springframework.org/schema/aop
                      http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
--- a/framework/pom.xml
+++ b/framework/pom.xml
@ -40,5 +40,6 @@
    <module>managed-context</module>
    <module>spring/lifecycle</module>
    <module>spring/module</module>
 	<module>security</module>
  </modules>
 </project>
--- a/framework/security/pom.xml
+++ b/framework/security/pom.xml
@ -0,0 +1,56 @@
 <!--
  Licensed to the Apache Software Foundation (ASF) under one
  or more contributor license agreements. See the NOTICE file
  distributed with this work for additional information
  regarding copyright ownership. The ASF licenses this file
  to you under the Apache License, Version 2.0 (the
  "License"); you may not use this file except in compliance
  with the License. You may obtain a copy of the License at
  http://www.apache.org/licenses/LICENSE-2.0
  Unless required by applicable law or agreed to in writing,
  software distributed under the License is distributed on an
  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  KIND, either express or implied. See the License for the
  specific language governing permissions and limitations
  under the License.
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <artifactId>cloud-framework-security</artifactId>
  <name>Apache CloudStack Framework - Security</name>
  <parent>
    <groupId>org.apache.cloudstack</groupId>
    <artifactId>cloudstack-framework</artifactId>
    <version>4.4.0-SNAPSHOT</version>
    <relativePath>../pom.xml</relativePath>
  </parent>  
  <dependencies>
    <dependency>
      <groupId>org.apache.cloudstack</groupId>
      <artifactId>cloud-utils</artifactId>
      <version>${project.version}</version>
    </dependency>
    <dependency>
      <groupId>org.apache.cloudstack</groupId>
      <artifactId>cloud-api</artifactId>
      <version>${project.version}</version>
    </dependency>
    <dependency>
      <groupId>org.apache.cloudstack</groupId>
      <artifactId>cloud-framework-ipc</artifactId>
      <version>${project.version}</version>
    </dependency>
    <dependency>
      <groupId>org.apache.cloudstack</groupId>
      <artifactId>cloud-framework-db</artifactId>
      <version>${project.version}</version>
    </dependency>
    <dependency>
      <groupId>org.apache.cloudstack</groupId>
      <artifactId>cloud-framework-config</artifactId>
      <version>${project.version}</version>
    </dependency>    
  </dependencies>
 </project>
--- a/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
+++ b/framework/security/resources/META-INF/cloudstack/core/spring-framework-security-core-context.xml
@ -0,0 +1,31 @@
 <!--
  Licensed to the Apache Software Foundation (ASF) under one
  or more contributor license agreements. See the NOTICE file
  distributed with this work for additional information
  regarding copyright ownership. The ASF licenses this file
  to you under the Apache License, Version 2.0 (the
  "License"); you may not use this file except in compliance
  with the License. You may obtain a copy of the License at
  http://www.apache.org/licenses/LICENSE-2.0
  Unless required by applicable law or agreed to in writing,
  software distributed under the License is distributed on an
  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  KIND, either express or implied. See the License for the
  specific language governing permissions and limitations
  under the License.
 -->
 <beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                      http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
                      http://www.springframework.org/schema/context
                      http://www.springframework.org/schema/context/spring-context-3.0.xsd"
                      >
 	<bean id="keystoreManagerImpl" class="com.cloud.keystore.KeystoreManagerImpl" />
 </beans>
--- a/framework/security/src/com/cloud/keystore/KeystoreDao.java
+++ b/framework/security/src/com/cloud/keystore/KeystoreDao.java
--- a/framework/security/src/com/cloud/keystore/KeystoreDaoImpl.java
+++ b/framework/security/src/com/cloud/keystore/KeystoreDaoImpl.java
--- a/framework/security/src/com/cloud/keystore/KeystoreManager.java
+++ b/framework/security/src/com/cloud/keystore/KeystoreManager.java
@ -16,10 +16,42 @@
 // under the License.
 package com.cloud.keystore;
-import com.cloud.agent.api.SecStorageSetupCommand.Certificates;
+import com.cloud.agent.api.LogLevel;
 import com.cloud.agent.api.LogLevel.Log4jLevel;
 import com.cloud.utils.component.Manager;
 public interface KeystoreManager extends Manager {
    public static class Certificates {
        @LogLevel(Log4jLevel.Off)
        private String privKey;
        @LogLevel(Log4jLevel.Off)
        private String privCert;
        @LogLevel(Log4jLevel.Off)
        private String certChain;
        public Certificates() {
        }
        public Certificates(String prvKey, String privCert, String certChain) {
            privKey = prvKey;
            this.privCert = privCert;
            this.certChain = certChain;
        }
        public String getPrivKey() {
            return privKey;
        }
        public String getPrivCert() {
            return privCert;
        }
        public String getCertChain() {
            return certChain;
        }
    }
    boolean validateCertificate(String certificate, String key, String domainSuffix);
    void saveCertificate(String name, String certificate, String key, String domainSuffix);
--- a/framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java
+++ b/framework/security/src/com/cloud/keystore/KeystoreManagerImpl.java
@ -33,7 +33,6 @@ import javax.inject.Inject;
 import org.apache.log4j.Logger;
 import org.springframework.stereotype.Component;
 import com.cloud.agent.api.SecStorageSetupCommand;
 import com.cloud.utils.Ternary;
 import com.cloud.utils.component.ManagerBase;
 import com.cloud.utils.exception.CloudRuntimeException;
@ -123,7 +122,7 @@ public class KeystoreManagerImpl extends ManagerBase implements KeystoreManager
    }
    @Override
-    public SecStorageSetupCommand.Certificates getCertificates(String name) {
+    public Certificates getCertificates(String name) {
        KeystoreVO ksVo = _ksDao.findByName(name);
        if (ksVo == null) {
            return null;
@ -140,7 +139,7 @@ public class KeystoreManagerImpl extends ManagerBase implements KeystoreManager
            }
            certChain = chains.toString();
        }
-        SecStorageSetupCommand.Certificates certs = new SecStorageSetupCommand.Certificates(prvKey, prvCert, certChain);
+        Certificates certs = new Certificates(prvKey, prvCert, certChain);
        return certs;
    }
--- a/framework/security/src/com/cloud/keystore/KeystoreVO.java
+++ b/framework/security/src/com/cloud/keystore/KeystoreVO.java
--- a/framework/spring/lifecycle/src/main/java/org/apache/cloudstack/spring/lifecycle/registry/ExtensionRegistry.java
+++ b/framework/spring/lifecycle/src/main/java/org/apache/cloudstack/spring/lifecycle/registry/ExtensionRegistry.java
@ -159,7 +159,6 @@ public class ExtensionRegistry implements Registry<Object>, Configurable, BeanNa
        if (name == null) {
            for (String part : beanName.replaceAll("([A-Z])", " $1").split("\\s+")) {
                part = StringUtils.capitalize(part.toLowerCase());
                ;
                name = name == null ? part : name + " " + part;
            }
@ -219,7 +218,7 @@ public class ExtensionRegistry implements Registry<Object>, Configurable, BeanNa
    @Override
    public void setBeanName(String name) {
-        this.beanName = name;
+        beanName = name;
    }
    public List<Object> getPreRegistered() {
--- a/plugins/network-elements/stratosphere-ssp/resources/META-INF/cloudstack/ssp/spring-ssp-context.xml
+++ b/plugins/network-elements/stratosphere-ssp/resources/META-INF/cloudstack/ssp/spring-ssp-context.xml
@ -38,5 +38,4 @@
    <bean id="StratosphereSsp" class="org.apache.cloudstack.network.element.SspElement">
        <property name="name" value="StratosphereSsp" />
    </bean>
 </beans>
--- a/server/pom.xml
+++ b/server/pom.xml
@ -36,6 +36,11 @@
      <artifactId>cloud-framework-cluster</artifactId>
      <version>${project.version}</version>
    </dependency>
    <dependency>
      <groupId>org.apache.cloudstack</groupId>
      <artifactId>cloud-framework-security</artifactId>
      <version>${project.version}</version>
    </dependency>
    <dependency>
      <groupId>javax.servlet</groupId>
      <artifactId>servlet-api</artifactId>
--- a/server/src/com/cloud/api/ApiDBUtils.java
+++ b/server/src/com/cloud/api/ApiDBUtils.java
@ -779,10 +779,6 @@ public class ApiDBUtils {
        return s_userVmMgr.searchForUserVMs(c, s_accountDao.findById(Account.ACCOUNT_ID_SYSTEM), null, false, permittedAccounts, false, null, null).first();
    }
    public static List<? extends StoragePoolVO> searchForStoragePools(Criteria c) {
        return s_ms.searchForStoragePools(c).first();
    }
    // ///////////////////////////////////////////////////////////
    // Manager methods //
    // ///////////////////////////////////////////////////////////
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@ -26,11 +26,12 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.StringTokenizer;
 import java.util.TimeZone;
 import javax.inject.Inject;
 import org.apache.log4j.Logger;
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.ControlledEntity.ACLType;
 import org.apache.cloudstack.affinity.AffinityGroup;
@ -143,11 +144,9 @@ import org.apache.cloudstack.network.lb.ApplicationLoadBalancerRule;
 import org.apache.cloudstack.region.PortableIp;
 import org.apache.cloudstack.region.PortableIpRange;
 import org.apache.cloudstack.region.Region;
 import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
 import org.apache.cloudstack.usage.Usage;
 import org.apache.cloudstack.usage.UsageService;
 import org.apache.cloudstack.usage.UsageTypes;
 import org.apache.log4j.Logger;
 import com.cloud.api.query.ViewResponseHelper;
 import com.cloud.api.query.vo.AccountJoinVO;
@ -258,7 +257,6 @@ import com.cloud.projects.Project;
 import com.cloud.projects.ProjectAccount;
 import com.cloud.projects.ProjectInvitation;
 import com.cloud.region.ha.GlobalLoadBalancerRule;
 import com.cloud.server.Criteria;
 import com.cloud.server.ResourceTag;
 import com.cloud.server.ResourceTag.ResourceObjectType;
 import com.cloud.service.ServiceOfferingVO;
@ -269,7 +267,6 @@ import com.cloud.storage.GuestOSCategoryVO;
 import com.cloud.storage.ImageStore;
 import com.cloud.storage.Snapshot;
 import com.cloud.storage.SnapshotVO;
 import com.cloud.storage.Storage.StoragePoolType;
 import com.cloud.storage.StoragePool;
 import com.cloud.storage.Upload;
 import com.cloud.storage.UploadVO;
@ -1670,152 +1667,6 @@ public class ApiResponseHelper implements ResponseGenerator {
        return ApiDBUtils.newEventResponse(vEvent);
    }
    private List<CapacityVO> sumCapacities(List<? extends Capacity> hostCapacities) {
        Map<String, Long> totalCapacityMap = new HashMap<String, Long>();
        Map<String, Long> usedCapacityMap = new HashMap<String, Long>();
        Set<Long> poolIdsToIgnore = new HashSet<Long>();
        Criteria c = new Criteria();
        // TODO: implement
        List<? extends StoragePoolVO> allStoragePools = ApiDBUtils.searchForStoragePools(c);
        for (StoragePoolVO pool : allStoragePools) {
            StoragePoolType poolType = pool.getPoolType();
            if (!(poolType.isShared())) {// All the non shared storages
                // shouldn't show up in the capacity
                // calculation
                poolIdsToIgnore.add(pool.getId());
            }
        }
        float cpuOverprovisioningFactor = ApiDBUtils.getCpuOverprovisioningFactor();
        // collect all the capacity types, sum allocated/used and sum
        // total...get one capacity number for each
        for (Capacity capacity : hostCapacities) {
            // check if zone exist
            DataCenter zone = ApiDBUtils.findZoneById(capacity.getDataCenterId());
            if (zone == null) {
                continue;
            }
            short capacityType = capacity.getCapacityType();
            // If local storage then ignore
            if ((capacityType == Capacity.CAPACITY_TYPE_STORAGE_ALLOCATED || capacityType == Capacity.CAPACITY_TYPE_STORAGE)
                    && poolIdsToIgnore.contains(capacity.getHostOrPoolId())) {
                continue;
            }
            String key = capacity.getCapacityType() + "_" + capacity.getDataCenterId();
            String keyForPodTotal = key + "_-1";
            boolean sumPodCapacity = false;
            if (capacity.getPodId() != null) {
                key += "_" + capacity.getPodId();
                sumPodCapacity = true;
            }
            Long totalCapacity = totalCapacityMap.get(key);
            Long usedCapacity = usedCapacityMap.get(key);
            // reset overprovisioning factor to 1
            float overprovisioningFactor = 1;
            if (capacityType == Capacity.CAPACITY_TYPE_CPU) {
                overprovisioningFactor = cpuOverprovisioningFactor;
            }
            if (totalCapacity == null) {
                totalCapacity = new Long((long)(capacity.getTotalCapacity() * overprovisioningFactor));
            } else {
                totalCapacity = new Long((long)(capacity.getTotalCapacity() * overprovisioningFactor)) + totalCapacity;
            }
            if (usedCapacity == null) {
                usedCapacity = new Long(capacity.getUsedCapacity());
            } else {
                usedCapacity = new Long(capacity.getUsedCapacity() + usedCapacity);
            }
            if (capacityType == Capacity.CAPACITY_TYPE_CPU || capacityType == Capacity.CAPACITY_TYPE_MEMORY) { // Reserved
                // Capacity
                // accounts
                // for
                // stopped
                // vms
                // that
                // have been
                // stopped
                // within
                // an
                // interval
                usedCapacity += capacity.getReservedCapacity();
            }
            totalCapacityMap.put(key, totalCapacity);
            usedCapacityMap.put(key, usedCapacity);
            if (sumPodCapacity) {
                totalCapacity = totalCapacityMap.get(keyForPodTotal);
                usedCapacity = usedCapacityMap.get(keyForPodTotal);
                overprovisioningFactor = 1;
                if (capacityType == Capacity.CAPACITY_TYPE_CPU) {
                    overprovisioningFactor = cpuOverprovisioningFactor;
                }
                if (totalCapacity == null) {
                    totalCapacity = new Long((long)(capacity.getTotalCapacity() * overprovisioningFactor));
                } else {
                    totalCapacity = new Long((long)(capacity.getTotalCapacity() * overprovisioningFactor)) + totalCapacity;
                }
                if (usedCapacity == null) {
                    usedCapacity = new Long(capacity.getUsedCapacity());
                } else {
                    usedCapacity = new Long(capacity.getUsedCapacity() + usedCapacity);
                }
                if (capacityType == Capacity.CAPACITY_TYPE_CPU || capacityType == Capacity.CAPACITY_TYPE_MEMORY) { // Reserved
                    // Capacity
                    // accounts
                    // for
                    // stopped
                    // vms
                    // that
                    // have
                    // been
                    // stopped
                    // within
                    // an
                    // interval
                    usedCapacity += capacity.getReservedCapacity();
                }
                totalCapacityMap.put(keyForPodTotal, totalCapacity);
                usedCapacityMap.put(keyForPodTotal, usedCapacity);
            }
        }
        List<CapacityVO> summedCapacities = new ArrayList<CapacityVO>();
        for (String key : totalCapacityMap.keySet()) {
            CapacityVO summedCapacity = new CapacityVO();
            StringTokenizer st = new StringTokenizer(key, "_");
            summedCapacity.setCapacityType(Short.parseShort(st.nextToken()));
            summedCapacity.setDataCenterId(Long.parseLong(st.nextToken()));
            if (st.hasMoreTokens()) {
                summedCapacity.setPodId(Long.parseLong(st.nextToken()));
            }
            summedCapacity.setTotalCapacity(totalCapacityMap.get(key));
            summedCapacity.setUsedCapacity(usedCapacityMap.get(key));
            summedCapacities.add(summedCapacity);
        }
        return summedCapacities;
    }
    @Override
    public List<CapacityResponse> createCapacityResponse(List<? extends Capacity> result, DecimalFormat format) {
        List<CapacityResponse> capacityResponses = new ArrayList<CapacityResponse>();
--- a/server/src/com/cloud/server/ManagementServer.java
+++ b/server/src/com/cloud/server/ManagementServer.java
@ -16,10 +16,6 @@
 // under the License.
 package com.cloud.server;
 import java.util.List;
 import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
 import com.cloud.host.HostVO;
 import com.cloud.storage.GuestOSVO;
 import com.cloud.utils.Pair;
@ -65,8 +61,6 @@ public interface ManagementServer extends ManagementService, PluggableService {
    public long getMemoryOrCpuCapacityByHost(Long hostId, short capacityType);
    Pair<List<StoragePoolVO>, Integer> searchForStoragePools(Criteria c);
    String getHashKey();
    String getEncryptionKey();
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@ -2954,58 +2954,6 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
        }
    }
    @Override
    public Pair<List<StoragePoolVO>, Integer> searchForStoragePools(Criteria c) {
        Filter searchFilter = new Filter(StoragePoolVO.class, c.getOrderBy(), c.getAscending(), c.getOffset(), c.getLimit());
        SearchCriteria<StoragePoolVO> sc = _poolDao.createSearchCriteria();
        Object id = c.getCriteria(Criteria.ID);
        Object name = c.getCriteria(Criteria.NAME);
        Object host = c.getCriteria(Criteria.HOST);
        Object path = c.getCriteria(Criteria.PATH);
        Object zone = c.getCriteria(Criteria.DATACENTERID);
        Object pod = c.getCriteria(Criteria.PODID);
        Object cluster = c.getCriteria(Criteria.CLUSTERID);
        Object address = c.getCriteria(Criteria.ADDRESS);
        Object keyword = c.getCriteria(Criteria.KEYWORD);
        if (keyword != null) {
            SearchCriteria<StoragePoolVO> ssc = _poolDao.createSearchCriteria();
            ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%");
            ssc.addOr("poolType", SearchCriteria.Op.LIKE, "%" + keyword + "%");
            sc.addAnd("name", SearchCriteria.Op.SC, ssc);
        }
        if (id != null) {
            sc.addAnd("id", SearchCriteria.Op.EQ, id);
        }
        if (name != null) {
            sc.addAnd("name", SearchCriteria.Op.LIKE, "%" + name + "%");
        }
        if (host != null) {
            sc.addAnd("host", SearchCriteria.Op.EQ, host);
        }
        if (path != null) {
            sc.addAnd("path", SearchCriteria.Op.EQ, path);
        }
        if (zone != null) {
            sc.addAnd("dataCenterId", SearchCriteria.Op.EQ, zone);
        }
        if (pod != null) {
            sc.addAnd("podId", SearchCriteria.Op.EQ, pod);
        }
        if (address != null) {
            sc.addAnd("hostAddress", SearchCriteria.Op.EQ, address);
        }
        if (cluster != null) {
            sc.addAnd("clusterId", SearchCriteria.Op.EQ, cluster);
        }
        return _poolDao.searchAndCount(sc, searchFilter);
    }
    private SecondaryStorageVmVO startSecondaryStorageVm(long instanceId) {
        return _secStorageVmMgr.startSecStorageVm(instanceId);
    }
--- a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
+++ b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
@ -50,7 +50,6 @@ import com.cloud.agent.api.RebootCommand;
 import com.cloud.agent.api.SecStorageFirewallCfgCommand;
 import com.cloud.agent.api.SecStorageSetupAnswer;
 import com.cloud.agent.api.SecStorageSetupCommand;
 import com.cloud.agent.api.SecStorageSetupCommand.Certificates;
 import com.cloud.agent.api.SecStorageVMSetupCommand;
 import com.cloud.agent.api.StartupCommand;
 import com.cloud.agent.api.StartupSecondaryStorageCommand;
@ -304,7 +303,7 @@ public class SecondaryStorageManagerImpl extends ManagerBase implements Secondar
                if (!_useSSlCopy) {
                    setupCmd = new SecStorageSetupCommand(ssStore.getTO(), secUrl, null);
                } else {
-                    Certificates certs = _keystoreMgr.getCertificates(ConsoleProxyManager.CERTIFICATE_NAME);
+                    KeystoreManager.Certificates certs = _keystoreMgr.getCertificates(ConsoleProxyManager.CERTIFICATE_NAME);
                    setupCmd = new SecStorageSetupCommand(ssStore.getTO(), secUrl, certs);
                }
--- a/server/test/resources/SecurityGroupManagerTestContext.xml
+++ b/server/test/resources/SecurityGroupManagerTestContext.xml
@ -1,19 +1,19 @@
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor 
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
-  license agreements. See the NOTICE file distributed with this work for additional 
+  license agreements. See the NOTICE file distributed with this work for additional
-  information regarding copyright ownership. The ASF licenses this file to 
+  information regarding copyright ownership. The ASF licenses this file to
-  you under the Apache License, Version 2.0 (the "License"); you may not use 
+  you under the Apache License, Version 2.0 (the "License"); you may not use
-  this file except in compliance with the License. You may obtain a copy of 
+  this file except in compliance with the License. You may obtain a copy of
-  the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required 
+  the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
-  by applicable law or agreed to in writing, software distributed under the 
+  by applicable law or agreed to in writing, software distributed under the
-  License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
+  License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
-  OF ANY KIND, either express or implied. See the License for the specific 
+  OF ANY KIND, either express or implied. See the License for the specific
  language governing permissions and limitations under the License. -->
 <beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
  xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
                      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                      http://www.springframework.org/schema/tx 
+                      http://www.springframework.org/schema/tx
                      http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
                      http://www.springframework.org/schema/aop
                      http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
--- a/server/test/resources/SnapshotDaoTestContext.xml
+++ b/server/test/resources/SnapshotDaoTestContext.xml
@ -1,19 +1,19 @@
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor 
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
-  license agreements. See the NOTICE file distributed with this work for additional 
+  license agreements. See the NOTICE file distributed with this work for additional
-  information regarding copyright ownership. The ASF licenses this file to 
+  information regarding copyright ownership. The ASF licenses this file to
-  you under the Apache License, Version 2.0 (the "License"); you may not use 
+  you under the Apache License, Version 2.0 (the "License"); you may not use
-  this file except in compliance with the License. You may obtain a copy of 
+  this file except in compliance with the License. You may obtain a copy of
-  the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required 
+  the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
-  by applicable law or agreed to in writing, software distributed under the 
+  by applicable law or agreed to in writing, software distributed under the
-  License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
+  License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
-  OF ANY KIND, either express or implied. See the License for the specific 
+  OF ANY KIND, either express or implied. See the License for the specific
  language governing permissions and limitations under the License. -->
 <beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
  xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
                      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                      http://www.springframework.org/schema/tx 
+                      http://www.springframework.org/schema/tx
                      http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
                      http://www.springframework.org/schema/aop
                      http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
--- a/server/test/resources/StoragePoolDaoTestContext.xml
+++ b/server/test/resources/StoragePoolDaoTestContext.xml
@ -1,19 +1,19 @@
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor 
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
-  license agreements. See the NOTICE file distributed with this work for additional 
+  license agreements. See the NOTICE file distributed with this work for additional
-  information regarding copyright ownership. The ASF licenses this file to 
+  information regarding copyright ownership. The ASF licenses this file to
-  you under the Apache License, Version 2.0 (the "License"); you may not use 
+  you under the Apache License, Version 2.0 (the "License"); you may not use
-  this file except in compliance with the License. You may obtain a copy of 
+  this file except in compliance with the License. You may obtain a copy of
-  the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required 
+  the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
-  by applicable law or agreed to in writing, software distributed under the 
+  by applicable law or agreed to in writing, software distributed under the
-  License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
+  License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
-  OF ANY KIND, either express or implied. See the License for the specific 
+  OF ANY KIND, either express or implied. See the License for the specific
  language governing permissions and limitations under the License. -->
 <beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
  xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
                      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                      http://www.springframework.org/schema/tx 
+                      http://www.springframework.org/schema/tx
                      http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
                      http://www.springframework.org/schema/aop
                      http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
--- a/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
+++ b/services/secondary-storage/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
@ -91,7 +91,6 @@ import com.cloud.agent.api.SecStorageFirewallCfgCommand;
 import com.cloud.agent.api.SecStorageFirewallCfgCommand.PortConfig;
 import com.cloud.agent.api.SecStorageSetupAnswer;
 import com.cloud.agent.api.SecStorageSetupCommand;
 import com.cloud.agent.api.SecStorageSetupCommand.Certificates;
 import com.cloud.agent.api.SecStorageVMSetupCommand;
 import com.cloud.agent.api.StartupCommand;
 import com.cloud.agent.api.StartupSecondaryStorageCommand;
@ -113,11 +112,13 @@ import com.cloud.exception.InternalErrorException;
 import com.cloud.host.Host;
 import com.cloud.host.Host.Type;
 import com.cloud.hypervisor.Hypervisor.HypervisorType;
 import com.cloud.keystore.KeystoreManager;
 import com.cloud.resource.ServerResourceBase;
 import com.cloud.storage.DataStoreRole;
 import com.cloud.storage.Storage.ImageFormat;
 import com.cloud.storage.StorageLayer;
 import com.cloud.storage.VMTemplateStorageResourceAssoc;
 import com.cloud.storage.template.OVAProcessor;
 import com.cloud.storage.template.Processor;
 import com.cloud.storage.template.Processor.FormatInfo;
 import com.cloud.storage.template.QCOW2Processor;
@ -125,7 +126,6 @@ import com.cloud.storage.template.RawImageProcessor;
 import com.cloud.storage.template.TemplateLocation;
 import com.cloud.storage.template.TemplateProp;
 import com.cloud.storage.template.VhdProcessor;
 import com.cloud.storage.template.OVAProcessor;
 import com.cloud.storage.template.VmdkProcessor;
 import com.cloud.utils.NumbersUtil;
 import com.cloud.utils.S3Utils;
@ -152,7 +152,7 @@ public class NfsSecondaryStorageResource extends ServerResourceBase implements S
    }
    public void setTimeout(int timeout) {
-        this._timeout = timeout;
+        _timeout = timeout;
    }
    String _instance;
@ -1201,7 +1201,7 @@ public class NfsSecondaryStorageResource extends ServerResourceBase implements S
        return new Answer(cmd, true, checksum);
    }
-    private void configCerts(Certificates certs) {
+    private void configCerts(KeystoreManager.Certificates certs) {
        if (certs == null) {
            configureSSL();
        } else {
--- a/usage/test/resources/UsageManagerTestContext.xml
+++ b/usage/test/resources/UsageManagerTestContext.xml
@ -1,19 +1,19 @@
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor 
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
-  license agreements. See the NOTICE file distributed with this work for additional 
+  license agreements. See the NOTICE file distributed with this work for additional
-  information regarding copyright ownership. The ASF licenses this file to 
+  information regarding copyright ownership. The ASF licenses this file to
-  you under the Apache License, Version 2.0 (the "License"); you may not use 
+  you under the Apache License, Version 2.0 (the "License"); you may not use
-  this file except in compliance with the License. You may obtain a copy of 
+  this file except in compliance with the License. You may obtain a copy of
-  the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required 
+  the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
-  by applicable law or agreed to in writing, software distributed under the 
+  by applicable law or agreed to in writing, software distributed under the
-  License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
+  License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
-  OF ANY KIND, either express or implied. See the License for the specific 
+  OF ANY KIND, either express or implied. See the License for the specific
  language governing permissions and limitations under the License. -->
 <beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
  xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
                      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                      http://www.springframework.org/schema/tx 
+                      http://www.springframework.org/schema/tx
                      http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
                      http://www.springframework.org/schema/aop
                      http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
--- a/usage/test/resources/cloud1.xml
+++ b/usage/test/resources/cloud1.xml
@ -1,11 +1,11 @@
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor 
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
-  license agreements. See the NOTICE file distributed with this work for additional 
+  license agreements. See the NOTICE file distributed with this work for additional
-  information regarding copyright ownership. The ASF licenses this file to you under 
+  information regarding copyright ownership. The ASF licenses this file to you under
-  the Apache License, Version 2.0 (the "License"); you may not use this file except 
+  the Apache License, Version 2.0 (the "License"); you may not use this file except
-  in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 
+  in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
-  Unless required by applicable law or agreed to in writing, software distributed under 
+  Unless required by applicable law or agreed to in writing, software distributed under
-  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
+  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
-  OF ANY KIND, either express or implied. See the License for the specific language 
+  OF ANY KIND, either express or implied. See the License for the specific language
  governing permissions and limitations under the License. -->
 <!-- cloud -->
 <dataset>
--- a/usage/test/resources/cloud2.xml
+++ b/usage/test/resources/cloud2.xml
@ -1,11 +1,11 @@
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor 
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
-  license agreements. See the NOTICE file distributed with this work for additional 
+  license agreements. See the NOTICE file distributed with this work for additional
-  information regarding copyright ownership. The ASF licenses this file to you under 
+  information regarding copyright ownership. The ASF licenses this file to you under
-  the Apache License, Version 2.0 (the "License"); you may not use this file except 
+  the Apache License, Version 2.0 (the "License"); you may not use this file except
-  in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 
+  in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
-  Unless required by applicable law or agreed to in writing, software distributed under 
+  Unless required by applicable law or agreed to in writing, software distributed under
-  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
+  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
-  OF ANY KIND, either express or implied. See the License for the specific language 
+  OF ANY KIND, either express or implied. See the License for the specific language
  governing permissions and limitations under the License. -->
 <!-- cloud -->
 <dataset>
--- a/usage/test/resources/cloud3.xml
+++ b/usage/test/resources/cloud3.xml
@ -1,11 +1,11 @@
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor 
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
-  license agreements. See the NOTICE file distributed with this work for additional 
+  license agreements. See the NOTICE file distributed with this work for additional
-  information regarding copyright ownership. The ASF licenses this file to you under 
+  information regarding copyright ownership. The ASF licenses this file to you under
-  the Apache License, Version 2.0 (the "License"); you may not use this file except 
+  the Apache License, Version 2.0 (the "License"); you may not use this file except
-  in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 
+  in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
-  Unless required by applicable law or agreed to in writing, software distributed under 
+  Unless required by applicable law or agreed to in writing, software distributed under
-  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
+  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
-  OF ANY KIND, either express or implied. See the License for the specific language 
+  OF ANY KIND, either express or implied. See the License for the specific language
  governing permissions and limitations under the License. -->
 <!-- cloud -->
 <dataset>