apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-12-16 10:32:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

utils: use a better extended implementation of SSLSocketFactory

Browse Source 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit b4a5a32a7488ecd93f295670e7f641fc32198aa7)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This commit is contained in:
Rohit Yadav 2015-03-13 17:31:30 +05:30
parent 6c71d3bae1
commit c8901a7990
10 changed files with 282 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/XenServerConnectionPool.java
View File

@ -16,6 +16,26 @@
// under the License.
package com.cloud.hypervisor.xenserver.resource;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.PropertiesUtil;
import com.cloud.utils.exception.CloudRuntimeException;
import com.xensource.xenapi.APIVersion;
import com.xensource.xenapi.Connection;
import com.xensource.xenapi.Host;
import com.xensource.xenapi.Pool;
import com.xensource.xenapi.Session;
import com.xensource.xenapi.Types;
import com.xensource.xenapi.Types.BadServerResponse;
import com.xensource.xenapi.Types.XenAPIException;
import org.apache.cloudstack.utils.security.SSLUtils;
import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
import org.apache.log4j.Logger;
import org.apache.xmlrpc.XmlRpcException;
import org.apache.xmlrpc.client.XmlRpcClientException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
@ -27,29 +47,6 @@ import java.util.Map;
import java.util.Properties;
import java.util.Queue;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import org.apache.log4j.Logger;
import org.apache.xmlrpc.XmlRpcException;
import org.apache.xmlrpc.client.XmlRpcClientException;
import org.apache.cloudstack.utils.security.SSLUtils;
import com.xensource.xenapi.APIVersion;
import com.xensource.xenapi.Connection;
import com.xensource.xenapi.Host;
import com.xensource.xenapi.Pool;
import com.xensource.xenapi.Session;
import com.xensource.xenapi.Types;
import com.xensource.xenapi.Types.BadServerResponse;
import com.xensource.xenapi.Types.XenAPIException;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.PropertiesUtil;
import com.cloud.utils.exception.CloudRuntimeException;
public class XenServerConnectionPool {
private static final Logger s_logger = Logger.getLogger(XenServerConnectionPool.class);
protected HashMap<String /* poolUuid */, XenServerConnection> _conns = new HashMap<String, XenServerConnection>();
@ -81,7 +78,7 @@ public class XenServerConnectionPool {
trustAllCerts[0] = tm;
javax.net.ssl.SSLContext sc = SSLUtils.getSSLContext();
sc.init(null, trustAllCerts, null);
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(new SecureSSLSocketFactory(sc));
HostnameVerifier hv = new HostnameVerifier() {
@Override
public boolean verify(String hostName, SSLSession session) {

38
plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java
View File

@ -20,6 +20,24 @@
package org.apache.cloudstack.network.opendaylight.api;
import org.apache.cloudstack.utils.security.SSLUtils;
import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.HttpMethodBase;
import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
import org.apache.commons.httpclient.cookie.CookiePolicy;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.apache.log4j.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
@ -33,24 +51,6 @@ import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.HttpMethodBase;
import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
import org.apache.commons.httpclient.cookie.CookiePolicy;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.apache.log4j.Logger;
public class NeutronRestApi {
private static final Logger s_logger = Logger.getLogger(NeutronRestApi.class);
@ -179,7 +179,7 @@ public class NeutronRestApi {
// Install the all-trusting trust manager
SSLContext sc = SSLUtils.getSSLContext();
sc.init(null, trustAllCerts, new java.security.SecureRandom());
ssf = sc.getSocketFactory();
ssf = new SecureSSLSocketFactory(sc);
} catch (KeyManagementException e) {
throw new IOException(e);
} catch (NoSuchAlgorithmException e) {

45
plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
View File

@ -19,11 +19,21 @@
package org.apache.cloudstack.storage.datastore.util;
import java.net.ConnectException;
import java.security.InvalidParameterException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import com.cloud.agent.api.Answer;
import com.cloud.utils.exception.CloudRuntimeException;
import com.google.gson.Gson;
import com.google.gson.annotations.SerializedName;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.ClientConfig;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.core.util.MultivaluedMapImpl;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.cloudstack.utils.security.SSLUtils;
import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
import org.apache.http.auth.InvalidCredentialsException;
import org.apache.log4j.Logger;
import javax.naming.ServiceUnavailableException;
import javax.net.ssl.HostnameVerifier;
@ -36,24 +46,11 @@ import javax.net.ssl.X509TrustManager;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.UriBuilder;
import org.apache.http.auth.InvalidCredentialsException;
import org.apache.log4j.Logger;
import org.apache.cloudstack.utils.security.SSLUtils;
import com.google.gson.Gson;
import com.google.gson.annotations.SerializedName;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.ClientConfig;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.core.util.MultivaluedMapImpl;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import com.cloud.agent.api.Answer;
import com.cloud.utils.exception.CloudRuntimeException;
import java.net.ConnectException;
import java.security.InvalidParameterException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.HashMap;
public class ElastistorUtil {
@ -1098,7 +1095,7 @@ public class ElastistorUtil {
try {
SSLContext sc = SSLUtils.getSSLContext();
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultSSLSocketFactory(new SecureSSLSocketFactory(sc));
HttpsURLConnection.setDefaultHostnameVerifier(hv);
} catch (Exception e) {
;

29
services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
View File

@ -16,9 +16,18 @@
// under the License.
package streamer;
import static streamer.debug.MockServer.Packet.PacketType.CLIENT;
import static streamer.debug.MockServer.Packet.PacketType.SERVER;
import org.apache.cloudstack.utils.security.SSLUtils;
import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
import streamer.debug.MockServer;
import streamer.debug.MockServer.Packet;
import streamer.ssl.SSLState;
import streamer.ssl.TrustAllX509TrustManager;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@ -26,18 +35,8 @@ import java.net.InetSocketAddress;
import java.net.Socket;
import java.util.HashMap;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import org.apache.cloudstack.utils.security.SSLUtils;
import streamer.debug.MockServer;
import streamer.debug.MockServer.Packet;
import streamer.ssl.SSLState;
import streamer.ssl.TrustAllX509TrustManager;
import static streamer.debug.MockServer.Packet.PacketType.CLIENT;
import static streamer.debug.MockServer.Packet.PacketType.SERVER;
public class SocketWrapperImpl extends PipelineImpl implements SocketWrapper {
@ -137,7 +136,7 @@ public class SocketWrapperImpl extends PipelineImpl implements SocketWrapper {
// Trust all certificates (FIXME: insecure)
sslContext.init(null, new TrustManager[] {new TrustAllX509TrustManager(sslState)}, null);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
SSLSocketFactory sslSocketFactory = new SecureSSLSocketFactory(sslContext);
sslSocket = (SSLSocket)sslSocketFactory.createSocket(socket, address.getHostName(), address.getPort(), true);
sslSocket.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslSocket.getEnabledProtocols()));

16
services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java
View File

@ -17,7 +17,13 @@
package com.cloud.consoleproxy.util;
import org.apache.cloudstack.utils.security.SSLUtils;
import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@ -32,12 +38,6 @@ import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
//
// This file is originally from XenConsole with modifications
//
@ -151,7 +151,7 @@ public final class RawHTTP {
SSLSocket ssl = null;
try {
context.init(null, trustAllCerts, new SecureRandom());
SocketFactory factory = context.getSocketFactory();
SocketFactory factory = new SecureSSLSocketFactory(context);
ssl = (SSLSocket)factory.createSocket(host, port);
ssl.setEnabledProtocols(SSLUtils.getSupportedProtocols(ssl.getEnabledProtocols()));
/* ssl.setSSLParameters(context.getDefaultSSLParameters()); */
@ -160,6 +160,8 @@ public final class RawHTTP {
throw e;
} catch (KeyManagementException e) {
s_logger.error("KeyManagementException: " + e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
s_logger.error("NoSuchAlgorithmException: " + e.getMessage(), e);
}
return ssl;
} else {

60
utils/src/com/cloud/utils/rest/RESTServiceConnector.java
View File

@ -19,29 +19,13 @@
package com.cloud.utils.rest;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Type;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import com.google.gson.FieldNamingPolicy;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonDeserializer;
import com.google.gson.reflect.TypeToken;
import org.apache.cloudstack.utils.security.SSLUtils;
import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
@ -62,13 +46,27 @@ import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.apache.log4j.Logger;
import org.apache.cloudstack.utils.security.SSLUtils;
import com.google.gson.FieldNamingPolicy;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonDeserializer;
import com.google.gson.reflect.TypeToken;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Type;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
/**
* This abstraction encapsulates client side code for REST service communication. It encapsulates
@ -339,7 +337,7 @@ public class RESTServiceConnector {
// Install the all-trusting trust manager
final SSLContext sc = SSLUtils.getSSLContext();
sc.init(null, trustAllCerts, new java.security.SecureRandom());
ssf = sc.getSocketFactory();
ssf = new SecureSSLSocketFactory(sc);
} catch (final KeyManagementException e) {
throw new IOException(e);
} catch (final NoSuchAlgorithmException e) {

7
utils/src/org/apache/cloudstack/utils/security/SSLUtils.java
View File

@ -24,6 +24,7 @@ import org.apache.log4j.Logger;
import javax.net.ssl.SSLContext;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
@ -41,6 +42,12 @@ public class SSLUtils {
return (String[]) set.toArray(new String[set.size()]);
}
public static String[] getSupportedCiphers() throws NoSuchAlgorithmException {
String[] availableCiphers = getSSLContext().getSocketFactory().getSupportedCipherSuites();
Arrays.sort(availableCiphers);
return availableCiphers;
}
public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
return SSLContext.getInstance("TLSv1");
}

124
utils/src/org/apache/cloudstack/utils/security/SecureSSLSocketFactory.java Normal file
View File

@ -0,0 +1,124 @@
//
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
//
package org.apache.cloudstack.utils.security;
import org.apache.log4j.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
public class SecureSSLSocketFactory extends SSLSocketFactory {
public static final Logger s_logger = Logger.getLogger(SecureSSLSocketFactory.class);
private SSLContext _sslContext;
public SecureSSLSocketFactory() throws NoSuchAlgorithmException {
_sslContext = SSLUtils.getSSLContext();
}
public SecureSSLSocketFactory(SSLContext sslContext) throws NoSuchAlgorithmException {
if (sslContext != null) {
_sslContext = sslContext;
} else {
_sslContext = SSLUtils.getSSLContext();
}
}
public SecureSSLSocketFactory(KeyManager[] km, TrustManager[] tm, SecureRandom random) throws NoSuchAlgorithmException, KeyManagementException, IOException {
_sslContext = SSLUtils.getSSLContext();
_sslContext.init(km, tm, random);
}
@Override
public String[] getDefaultCipherSuites() {
return getSupportedCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
String[] ciphers = null;
try {
ciphers = SSLUtils.getSupportedCiphers();
} catch (NoSuchAlgorithmException e) {
s_logger.error("SecureSSLSocketFactory::getDefaultCipherSuites found no cipher suites");
}
return ciphers;
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
SSLSocketFactory factory = _sslContext.getSocketFactory();
Socket socket = factory.createSocket(s, host, port, autoClose);
if (socket instanceof SSLSocket) {
((SSLSocket)socket).setEnabledProtocols(SSLUtils.getSupportedProtocols(((SSLSocket)socket).getEnabledProtocols()));
}
return socket;
}
@Override
public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
SSLSocketFactory factory = _sslContext.getSocketFactory();
Socket socket = factory.createSocket(host, port);
if (socket instanceof SSLSocket) {
((SSLSocket)socket).setEnabledProtocols(SSLUtils.getSupportedProtocols(((SSLSocket)socket).getEnabledProtocols()));
}
return socket;
}
@Override
public Socket createSocket(String host, int port, InetAddress inetAddress, int localPort) throws IOException, UnknownHostException {
SSLSocketFactory factory = _sslContext.getSocketFactory();
Socket socket = factory.createSocket(host, port, inetAddress, localPort);
if (socket instanceof SSLSocket) {
((SSLSocket)socket).setEnabledProtocols(SSLUtils.getSupportedProtocols(((SSLSocket)socket).getEnabledProtocols()));
}
return socket;
}
@Override
public Socket createSocket(InetAddress inetAddress, int localPort) throws IOException {
SSLSocketFactory factory = _sslContext.getSocketFactory();
Socket socket = factory.createSocket(inetAddress, localPort);
if (socket instanceof SSLSocket) {
((SSLSocket)socket).setEnabledProtocols(SSLUtils.getSupportedProtocols(((SSLSocket)socket).getEnabledProtocols()));
}
return socket;
}
@Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
SSLSocketFactory factory = this._sslContext.getSocketFactory();
Socket socket = factory.createSocket(address, port, localAddress, localPort);
if (socket instanceof SSLSocket) {
((SSLSocket)socket).setEnabledProtocols(SSLUtils.getSupportedProtocols(((SSLSocket)socket).getEnabledProtocols()));
}
return socket;
}
}

36
vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java
View File

@ -16,24 +16,6 @@
// under the License.
package com.cloud.hypervisor.vmware.util;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.WebServiceException;
import javax.xml.ws.handler.MessageContext;
import org.apache.log4j.Logger;
import org.apache.cloudstack.utils.security.SSLUtils;
import com.vmware.vim25.DynamicProperty;
import com.vmware.vim25.InvalidCollectorVersionFaultMsg;
import com.vmware.vim25.InvalidPropertyFaultMsg;
@ -56,6 +38,22 @@ import com.vmware.vim25.TraversalSpec;
import com.vmware.vim25.UpdateSet;
import com.vmware.vim25.VimPortType;
import com.vmware.vim25.VimService;
import org.apache.cloudstack.utils.security.SSLUtils;
import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
import org.apache.log4j.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.WebServiceException;
import javax.xml.ws.handler.MessageContext;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
/**
* A wrapper class to handle Vmware vsphere connection and disconnection.
@ -109,7 +107,7 @@ public class VmwareClient {
javax.net.ssl.SSLSessionContext sslsc = sc.getServerSessionContext();
sslsc.setSessionTimeout(0);
sc.init(null, trustAllCerts, null);
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(new SecureSSLSocketFactory(sc));
}
private final ManagedObjectReference svcInstRef = new ManagedObjectReference();

44
vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java
View File

@ -16,6 +16,26 @@
// under the License.
package com.cloud.hypervisor.vmware.util;
import com.cloud.hypervisor.vmware.mo.DatacenterMO;
import com.cloud.hypervisor.vmware.mo.DatastoreFile;
import com.cloud.utils.ActionDelegate;
import com.vmware.vim25.ManagedObjectReference;
import com.vmware.vim25.ObjectContent;
import com.vmware.vim25.ObjectSpec;
import com.vmware.vim25.PropertyFilterSpec;
import com.vmware.vim25.PropertySpec;
import com.vmware.vim25.ServiceContent;
import com.vmware.vim25.TaskInfo;
import com.vmware.vim25.TraversalSpec;
import com.vmware.vim25.VimPortType;
import org.apache.cloudstack.utils.security.SSLUtils;
import org.apache.cloudstack.utils.security.SecureSSLSocketFactory;
import org.apache.log4j.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.xml.ws.soap.SOAPFaultException;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.BufferedReader;
@ -35,28 +55,6 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.xml.ws.soap.SOAPFaultException;
import org.apache.log4j.Logger;
import org.apache.cloudstack.utils.security.SSLUtils;
import com.vmware.vim25.ManagedObjectReference;
import com.vmware.vim25.ObjectContent;
import com.vmware.vim25.ObjectSpec;
import com.vmware.vim25.PropertyFilterSpec;
import com.vmware.vim25.PropertySpec;
import com.vmware.vim25.ServiceContent;
import com.vmware.vim25.TaskInfo;
import com.vmware.vim25.TraversalSpec;
import com.vmware.vim25.VimPortType;
import com.cloud.hypervisor.vmware.mo.DatacenterMO;
import com.cloud.hypervisor.vmware.mo.DatastoreFile;
import com.cloud.utils.ActionDelegate;
public class VmwareContext {
private static final Logger s_logger = Logger.getLogger(VmwareContext.class);
@ -82,7 +80,7 @@ public class VmwareContext {
trustAllCerts[0] = tm;
javax.net.ssl.SSLContext sc = SSLUtils.getSSLContext();
sc.init(null, trustAllCerts, null);
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(new SecureSSLSocketFactory(sc));
HostnameVerifier hv = new HostnameVerifier() {
@Override