completed the listener logic. Based on the startup command, we will try and update a cust cert to a new running cpvm, and fail if such a cert doesn't exist in the cert table in our db.

agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java

@@ -113,10 +113,8 @@ public class ConsoleProxyResource extends ServerResourceBase implements ServerRe
     		String certificate = cmd.getCertificate();
     		
     		//write the cert to /etc/cloud/consoleproxy/cert/
-    	    String strDirectoy = null;
 			boolean dirCreated = false;
-
-			strDirectoy = "/etc/cloud/consoleproxy/cert/";
+			String strDirectoy = "/etc/cloud/consoleproxy/cert/";
 			dirCreated = (new File(strDirectoy)).mkdirs();
 			
     	    if (dirCreated) 

server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java

@@ -34,9 +34,11 @@ import com.cloud.agent.api.ConsoleProxyLoadReportCommand;
 import com.cloud.agent.api.GetVncPortAnswer;
 import com.cloud.agent.api.GetVncPortCommand;
 import com.cloud.agent.api.StartupCommand;
+import com.cloud.agent.api.StartupProxyCommand;
 import com.cloud.agent.api.StopCommand;
 import com.cloud.api.ServerApiException;
 import com.cloud.api.commands.DestroyConsoleProxyCmd;
+import com.cloud.certificate.dao.CertificateDao;
 import com.cloud.configuration.dao.ConfigurationDao;
 import com.cloud.exception.AgentUnavailableException;
 import com.cloud.exception.ConcurrentOperationException;
@@ -48,6 +50,7 @@ import com.cloud.host.HostVO;
 import com.cloud.host.Status;
 import com.cloud.host.dao.HostDao;
 import com.cloud.info.ConsoleProxyInfo;
+import com.cloud.server.ManagementServer;
 import com.cloud.utils.NumbersUtil;
 import com.cloud.utils.component.ComponentLocator;
 import com.cloud.utils.component.Inject;
@@ -57,8 +60,10 @@ import com.cloud.vm.VMInstanceVO;
 import com.cloud.vm.VirtualMachine.Type;
 import com.cloud.vm.VirtualMachineManager;
 import com.cloud.vm.VirtualMachineName;
+import com.cloud.vm.dao.ConsoleProxyDao;
 import com.cloud.vm.dao.UserVmDao;
 import com.cloud.vm.dao.VMInstanceDao;
+import com.sun.org.apache.xml.internal.security.keys.content.MgmtData;
 
 @Local(value = { ConsoleProxyManager.class })
 public class AgentBasedConsoleProxyManager implements ConsoleProxyManager, VirtualMachineManager<ConsoleProxyVO>, AgentHook {
@@ -74,13 +79,13 @@ public class AgentBasedConsoleProxyManager implements ConsoleProxyManager, Virtu
     @Inject
     private VMInstanceDao _instanceDao;
     private ConsoleProxyListener _listener;
-
     protected int _consoleProxyUrlPort = ConsoleProxyManager.DEFAULT_PROXY_URL_PORT;
     protected int _consoleProxyPort = ConsoleProxyManager.DEFAULT_PROXY_VNC_PORT;
     protected boolean _sslEnabled = false;
     @Inject
     AgentManager _agentMgr;
-
+    @Inject
+    protected ConsoleProxyDao _cpDao;
     public int getVncPort(VMInstanceVO vm) {
         if (vm.getHostId() == null) {
             return -1;
@@ -324,5 +329,11 @@ public class AgentBasedConsoleProxyManager implements ConsoleProxyManager, Virtu
     @Override
     public boolean destroyConsoleProxy(DestroyConsoleProxyCmd cmd) throws ServerApiException {
         return false;
-    }
+    }
+
+	@Override
+	public boolean applyCustomCertToNewProxy(StartupProxyCommand cmd) {
+		// TODO Auto-generated method stub
+		return false;
+	}
 }

server/src/com/cloud/consoleproxy/AgentHook.java

@@ -7,6 +7,7 @@ import com.cloud.agent.api.AgentControlAnswer;
 import com.cloud.agent.api.ConsoleAccessAuthenticationCommand;
 import com.cloud.agent.api.ConsoleProxyLoadReportCommand;
 import com.cloud.agent.api.StartupCommand;
+import com.cloud.agent.api.StartupProxyCommand;
 import com.cloud.host.HostVO;
 import com.cloud.host.Status;
 
@@ -16,4 +17,5 @@ public interface AgentHook {
     void onAgentConnect(HostVO host, StartupCommand cmd);
     
     public void onAgentDisconnect(long agentId, Status state);
+	boolean applyCustomCertToNewProxy(StartupProxyCommand cmd);
 }

server/src/com/cloud/consoleproxy/ConsoleProxyListener.java

@@ -25,6 +25,7 @@ import com.cloud.agent.api.Command;
 import com.cloud.agent.api.ConsoleAccessAuthenticationCommand;
 import com.cloud.agent.api.ConsoleProxyLoadReportCommand;
 import com.cloud.agent.api.StartupCommand;
+import com.cloud.agent.api.StartupProxyCommand;
 import com.cloud.host.HostVO;
 import com.cloud.host.Status;
 
@@ -66,6 +67,10 @@ public class ConsoleProxyListener implements Listener {
     @Override
     public void processConnect(HostVO host, StartupCommand cmd) {
         _proxyMgr.onAgentConnect(host, cmd);
+    	
+    	if (cmd instanceof StartupProxyCommand) {
+    		_proxyMgr.applyCustomCertToNewProxy((StartupProxyCommand)cmd);
+    	}
     }
 
     @Override

server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java

@@ -56,9 +56,11 @@ import com.cloud.agent.api.Start2Command;
 import com.cloud.agent.api.StartConsoleProxyAnswer;
 import com.cloud.agent.api.StartConsoleProxyCommand;
 import com.cloud.agent.api.StartupCommand;
+import com.cloud.agent.api.StartupProxyCommand;
 import com.cloud.agent.api.StopAnswer;
 import com.cloud.agent.api.StopCommand;
 import com.cloud.agent.api.proxy.ConsoleProxyLoadAnswer;
+import com.cloud.agent.api.proxy.UpdateCertificateCommand;
 import com.cloud.agent.api.to.NicTO;
 import com.cloud.agent.api.to.VirtualMachineTO;
 import com.cloud.agent.api.to.VirtualMachineTO.SshMonitor;
@@ -70,6 +72,8 @@ import com.cloud.async.AsyncJobExecutor;
 import com.cloud.async.AsyncJobManager;
 import com.cloud.async.AsyncJobVO;
 import com.cloud.async.BaseAsyncJobExecutor;
+import com.cloud.certificate.CertificateVO;
+import com.cloud.certificate.dao.CertificateDao;
 import com.cloud.cluster.ClusterManager;
 import com.cloud.configuration.Config;
 import com.cloud.configuration.dao.ConfigurationDao;
@@ -117,6 +121,7 @@ import com.cloud.network.dao.IPAddressDao;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offerings.NetworkOfferingVO;
 import com.cloud.offerings.dao.NetworkOfferingDao;
+import com.cloud.server.ManagementServer;
 import com.cloud.service.ServiceOfferingVO;
 import com.cloud.service.dao.ServiceOfferingDao;
 import com.cloud.servlet.ConsoleProxyServlet;
@@ -165,6 +170,7 @@ import com.cloud.vm.dao.ConsoleProxyDao;
 import com.cloud.vm.dao.VMInstanceDao;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
+import com.sun.org.apache.xml.internal.security.keys.content.MgmtData;
 
 //
 // Possible console proxy state transition cases
@@ -229,12 +235,12 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, VirtualMach
     private HostDao _hostDao;
     @Inject
     private ConfigurationDao _configDao;
-
+    @Inject
+    private CertificateDao _certDao;
     @Inject
     private VMInstanceDao _instanceDao;
     @Inject
     private AccountDao _accountDao;
-
     @Inject private VMTemplateHostDao _vmTemplateHostDao;
     @Inject private AgentManager _agentMgr;
     @Inject private StorageManager _storageMgr;
@@ -2432,4 +2438,53 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, VirtualMach
     public boolean processDeploymentResult(Commands cmds, ConsoleProxyVO proxy, VirtualMachineProfile profile, DeployDestination dest) {
         return true;
     }
+    
+    @Override
+    public boolean applyCustomCertToNewProxy(StartupProxyCommand cmd){
+        //this is the case for updating cust cert on each new starting proxy, if such cert exists
+		//get cert from db
+		CertificateVO cert = _certDao.listAll().get(0);
+		
+		if(cert!=null){
+			String certStr = cert.getCertificate(); 
+			long proxyVmId = ((StartupProxyCommand)cmd).getProxyVmId();
+			ConsoleProxyVO consoleProxy = _consoleProxyDao.findById(proxyVmId);
+			//find corresponding host
+			HostVO consoleProxyHost = _hostDao.findConsoleProxyHost(consoleProxy.getName(), Type.ConsoleProxy);
+			//now send a command to console proxy 
+    		UpdateCertificateCommand certCmd = new UpdateCertificateCommand(certStr);
+    		try {
+					Answer updateCertAns = _agentMgr.send(consoleProxyHost.getId(), certCmd);
+					if(updateCertAns.getResult() == true)
+					{
+						//we have the cert copied over on cpvm
+						long eventId = saveScheduledEvent(User.UID_SYSTEM, Account.ACCOUNT_ID_SYSTEM, EventTypes.EVENT_PROXY_REBOOT, "rebooting console proxy with Id: "+consoleProxy.getId());    				
+						rebootProxy(consoleProxy.getId(), eventId);
+						//when cp reboots, the context will be reinit with the new cert 
+						s_logger.info("Successfully rebooted console proxy resource after custom certificate application");
+					}
+			} catch (AgentUnavailableException e) {
+				s_logger.warn("Unable to send update certificate command to the console proxy resource", e);
+				return false;
+			} catch (OperationTimedoutException e) {
+				s_logger.warn("Unable to send update certificate command to the console proxy resource", e);
+				return false;
+			}
+		}else{
+			return false;//no cert
+		}
+		return true;
+    }
+    
+    private Long saveScheduledEvent(Long userId, Long accountId, String type, String description) 
+    {
+        EventVO event = new EventVO();
+        event.setUserId(userId);
+        event.setAccountId(accountId);
+        event.setType(type);
+        event.setState(EventState.Scheduled);
+        event.setDescription("Scheduled async job for "+description);
+        event = _eventDao.persist(event);
+        return event.getId();
+    }
 }

server/src/com/cloud/server/ManagementServerImpl.java

@@ -6972,9 +6972,9 @@ public class ManagementServerImpl implements ManagementServer {
 							//when cp reboots, the context will be reinit with the new cert 
 						}
 				} catch (AgentUnavailableException e) {
-					s_logger.warn("Unable to send command to the console proxy resource", e);
+					s_logger.warn("Unable to send update certificate command to the console proxy resource", e);
 				} catch (OperationTimedoutException e) {
-					s_logger.warn("Unable to send command to the console proxy resource", e);
+					s_logger.warn("Unable to send update certificate command to the console proxy resource", e);
 				}
 	
     		}