apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
cloudstack/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
Rohit Yadav 664186f483 CLOUDSTACK-8160: use preferable protocols 
(cherry picked from commit debfcdef788ce0d51be06db0ef10f6815f9b563b)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2015-01-21 18:04:45 +05:30

153 lines
6.0 KiB
Java
Raw Blame History

// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.consoleproxy;
import com.cloud.utils.db.DbProperties;
import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsParameters;
import com.sun.net.httpserver.HttpsServer;
import org.apache.cloudstack.utils.security.SSLUtils;
import org.apache.log4j.Logger;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.KeyStore;
public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFactory {
private static final Logger s_logger = Logger.getLogger(ConsoleProxySecureServerFactoryImpl.class);
private SSLContext sslContext = null;
public ConsoleProxySecureServerFactoryImpl() {
}
@Override
public void init(byte[] ksBits, String ksPassword) {
s_logger.info("Start initializing SSL");
if (ksBits == null) {
try {
s_logger.info("Initializing SSL from built-in default certificate");
final String pass = DbProperties.getDbProperties().getProperty("db.cloud.keyStorePassphrase");
char[] passphrase = "vmops.com".toCharArray();
if (pass != null) {
passphrase = pass.toCharArray();
}
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("certs/realhostip.keystore"), passphrase);
// ks.load(ConsoleProxy.class.getResourceAsStream("/realhostip.keystore"), passphrase);
s_logger.info("SSL certificate loaded");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, passphrase);
s_logger.info("Key manager factory is initialized");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
s_logger.info("Trust manager factory is initialized");
sslContext = SSLUtils.getSSLContext();
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
s_logger.info("SSL context is initialized");
} catch (Exception ioe) {
s_logger.error(ioe.toString(), ioe);
}
} else {
char[] passphrase = ksPassword != null ? ksPassword.toCharArray() : null;
try {
s_logger.info("Initializing SSL from passed-in certificate");
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new ByteArrayInputStream(ksBits), passphrase);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, passphrase);
s_logger.info("Key manager factory is initialized");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
s_logger.info("Trust manager factory is initialized");
sslContext = SSLUtils.getSSLContext();
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
s_logger.info("SSL context is initialized");
} catch (Exception e) {
s_logger.error("Unable to init factory due to exception ", e);
}
}
}
@Override
public HttpServer createHttpServerInstance(int port) throws IOException {
try {
HttpsServer server = HttpsServer.create(new InetSocketAddress(port), 5);
server.setHttpsConfigurator(new HttpsConfigurator(sslContext) {
@Override
public void configure(HttpsParameters params) {
// get the remote address if needed
InetSocketAddress remote = params.getClientAddress();
SSLContext c = getSSLContext();
// get the default parameters
SSLParameters sslparams = c.getDefaultSSLParameters();
params.setSSLParameters(sslparams);
// statement above could throw IAE if any params invalid.
// eg. if app has a UI and parameters supplied by a user.
}
});
s_logger.info("create HTTPS server instance on port: " + port);
return server;
} catch (Exception ioe) {
s_logger.error(ioe.toString(), ioe);
}
return null;
}
@Override
public SSLServerSocket createSSLServerSocket(int port) throws IOException {
try {
SSLServerSocket srvSock = null;
SSLServerSocketFactory ssf = sslContext.getServerSocketFactory();
srvSock = (SSLServerSocket)ssf.createServerSocket(port);
srvSock.setEnabledProtocols(SSLUtils.getSupportedProtocols(srvSock.getEnabledProtocols()));
s_logger.info("create SSL server socket on port: " + port);
return srvSock;
} catch (Exception ioe) {
s_logger.error(ioe.toString(), ioe);
}
return null;
}
}
Reference in New Issue View Git Blame Copy Permalink