Repository: cloudstack Updated Branches: refs/heads/master 4d06eef3b -> 57c484140
CLOUDSTACK-7814: Fix default passphrase for keystores In upgrade case, the db.properties file is not changed, but the following commit would require passphrase for keystore in it, thus result in error(NPE in fact due to there is no such properity). commit 918c320438980f070150f872e3a3ba907572af83 Author: Upendra Moturi <upendra.mot...@sungard.com> Date: Fri Jun 20 11:41:58 2014 +0530 CLOUDSTACK-6847.Link.java and console proxy files have hardcoded value This commit fix it by put default value for passphrases, also set correct passphrase if fail-safe keystore is used. Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/57c48414 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/57c48414 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/57c48414 Branch: refs/heads/master Commit: 57c48414030a9961e82d7e6f39a24b84ccc7e371 Parents: 4d06eef Author: Sheng Yang <sheng.y...@citrix.com> Authored: Mon Oct 27 18:59:55 2014 -0700 Committer: Sheng Yang <sheng.y...@citrix.com> Committed: Tue Oct 28 16:25:52 2014 -0700 ---------------------------------------------------------------------- .../ConsoleProxySecureServerFactoryImpl.java | 32 ++++++++++---------- utils/src/com/cloud/utils/nio/Link.java | 9 ++++-- 2 files changed, 22 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/57c48414/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java ---------------------------------------------------------------------- diff --git a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java index 7af4c7b..75d23b1 100644 --- a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java +++ b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java @@ -16,12 +16,12 @@ // under the License. package com.cloud.consoleproxy; -import java.io.ByteArrayInputStream; -import java.io.FileInputStream; -import java.io.IOException; -import java.net.InetSocketAddress; -import java.security.KeyStore; -import java.util.Properties; +import com.cloud.utils.db.DbProperties; +import com.sun.net.httpserver.HttpServer; +import com.sun.net.httpserver.HttpsConfigurator; +import com.sun.net.httpserver.HttpsParameters; +import com.sun.net.httpserver.HttpsServer; +import org.apache.log4j.Logger; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; @@ -29,14 +29,11 @@ import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.TrustManagerFactory; - -import org.apache.log4j.Logger; - -import com.cloud.utils.db.DbProperties; -import com.sun.net.httpserver.HttpServer; -import com.sun.net.httpserver.HttpsConfigurator; -import com.sun.net.httpserver.HttpsParameters; -import com.sun.net.httpserver.HttpsServer; +import java.io.ByteArrayInputStream; +import java.io.FileInputStream; +import java.io.IOException; +import java.net.InetSocketAddress; +import java.security.KeyStore; public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFactory { private static final Logger s_logger = Logger.getLogger(ConsoleProxySecureServerFactoryImpl.class); @@ -54,8 +51,11 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa try { s_logger.info("Initializing SSL from built-in default certificate"); - final Properties dbProps = DbProperties.getDbProperties(); - char[] passphrase = dbProps.getProperty("db.cloud.keyStorePassphrase").toCharArray(); + final String pass = DbProperties.getDbProperties().getProperty("db.cloud.keyStorePassphrase"); + char[] passphrase = "vmops.com".toCharArray(); + if (pass != null) { + passphrase = pass.toCharArray(); + } KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream("certs/realhostip.keystore"), passphrase); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/57c48414/utils/src/com/cloud/utils/nio/Link.java ---------------------------------------------------------------------- diff --git a/utils/src/com/cloud/utils/nio/Link.java b/utils/src/com/cloud/utils/nio/Link.java index c295caf..a15b8a4 100755 --- a/utils/src/com/cloud/utils/nio/Link.java +++ b/utils/src/com/cloud/utils/nio/Link.java @@ -33,7 +33,6 @@ import java.nio.channels.SelectionKey; import java.nio.channels.SocketChannel; import java.security.GeneralSecurityException; import java.security.KeyStore; -import java.util.Properties; import java.util.concurrent.ConcurrentLinkedQueue; import javax.net.ssl.KeyManagerFactory; @@ -418,8 +417,11 @@ public class Link { File confFile = PropertiesUtil.findConfigFile("db.properties"); if (null != confFile && !isClient) { - final Properties dbProps = DbProperties.getDbProperties(); - char[] passphrase = dbProps.getProperty("db.cloud.keyStorePassphrase").toCharArray(); + final String pass = DbProperties.getDbProperties().getProperty("db.cloud.keyStorePassphrase"); + char[] passphrase = "vmops.com".toCharArray(); + if (pass != null) { + passphrase = pass.toCharArray(); + } String confPath = confFile.getParent(); String keystorePath = confPath + keystoreFile; if (new File(keystorePath).exists()) { @@ -427,6 +429,7 @@ public class Link { } else { s_logger.warn("SSL: Fail to find the generated keystore. Loading fail-safe one to continue."); stream = NioConnection.class.getResourceAsStream("/cloud.keystore"); + passphrase = "vmops.com".toCharArray(); } ks.load(stream, passphrase); stream.close();
