[GitHub] [cloudstack] rafaelweingartner commented on a change in pull request #2995: KVM: Improvements on upload direct download certificates

Sun, 02 Jun 2019 12:27:18 -0700 

rafaelweingartner commented on a change in pull request #2995: KVM: 
Improvements on upload direct download certificates
URL: https://github.com/apache/cloudstack/pull/2995#discussion_r289654630
 
 

 ##########
 File path: 
server/src/org/apache/cloudstack/direct/download/DirectDownloadManagerImpl.java
 ##########
 @@ -313,14 +322,64 @@ private DirectDownloadCommand 
getDirectDownloadCommandFromProtocol(DownloadProto
                 .collect(Collectors.toList());
     }
 
+    /**
+     * Return pretified PEM certificate
+     */
+    protected String getPretifiedCertificate(String certificateCer) {
+        String cert = certificateCer.replaceAll("(.{64})", "$1\n");
+        if (!cert.startsWith(BEGIN_CERT) && !cert.endsWith(END_CERT)) {
+            cert = BEGIN_CERT + LINE_SEPARATOR + cert + LINE_SEPARATOR + 
END_CERT;
+        }
+        return cert;
+    }
+
+    /**
+     * Generate and return certificate from the string
+     * @throws CloudRuntimeException if the certificate is not well formed
+     */
+    private Certificate getCertificateFromString(String certificatePem) {
+        try {
+            return CertificateHelper.buildCertificate(certificatePem);
+        } catch (CertificateException e) {
+            e.printStackTrace();
+            throw new CloudRuntimeException("Cannot parse the certificate 
provided, please provide a PEM certificate. Error: " + e.getMessage());
+        }
+    }
+
+    /**
+     * Perform sanity of string parsed certificate
+     */
+    protected void certificateSanity(String certificatePem) {
+        Certificate certificate = getCertificateFromString(certificatePem);
+
+        if (certificate instanceof X509CertImpl) {
+            X509CertImpl x509Cert = (X509CertImpl) certificate;
+            try {
+                x509Cert.checkValidity();
+            } catch (CertificateExpiredException | 
CertificateNotYetValidException e) {
+                e.printStackTrace();
+                throw new CloudRuntimeException("Certificate is invalid. 
Please provide a valid certificate. Error: " + e.getMessage());
+            }
+            if (x509Cert.getSubjectDN() != null) {
+                s_logger.info("Valid certificate for domain name: " + 
x509Cert.getSubjectDN().getName());
 
 Review comment:
   This looks more like a debug message.
   
   BTW, what does this message mean?
   If the domain name is not null, then you call it valid? That sounds a bit 
odd. Could you explain that a bit further?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to