[GitHub] [cloudstack] nvazquez commented on a change in pull request #2995: KVM: Improvements on upload direct download certificates

[GitBox]

nvazquez commented on a change in pull request #2995: KVM: Improvements on 
upload direct download certificates
URL: https://github.com/apache/cloudstack/pull/2995#discussion_r289663100
 
 

 ##########
 File path: 
server/src/org/apache/cloudstack/direct/download/DirectDownloadManagerImpl.java
 ##########
 @@ -313,14 +322,64 @@ private DirectDownloadCommand 
getDirectDownloadCommandFromProtocol(DownloadProto
                 .collect(Collectors.toList());
     }
 
+    /**
+     * Return pretified PEM certificate
+     */
+    protected String getPretifiedCertificate(String certificateCer) {
+        String cert = certificateCer.replaceAll("(.{64})", "$1\n");
+        if (!cert.startsWith(BEGIN_CERT) && !cert.endsWith(END_CERT)) {
+            cert = BEGIN_CERT + LINE_SEPARATOR + cert + LINE_SEPARATOR + 
END_CERT;
+        }
+        return cert;
+    }
+
+    /**
+     * Generate and return certificate from the string
+     * @throws CloudRuntimeException if the certificate is not well formed
+     */
+    private Certificate getCertificateFromString(String certificatePem) {
+        try {
+            return CertificateHelper.buildCertificate(certificatePem);
+        } catch (CertificateException e) {
+            e.printStackTrace();
+            throw new CloudRuntimeException("Cannot parse the certificate 
provided, please provide a PEM certificate. Error: " + e.getMessage());
+        }
+    }
+
+    /**
+     * Perform sanity of string parsed certificate
+     */
+    protected void certificateSanity(String certificatePem) {
+        Certificate certificate = getCertificateFromString(certificatePem);
+
+        if (certificate instanceof X509CertImpl) {
+            X509CertImpl x509Cert = (X509CertImpl) certificate;
+            try {
+                x509Cert.checkValidity();
+            } catch (CertificateExpiredException | 
CertificateNotYetValidException e) {
+                e.printStackTrace();
+                throw new CloudRuntimeException("Certificate is invalid. 
Please provide a valid certificate. Error: " + e.getMessage());
+            }
+            if (x509Cert.getSubjectDN() != null) {
+                s_logger.info("Valid certificate for domain name: " + 
x509Cert.getSubjectDN().getName());
 
 Review comment:
   Actually it is valid if it succeeds the checkValidity() method above. 
Message is just informative, at this point in both cases (domain name null or 
not) the certificate is valid. Anyways I'll set it to debug level, or if its 
confusing then it can be removed as well

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services