server/src/main/java/com/cloud/consoleproxy/AgentHookBase.java - cloudstack - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.

 package com.cloud.consoleproxy;

 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Date;

 import org.apache.cloudstack.consoleproxy.ConsoleAccessManager;
 import org.apache.cloudstack.consoleproxy.ConsoleAccessManagerImpl;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
 import org.apache.cloudstack.framework.security.keys.KeysManager;
 import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;

 import com.cloud.agent.AgentManager;
 import com.cloud.agent.api.AgentControlAnswer;
 import com.cloud.agent.api.Answer;
 import com.cloud.agent.api.ConsoleAccessAuthenticationAnswer;
 import com.cloud.agent.api.ConsoleAccessAuthenticationCommand;
 import com.cloud.agent.api.ConsoleProxyLoadReportCommand;
 import com.cloud.agent.api.GetVncPortAnswer;
 import com.cloud.agent.api.GetVncPortCommand;
 import com.cloud.agent.api.StartupCommand;
 import com.cloud.agent.api.StartupProxyCommand;
 import com.cloud.agent.api.proxy.StartConsoleProxyAgentHttpHandlerCommand;
 import com.cloud.configuration.Config;
 import com.cloud.exception.AgentUnavailableException;
 import com.cloud.exception.OperationTimedoutException;
 import com.cloud.host.Host;
 import com.cloud.host.HostVO;
 import com.cloud.host.Status;
 import com.cloud.host.dao.HostDao;
 import com.cloud.servlet.ConsoleProxyPasswordBasedEncryptor;
 import com.cloud.servlet.ConsoleProxyServlet;
 import com.cloud.utils.Ternary;
 import com.cloud.vm.VirtualMachine;
 import com.cloud.vm.dao.VMInstanceDao;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;

 /**
  * Utility class to manage interactions with agent-based console access
  * Extracted from ConsoleProxyManagerImpl so that other console proxy managers
  * can reuse
  */
 public abstract class AgentHookBase implements AgentHook {
     private static final Logger s_logger = Logger.getLogger(AgentHookBase.class);

     VMInstanceDao _instanceDao;
     HostDao _hostDao;
     ConfigurationDao _configDao;
     AgentManager _agentMgr;
     KeystoreManager _ksMgr;
     KeysManager _keysMgr;
     ConsoleAccessManager consoleAccessManager;

     protected AgentHookBase(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao, KeystoreManager ksMgr,
                          AgentManager agentMgr, KeysManager keysMgr, ConsoleAccessManager consoleAccessMgr) {
         _instanceDao = instanceDao;
         _hostDao = hostDao;
         _agentMgr = agentMgr;
         _configDao = cfgDao;
         _ksMgr = ksMgr;
         _keysMgr = keysMgr;
         consoleAccessManager = consoleAccessMgr;
     }

     @Override
     public AgentControlAnswer onConsoleAccessAuthentication(ConsoleAccessAuthenticationCommand cmd) {
         Long vmId = null;

         String ticketInUrl = cmd.getTicket();
         String sessionUuid = cmd.getSessionUuid();

         if (ticketInUrl == null) {
             s_logger.error("Access ticket could not be found, you could be running an old version of console proxy. vmId: " + cmd.getVmId());
             return new ConsoleAccessAuthenticationAnswer(cmd, false);
         }

         if (s_logger.isDebugEnabled()) {
             s_logger.debug("Console authentication. Ticket in url for " + cmd.getHost() + ":" + cmd.getPort() + "-" + cmd.getVmId() + " is " + ticketInUrl);
         }

         if (!cmd.isReauthenticating()) {
             String ticket = ConsoleAccessManagerImpl.genAccessTicket(cmd.getHost(), cmd.getPort(), cmd.getSid(), cmd.getVmId(), sessionUuid);
             if (s_logger.isDebugEnabled()) {
                 s_logger.debug("Console authentication. Ticket in 1 minute boundary for " + cmd.getHost() + ":" + cmd.getPort() + "-" + cmd.getVmId() + " is " + ticket);
             }

             if (!consoleAccessManager.isSessionAllowed(sessionUuid)) {
                 s_logger.error(String.format("Session [%s] has been already used or does not exist.", sessionUuid));
                 return new ConsoleAccessAuthenticationAnswer(cmd, false);
             }

             s_logger.debug(String.format("Acquiring session [%s] as it was just used.", sessionUuid));
             consoleAccessManager.acquireSession(sessionUuid);

             if (!ticket.equals(ticketInUrl)) {
                 Date now = new Date();
                 // considering of minute round-up
                 String minuteEarlyTicket = ConsoleAccessManagerImpl.genAccessTicket(cmd.getHost(), cmd.getPort(), cmd.getSid(), cmd.getVmId(), new Date(now.getTime() - 60 * 1000), sessionUuid);

                 if (s_logger.isDebugEnabled()) {
                     s_logger.debug("Console authentication. Ticket in 2-minute boundary for " + cmd.getHost() + ":" + cmd.getPort() + "-" + cmd.getVmId() + " is " +
                         minuteEarlyTicket);
                 }

                 if (!minuteEarlyTicket.equals(ticketInUrl)) {
                     s_logger.error("Access ticket expired or has been modified. vmId: " + cmd.getVmId() + "ticket in URL: " + ticketInUrl +
                         ", tickets to check against: " + ticket + "," + minuteEarlyTicket);
                     return new ConsoleAccessAuthenticationAnswer(cmd, false);
                 }
             }
         }

         if (cmd.getVmId() != null && cmd.getVmId().isEmpty()) {
             if (s_logger.isDebugEnabled()) {
                 s_logger.debug("Invalid vm id sent from proxy(happens when proxy session has terminated)");
             }
             return new ConsoleAccessAuthenticationAnswer(cmd, false);
         }

         VirtualMachine vm = _instanceDao.findByUuid(cmd.getVmId());
         if (vm == null) {
             vm = _instanceDao.findById(Long.parseLong(cmd.getVmId()));
         }
         if (vm == null) {
             s_logger.error("Invalid vm id " + cmd.getVmId() + " sent from console access authentication");
             return new ConsoleAccessAuthenticationAnswer(cmd, false);
         }

         if (vm.getHostId() == null) {
             s_logger.warn("VM " + vmId + " lost host info, failed authentication request");
             return new ConsoleAccessAuthenticationAnswer(cmd, false);
         }

         HostVO host = _hostDao.findById(vm.getHostId());
         if (host == null) {
             s_logger.warn("VM " + vmId + "'s host does not exist, fail authentication request");
             return new ConsoleAccessAuthenticationAnswer(cmd, false);
         }

         String sid = cmd.getSid();
         if (sid == null || !sid.equals(vm.getVncPassword())) {
             s_logger.warn("sid " + sid + " in url does not match stored sid.");
             return new ConsoleAccessAuthenticationAnswer(cmd, false);
         }

         if (cmd.isReauthenticating()) {
             ConsoleAccessAuthenticationAnswer authenticationAnswer = new ConsoleAccessAuthenticationAnswer(cmd, true);
             authenticationAnswer.setReauthenticating(true);

             s_logger.info("Re-authentication request, ask host " + vm.getHostId() + " for new console info");
             GetVncPortAnswer answer = (GetVncPortAnswer)_agentMgr.easySend(vm.getHostId(), new GetVncPortCommand(vm.getId(), vm.getInstanceName()));

             if (answer != null && answer.getResult()) {
                 Ternary<String, String, String> parsedHostInfo = ConsoleProxyServlet.parseHostInfo(answer.getAddress());

                 if (parsedHostInfo.second() != null && parsedHostInfo.third() != null) {

                     s_logger.info("Re-authentication result. vm: " + vm.getId() + ", tunnel url: " + parsedHostInfo.second() + ", tunnel session: " +
                         parsedHostInfo.third());

                     authenticationAnswer.setTunnelUrl(parsedHostInfo.second());
                     authenticationAnswer.setTunnelSession(parsedHostInfo.third());
                 } else {
                     s_logger.info("Re-authentication result. vm: " + vm.getId() + ", host address: " + parsedHostInfo.first() + ", port: " + answer.getPort());

                     authenticationAnswer.setHost(parsedHostInfo.first());
                     authenticationAnswer.setPort(answer.getPort());
                 }
             } else {
                 s_logger.warn("Re-authentication request failed");

                 authenticationAnswer.setSuccess(false);
             }

             return authenticationAnswer;
         }

         return new ConsoleAccessAuthenticationAnswer(cmd, true);
     }

     @Override
     public void startAgentHttpHandlerInVM(StartupProxyCommand startupCmd) {
         StartConsoleProxyAgentHttpHandlerCommand cmd = null;

         try {
             SecureRandom random = SecureRandom.getInstance("SHA1PRNG");

             byte[] randomBytes = new byte[16];
             random.nextBytes(randomBytes);
             String storePassword = Base64.encodeBase64String(randomBytes);

             byte[] ksBits = null;

             String consoleProxyUrlDomain = _configDao.getValue(Config.ConsoleProxyUrlDomain.key());
             String consoleProxySslEnabled = _configDao.getValue("consoleproxy.sslEnabled");
             if (!StringUtils.isEmpty(consoleProxyUrlDomain) && !StringUtils.isEmpty(consoleProxySslEnabled)
                     && consoleProxySslEnabled.equalsIgnoreCase("true")) {
                 ksBits = _ksMgr.getKeystoreBits(ConsoleProxyManager.CERTIFICATE_NAME, ConsoleProxyManager.CERTIFICATE_NAME, storePassword);
                 //ks manager raises exception if ksBits are null, hence no need to explicltly handle the condition
             } else {
                 s_logger.debug("SSL is disabled for console proxy. To enable SSL, please configure consoleproxy.sslEnabled and consoleproxy.url.domain global settings.");
             }

             cmd = new StartConsoleProxyAgentHttpHandlerCommand(ksBits, storePassword);
             cmd.setEncryptorPassword(getEncryptorPassword());
             cmd.setIsSourceIpCheckEnabled(Boolean.parseBoolean(_configDao.getValue(ConsoleProxyManager.NoVncConsoleSourceIpCheckEnabled.key())));

             HostVO consoleProxyHost = findConsoleProxyHost(startupCmd);

             assert (consoleProxyHost != null);
             if (consoleProxyHost != null) {
                 Answer answer = _agentMgr.send(consoleProxyHost.getId(), cmd);
                 if (answer == null || !answer.getResult()) {
                     s_logger.error("Console proxy agent reported that it failed to execute http handling startup command");
                 } else {
                     s_logger.info("Successfully sent out command to start HTTP handling in console proxy agent");
                 }
             }
         }catch (NoSuchAlgorithmException e) {
             s_logger.error("Unexpected exception in SecureRandom Algorithm selection ", e);
         } catch (AgentUnavailableException e) {
             s_logger.error("Unable to send http handling startup command to the console proxy resource for proxy:" + startupCmd.getProxyVmId(), e);
         } catch (OperationTimedoutException e) {
             s_logger.error("Unable to send http handling startup command(time out) to the console proxy resource for proxy:" + startupCmd.getProxyVmId(), e);
         } catch (OutOfMemoryError e) {
             s_logger.error("Unrecoverable OutOfMemory Error, exit and let it be re-launched");
             System.exit(1);
         } catch (Exception e) {
             s_logger.error(
                 "Unexpected exception when sending http handling startup command(time out) to the console proxy resource for proxy:" + startupCmd.getProxyVmId(), e);
         }
     }

     private String getEncryptorPassword() {
         String key;
         String iv;
         ConsoleProxyPasswordBasedEncryptor.KeyIVPair keyIvPair = null;

         // if we failed after reset, something is definitely wrong
         for (int i = 0; i < 2; i++) {
             key = _keysMgr.getEncryptionKey();
             iv = _keysMgr.getEncryptionIV();

             keyIvPair = new ConsoleProxyPasswordBasedEncryptor.KeyIVPair(key, iv);

             if (keyIvPair.getIvBytes() == null || keyIvPair.getIvBytes().length != 16 || keyIvPair.getKeyBytes() == null || keyIvPair.getKeyBytes().length != 16) {

                 s_logger.warn("Console access AES KeyIV sanity check failed, reset and regenerate");
                 _keysMgr.resetEncryptionKeyIV();
             } else {
                 break;
             }
         }

         Gson gson = new GsonBuilder().create();
         return gson.toJson(keyIvPair);
     }

     protected abstract HostVO findConsoleProxyHost(StartupProxyCommand cmd);

     @Override
     public void onLoadReport(ConsoleProxyLoadReportCommand cmd) {
         // no-op since we do not auto-scale
     }

     @Override
     public void onAgentConnect(Host host, StartupCommand cmd) {
         // no-op
     }

     @Override
     public void onAgentDisconnect(long agentId, Status state) {
         // no-op since we do not autoscale
     }
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.

	package com.cloud.consoleproxy;

	import java.security.NoSuchAlgorithmException;
	import java.security.SecureRandom;
	import java.util.Date;

	import org.apache.cloudstack.consoleproxy.ConsoleAccessManager;
	import org.apache.cloudstack.consoleproxy.ConsoleAccessManagerImpl;
	import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
	import org.apache.cloudstack.framework.security.keys.KeysManager;
	import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
	import org.apache.commons.codec.binary.Base64;
	import org.apache.commons.lang3.StringUtils;
	import org.apache.log4j.Logger;

	import com.cloud.agent.AgentManager;
	import com.cloud.agent.api.AgentControlAnswer;
	import com.cloud.agent.api.Answer;
	import com.cloud.agent.api.ConsoleAccessAuthenticationAnswer;
	import com.cloud.agent.api.ConsoleAccessAuthenticationCommand;
	import com.cloud.agent.api.ConsoleProxyLoadReportCommand;
	import com.cloud.agent.api.GetVncPortAnswer;
	import com.cloud.agent.api.GetVncPortCommand;
	import com.cloud.agent.api.StartupCommand;
	import com.cloud.agent.api.StartupProxyCommand;
	import com.cloud.agent.api.proxy.StartConsoleProxyAgentHttpHandlerCommand;
	import com.cloud.configuration.Config;
	import com.cloud.exception.AgentUnavailableException;
	import com.cloud.exception.OperationTimedoutException;
	import com.cloud.host.Host;
	import com.cloud.host.HostVO;
	import com.cloud.host.Status;
	import com.cloud.host.dao.HostDao;
	import com.cloud.servlet.ConsoleProxyPasswordBasedEncryptor;
	import com.cloud.servlet.ConsoleProxyServlet;
	import com.cloud.utils.Ternary;
	import com.cloud.vm.VirtualMachine;
	import com.cloud.vm.dao.VMInstanceDao;
	import com.google.gson.Gson;
	import com.google.gson.GsonBuilder;

	/**
	* Utility class to manage interactions with agent-based console access
	* Extracted from ConsoleProxyManagerImpl so that other console proxy managers
	* can reuse
	*/
	public abstract class AgentHookBase implements AgentHook {
	private static final Logger s_logger = Logger.getLogger(AgentHookBase.class);

	VMInstanceDao _instanceDao;
	HostDao _hostDao;
	ConfigurationDao _configDao;
	AgentManager _agentMgr;
	KeystoreManager _ksMgr;
	KeysManager _keysMgr;
	ConsoleAccessManager consoleAccessManager;

	protected AgentHookBase(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao, KeystoreManager ksMgr,
	AgentManager agentMgr, KeysManager keysMgr, ConsoleAccessManager consoleAccessMgr) {
	_instanceDao = instanceDao;
	_hostDao = hostDao;
	_agentMgr = agentMgr;
	_configDao = cfgDao;
	_ksMgr = ksMgr;
	_keysMgr = keysMgr;
	consoleAccessManager = consoleAccessMgr;
	}

	@Override
	public AgentControlAnswer onConsoleAccessAuthentication(ConsoleAccessAuthenticationCommand cmd) {
	Long vmId = null;

	String ticketInUrl = cmd.getTicket();
	String sessionUuid = cmd.getSessionUuid();

	if (ticketInUrl == null) {
	s_logger.error("Access ticket could not be found, you could be running an old version of console proxy. vmId: " + cmd.getVmId());
	return new ConsoleAccessAuthenticationAnswer(cmd, false);
	}

	if (s_logger.isDebugEnabled()) {
	s_logger.debug("Console authentication. Ticket in url for " + cmd.getHost() + ":" + cmd.getPort() + "-" + cmd.getVmId() + " is " + ticketInUrl);
	}

	if (!cmd.isReauthenticating()) {
	String ticket = ConsoleAccessManagerImpl.genAccessTicket(cmd.getHost(), cmd.getPort(), cmd.getSid(), cmd.getVmId(), sessionUuid);
	if (s_logger.isDebugEnabled()) {
	s_logger.debug("Console authentication. Ticket in 1 minute boundary for " + cmd.getHost() + ":" + cmd.getPort() + "-" + cmd.getVmId() + " is " + ticket);
	}

	if (!consoleAccessManager.isSessionAllowed(sessionUuid)) {
	s_logger.error(String.format("Session [%s] has been already used or does not exist.", sessionUuid));
	return new ConsoleAccessAuthenticationAnswer(cmd, false);
	}

	s_logger.debug(String.format("Acquiring session [%s] as it was just used.", sessionUuid));
	consoleAccessManager.acquireSession(sessionUuid);

	if (!ticket.equals(ticketInUrl)) {
	Date now = new Date();
	// considering of minute round-up
	String minuteEarlyTicket = ConsoleAccessManagerImpl.genAccessTicket(cmd.getHost(), cmd.getPort(), cmd.getSid(), cmd.getVmId(), new Date(now.getTime() - 60 * 1000), sessionUuid);

	if (s_logger.isDebugEnabled()) {
	s_logger.debug("Console authentication. Ticket in 2-minute boundary for " + cmd.getHost() + ":" + cmd.getPort() + "-" + cmd.getVmId() + " is " +
	minuteEarlyTicket);
	}

	if (!minuteEarlyTicket.equals(ticketInUrl)) {
	s_logger.error("Access ticket expired or has been modified. vmId: " + cmd.getVmId() + "ticket in URL: " + ticketInUrl +
	", tickets to check against: " + ticket + "," + minuteEarlyTicket);
	return new ConsoleAccessAuthenticationAnswer(cmd, false);
	}
	}
	}

	if (cmd.getVmId() != null && cmd.getVmId().isEmpty()) {
	if (s_logger.isDebugEnabled()) {
	s_logger.debug("Invalid vm id sent from proxy(happens when proxy session has terminated)");
	}
	return new ConsoleAccessAuthenticationAnswer(cmd, false);
	}

	VirtualMachine vm = _instanceDao.findByUuid(cmd.getVmId());
	if (vm == null) {
	vm = _instanceDao.findById(Long.parseLong(cmd.getVmId()));
	}
	if (vm == null) {
	s_logger.error("Invalid vm id " + cmd.getVmId() + " sent from console access authentication");
	return new ConsoleAccessAuthenticationAnswer(cmd, false);
	}

	if (vm.getHostId() == null) {
	s_logger.warn("VM " + vmId + " lost host info, failed authentication request");
	return new ConsoleAccessAuthenticationAnswer(cmd, false);
	}

	HostVO host = _hostDao.findById(vm.getHostId());
	if (host == null) {
	s_logger.warn("VM " + vmId + "'s host does not exist, fail authentication request");
	return new ConsoleAccessAuthenticationAnswer(cmd, false);
	}

	String sid = cmd.getSid();
	if (sid == null \|\| !sid.equals(vm.getVncPassword())) {
	s_logger.warn("sid " + sid + " in url does not match stored sid.");
	return new ConsoleAccessAuthenticationAnswer(cmd, false);
	}

	if (cmd.isReauthenticating()) {
	ConsoleAccessAuthenticationAnswer authenticationAnswer = new ConsoleAccessAuthenticationAnswer(cmd, true);
	authenticationAnswer.setReauthenticating(true);

	s_logger.info("Re-authentication request, ask host " + vm.getHostId() + " for new console info");
	GetVncPortAnswer answer = (GetVncPortAnswer)_agentMgr.easySend(vm.getHostId(), new GetVncPortCommand(vm.getId(), vm.getInstanceName()));

	if (answer != null && answer.getResult()) {
	Ternary<String, String, String> parsedHostInfo = ConsoleProxyServlet.parseHostInfo(answer.getAddress());

	if (parsedHostInfo.second() != null && parsedHostInfo.third() != null) {

	s_logger.info("Re-authentication result. vm: " + vm.getId() + ", tunnel url: " + parsedHostInfo.second() + ", tunnel session: " +
	parsedHostInfo.third());

	authenticationAnswer.setTunnelUrl(parsedHostInfo.second());
	authenticationAnswer.setTunnelSession(parsedHostInfo.third());
	} else {
	s_logger.info("Re-authentication result. vm: " + vm.getId() + ", host address: " + parsedHostInfo.first() + ", port: " + answer.getPort());

	authenticationAnswer.setHost(parsedHostInfo.first());
	authenticationAnswer.setPort(answer.getPort());
	}
	} else {
	s_logger.warn("Re-authentication request failed");

	authenticationAnswer.setSuccess(false);
	}

	return authenticationAnswer;
	}

	return new ConsoleAccessAuthenticationAnswer(cmd, true);
	}

	@Override
	public void startAgentHttpHandlerInVM(StartupProxyCommand startupCmd) {
	StartConsoleProxyAgentHttpHandlerCommand cmd = null;

	try {
	SecureRandom random = SecureRandom.getInstance("SHA1PRNG");

	byte[] randomBytes = new byte[16];
	random.nextBytes(randomBytes);
	String storePassword = Base64.encodeBase64String(randomBytes);

	byte[] ksBits = null;

	String consoleProxyUrlDomain = _configDao.getValue(Config.ConsoleProxyUrlDomain.key());
	String consoleProxySslEnabled = _configDao.getValue("consoleproxy.sslEnabled");
	if (!StringUtils.isEmpty(consoleProxyUrlDomain) && !StringUtils.isEmpty(consoleProxySslEnabled)
	&& consoleProxySslEnabled.equalsIgnoreCase("true")) {
	ksBits = _ksMgr.getKeystoreBits(ConsoleProxyManager.CERTIFICATE_NAME, ConsoleProxyManager.CERTIFICATE_NAME, storePassword);
	//ks manager raises exception if ksBits are null, hence no need to explicltly handle the condition
	} else {
	s_logger.debug("SSL is disabled for console proxy. To enable SSL, please configure consoleproxy.sslEnabled and consoleproxy.url.domain global settings.");
	}

	cmd = new StartConsoleProxyAgentHttpHandlerCommand(ksBits, storePassword);
	cmd.setEncryptorPassword(getEncryptorPassword());
	cmd.setIsSourceIpCheckEnabled(Boolean.parseBoolean(_configDao.getValue(ConsoleProxyManager.NoVncConsoleSourceIpCheckEnabled.key())));

	HostVO consoleProxyHost = findConsoleProxyHost(startupCmd);

	assert (consoleProxyHost != null);
	if (consoleProxyHost != null) {
	Answer answer = _agentMgr.send(consoleProxyHost.getId(), cmd);
	if (answer == null \|\| !answer.getResult()) {
	s_logger.error("Console proxy agent reported that it failed to execute http handling startup command");
	} else {
	s_logger.info("Successfully sent out command to start HTTP handling in console proxy agent");
	}
	}
	}catch (NoSuchAlgorithmException e) {
	s_logger.error("Unexpected exception in SecureRandom Algorithm selection ", e);
	} catch (AgentUnavailableException e) {
	s_logger.error("Unable to send http handling startup command to the console proxy resource for proxy:" + startupCmd.getProxyVmId(), e);
	} catch (OperationTimedoutException e) {
	s_logger.error("Unable to send http handling startup command(time out) to the console proxy resource for proxy:" + startupCmd.getProxyVmId(), e);
	} catch (OutOfMemoryError e) {
	s_logger.error("Unrecoverable OutOfMemory Error, exit and let it be re-launched");
	System.exit(1);
	} catch (Exception e) {
	s_logger.error(
	"Unexpected exception when sending http handling startup command(time out) to the console proxy resource for proxy:" + startupCmd.getProxyVmId(), e);
	}
	}

	private String getEncryptorPassword() {
	String key;
	String iv;
	ConsoleProxyPasswordBasedEncryptor.KeyIVPair keyIvPair = null;

	// if we failed after reset, something is definitely wrong
	for (int i = 0; i < 2; i++) {
	key = _keysMgr.getEncryptionKey();
	iv = _keysMgr.getEncryptionIV();

	keyIvPair = new ConsoleProxyPasswordBasedEncryptor.KeyIVPair(key, iv);

	if (keyIvPair.getIvBytes() == null \|\| keyIvPair.getIvBytes().length != 16 \|\| keyIvPair.getKeyBytes() == null \|\| keyIvPair.getKeyBytes().length != 16) {

	s_logger.warn("Console access AES KeyIV sanity check failed, reset and regenerate");
	_keysMgr.resetEncryptionKeyIV();
	} else {
	break;
	}
	}

	Gson gson = new GsonBuilder().create();
	return gson.toJson(keyIvPair);
	}

	protected abstract HostVO findConsoleProxyHost(StartupProxyCommand cmd);

	@Override
	public void onLoadReport(ConsoleProxyLoadReportCommand cmd) {
	// no-op since we do not auto-scale
	}

	@Override
	public void onAgentConnect(Host host, StartupCommand cmd) {
	// no-op
	}

	@Override
	public void onAgentDisconnect(long agentId, Status state) {
	// no-op since we do not autoscale
	}
	}