services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyHttpHandlerHelper.java - cloudstack - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 package com.cloud.consoleproxy;

 import java.util.HashMap;
 import java.util.Map;

 import com.cloud.consoleproxy.util.Logger;

 public class ConsoleProxyHttpHandlerHelper {
     private static final Logger s_logger = Logger.getLogger(ConsoleProxyHttpHandlerHelper.class);

     public static Map<String, String> getQueryMap(String query) {
         String[] params = query.split("&");
         Map<String, String> map = new HashMap<String, String>();
         for (String param : params) {
             String[] paramTokens = param.split("=");
             if (paramTokens != null && paramTokens.length == 2) {
                 String name = param.split("=")[0];
                 String value = param.split("=")[1];
                 map.put(name, value);
             } else if (paramTokens.length == 3) {
                 // very ugly, added for Xen tunneling url
                 String name = paramTokens[0];
                 String value = paramTokens[1] + "=" + paramTokens[2];
                 map.put(name, value);
             } else {
                 if (s_logger.isDebugEnabled())
                     s_logger.debug("Invalid parameter in URL found. param: " + param);
             }
         }

         // This is a ugly solution for now. We will do encryption/decryption translation
         // here to make it transparent to rest of the code.
         if (map.get("token") != null) {
             ConsoleProxyPasswordBasedEncryptor encryptor = new ConsoleProxyPasswordBasedEncryptor(ConsoleProxy.getEncryptorPassword());

             ConsoleProxyClientParam param = encryptor.decryptObject(ConsoleProxyClientParam.class, map.get("token"));

             guardUserInput(map);
             if (param != null) {
                 if (param.getClientHostAddress() != null) {
                     s_logger.debug("decode token. host: " + param.getClientHostAddress());
                     map.put("host", param.getClientHostAddress());
                 } else {
                     s_logger.error("decode token. host info is not found!");
                 }
                 if (param.getClientHostPort() != 0) {
                     s_logger.debug("decode token. port: " + param.getClientHostPort());
                     map.put("port", String.valueOf(param.getClientHostPort()));
                 } else {
                     s_logger.error("decode token. port info is not found!");
                 }
                 if (param.getClientTag() != null) {
                     s_logger.debug("decode token. tag: " + param.getClientTag());
                     map.put("tag", param.getClientTag());
                 } else {
                     s_logger.error("decode token. tag info is not found!");
                 }
                 if (param.getClientDisplayName() != null) {
                     if (s_logger.isDebugEnabled()) {
                         s_logger.debug("decode token. displayname: " + param.getClientDisplayName());
                     }
                     map.put("displayname", param.getClientDisplayName());
                 } else {
                     s_logger.error("decode token. displayname info is not found!");
                 }
                 if (param.getClientHostPassword() != null) {
                     map.put("sid", param.getClientHostPassword());
                 } else {
                     s_logger.error("decode token. sid info is not found!");
                 }
                 if (param.getClientTunnelUrl() != null)
                     map.put("consoleurl", param.getClientTunnelUrl());
                 if (param.getClientTunnelSession() != null)
                     map.put("sessionref", param.getClientTunnelSession());
                 if (param.getTicket() != null)
                     map.put("ticket", param.getTicket());
                 if (param.getLocale() != null)
                     map.put("locale", param.getLocale());
                 if (param.getHypervHost() != null)
                     map.put("hypervHost", param.getHypervHost());
                 if (param.getUsername() != null)
                     map.put("username", param.getUsername());
                 if (param.getPassword() != null)
                     map.put("password", param.getPassword());
                 if (param.getSourceIP() != null)
                     map.put("sourceIP", param.getSourceIP());
                 if (param.getWebsocketUrl() != null) {
                     map.put("websocketUrl", param.getWebsocketUrl());
                 }
                 if (param.getSessionUuid() != null) {
                     map.put("sessionUuid", param.getSessionUuid());
                 }
                 if (param.getExtraSecurityToken() != null) {
                     map.put("extraSecurityToken", param.getExtraSecurityToken());
                 }
             } else {
                 s_logger.error("Unable to decode token");
             }
         } else {
             // we no longer accept information from parameter other than token
             guardUserInput(map);
         }

         if (map.containsKey("extra")) {
             s_logger.debug(String.format("Found extra parameter: %s for client security validation check " +
                     "on the VNC server", map.get("extra")));
         }

         return map;
     }

     private static void guardUserInput(Map<String, String> map) {
         map.remove("host");
         map.remove("port");
         map.remove("tag");
         map.remove("sid");
         map.remove("consoleurl");
         map.remove("sessionref");
         map.remove("ticket");
         map.remove("locale");
         map.remove("hypervHost");
         map.remove("username");
         map.remove("password");
         map.remove("websocketUrl");
     }
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.
	package com.cloud.consoleproxy;

	import java.util.HashMap;
	import java.util.Map;

	import com.cloud.consoleproxy.util.Logger;

	public class ConsoleProxyHttpHandlerHelper {
	private static final Logger s_logger = Logger.getLogger(ConsoleProxyHttpHandlerHelper.class);

	public static Map<String, String> getQueryMap(String query) {
	String[] params = query.split("&");
	Map<String, String> map = new HashMap<String, String>();
	for (String param : params) {
	String[] paramTokens = param.split("=");
	if (paramTokens != null && paramTokens.length == 2) {
	String name = param.split("=")[0];
	String value = param.split("=")[1];
	map.put(name, value);
	} else if (paramTokens.length == 3) {
	// very ugly, added for Xen tunneling url
	String name = paramTokens[0];
	String value = paramTokens[1] + "=" + paramTokens[2];
	map.put(name, value);
	} else {
	if (s_logger.isDebugEnabled())
	s_logger.debug("Invalid parameter in URL found. param: " + param);
	}
	}

	// This is a ugly solution for now. We will do encryption/decryption translation
	// here to make it transparent to rest of the code.
	if (map.get("token") != null) {
	ConsoleProxyPasswordBasedEncryptor encryptor = new ConsoleProxyPasswordBasedEncryptor(ConsoleProxy.getEncryptorPassword());

	ConsoleProxyClientParam param = encryptor.decryptObject(ConsoleProxyClientParam.class, map.get("token"));

	guardUserInput(map);
	if (param != null) {
	if (param.getClientHostAddress() != null) {
	s_logger.debug("decode token. host: " + param.getClientHostAddress());
	map.put("host", param.getClientHostAddress());
	} else {
	s_logger.error("decode token. host info is not found!");
	}
	if (param.getClientHostPort() != 0) {
	s_logger.debug("decode token. port: " + param.getClientHostPort());
	map.put("port", String.valueOf(param.getClientHostPort()));
	} else {
	s_logger.error("decode token. port info is not found!");
	}
	if (param.getClientTag() != null) {
	s_logger.debug("decode token. tag: " + param.getClientTag());
	map.put("tag", param.getClientTag());
	} else {
	s_logger.error("decode token. tag info is not found!");
	}
	if (param.getClientDisplayName() != null) {
	if (s_logger.isDebugEnabled()) {
	s_logger.debug("decode token. displayname: " + param.getClientDisplayName());
	}
	map.put("displayname", param.getClientDisplayName());
	} else {
	s_logger.error("decode token. displayname info is not found!");
	}
	if (param.getClientHostPassword() != null) {
	map.put("sid", param.getClientHostPassword());
	} else {
	s_logger.error("decode token. sid info is not found!");
	}
	if (param.getClientTunnelUrl() != null)
	map.put("consoleurl", param.getClientTunnelUrl());
	if (param.getClientTunnelSession() != null)
	map.put("sessionref", param.getClientTunnelSession());
	if (param.getTicket() != null)
	map.put("ticket", param.getTicket());
	if (param.getLocale() != null)
	map.put("locale", param.getLocale());
	if (param.getHypervHost() != null)
	map.put("hypervHost", param.getHypervHost());
	if (param.getUsername() != null)
	map.put("username", param.getUsername());
	if (param.getPassword() != null)
	map.put("password", param.getPassword());
	if (param.getSourceIP() != null)
	map.put("sourceIP", param.getSourceIP());
	if (param.getWebsocketUrl() != null) {
	map.put("websocketUrl", param.getWebsocketUrl());
	}
	if (param.getSessionUuid() != null) {
	map.put("sessionUuid", param.getSessionUuid());
	}
	if (param.getExtraSecurityToken() != null) {
	map.put("extraSecurityToken", param.getExtraSecurityToken());
	}
	} else {
	s_logger.error("Unable to decode token");
	}
	} else {
	// we no longer accept information from parameter other than token
	guardUserInput(map);
	}

	if (map.containsKey("extra")) {
	s_logger.debug(String.format("Found extra parameter: %s for client security validation check " +
	"on the VNC server", map.get("extra")));
	}

	return map;
	}

	private static void guardUserInput(Map<String, String> map) {
	map.remove("host");
	map.remove("port");
	map.remove("tag");
	map.remove("sid");
	map.remove("consoleurl");
	map.remove("sessionref");
	map.remove("ticket");
	map.remove("locale");
	map.remove("hypervHost");
	map.remove("username");
	map.remove("password");
	map.remove("websocketUrl");
	}
	}