Google Git
Sign in
apache / cloudstack / optionalpublicip / . / server / src / com / cloud / keystore / KeystoreManagerImpl.java
blob: 6e4240bd92e734693fbfbd5dc702b396eb627fae [file] [log] [blame]
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.keystore;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import com.cloud.agent.api.SecStorageSetupCommand;
import com.cloud.utils.Ternary;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.utils.security.CertificateHelper;
@Component
@Local(value=KeystoreManager.class)
public class KeystoreManagerImpl extends ManagerBase implements KeystoreManager {
private static final Logger s_logger = Logger.getLogger(KeystoreManagerImpl.class);
@Inject private KeystoreDao _ksDao;
@Override
public boolean validateCertificate(String certificate, String key, String domainSuffix) {
if(certificate == null || certificate.isEmpty() ||
key == null || key.isEmpty() ||
domainSuffix == null || domainSuffix.isEmpty()) {
s_logger.error("Invalid parameter found in (certificate, key, domainSuffix) tuple for domain: " + domainSuffix);
return false;
}
try {
String ksPassword = "passwordForValidation";
byte[] ksBits = CertificateHelper.buildAndSaveKeystore(domainSuffix, certificate, getKeyContent(key), ksPassword);
KeyStore ks = CertificateHelper.loadKeystore(ksBits, ksPassword);
if(ks != null)
return true;
s_logger.error("Unabled to construct keystore for domain: " + domainSuffix);
} catch(Exception e) {
s_logger.error("Certificate validation failed due to exception for domain: " + domainSuffix, e);
}
return false;
}
@Override
public void saveCertificate(String name, String certificate, String key, String domainSuffix) {
if(name == null || name.isEmpty() ||
certificate == null || certificate.isEmpty() ||
key == null || key.isEmpty() ||
domainSuffix == null || domainSuffix.isEmpty())
throw new CloudRuntimeException("invalid parameter in saveCerticate");
_ksDao.save(name, certificate, key, domainSuffix);
}
@Override
public void saveCertificate(String name, String certificate, Integer index, String domainSuffix) {
if(name == null || name.isEmpty() ||
certificate == null || certificate.isEmpty() ||
index == null ||
domainSuffix == null || domainSuffix.isEmpty())
throw new CloudRuntimeException("invalid parameter in saveCerticate");
_ksDao.save(name, certificate, index, domainSuffix);
}
@Override
public byte[] getKeystoreBits(String name, String aliasForCertificateInStore, String storePassword) {
assert(name != null);
assert(aliasForCertificateInStore != null);
assert(storePassword != null);
KeystoreVO ksVo = _ksDao.findByName(name);
if(ksVo == null)
throw new CloudRuntimeException("Unable to find keystore " + name);
List<Ternary<String, String, String>> certs = new ArrayList<Ternary<String, String, String>>();
List<KeystoreVO> certChains = _ksDao.findCertChain();
for (KeystoreVO ks : certChains) {
Ternary<String, String, String> cert = new Ternary<String, String, String>(ks.getName(), ks.getCertificate(), null);
certs.add(cert);
}
Ternary<String, String, String> cert = new Ternary<String, String, String>(ksVo.getName(), ksVo.getCertificate(), getKeyContent(ksVo.getKey()));
certs.add(cert);
try {
return CertificateHelper.buildAndSaveKeystore(certs, storePassword);
} catch(KeyStoreException e) {
s_logger.warn("Unable to build keystore for " + name + " due to KeyStoreException");
} catch(CertificateException e) {
s_logger.warn("Unable to build keystore for " + name + " due to CertificateException");
} catch(NoSuchAlgorithmException e) {
s_logger.warn("Unable to build keystore for " + name + " due to NoSuchAlgorithmException");
} catch(InvalidKeySpecException e) {
s_logger.warn("Unable to build keystore for " + name + " due to InvalidKeySpecException");
} catch(IOException e) {
s_logger.warn("Unable to build keystore for " + name + " due to IOException");
}
return null;
}
@Override
public SecStorageSetupCommand.Certificates getCertificates(String name) {
KeystoreVO ksVo = _ksDao.findByName(name);
if (ksVo == null) {
return null;
}
String prvKey = ksVo.getKey();
String prvCert = ksVo.getCertificate();
String certChain = null;
List<KeystoreVO> certchains = _ksDao.findCertChain();
if (certchains.size() > 0) {
StringBuilder chains = new StringBuilder();
for (KeystoreVO cert : certchains) {
chains.append(cert.getCertificate());
chains.append("\n");
}
certChain = chains.toString();
}
SecStorageSetupCommand.Certificates certs = new SecStorageSetupCommand.Certificates(prvKey, prvCert, certChain);
return certs;
}
private static String getKeyContent(String key) {
Pattern regex = Pattern.compile("(^[\\-]+[^\\-]+[\\-]+[\\n]?)([^\\-]+)([\\-]+[^\\-]+[\\-]+$)");
Matcher m = regex.matcher(key);
if(m.find())
return m.group(2);
return key;
}
}