Yair Zaslavsky has uploaded a new change for review. Change subject: core: Add ImportCertificateCommand ......................................................................
core: Add ImportCertificateCommand Change-Id: If4308ecb184234fee3931cf4c7cfbd1796efa9d2 Signed-off-by: Yair Zaslavsky <[email protected]> --- A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ImportProviderCertificateCommand.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllErrors.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java M backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties M backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties M backend/manager/modules/dal/src/main/resources/bundles/VdsmErrors.properties M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/VdsmErrors.java M frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties M frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/VdsmErrors.properties M frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties M frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/VdsmErrors.properties 13 files changed, 101 insertions(+), 15 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/36/35836/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ImportProviderCertificateCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ImportProviderCertificateCommand.java new file mode 100644 index 0000000..2f3e8f2 --- /dev/null +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ImportProviderCertificateCommand.java @@ -0,0 +1,86 @@ +package org.ovirt.engine.core.bll.provider; + +import java.io.ByteArrayInputStream; +import java.security.cert.CertificateFactory; +import java.util.Collections; +import java.util.List; + +import org.apache.commons.codec.binary.Base64; +import org.ovirt.engine.core.bll.CommandBase; +import org.ovirt.engine.core.bll.utils.PermissionSubject; +import org.ovirt.engine.core.common.AuditLogType; +import org.ovirt.engine.core.common.VdcObjectType; +import org.ovirt.engine.core.common.action.ImportProviderCertificateParameters; +import org.ovirt.engine.core.common.businessentities.ActionGroup; +import org.ovirt.engine.core.common.businessentities.Provider; +import org.ovirt.engine.core.common.errors.VdcBLLException; +import org.ovirt.engine.core.common.errors.VdcBllErrors; +import org.ovirt.engine.core.common.errors.VdcBllMessages; +import org.ovirt.engine.core.compat.Guid; + +/* + * This command class imports a certificate of an external provider into the external trust store. + * This class is deprecated, eventually {@link ImportProviderCertificateCommand should be used} + */ +public class ImportProviderCertificateCommand<P extends ImportProviderCertificateParameters> extends CommandBase<P> { + + public ImportProviderCertificateCommand(Guid commandId) { + super(commandId); + } + + public ImportProviderCertificateCommand(P parameters) { + super(parameters); + } + + private Provider getProvider() { + return getParameters().getProvider(); + } + + public String getProviderName() { + return getProvider().getName(); + } + + @Override + protected void executeCommand() { + try { + String encoded = getParameters().getCertificate(); + if (encoded == null || encoded.isEmpty()) { + throw new RuntimeException("Certificate is missing"); + } + + try (ByteArrayInputStream bis = new ByteArrayInputStream(new Base64(0).decode(encoded))) { + ExternalTrustStoreInitializer.addCertificate(CertificateFactory.getInstance("X.509").generateCertificate(bis)); + } + setSucceeded(true); + } catch (Throwable e) { + handleException(e); + } + } + + @Override + public List<PermissionSubject> getPermissionCheckSubjects() { + // Currently it requires what's required for adding a new Provider + // Need to revisit that when designing the permission scheme for providers + return Collections.singletonList(new PermissionSubject(Guid.SYSTEM, + VdcObjectType.System, + ActionGroup.CREATE_STORAGE_POOL)); + } + + @Override + public AuditLogType getAuditLogTypeValue() { + return getSucceeded() ? AuditLogType.PROVIDER_CERTIFICATE_IMPORTED + : AuditLogType.PROVIDER_CERTIFICATE_IMPORT_FAILED; + } + + @Override + protected void setActionMessageParameters() { + addCanDoActionMessage(VdcBllMessages.VAR__ACTION__IMPORT); + addCanDoActionMessage(VdcBllMessages.VAR__TYPE__PROVIDER_CERTIFICATE); + } + + private void handleException(Throwable e) { + log.error(String.format("Failed to import certificate: %1$s", e.getMessage())); + log.debug("Exception", e); + throw new VdcBLLException(VdcBllErrors.PROVIDER_IMPORT_CERTIFICATE_ERROR, e.getMessage()); + } +} diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java index 723c3a7..f87df960 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java @@ -893,8 +893,8 @@ PROVIDER_UPDATE_FAILED(208, AuditLogSeverity.ERROR), PROVIDER_REMOVED(209), PROVIDER_REMOVAL_FAILED(210, AuditLogSeverity.ERROR), - PROVIDER_CERTIFICATE_CHAIN_IMPORTED(211), - PROVIDER_CERTIFICATE_CHAIN_IMPORT_FAILED(212, AuditLogSeverity.ERROR), + PROVIDER_CERTIFICATE_IMPORTED(213), + PROVIDER_CERTIFICATE_IMPORT_FAILED(214, AuditLogSeverity.ERROR), // General ENTITY_RENAMED(1200), diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllErrors.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllErrors.java index 7bbe9b3..72c5ef9 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllErrors.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllErrors.java @@ -430,7 +430,6 @@ HOST_ALREADY_EXISTS(5027), NO_ACTIVE_ISO_DOMAIN_IN_DATA_CENTER(5028), PROVIDER_FAILURE(5050), - PROVIDER_IMPORT_CERTIFICATE_CHAIN_ERROR(5051), PROVIDER_SSL_FAILURE(5052), FAILED_UPDATE_RUNNING_VM(5053), VM_NOT_QUALIFIED_FOR_SNAPSHOT_MERGE(5054), @@ -438,6 +437,7 @@ PROVIDER_AUTHENTICATION_FAILURE(5056), PROVIDER_PROVISION_MISSING_HOSTGROUP(5057), PROVIDER_PROVISION_MISSING_COMPUTERESOURCE(5058), + PROVIDER_IMPORT_CERTIFICATE_ERROR(5059), // Network Labels LABELED_NETWORK_INTERFACE_NOT_FOUND(5200), diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java index 04166ea..0b27c1cf 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java @@ -23,7 +23,7 @@ VAR__TYPE__VNIC_PROFILE, VAR__TYPE__LABEL, VAR__TYPE__PROVIDER, - VAR__TYPE__PROVIDER_CERTIFICATE_CHAIN, + VAR__TYPE__PROVIDER_CERTIFICATE, VAR__TYPE__VM_DISK, VAR__TYPE__BOOKMARK, VAR__TYPE__VM_TICKET, diff --git a/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties b/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties index ed54961..25e18cd 100644 --- a/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties +++ b/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties @@ -277,7 +277,7 @@ VAR__TYPE__VNIC_PROFILE=$type VM network interface profile VAR__TYPE__LABEL=$type Label VAR__TYPE__PROVIDER=$type provider -VAR__TYPE__PROVIDER_CERTIFICATE_CHAIN=$type provider certificate chain +VAR__TYPE__PROVIDER_CERTIFICATE=$type provider certificate VAR__TYPE__VM=$type VM VAR__ENTITIES__VMS=$entities virtual machines VAR__TYPE__QUOTA=$type Quota diff --git a/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties b/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties index 1444691..10154aa 100644 --- a/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties +++ b/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties @@ -499,8 +499,8 @@ PROVIDER_UPDATE_FAILED=Failed to update provider ${ProviderName}. (User: ${UserName}) PROVIDER_REMOVED=Provider ${ProviderName} was removed. (User: ${UserName}) PROVIDER_REMOVAL_FAILED=Failed to remove provider ${ProviderName}. (User: ${UserName}) -PROVIDER_CERTIFICATE_CHAIN_IMPORTED=Certificate chain for provider ${ProviderName} was imported. (User: ${UserName}) -PROVIDER_CERTIFICATE_CHAIN_IMPORT_FAILED=Failed importing Certificate chain for provider ${ProviderName}. (User: ${UserName}) +PROVIDER_CERTIFICATE_IMPORTED=Certificate for provider ${ProviderName} was imported. (User: ${UserName}) +PROVIDER_CERTIFICATE_IMPORT_FAILED=Failed importing Certificate for provider ${ProviderName}. (User: ${UserName}) SUBNET_ADDED=Subnet ${SubnetName} was added on provider ${ProviderName}. (User: ${UserName}) SUBNET_ADDITION_FAILED=Failed to add subnet ${SubnetName} on provider ${ProviderName}. (User: ${UserName}) SUBNET_REMOVED=Subnet ${SubnetName} was removed from provider ${ProviderName}. (User: ${UserName}) diff --git a/backend/manager/modules/dal/src/main/resources/bundles/VdsmErrors.properties b/backend/manager/modules/dal/src/main/resources/bundles/VdsmErrors.properties index c569516..f3b06a9 100644 --- a/backend/manager/modules/dal/src/main/resources/bundles/VdsmErrors.properties +++ b/backend/manager/modules/dal/src/main/resources/bundles/VdsmErrors.properties @@ -387,7 +387,7 @@ HOST_ALREADY_EXISTS=Cannot add Host. Host with same characteristics already exists. NO_ACTIVE_ISO_DOMAIN_IN_DATA_CENTER=There is no active ISO Domain in Data Center. PROVIDER_FAILURE=Failed to communicate with the external provider. -PROVIDER_IMPORT_CERTIFICATE_CHAIN_ERROR=Failed to import provider certificate chain. +PROVIDER_IMPORT_CERTIFICATE_ERROR=Failed to import provider certificate. PROVIDER_SSL_FAILURE=SSL problem while trying to connect to the external provider. PROVIDER_AUTHENTICATION_FAILURE=Failed to authenticate with the external provider. Please confirm username and password. PROVIDER_PROVISION_MISSING_HOSTGROUP=Provision failure: Must choose host group to provision new host. diff --git a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java index c18ea5d..0a54d05 100644 --- a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java +++ b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java @@ -748,8 +748,8 @@ @DefaultStringValue("$type provider") String VAR__TYPE__PROVIDER(); - @DefaultStringValue("$type provider certificate chain") - String VAR__TYPE__PROVIDER_CERTIFICATE_CHAIN(); + @DefaultStringValue("$type provider certificate") + String VAR__TYPE__PROVIDER_CERTIFICATE(); @DefaultStringValue("$type VM") String VAR__TYPE__VM(); diff --git a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/VdsmErrors.java b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/VdsmErrors.java index 1e9c50e..b99a183 100644 --- a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/VdsmErrors.java +++ b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/VdsmErrors.java @@ -655,7 +655,7 @@ String FAILED_UPDATE_RUNNING_VM(); - String PROVIDER_IMPORT_CERTIFICATE_CHAIN_ERROR(); + String PROVIDER_IMPORT_CERTIFICATE_ERROR(); String VM_NOT_QUALIFIED_FOR_SNAPSHOT_MERGE(); diff --git a/frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties b/frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties index 5d3a3c9..3964a63 100644 --- a/frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties +++ b/frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties @@ -268,7 +268,7 @@ VAR__TYPE__LABEL=$type Label VAR__TYPE__VNIC_PROFILE=$type VM network interface profile VAR__TYPE__PROVIDER=$type provider -VAR__TYPE__PROVIDER_CERTIFICATE_CHAIN=$type provider certificate chain +VAR__TYPE__PROVIDER_CERTIFICATE=$type provider certificate VAR__TYPE__VM=$type VM VAR__ENTITIES__VMS=$entities virtual machines VAR__TYPE__QUOTA=$type Quota diff --git a/frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/VdsmErrors.properties b/frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/VdsmErrors.properties index c5e9509..fe5fc85 100644 --- a/frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/VdsmErrors.properties +++ b/frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/VdsmErrors.properties @@ -322,7 +322,7 @@ HOST_ALREADY_EXISTS=Cannot add Host. Host with same characteristics already exists. NO_ACTIVE_ISO_DOMAIN_IN_DATA_CENTER=There is no active ISO Domain in Data Center. PROVIDER_FAILURE=Failed to communicate with the external provider. -PROVIDER_IMPORT_CERTIFICATE_CHAIN_ERROR=Failed to import provider certificate chain. +PROVIDER_IMPORT_CERTIFICATE_ERROR=Failed to import provider certificate. PROVIDER_SSL_FAILURE=SSL problem while trying to connect to the external provider. PROVIDER_AUTHENTICATION_FAILURE=Failed to authenticate with the external provider. Please confirm username and passowrd. FAILED_UPDATE_RUNNING_VM=Failed to update VM while it is running, please try again when the VM is Down. diff --git a/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties b/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties index c858906..5daa721 100644 --- a/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties +++ b/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties @@ -275,7 +275,7 @@ VAR__TYPE__LABEL=$type Label VAR__TYPE__VNIC_PROFILE=$type VM network interface profile VAR__TYPE__PROVIDER=$type provider -VAR__TYPE__PROVIDER_CERTIFICATE_CHAIN=$type provider certificate chain +VAR__TYPE__PROVIDER_CERTIFICATE=$type provider certificate VAR__TYPE__VM=$type VM VAR__ENTITIES__VMS=$entities virtual machines VAR__TYPE__QUOTA=$type Quota diff --git a/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/VdsmErrors.properties b/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/VdsmErrors.properties index 1ac7a69..9315b0b 100644 --- a/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/VdsmErrors.properties +++ b/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/VdsmErrors.properties @@ -322,7 +322,7 @@ HOST_ALREADY_EXISTS=Cannot add Host. Host with same characteristics already exists. NO_ACTIVE_ISO_DOMAIN_IN_DATA_CENTER=There is no active ISO Domain in Data Center. PROVIDER_FAILURE=Failed to communicate with the external provider. -PROVIDER_IMPORT_CERTIFICATE_CHAIN_ERROR=Failed to import provider certificate chain. +PROVIDER_IMPORT_CERTIFICATE_ERROR=Failed to import provider certificate. PROVIDER_SSL_FAILURE=SSL problem while trying to connect to the external provider. PROVIDER_AUTHENTICATION_FAILURE=Failed to authenticate with the external provider. Please confirm username and passowrd. PROVIDER_PROVISION_MISSING_HOSTGROUP=Provision failure: Must choose host group to provision new host. -- To view, visit http://gerrit.ovirt.org/35836 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If4308ecb184234fee3931cf4c7cfbd1796efa9d2 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.5 Gerrit-Owner: Yair Zaslavsky <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
