Yair Zaslavsky has uploaded a new change for review. Change subject: core: remove commons httpclient from provider proxy ......................................................................
core: remove commons httpclient from provider proxy As commons-http client is no longer maintained, there are two options - a. move to httpcomponents which is maintained, b. have our own implementation for httpclient. As our requirements from http clients are quite minimal, I have selected option b. This patch addresses the foreman provider proxy as it uses SSL based communication. VdsBroker will eventually contain only the JSON RPC communication Change-Id: I727d34c33f357b93560d4b5a1784b3733b7fa293 Signed-off-by: Yair Zaslavsky <[email protected]> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/host/provider/foreman/ForemanHostProviderProxy.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/EngineLocalConfig.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssl/AuthSSLProtocolSocketFactory.java M packaging/services/ovirt-engine/ovirt-engine.conf.in 6 files changed, 253 insertions(+), 202 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/32/35832/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/host/provider/foreman/ForemanHostProviderProxy.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/host/provider/foreman/ForemanHostProviderProxy.java index 1ffbe60..313eec3 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/host/provider/foreman/ForemanHostProviderProxy.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/host/provider/foreman/ForemanHostProviderProxy.java @@ -1,36 +1,18 @@ package org.ovirt.engine.core.bll.host.provider.foreman; import java.io.IOException; -import java.io.OutputStream; -import java.io.OutputStreamWriter; -import java.io.PrintWriter; import java.net.HttpURLConnection; -import java.net.URL; import java.net.URLEncoder; -import java.nio.charset.StandardCharsets; +import java.nio.file.Paths; import java.util.ArrayList; import java.util.Arrays; import java.util.List; -import javax.net.ssl.SSLException; - -import org.apache.commons.httpclient.Credentials; -import org.apache.commons.httpclient.HttpClient; -import org.apache.commons.httpclient.HttpException; -import org.apache.commons.httpclient.HttpMethod; -import org.apache.commons.httpclient.HttpURL; -import org.apache.commons.httpclient.HttpsURL; -import org.apache.commons.httpclient.UsernamePasswordCredentials; -import org.apache.commons.httpclient.auth.AuthScope; -import org.apache.commons.httpclient.methods.GetMethod; -import org.apache.commons.httpclient.methods.PutMethod; -import org.apache.commons.httpclient.methods.RequestEntity; -import org.apache.commons.httpclient.protocol.Protocol; -import org.apache.commons.httpclient.protocol.ProtocolSocketFactory; import org.apache.commons.lang.StringUtils; +import org.codehaus.jackson.map.DeserializationConfig.Feature; +import org.codehaus.jackson.map.ObjectMapper; import org.ovirt.engine.core.bll.host.provider.HostProviderProxy; import org.ovirt.engine.core.bll.provider.BaseProviderProxy; -import org.ovirt.engine.core.bll.provider.ExternalTrustStoreInitializer; import org.ovirt.engine.core.common.businessentities.ExternalComputeResource; import org.ovirt.engine.core.common.businessentities.ExternalDiscoveredHost; import org.ovirt.engine.core.common.businessentities.ExternalHostGroup; @@ -39,16 +21,9 @@ import org.ovirt.engine.core.common.businessentities.VDS; import org.ovirt.engine.core.common.errors.VdcBLLException; import org.ovirt.engine.core.common.errors.VdcBllErrors; -import org.ovirt.engine.core.utils.ssl.AuthSSLProtocolSocketFactory; -import org.codehaus.jackson.map.ObjectMapper; -import org.codehaus.jackson.map.DeserializationConfig.Feature; import org.ovirt.engine.core.uutils.crypto.CryptMD5; public class ForemanHostProviderProxy extends BaseProviderProxy implements HostProviderProxy { - - private Provider hostProvider; - - private HttpClient httpClient = new HttpClient(); private ObjectMapper objectMapper = new ObjectMapper(); private static final String API_ENTRY_POINT = "/api/v2"; @@ -73,58 +48,60 @@ public ForemanHostProviderProxy(Provider hostProvider) { super(hostProvider); - this.hostProvider = hostProvider; - initHttpClient(); + objectMapper.configure(Feature.FAIL_ON_UNKNOWN_PROPERTIES, false); } - private List<VDS> runHostListMethod(HttpMethod httpMethod) { + private byte[] runHttpGetMethod(String relativeUrl) { + return runHttpMethod( + HttpMethodType.GET, + "application/json; charset=utf-8", + relativeUrl, + null); + } + + private List<VDS> runHostListMethod(String relativeUrl) { try { - runHttpMethod(httpClient, httpMethod); - ForemanHostWrapper fhw = objectMapper.readValue(httpMethod.getResponseBody(), ForemanHostWrapper.class); + ForemanHostWrapper fhw = objectMapper.readValue(runHttpGetMethod(relativeUrl), ForemanHostWrapper.class); return mapHosts(Arrays.asList(fhw.getResults())); } catch (IOException e) { return null; } } - private List<ExternalDiscoveredHost> runDiscoveredHostListMethod(HttpMethod httpMethod) { + private List<ExternalDiscoveredHost> runDiscoveredHostListMethod(String relativeUrl) { try { - runHttpMethod(httpClient, httpMethod); ForemanDiscoveredHostWrapper fdw = - objectMapper.readValue(httpMethod.getResponseBody(), ForemanDiscoveredHostWrapper.class); + objectMapper.readValue(runHttpGetMethod(relativeUrl), ForemanDiscoveredHostWrapper.class); return mapDiscoveredHosts(Arrays.asList(fdw.getResults())); } catch (IOException e) { return null; } } - private List<ExternalHostGroup> runHostGroupListMethod(HttpMethod httpMethod) { + private List<ExternalHostGroup> runHostGroupListMethod(String relativeUrl) { try { - runHttpMethod(httpClient, httpMethod); ForemanHostGroupWrapper fhgw = - objectMapper.readValue(httpMethod.getResponseBody(), ForemanHostGroupWrapper.class); + objectMapper.readValue(runHttpGetMethod(relativeUrl), ForemanHostGroupWrapper.class); return mapHostGroups(Arrays.asList(fhgw.getResults())); } catch (IOException e) { return null; } } - private List<ExternalOperatingSystem> runOperationSystemMethod(HttpMethod httpMethod) { + private List<ExternalOperatingSystem> runOperationSystemMethod(String relativeUrl) { try { - runHttpMethod(httpClient, httpMethod); ForemanOperatingSystemWrapper fosw = - objectMapper.readValue(httpMethod.getResponseBody(), ForemanOperatingSystemWrapper.class); + objectMapper.readValue(runHttpGetMethod(relativeUrl), ForemanOperatingSystemWrapper.class); return mapOperationSystem(Arrays.asList(fosw.getResults())); } catch (IOException e) { return null; } } - private List<ExternalComputeResource> runComputeResourceMethod(HttpMethod httpMethod) { + private List<ExternalComputeResource> runComputeResourceMethod(String relativeUrl) { try { - runHttpMethod(httpClient, httpMethod); ForemanComputerResourceWrapper fcrw = - objectMapper.readValue(httpMethod.getResponseBody(), ForemanComputerResourceWrapper.class); + objectMapper.readValue(runHttpGetMethod(relativeUrl), ForemanComputerResourceWrapper.class); return mapComputeResource(Arrays.asList(fcrw.getResults())); } catch (IOException e) { return null; @@ -208,38 +185,31 @@ @Override public List<VDS> getAll() { - HttpMethod method = new GetMethod(ALL_HOSTS_QUERY); - return runHostListMethod(method); + return runHostListMethod(ALL_HOSTS_QUERY); } @Override public List<VDS> getFiltered(String filter) { - String url = HOSTS_ENTRY_POINT + String.format(SEARCH_QUERY_FORMAT, filter); - HttpMethod method = new GetMethod(url); - return runHostListMethod(method); + return runHostListMethod(HOSTS_ENTRY_POINT + String.format(SEARCH_QUERY_FORMAT, filter)); } @Override public List<ExternalDiscoveredHost> getDiscoveredHosts() { - HttpMethod method = new GetMethod(DISCOVERED_HOSTS_ENTRY_POINT); - return runDiscoveredHostListMethod(method); + return runDiscoveredHostListMethod(DISCOVERED_HOSTS_ENTRY_POINT); } @Override public List<ExternalHostGroup> getHostGroups() { - HttpMethod method = new GetMethod(HOST_GROUPS_QUERY); - return runHostGroupListMethod(method); + return runHostGroupListMethod(HOST_GROUPS_QUERY); } @Override public List<ExternalComputeResource> getComputeResources() { - HttpMethod method = new GetMethod(COMPUTE_RESOURCES_HOSTS_ENTRY_POINT); - return runComputeResourceMethod(method); + return runComputeResourceMethod(COMPUTE_RESOURCES_HOSTS_ENTRY_POINT); } private List<ExternalOperatingSystem> getOperationSystems() { - HttpMethod method = new GetMethod(OPERATION_SYSTEM_QUERY); - return runOperationSystemMethod(method); + return runOperationSystemMethod(OPERATION_SYSTEM_QUERY); } @Override @@ -292,38 +262,38 @@ " ]\n" + " }\n" + "}"; - PutMethod httpMethod = new PutMethod(DISCOVERED_HOSTS_ENTRY_POINT + "/" + discoverName); - RequestEntity entity = new RequestEntity() { + runHttpMethod( + HttpMethodType.PUT, + "application/json; charset=utf-8", + Paths.get(DISCOVERED_HOSTS_ENTRY_POINT, discoverName).toString(), + entityBody + ); + } + + + protected ConnectionWrapper createWrapper(HttpURLConnection result) { + return new ConnectionWrapper(result) { + @Override - public boolean isRepeatable() { - return false; + public void beforeReadResponse() throws Exception { + } @Override - public void writeRequest(OutputStream outputStream) throws IOException { - PrintWriter pr = new PrintWriter(new OutputStreamWriter(outputStream, StandardCharsets.UTF_8)); - pr.println(entityBody); - pr.flush(); - } - - @Override - public long getContentLength() { - return entityBody.getBytes(StandardCharsets.UTF_8).length; - } - - @Override - public String getContentType() { - return "application/json"; + public void afterReadResponse() throws Exception { + if (connection.getResponseCode() != HttpURLConnection.HTTP_OK + && connection.getResponseCode() != HttpURLConnection.HTTP_MOVED_TEMP) { + ForemanErrorWrapper ferr = objectMapper.readValue(response, ForemanErrorWrapper.class); + String err = StringUtils.join(ferr.getForemanError().getFull_messages(), ", "); + throw new VdcBLLException(VdcBllErrors.PROVIDER_FAILURE, err); + } } }; - httpMethod.setRequestEntity(entity); - runHttpMethod(httpClient, httpMethod); } @Override public void testConnection() { - HttpMethod httpMethod = new GetMethod(API_ENTRY_POINT); - runHttpMethod(httpClient, httpMethod); + runHttpGetMethod(API_ENTRY_POINT); // validate permissions to discovered host and host group. getDiscoveredHosts(); @@ -342,53 +312,5 @@ public void onRemoval() { } - private void runHttpMethod(HttpClient httpClient, HttpMethod httpMethod) { - try { - int result = httpClient.executeMethod(httpMethod); - if (result == HttpURLConnection.HTTP_UNAUTHORIZED) { - throw new VdcBLLException(VdcBllErrors.PROVIDER_AUTHENTICATION_FAILURE); - } - - // after post request the return value is HTTP_MOVED_TEMP on success - if (result != HttpURLConnection.HTTP_OK && result != HttpURLConnection.HTTP_MOVED_TEMP) { - ForemanErrorWrapper ferr = objectMapper.readValue(httpMethod.getResponseBody(), ForemanErrorWrapper.class); - String err = StringUtils.join(ferr.getForemanError().getFull_messages(), ", "); - throw new VdcBLLException(VdcBllErrors.PROVIDER_FAILURE, err); - } - } catch (HttpException e) { - handleException(e); - } catch (SSLException e) { - throw new VdcBLLException(VdcBllErrors.PROVIDER_SSL_FAILURE, e.getMessage()); - } catch (IOException e) { - handleException(e); - } - } - - private void initHttpClient() { - try { - URL hostUrl = getUrl(); - if (isSecured()) { - int hostPort = hostUrl.getPort() == -1 ? HttpsURL.DEFAULT_PORT : hostUrl.getPort(); - Protocol httpsProtocol = - new Protocol(String.valueOf(HttpsURL.DEFAULT_SCHEME), - (ProtocolSocketFactory) new AuthSSLProtocolSocketFactory(ExternalTrustStoreInitializer.getTrustStore(), "SSLv3"), - hostPort); - httpClient.getHostConfiguration().setHost(hostUrl.getHost(), hostPort, httpsProtocol); - } else { - int hostPort = hostUrl.getPort() == -1 ? HttpURL.DEFAULT_PORT : hostUrl.getPort(); - httpClient.getHostConfiguration().setHost(hostUrl.getHost(), hostPort); - } - objectMapper.configure(Feature.FAIL_ON_UNKNOWN_PROPERTIES, false); - if (hostProvider.getUsername() != null && hostProvider.getPassword() != null) { - Credentials hostProviderCredentials = - new UsernamePasswordCredentials(hostProvider.getUsername(), hostProvider.getPassword()); - httpClient.getState().setCredentials(AuthScope.ANY, hostProviderCredentials); - // Required when working with foreman's /api rather than accessing directly to /hosts - httpClient.getParams().setAuthenticationPreemptive(true); - } - } catch (RuntimeException e) { - handleException(e); - } - } } diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java index 6f69a00..65f7b70 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java @@ -1,34 +1,101 @@ package org.ovirt.engine.core.bll.provider; +import java.io.BufferedInputStream; +import java.io.ByteArrayOutputStream; +import java.io.File; import java.io.IOException; +import java.io.OutputStream; +import java.net.HttpURLConnection; import java.net.MalformedURLException; import java.net.URL; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; +import java.nio.charset.Charset; +import java.security.GeneralSecurityException; import java.security.cert.Certificate; -import java.security.cert.X509Certificate; -import java.util.ArrayList; import java.util.List; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLHandshakeException; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; +import javax.net.ssl.SSLException; -import org.apache.commons.httpclient.HttpURL; +import org.apache.commons.codec.binary.Base64; import org.ovirt.engine.core.common.businessentities.Provider; import org.ovirt.engine.core.common.errors.VdcBLLException; import org.ovirt.engine.core.common.errors.VdcBllErrors; +import org.ovirt.engine.core.utils.EngineLocalConfig; +import org.ovirt.engine.core.uutils.crypto.CertificateChain; +import org.ovirt.engine.core.uutils.net.HttpURLConnectionBuilder; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public abstract class BaseProviderProxy implements ProviderProxy { - private URL url; - private static final String SSL_PROTOCOL = "SSLv3"; + public static final Logger log = LoggerFactory.getLogger(BaseProviderProxy.class); - public BaseProviderProxy(Provider provider) { + public static interface ResponseCodeHandler { + void handle(final HttpURLConnection connection) throws IOException; + } + + public static class ConnectionWrapper { + + protected HttpURLConnection connection; + protected byte[] response; + + public ConnectionWrapper(final HttpURLConnection connection) { + this.connection = connection; + } + + public byte[] getResponse() throws IOException { + if (response == null) { + ByteArrayOutputStream bytesOs = new ByteArrayOutputStream(); + try (BufferedInputStream bis = new BufferedInputStream(connection.getInputStream())) { + beforeReadResponse(); + byte[] buff = new byte[8196]; + while (true) { + int read = bis.read(buff, 0, 8196); + if (read > 0) { + bytesOs.write(buff, 0, read); + } else { + break; + } + } + afterReadResponse(); + } catch (Exception ex) { + log.error("Exception is ", ex); + } + response = bytesOs.toByteArray(); + } + return response; + } + + protected void beforeReadResponse() throws Exception { + if (connection.getResponseCode() != HttpURLConnection.HTTP_OK + && connection.getResponseCode() != HttpURLConnection.HTTP_MOVED_TEMP) { + throw new VdcBLLException(VdcBllErrors.PROVIDER_FAILURE); + } + } + + protected void afterReadResponse() throws Exception { + } + + public HttpURLConnection getConnection() { + return connection; + } + + } + + private URL url; + private Provider<?> hostProvider; + private byte[] response; + + protected static enum HttpMethodType { + GET, + POST, + PUT, + DELETE + }; + + public BaseProviderProxy(Provider<?> provider) { try { url = new URL(provider.getUrl()); + this.hostProvider = provider; } catch (MalformedURLException e) { handleException(e); } @@ -40,66 +107,105 @@ @Override public List<? extends Certificate> getCertificateChain() { - if (!isSecured()) { - return null; - } - - HttpsURLConnection conn = null; - final List<X509Certificate> chain = new ArrayList<X509Certificate>(); - try { - SSLContext ctx; - ctx = SSLContext.getInstance(SSL_PROTOCOL); - ctx.init(null, createTrustManager(chain), null); - conn = (HttpsURLConnection) url.openConnection(); - conn.setSSLSocketFactory(ctx.getSocketFactory()); - conn.connect(); - return chain; - } catch (SSLHandshakeException e) { - return chain; - } catch (NoSuchAlgorithmException | IOException | KeyManagementException e) { - handleException(e); - } finally { - if (conn != null) { - conn.disconnect(); + List<? extends Certificate> result = null; + if (url.getProtocol().equalsIgnoreCase(String.valueOf("https"))) { + try { + result = CertificateChain.completeChain( + CertificateChain.getSSLPeerCertificates(url), + CertificateChain.keyStoreToTrustAnchors( ExternalTrustStoreInitializer.getTrustStore())); + } catch (IOException | GeneralSecurityException e) { + handleException(e); } } - return null; + return result; } protected static void handleException(Exception e) { throw new VdcBLLException(VdcBllErrors.PROVIDER_FAILURE, e.getMessage()); } - protected boolean isSecured() { - boolean secured = true; - if (url.getProtocol().equalsIgnoreCase(String.valueOf(HttpURL.DEFAULT_SCHEME))) { - secured = false; + protected ConnectionWrapper createConnection(String relativePath) { + + URL hostUrl = getUrl(); + HttpURLConnectionBuilder builder = null; + HttpURLConnection result = null; + try { + builder = new HttpURLConnectionBuilder().appendRelativePath(hostUrl, relativePath); + if (new File(EngineLocalConfig.getInstance().getExternalProvidersTrustStore().getAbsolutePath()).exists()) { + builder + .setTrustStore( + EngineLocalConfig.getInstance().getExternalProvidersTrustStore().getAbsolutePath()) + .setTrustStorePassword(EngineLocalConfig.getInstance().getExternalProvidersTrustStorePassword()) + .setTrustStoreType(EngineLocalConfig.getInstance().getExternalProvidersTrustStoreType()); + } + result = builder.create(); + handleCredentials(result); + } catch (Exception ex) { + log.error("Cannot communicate with provider", ex); + throw new VdcBLLException(VdcBllErrors.PROVIDER_FAILURE); } - return secured; + + return createWrapper(result); } - private TrustManager[] createTrustManager(final List<X509Certificate> chain) { - return new TrustManager[]{ - new X509TrustManager() { - public X509Certificate[] getAcceptedIssuers() { - return new X509Certificate[] {}; - } - public void checkClientTrusted( - X509Certificate[] certs, - String authType - ) { - } - public void checkServerTrusted( - X509Certificate[] certs, - String authType - ) { - // Still need to verify that the root certificate is returned also - // when it is trusted by the JRE truststore (cacerts file) - for (X509Certificate cert : certs) { - chain.add(cert); - } - } - } - }; + protected ConnectionWrapper createWrapper(HttpURLConnection result) { + return new ConnectionWrapper(result); } + + + protected void handleCredentials(HttpURLConnection connection) { + if (hostProvider.getUsername() != null && hostProvider.getPassword() != null) { + connection.setRequestProperty( + "Authorization", + String.format("Basic %1$s", + new Base64(0).encodeToString( + String.format("%1$s:%2$s", hostProvider.getUsername(), hostProvider.getPassword()) + .getBytes(Charset.forName("UTF-8"))) + ) + .toString()); + } + } + + protected byte[] runHttpMethod(HttpMethodType httpMethod, + String contentType, + String relativeUrl, + String body) { + ConnectionWrapper wrapper = createConnection(relativeUrl); + return runHttpMethod(httpMethod, contentType, relativeUrl, body, wrapper); + } + + protected byte[] runHttpMethod(HttpMethodType httpMethod, + String contentType, + String relativeUrl, + String body, ConnectionWrapper wrapper) { + byte[] result = null; + try { + response = null; + wrapper.getConnection().setRequestProperty("Content-Type", contentType); + wrapper.getConnection().setDoInput(true); + wrapper.getConnection().setDoOutput(httpMethod != HttpMethodType.GET); + wrapper.getConnection().setRequestMethod(httpMethod.toString()); + if (body != null) { + byte[] bytes = body.getBytes(Charset.forName("UTF-8")); + wrapper.getConnection().setRequestProperty("Content-Length", + new StringBuilder().append(bytes.length).toString()); + + try (OutputStream outputStream = wrapper.getConnection().getOutputStream()) { + outputStream.write(bytes); + } + } + result = wrapper.getResponse(); + } catch (SSLException e) { + throw new VdcBLLException(VdcBllErrors.PROVIDER_SSL_FAILURE, e.getMessage()); + } catch (IOException e) { + handleException(e); + } finally { + if (wrapper != null) { + wrapper.getConnection().disconnect(); + } + } + return result; + } + + } diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java index 6ca5183..ea30878 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java @@ -3,7 +3,6 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; -import java.io.InputStream; import java.io.OutputStream; import java.security.KeyStore; @@ -36,16 +35,24 @@ } public static KeyStore getTrustStore() { - try (InputStream in = new FileInputStream(getTrustStorePath())) { - // TODO: do not use password of other store - String password = EngineLocalConfig.getInstance().getPKITrustStorePassword(); - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(in, password.toCharArray()); - return ks; + KeyStore ks = null; + try { + ks = EngineLocalConfig.getInstance().getExternalProvidersTrustStore().exists() ? + KeyStore.getInstance(EngineLocalConfig.getInstance().getExternalProvidersTrustStoreType()) + : null; + if (ks != null) { + try (FileInputStream ksFileInputStream = + new FileInputStream(EngineLocalConfig.getInstance().getExternalProvidersTrustStore())) { + ks.load(ksFileInputStream, EngineLocalConfig.getInstance() + .getExternalProvidersTrustStorePassword() + .toCharArray()); + } + } + } catch (Exception ex) { + throw new RuntimeException(ex); } - catch (Exception e) { - throw new RuntimeException(e); - } + return ks; + } public static void setTrustStore(KeyStore keystore) { diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/EngineLocalConfig.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/EngineLocalConfig.java index 83dcea4..0ed47a3 100644 --- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/EngineLocalConfig.java +++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/EngineLocalConfig.java @@ -142,6 +142,18 @@ return getFile("ENGINE_CACHE"); } + public File getExternalProvidersTrustStore() { + return getFile("ENGINE_EXTERNAL_PROVIDERS_TRUST_STORE"); + } + + public String getExternalProvidersTrustStoreType() { + return getProperty("ENGINE_EXTERNAL_PROVIDERS_TRUST_STORE_TYPE"); + } + + public String getExternalProvidersTrustStorePassword() { + return getProperty("ENGINE_EXTERNAL_PROVIDERS_TRUST_STORE_PASSWORD"); + } + /** * Gets the port number where the engine can be contacted using HTTP from * external hosts. This will usually be the proxy HTTP port if the proxy is diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssl/AuthSSLProtocolSocketFactory.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssl/AuthSSLProtocolSocketFactory.java index 4a952ca..474efae 100644 --- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssl/AuthSSLProtocolSocketFactory.java +++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssl/AuthSSLProtocolSocketFactory.java @@ -183,6 +183,7 @@ * </p> */ +@Deprecated public class AuthSSLProtocolSocketFactory implements SecureProtocolSocketFactory { /** Log object for this class. */ diff --git a/packaging/services/ovirt-engine/ovirt-engine.conf.in b/packaging/services/ovirt-engine/ovirt-engine.conf.in index caf1606..11eb01f 100644 --- a/packaging/services/ovirt-engine/ovirt-engine.conf.in +++ b/packaging/services/ovirt-engine/ovirt-engine.conf.in @@ -199,7 +199,10 @@ # # PKI artifacts # -SENSITIVE_KEYS="${SENSITIVE_KEYS},ENGINE_PKI_TRUST_STORE_PASSWORD,ENGINE_PKI_ENGINE_STORE_PASSWORD" +SENSITIVE_KEYS="${SENSITIVE_KEYS},ENGINE_PKI_TRUST_STORE_PASSWORD,ENGINE_PKI_ENGINE_STORE_PASSWORD,ENGINE_EXTERNAL_PROVIDERS_TRUST_STORE_PASSWORD" +ENGINE_EXTERNAL_PROVIDERS_TRUST_STORE="${ENGINE_VAR}/external_truststore" +ENGINE_EXTERNAL_PROVIDERS_TRUST_STORE_TYPE=JKS +ENGINE_EXTERNAL_PROVIDERS_TRUST_STORE_PASSWORD=changeit ENGINE_PKI_CA=${ENGINE_PKI}/ca.pem ENGINE_PKI_ENGINE_CERT=${ENGINE_PKI}/certs/engine.cer ENGINE_PKI_TRUST_STORE=${ENGINE_PKI}/.truststore -- To view, visit http://gerrit.ovirt.org/35832 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I727d34c33f357b93560d4b5a1784b3733b7fa293 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.5 Gerrit-Owner: Yair Zaslavsky <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
