Yair Zaslavsky has uploaded a new change for review. Change subject: engine: Import single certificate ......................................................................
engine: Import single certificate GetProviderCertificate is run instead of GetCertificateChain, and retrieves the top certicate from the chain. The user approves the certificate, and then it is imported using the new ImportProviderCertificate command which gets an encoded payload of the certificate as parmater. Change-Id: Ic9adb21ded6e6d9fb09fc68331872c1cd88f88a9 Signed-off-by: Yair Zaslavsky <[email protected]> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetProviderCertificateChainQuery.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java D backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ImportProviderCertificateChainCommand.java A backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/ImportProviderCertificateParameters.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java A backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/CertificateInfo.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java M frontend/webadmin/modules/gwt-common/src/main/resources/org/ovirt/engine/core/Common.gwt.xml M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/dataprovider/AsyncDataProvider.java M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/help/HelpTag.java M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/providers/ProviderModel.java M frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java M frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIMessages.java 14 files changed, 251 insertions(+), 177 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/34/35834/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetProviderCertificateChainQuery.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetProviderCertificateChainQuery.java index 352751b..883d474 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetProviderCertificateChainQuery.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetProviderCertificateChainQuery.java @@ -1,37 +1,70 @@ package org.ovirt.engine.core.bll; +import java.security.GeneralSecurityException; +import java.security.MessageDigest; import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.util.ArrayList; import java.util.List; +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.codec.binary.Hex; import org.ovirt.engine.core.bll.provider.ProviderProxy; import org.ovirt.engine.core.bll.provider.ProviderProxyFactory; +import org.ovirt.engine.core.common.businessentities.CertificateInfo; import org.ovirt.engine.core.common.businessentities.Provider; import org.ovirt.engine.core.common.queries.ProviderQueryParameters; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class GetProviderCertificateChainQuery<P extends ProviderQueryParameters> extends QueriesCommandBase<P> { + + private static Logger log = LoggerFactory.getLogger(GetProviderCertificateChainQuery.class); + public GetProviderCertificateChainQuery(P parameters) { super(parameters); } - private Provider getProvider() { + private Provider<?> getProvider() { return getParameters().getProvider(); } @Override protected void executeQueryCommand() { - Provider provider = getProvider(); - ProviderProxy proxy = ProviderProxyFactory.getInstance().create(provider); - getQueryReturnValue().setReturnValue(chainToString(proxy.getCertificateChain())); + Provider<?> provider = getProvider(); + try { + ProviderProxy proxy = ProviderProxyFactory.getInstance().create(provider); + List<? extends Certificate> chain = proxy.getCertificateChain(); + if (!chain.isEmpty()) { + List<CertificateInfo> results = new ArrayList<CertificateInfo>(); + for (Certificate cert : chain) { + if (cert instanceof X509Certificate) { + results.add(createCertificateInfo((X509Certificate) cert)); + } + } + getQueryReturnValue().setReturnValue(results); + } + } catch (Exception e) { + log.error("Error in encoding certificate. Error is {} " + e.getMessage()); + log.debug("Exeption:", e); + } } - private String chainToString(List<? extends Certificate> chain) { - StringBuilder certStringBuilder = new StringBuilder(); - if (chain != null) { - for( Certificate certificate : chain ) { - certStringBuilder.append(certificate.toString()); - certStringBuilder.append('\n'); - } + private CertificateInfo createCertificateInfo(X509Certificate cert) throws GeneralSecurityException { + MessageDigest sha1 = MessageDigest.getInstance("SHA1"); + sha1.update(cert.getEncoded()); + + boolean selfSigned = false; + try { + cert.verify(cert.getPublicKey()); + selfSigned = true; + } catch (GeneralSecurityException e) { + // ignore } - return certStringBuilder.toString(); + + return new CertificateInfo(new Base64(0).encodeToString(cert.getEncoded()), + cert.getSubjectX500Principal().toString(), cert.getIssuerX500Principal().toString(), + selfSigned, Hex.encodeHexString(sha1.digest())); } + } diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java index 65f7b70..1a224a7 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java @@ -58,7 +58,13 @@ } afterReadResponse(); } catch (Exception ex) { - log.error("Exception is ", ex); + log.error("Exception is {} ", ex.getMessage()); + log.debug("Exception: ", ex); + if (ex instanceof VdcBLLException) { + throw (VdcBLLException) ex; + } else { + throw new VdcBLLException(VdcBllErrors.PROVIDER_FAILURE, ex.getMessage()); + } } response = bytesOs.toByteArray(); } diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java index 7707911..56ebf41 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java @@ -57,7 +57,7 @@ throw new RuntimeException(e); } finally { if (tempFile != null && !tempFile.delete()) { - log.error("Cannot delete '{}'", tempFile.getAbsolutePath()); + log.error(String.format("Cannot delete '%1$s'", tempFile.getAbsolutePath())); } } } diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ImportProviderCertificateChainCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ImportProviderCertificateChainCommand.java deleted file mode 100644 index a99aea3..0000000 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ImportProviderCertificateChainCommand.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.ovirt.engine.core.bll.provider; - -import java.security.cert.Certificate; -import java.util.Collections; -import java.util.List; - -import org.ovirt.engine.core.bll.CommandBase; -import org.ovirt.engine.core.bll.utils.PermissionSubject; -import org.ovirt.engine.core.common.AuditLogType; -import org.ovirt.engine.core.common.VdcObjectType; -import org.ovirt.engine.core.common.action.ProviderParameters; -import org.ovirt.engine.core.common.businessentities.ActionGroup; -import org.ovirt.engine.core.common.businessentities.Provider; -import org.ovirt.engine.core.common.errors.VdcBLLException; -import org.ovirt.engine.core.common.errors.VdcBllErrors; -import org.ovirt.engine.core.common.errors.VdcBllMessages; -import org.ovirt.engine.core.compat.Guid; - -/* - * This command class imports a certificate chain of an external provider into the external trust store. - */ -public class ImportProviderCertificateChainCommand<P extends ProviderParameters> extends CommandBase<P> { - - public ImportProviderCertificateChainCommand(Guid commandId) { - super(commandId); - } - - public ImportProviderCertificateChainCommand(P parameters) { - super(parameters); - } - - private Provider getProvider() { - return getParameters().getProvider(); - } - - public String getProviderName() { - return getProvider().getName(); - } - - @Override - protected void executeCommand() { - Provider provider = getProvider(); - ProviderProxy proxy = ProviderProxyFactory.getInstance().create(provider); - List<? extends Certificate> chain = proxy.getCertificateChain(); - saveChainToTrustStore(chain); - } - - @Override - public List<PermissionSubject> getPermissionCheckSubjects() { - // Currently it requires what's required for adding a new Provider - // Need to revisit that when designing the permission scheme for providers - return Collections.singletonList(new PermissionSubject(Guid.SYSTEM, - VdcObjectType.System, - ActionGroup.CREATE_STORAGE_POOL)); - } - - private void saveChainToTrustStore(List<? extends Certificate> chain) { - if (chain != null && chain.size() > 0) { - try { - ExternalTrustStoreInitializer.addCertificate(chain.get(chain.size()-1)); - setSucceeded(true); - } catch (Throwable e) { - handleException(e); - } - } - } - - @Override - public AuditLogType getAuditLogTypeValue() { - return getSucceeded() ? AuditLogType.PROVIDER_CERTIFICATE_CHAIN_IMPORTED : AuditLogType.PROVIDER_CERTIFICATE_CHAIN_IMPORT_FAILED; - } - - @Override - protected void setActionMessageParameters() { - addCanDoActionMessage(VdcBllMessages.VAR__ACTION__IMPORT); - addCanDoActionMessage(VdcBllMessages.VAR__TYPE__PROVIDER_CERTIFICATE_CHAIN); - } - - private void handleException(Throwable e) { - throw new VdcBLLException(VdcBllErrors.PROVIDER_IMPORT_CERTIFICATE_CHAIN_ERROR, e.getMessage()); - } -} diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/ImportProviderCertificateParameters.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/ImportProviderCertificateParameters.java new file mode 100644 index 0000000..8ca59a6 --- /dev/null +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/ImportProviderCertificateParameters.java @@ -0,0 +1,38 @@ +package org.ovirt.engine.core.common.action; + +import org.ovirt.engine.core.common.businessentities.Provider; + +public class ImportProviderCertificateParameters extends ProviderParameters { + + /** + * + */ + private static final long serialVersionUID = 2158065009589899085L; + private String certificate; + + public ImportProviderCertificateParameters(final Provider<?> provider, + final String certificate) { + super(provider); + this.certificate = certificate; + } + + public ImportProviderCertificateParameters() { + } + + /** + * Gets the base64 encoding for the certificate + * @return encoded certificate + */ + public String getCertificate() { + return certificate; + } + + /** + * Sets base64 encoding of the certificate + * @param encoded certificate + */ + public void setCertificate(final String certificate) { + this.certificate = certificate; + } + +} diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java index 920deef..497c2be 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java @@ -317,7 +317,7 @@ UpdateProvider(1601, false, QuotaDependency.NONE), RemoveProvider(1602, false, QuotaDependency.NONE), TestProviderConnectivity(1603, false, QuotaDependency.NONE), - ImportProviderCertificateChain(1604, false, QuotaDependency.NONE), + ImportProviderCertificate(1604, false, QuotaDependency.NONE), AddNetworkOnProvider(1605, ActionGroup.CREATE_STORAGE_POOL_NETWORK, false, QuotaDependency.NONE), AddSubnetToProvider(1606, false, QuotaDependency.NONE), RemoveSubnetFromProvider(1607, false, QuotaDependency.NONE), diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/CertificateInfo.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/CertificateInfo.java new file mode 100644 index 0000000..fb191cb --- /dev/null +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/CertificateInfo.java @@ -0,0 +1,65 @@ +package org.ovirt.engine.core.common.businessentities; + +import java.io.Serializable; + +public class CertificateInfo implements Serializable { + + private static final long serialVersionUID = 3805409159359700576L; + private String payload; + private String subject; + private String issuer; + private String sha1Fingerprint; + private boolean selfSigned; + + public CertificateInfo() { + } + + public CertificateInfo(String payload, String subject, String issuer, boolean selfSigned, String sha1Fingerprint) { + this.payload = payload; + this.subject = subject; + this.issuer = issuer; + this.selfSigned = selfSigned; + this.sha1Fingerprint = sha1Fingerprint; + } + + public String getPayload() { + return payload; + } + + public void setPayload(String payload) { + this.payload = payload; + } + + public String getSubject() { + return subject; + } + + public void setSubject(String subject) { + this.subject = subject; + } + + public String getIssuer() { + return issuer; + } + + public void setIssuer(String issuer) { + this.issuer = issuer; + } + + public boolean getSelfSigned() { + return selfSigned; + } + + public void setSelfSigned(boolean selfSigned) { + this.selfSigned = selfSigned; + } + + public String getSHA1Fingerprint() { + return sha1Fingerprint; + } + + public void setSHA1Fingerprint(String sha1Fingerprint) { + this.sha1Fingerprint = sha1Fingerprint; + } + +} diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java index 4c418b5..6573f46 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java @@ -48,7 +48,7 @@ GetHostGroupsFromExternalProvider(), GetComputeResourceFromExternalProvider(), GetDiscoveredHostListFromExternalProvider(), - GetProviderCertificateChain(), + GetProviderCertificateChain, GetHostsForStorageOperation, GetServerSSHPublicKey, GetServerSSHKeyFingerprint, diff --git a/frontend/webadmin/modules/gwt-common/src/main/resources/org/ovirt/engine/core/Common.gwt.xml b/frontend/webadmin/modules/gwt-common/src/main/resources/org/ovirt/engine/core/Common.gwt.xml index f6e9faa..a96dbef 100644 --- a/frontend/webadmin/modules/gwt-common/src/main/resources/org/ovirt/engine/core/Common.gwt.xml +++ b/frontend/webadmin/modules/gwt-common/src/main/resources/org/ovirt/engine/core/Common.gwt.xml @@ -47,6 +47,7 @@ <include name="common/businessentities/InitializationType.java" /> <include name="common/businessentities/Nameable.java" /> <include name="common/businessentities/Provider.java" /> + <include name="common/businessentities/CertificateInfo.java" /> <include name="common/businessentities/ProviderType.java" /> <include name="common/businessentities/ScsiGenericIO.java" /> <include name="common/businessentities/TenantProviderProperties.java" /> diff --git a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/dataprovider/AsyncDataProvider.java b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/dataprovider/AsyncDataProvider.java index 4cb9423..35a3265 100644 --- a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/dataprovider/AsyncDataProvider.java +++ b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/dataprovider/AsyncDataProvider.java @@ -27,6 +27,7 @@ import org.ovirt.engine.core.common.action.gluster.GlusterVolumeRemoveBricksQueriesParameters; import org.ovirt.engine.core.common.businessentities.ActionGroup; import org.ovirt.engine.core.common.businessentities.ArchitectureType; +import org.ovirt.engine.core.common.businessentities.CertificateInfo; import org.ovirt.engine.core.common.businessentities.Disk; import org.ovirt.engine.core.common.businessentities.DiskImage; import org.ovirt.engine.core.common.businessentities.DiskInterface; @@ -3002,10 +3003,15 @@ @Override public Object Convert(Object source, AsyncQuery _asyncQuery) { + if (source == null) { + return Collections.<CertificateInfo> emptyList(); + } return source; } }; - Frontend.getInstance().runQuery(VdcQueryType.GetProviderCertificateChain, new ProviderQueryParameters(provider), aQuery); + Frontend.getInstance().runQuery(VdcQueryType.GetProviderCertificateChain, + new ProviderQueryParameters(provider), + aQuery); } private static void getAllChildVlanInterfaces(Guid vdsID, diff --git a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/help/HelpTag.java b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/help/HelpTag.java index 4edc1bf..ea46cd3 100644 --- a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/help/HelpTag.java +++ b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/help/HelpTag.java @@ -216,7 +216,7 @@ import_pre_configured_domain("import_pre_configured_domain", HelpTagType.WEBADMIN), //$NON-NLS-1$ - import_provider_certificates("import_provider_certificates", HelpTagType.WEBADMIN, "Provider main tab -> Add/Edit Provider dialog -> confirmation dialog on importing a provider certificate chain:"), //$NON-NLS-1$ //$NON-NLS-2$ + import_provider_certificate("import_provider_certificate", HelpTagType.WEBADMIN, "Provider main tab -> Add/Edit Provider dialog -> confirmation dialog on importing a provider certificate:"), //$NON-NLS-1$ //$NON-NLS-2$ import_template("import_template", HelpTagType.WEBADMIN, "Storage Tab > Import Template > Import Template(s)"), //$NON-NLS-1$ //$NON-NLS-2$ diff --git a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/providers/ProviderModel.java b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/providers/ProviderModel.java index affad3c..95da3dc 100644 --- a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/providers/ProviderModel.java +++ b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/providers/ProviderModel.java @@ -5,14 +5,15 @@ import java.util.Collections; import java.util.List; +import org.ovirt.engine.core.common.action.ImportProviderCertificateParameters; import org.ovirt.engine.core.common.action.ProviderParameters; import org.ovirt.engine.core.common.action.VdcActionType; import org.ovirt.engine.core.common.action.VdcReturnValueBase; +import org.ovirt.engine.core.common.businessentities.CertificateInfo; import org.ovirt.engine.core.common.businessentities.OpenStackImageProviderProperties; import org.ovirt.engine.core.common.businessentities.Provider; import org.ovirt.engine.core.common.businessentities.ProviderType; import org.ovirt.engine.core.common.businessentities.TenantProviderProperties; -import org.ovirt.engine.core.common.errors.VdcBllErrors; import org.ovirt.engine.core.common.queries.ConfigurationValues; import org.ovirt.engine.core.compat.StringHelper; import org.ovirt.engine.ui.frontend.AsyncQuery; @@ -44,7 +45,7 @@ private static final String CMD_SAVE = "OnSave"; //$NON-NLS-1$ private static final String CMD_TEST = "OnTest"; //$NON-NLS-1$ private static final String CMD_CANCEL = "Cancel"; //$NON-NLS-1$ - private static final String CMD_IMPORT_CHAIN = "ImportChain"; //$NON-NLS-1$ + private static final String CMD_IMPORT_CERTIFICATE = "ImportCertificate"; //$NON-NLS-1$ private static final String CMD_CANCEL_IMPORT = "CancelImport"; //$NON-NLS-1$ private static final String EMPTY_ERROR_MESSAGE = ""; //$NON-NLS-1$ @@ -67,6 +68,7 @@ private EntityModel<String> testResult = new EntityModel<String>(); private NeutronAgentModel neutronAgentModel = new NeutronAgentModel(); + private String certificate; public EntityModel<String> getName() { return name; @@ -321,89 +323,94 @@ flush(); startProgress(null); + if (provider.getUrl().startsWith(Uri.SCHEME_HTTPS)) { + AsyncDataProvider.getProviderCertificateChain(new AsyncQuery(this, new INewAsyncCallback() { + + @Override + public void onSuccess(Object model, Object returnValue) { + boolean ok = false; + certificate = null; + if (returnValue != null) { + List<CertificateInfo> certs = (List<CertificateInfo>) returnValue; + if (!certs.isEmpty()) { + certificate = certs.get(certs.size() - 1).getPayload(); + ConfirmationModel confirmationModel = + getImportCertificateConfirmationModel(certs.get(0)); + sourceListModel.setConfirmWindow(confirmationModel); + ok = true; + } + } + if (!ok) { + stopProgress(); + getTestResult().setEntity(ConstantsManager.getInstance() + .getConstants() + .testFailedUnknownErrorMsg()); + } + } + + }), + provider); + } else { + testProviderConnectivity(); + } + } + + private void testProviderConnectivity() { Frontend.getInstance().runAction(VdcActionType.TestProviderConnectivity, new ProviderParameters(provider), new IFrontendActionAsyncCallback() { - @Override - public void executed(FrontendActionAsyncResult result) { - VdcReturnValueBase res = result.getReturnValue(); - // If the connection failed on SSL issues, we try to fetch the provider certificate chain, and import it to the engine - if (isFailedOnSSL(res)) { - AsyncQuery getCertChainQuery = new AsyncQuery(); - getCertChainQuery.asyncCallback = new INewAsyncCallback() { - @Override - public void onSuccess(Object model, Object result) - { - if (result != null) { - ConfirmationModel confirmationModel = getImportChainConfirmationModel((String) result); - sourceListModel.setConfirmWindow(confirmationModel); - } else { - stopProgress(); - getTestResult().setEntity(ConstantsManager.getInstance().getConstants().testFailedUnknownErrorMsg()); - } - } - }; - AsyncDataProvider.getProviderCertificateChain(getCertChainQuery, provider); - } else { - stopProgress(); - setTestResultValue(res); - } - } - }, null, false); + @Override + public void executed(FrontendActionAsyncResult result) { + VdcReturnValueBase res = result.getReturnValue(); + // If the connection failed on SSL issues, we try to fetch the provider + // certificate chain, and import it to the engine + stopProgress(); + setTestResultValue(res); + } + }, null, false); } - private boolean isFailedOnSSL(VdcReturnValueBase res) { - return res != null && !res.getSucceeded() && res.getFault() != null && VdcBllErrors.PROVIDER_SSL_FAILURE.equals(res.getFault().getError()); + private ImportProviderCertificateParameters importCertificateParams() { + return new ImportProviderCertificateParameters(provider, certificate); } - private ConfirmationModel getImportChainConfirmationModel(String certChainString) { + private ConfirmationModel getImportCertificateConfirmationModel(CertificateInfo certInfo) { ConfirmationModel confirmationModel = new ConfirmationModel(); - confirmationModel.setMessage(ConstantsManager.getInstance().getConstants().theProviderHasTheFollowingCertificates() - + certChainString - + ConstantsManager.getInstance().getConstants().doYouApproveImportingTheseCertificates()); - confirmationModel.setTitle(ConstantsManager.getInstance().getConstants().importProviderCertificatesTitle()); - confirmationModel.setHelpTag(HelpTag.import_provider_certificates); - confirmationModel.setHashName("import_provider_certificates"); //$NON-NLS-1$ - UICommand importChainCommand = new UICommand(CMD_IMPORT_CHAIN, this); - importChainCommand.setTitle(ConstantsManager.getInstance().getConstants().ok()); - importChainCommand.setIsDefault(false); - confirmationModel.getCommands().add(importChainCommand); + if (certInfo.getSelfSigned()) { + confirmationModel.setMessage( + ConstantsManager.getInstance().getMessages().approveRootCertificateTrust( + certInfo.getSubject(), certInfo.getSHA1Fingerprint())); + } else { + confirmationModel.setMessage( + ConstantsManager.getInstance().getMessages().approveCertificateTrust( + certInfo.getSubject(), certInfo.getIssuer(), certInfo.getSHA1Fingerprint())); + } + confirmationModel.setTitle(ConstantsManager.getInstance().getConstants().importProviderCertificateTitle()); + confirmationModel.setHelpTag(HelpTag.import_provider_certificate); + confirmationModel.setHashName("import_provider_certificate"); //$NON-NLS-1$ + UICommand importCertificateCommand = new UICommand(CMD_IMPORT_CERTIFICATE, this); + importCertificateCommand.setTitle(ConstantsManager.getInstance().getConstants().yes()); + importCertificateCommand.setIsDefault(false); + confirmationModel.getCommands().add(importCertificateCommand); UICommand cancelImport = new UICommand(CMD_CANCEL_IMPORT, this); - cancelImport.setTitle(ConstantsManager.getInstance().getConstants().cancel()); + cancelImport.setTitle(ConstantsManager.getInstance().getConstants().no()); cancelImport.setIsCancel(true); cancelImport.setIsDefault(true); confirmationModel.getCommands().add(cancelImport); return confirmationModel; } - private void importChain() { - Frontend.getInstance().runAction(VdcActionType.ImportProviderCertificateChain, - new ProviderParameters(provider), + private void importCertificate() { + Frontend.getInstance().runAction(VdcActionType.ImportProviderCertificate, + importCertificateParams(), new IFrontendActionAsyncCallback() { - @Override - public void executed(FrontendActionAsyncResult result) { - VdcReturnValueBase res = result.getReturnValue(); - - if (res != null && res.getSucceeded()) { - Frontend.getInstance().runAction(VdcActionType.TestProviderConnectivity, - new ProviderParameters(provider), - new IFrontendActionAsyncCallback() { - - @Override - public void executed(FrontendActionAsyncResult result) { - VdcReturnValueBase res = result.getReturnValue(); - setTestResultValue(res); - stopProgress(); - } - }, null, false); - } else { - setTestResultValue(res); - stopProgress(); - } - } - }); + @Override + public void executed(FrontendActionAsyncResult result) { + testProviderConnectivity(); + } + }, null, false); sourceListModel.setConfirmWindow(null); } @@ -422,8 +429,8 @@ onTest(); } else if (CMD_CANCEL.equals(command.getName())) { cancel(); - } else if (CMD_IMPORT_CHAIN.equals(command.getName())) { - importChain(); + } else if (CMD_IMPORT_CERTIFICATE.equals(command.getName())) { + importCertificate(); } else if (CMD_CANCEL_IMPORT.equals(command.getName())) { cancelImport(); } diff --git a/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java b/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java index 1ef1a91..10478e1 100644 --- a/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java +++ b/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java @@ -800,14 +800,8 @@ @DefaultStringValue("Export Domain is not attached to any Data Center. Data can be retrieved only when the Domain is attached to a Data Center and is active") String ExportDomainIsNotAttachedToAnyDcMsg(); - @DefaultStringValue("The provider has the following certificates:\n") - String theProviderHasTheFollowingCertificates(); - - @DefaultStringValue("Do you approve importing this chain as trusted? (In case the chain consists of only an end certificate, it will be imported as trusted. Otherwise, all certificates will be trusted except the end certificate).") - String doYouApproveImportingTheseCertificates(); - - @DefaultStringValue("Import provider certificates") - String importProviderCertificatesTitle(); + @DefaultStringValue("Import provider certificate") + String importProviderCertificateTitle(); @DefaultStringValue("There are no networks available. Please add additional networks.") String thereAreNoNetworksAvailablePleaseAddAdditionalNetworksMsg(); diff --git a/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIMessages.java b/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIMessages.java index 93b46fd..4cfd1c7 100644 --- a/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIMessages.java +++ b/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIMessages.java @@ -406,4 +406,10 @@ @DefaultMessage("{0} ({1})") String threadsAsCoresPerSocket(int cores, int threads); + + @DefaultMessage("Do you approve trusting certificate subject {0} issued by {1}, SHA-1 fingerprint {2}?") + String approveCertificateTrust(String subject, String issuer, String sha1Fingerprint); + + @DefaultMessage("Do you approve trusting self signed certificate subject {0}, SHA-1 fingerprint {1}?") + String approveRootCertificateTrust(String subject, String sha1Fingerprint); } -- To view, visit http://gerrit.ovirt.org/35834 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ic9adb21ded6e6d9fb09fc68331872c1cd88f88a9 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.5 Gerrit-Owner: Yair Zaslavsky <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
