Piotr Kliczewski has uploaded a new change for review. Change subject: core: configurable ssl protocol ......................................................................
core: configurable ssl protocol We need to make ssl protocol configurable. Change-Id: I33a33c15e8a995eb8de7d5131b3dbadc6191f873 Signed-off-by: pkliczewski <piotr.kliczew...@gmail.com> Bug-Url: https://bugzilla.redhat.com/1154184 --- M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java M backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/EngineManagerProvider.java M backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/JsonRpcUtils.java M backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/TransportFactory.java M backend/manager/modules/vdsbroker/src/test/java/org/ovirt/engine/core/vdsbroker/jsonrpc/JsonRpcIntegrationTest.java M packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql 6 files changed, 35 insertions(+), 9 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/72/34372/1 diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java index ef4bd46..e4fd3a4 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java @@ -374,6 +374,9 @@ @TypeConverterAttribute(Boolean.class) @DefaultValueAttribute("true") EncryptHostCommunication, + @TypeConverterAttribute(String.class) + @DefaultValueAttribute("TLS") + SSLProtocol, @Reloadable @TypeConverterAttribute(String.class) @DefaultValueAttribute("oVirt") diff --git a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/EngineManagerProvider.java b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/EngineManagerProvider.java index 16d7561..98e8f21 100644 --- a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/EngineManagerProvider.java +++ b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/EngineManagerProvider.java @@ -1,8 +1,11 @@ package org.ovirt.engine.core.vdsbroker.jsonrpc; import java.security.GeneralSecurityException; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import org.ovirt.engine.core.utils.crypt.EngineEncryptionUtils; @@ -15,6 +18,12 @@ */ public class EngineManagerProvider extends ManagerProvider { + private String sslProtocol; + + public EngineManagerProvider(String sslProtocol) { + this.sslProtocol = sslProtocol; + } + @Override public KeyManager[] getKeyManagers() throws GeneralSecurityException { return EngineEncryptionUtils.getKeyManagers(); @@ -25,4 +34,15 @@ return EngineEncryptionUtils.getTrustManagers(); } + @Override + public SSLContext getSSLContext() throws GeneralSecurityException { + final SSLContext context; + try { + context = SSLContext.getInstance(this.sslProtocol); + context.init(getKeyManagers(), getTrustManagers(), null); + } catch (KeyManagementException | NoSuchAlgorithmException ex) { + throw new RuntimeException(ex); + } + return context; + } } diff --git a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/JsonRpcUtils.java b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/JsonRpcUtils.java index 6406397..b8ae620 100644 --- a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/JsonRpcUtils.java +++ b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/JsonRpcUtils.java @@ -18,21 +18,21 @@ private static Logger log = LoggerFactory.getLogger(JsonRpcUtils.class); public static JsonRpcClient createStompClient(String hostname, int port, int connectionTimeout, - int clientTimeout, int connectionRetry, int heartbeat, boolean isSecure) { - return createClient(hostname, port, connectionTimeout, clientTimeout, connectionRetry, heartbeat, isSecure, ReactorType.STOMP); + int clientTimeout, int connectionRetry, int heartbeat, boolean isSecure, String protocol) { + return createClient(hostname, port, connectionTimeout, clientTimeout, connectionRetry, heartbeat, isSecure, ReactorType.STOMP, protocol); } - private static ManagerProvider getManagerProvider(boolean isSecure) { + private static ManagerProvider getManagerProvider(boolean isSecure, String protocol) { ManagerProvider provider = null; if (isSecure) { - provider = new EngineManagerProvider(); + provider = new EngineManagerProvider(protocol); } return provider; } private static JsonRpcClient createClient(String hostname, int port, int connectionTimeout, - int clientTimeout, int connectionRetry, int heartbeat, boolean isSecure, ReactorType type) { - final ManagerProvider provider = getManagerProvider(isSecure); + int clientTimeout, int connectionRetry, int heartbeat, boolean isSecure, ReactorType type, String protocol) { + final ManagerProvider provider = getManagerProvider(isSecure, protocol); try { final Reactor reactor = ReactorFactory.getReactor(provider, type); return getJsonClient(reactor, hostname, port, connectionTimeout, clientTimeout, connectionRetry, heartbeat); diff --git a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/TransportFactory.java b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/TransportFactory.java index 7f9d146..4b8e69c 100644 --- a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/TransportFactory.java +++ b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/TransportFactory.java @@ -20,7 +20,8 @@ if (VdsProtocol.STOMP == vdsProtocol) { irsServer = new JsonRpcIIrsServer(JsonRpcUtils.createStompClient(hostname, port, connectionTimeOut, clientTimeOut, clientRetries, heartbeat, - Config.<Boolean> getValue(ConfigValues.EncryptHostCommunication))); + Config.<Boolean> getValue(ConfigValues.EncryptHostCommunication), + Config.<String> getValue(ConfigValues.SSLProtocol))); } else if (VdsProtocol.XML == vdsProtocol){ Pair<IrsServerConnector, HttpClient> returnValue = XmlRpcUtils.getConnection(hostname, port, clientTimeOut, connectionTimeOut, @@ -42,7 +43,8 @@ if (VdsProtocol.STOMP == vdsProtocol) { vdsServer = new JsonRpcVdsServer(JsonRpcUtils.createStompClient(hostname, port, connectionTimeOut, clientTimeOut, clientRetries, heartbeat, - Config.<Boolean> getValue(ConfigValues.EncryptHostCommunication)), returnValue.getSecond()); + Config.<Boolean> getValue(ConfigValues.EncryptHostCommunication), + Config.<String> getValue(ConfigValues.SSLProtocol)), returnValue.getSecond()); } else if (VdsProtocol.XML == vdsProtocol) { vdsServer = new VdsServerWrapper(returnValue.getFirst(), returnValue.getSecond()); } diff --git a/backend/manager/modules/vdsbroker/src/test/java/org/ovirt/engine/core/vdsbroker/jsonrpc/JsonRpcIntegrationTest.java b/backend/manager/modules/vdsbroker/src/test/java/org/ovirt/engine/core/vdsbroker/jsonrpc/JsonRpcIntegrationTest.java index d4faefa..170718b 100644 --- a/backend/manager/modules/vdsbroker/src/test/java/org/ovirt/engine/core/vdsbroker/jsonrpc/JsonRpcIntegrationTest.java +++ b/backend/manager/modules/vdsbroker/src/test/java/org/ovirt/engine/core/vdsbroker/jsonrpc/JsonRpcIntegrationTest.java @@ -27,7 +27,7 @@ @Test public void testGetVdsCapabilities() throws InterruptedException, ExecutionException, ClientConnectionException { - JsonRpcClient client = JsonRpcUtils.createStompClient(HOST_ADDRESS, PORT, TIMEOUT, 0, TIMEOUT, TIMEOUT, true); + JsonRpcClient client = JsonRpcUtils.createStompClient(HOST_ADDRESS, PORT, TIMEOUT, 0, TIMEOUT, TIMEOUT, true, "TLS"); final JsonRpcRequest request = new RequestBuilder("Host.getCapabilities").build(); Map<String, Object> map = new FutureMap(client, request); assertTrue(map.isEmpty()); diff --git a/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql b/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql index 6195759..6f86554 100644 --- a/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql +++ b/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql @@ -633,6 +633,7 @@ select fn_db_add_config_value('DelayResetPerVmInSeconds','0.5','general'); --Handling Use Secure Connection with Hosts select fn_db_add_config_value('EncryptHostCommunication','true','general'); +select fn_db_add_config_value('SSLProtocol','TLS','general'); select fn_db_add_config_value('TimeToReduceFailedRunOnVdsInMinutes','30','general'); select fn_db_add_config_value('UnknownTaskPrePollingLapse','60000','general'); select fn_db_add_config_value('UserSessionHardLimit','600','general'); -- To view, visit http://gerrit.ovirt.org/34372 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I33a33c15e8a995eb8de7d5131b3dbadc6191f873 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Piotr Kliczewski <piotr.kliczew...@gmail.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
