Yair Zaslavsky has uploaded a new change for review.
Change subject: engine: Import single certificate
......................................................................
engine: Import single certificate
GetProviderCertificate is run instead of GetCertificateChain, and retrieves
the top certicate from the chain.
The user approves the certificate, and then it is imported using the new
ImportProviderCertificate command which gets an encoded payload of the
certificate
as parmater.
Change-Id: Ic9adb21ded6e6d9fb09fc68331872c1cd88f88a9
Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com>
---
A
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetProviderCertificateQuery.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java
A
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ImportProviderCetificateCommand.java
A
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/ImportProviderCertificateParameters.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java
M
frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/dataprovider/AsyncDataProvider.java
M
frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/providers/ProviderModel.java
8 files changed, 218 insertions(+), 5 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/85/35485/1
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetProviderCertificateQuery.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetProviderCertificateQuery.java
new file mode 100644
index 0000000..7d1db8b
--- /dev/null
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetProviderCertificateQuery.java
@@ -0,0 +1,48 @@
+package org.ovirt.engine.core.bll;
+
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.util.List;
+
+import org.apache.commons.codec.binary.Base64;
+import org.ovirt.engine.core.bll.provider.ProviderProxy;
+import org.ovirt.engine.core.bll.provider.ProviderProxyFactory;
+import org.ovirt.engine.core.common.businessentities.Provider;
+import org.ovirt.engine.core.common.queries.ProviderQueryParameters;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class GetProviderCertificateQuery<P extends ProviderQueryParameters>
extends QueriesCommandBase<P> {
+
+ public GetProviderCertificateQuery(P parameters) {
+ super(parameters);
+ }
+
+ private Provider<?> getProvider() {
+ return getParameters().getProvider();
+ }
+
+ @Override
+ protected void executeQueryCommand() {
+ Provider<?> provider = getProvider();
+ ProviderProxy proxy =
ProviderProxyFactory.getInstance().create(provider);
+ List<? extends Certificate> chain = proxy.getCertificateChain();
+ if (!chain.isEmpty()) {
+ try {
+ getQueryReturnValue().setReturnValue(new
Base64().encodeToString(chain.get(0).getEncoded()));
+ } catch (CertificateEncodingException e) {
+ getQueryReturnValue().setSucceeded(false);
+ log.error("Error in encoding certificate. Error is {} " +
e.getMessage());
+ if (log.isDebugEnabled()) {
+ log.debug("", e);
+ }
+ }
+ getQueryReturnValue().setSucceeded(true);
+ } else {
+ getQueryReturnValue().setSucceeded(false);
+ }
+ }
+
+ private static Logger log =
LoggerFactory.getLogger(GetProviderCertificateQuery.class);
+
+}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java
index 9955a68..5cd1b82 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java
@@ -50,6 +50,7 @@
}
}
+ @Deprecated
public static void addCertificateChain(List<? extends Certificate> chain)
throws CertificateEncodingException,
KeyStoreException {
KeyStore ks = getTrustStore();
@@ -58,4 +59,12 @@
ks.setCertificateEntry(alias, certificate);
saveTrustStore(ks);
}
+
+ public static void addCertificate(Certificate cert) throws
CertificateEncodingException, KeyStoreException {
+ KeyStore ks = getTrustStore();
+ String alias = Integer.toString(cert.getEncoded().hashCode());
+ ks.setCertificateEntry(alias, cert);
+ saveTrustStore(ks);
+
+ }
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ImportProviderCetificateCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ImportProviderCetificateCommand.java
new file mode 100644
index 0000000..4895591
--- /dev/null
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ImportProviderCetificateCommand.java
@@ -0,0 +1,104 @@
+package org.ovirt.engine.core.bll.provider;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.commons.codec.binary.Base64;
+import org.ovirt.engine.core.bll.CommandBase;
+import org.ovirt.engine.core.bll.utils.PermissionSubject;
+import org.ovirt.engine.core.common.AuditLogType;
+import org.ovirt.engine.core.common.VdcObjectType;
+import org.ovirt.engine.core.common.action.ImportProviderCertificateParameters;
+import org.ovirt.engine.core.common.businessentities.ActionGroup;
+import org.ovirt.engine.core.common.businessentities.Provider;
+import org.ovirt.engine.core.common.errors.VdcBLLException;
+import org.ovirt.engine.core.common.errors.VdcBllErrors;
+import org.ovirt.engine.core.common.errors.VdcBllMessages;
+import org.ovirt.engine.core.compat.Guid;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/*
+ * This command class imports a certificate chain of an external provider into
the external trust store.
+ */
+public class ImportProviderCetificateCommand<P extends
ImportProviderCertificateParameters> extends CommandBase<P> {
+
+ private Certificate certificate;
+
+ public ImportProviderCetificateCommand(Guid commandId) {
+ super(commandId);
+ }
+
+ public ImportProviderCetificateCommand(P parameters) {
+ super(parameters);
+ }
+
+ private Provider getProvider() {
+ return getParameters().getProvider();
+ }
+
+ public String getProviderName() {
+ return getProvider().getName();
+ }
+
+ @Override
+ protected void executeCommand() {
+ Provider<?> provider = getProvider();
+ ProviderProxy proxy =
ProviderProxyFactory.getInstance().create(provider);
+ getParameters().getEncodedCertificate();
+ try (ByteArrayInputStream bis =
+ new ByteArrayInputStream(new
Base64(0).decode(getParameters().getEncodedCertificate()))) {
+ certificate =
CertificateFactory.getInstance("X.509").generateCertificate(bis);
+ saveCertificateToTrustStore(certificate);
+ } catch (CertificateException e) {
+ log.error("Error during import certificate occured. Error is {} ",
e);
+ if (log.isDebugEnabled()) {
+ log.debug("", e);
+ }
+ } catch (IOException e1) {
+ }
+ }
+
+ @Override
+ public List<PermissionSubject> getPermissionCheckSubjects() {
+ // Currently it requires what's required for adding a new Provider
+ // Need to revisit that when designing the permission scheme for
providers
+ return Collections.singletonList(new PermissionSubject(Guid.SYSTEM,
+ VdcObjectType.System,
+ ActionGroup.CREATE_STORAGE_POOL));
+ }
+
+ private void saveCertificateToTrustStore(final Certificate cert) {
+ if (cert != null) {
+ try {
+ ExternalTrustStoreInitializer.addCertificate(cert);
+ setSucceeded(true);
+ } catch (Throwable e) {
+ handleException(e);
+ }
+ }
+ }
+
+ @Override
+ public AuditLogType getAuditLogTypeValue() {
+ return getSucceeded() ?
AuditLogType.PROVIDER_CERTIFICATE_CHAIN_IMPORTED
+ : AuditLogType.PROVIDER_CERTIFICATE_CHAIN_IMPORT_FAILED;
+ }
+
+ @Override
+ protected void setActionMessageParameters() {
+ addCanDoActionMessage(VdcBllMessages.VAR__ACTION__IMPORT);
+
addCanDoActionMessage(VdcBllMessages.VAR__TYPE__PROVIDER_CERTIFICATE_CHAIN);
+ }
+
+ private void handleException(Throwable e) {
+ throw new
VdcBLLException(VdcBllErrors.PROVIDER_IMPORT_CERTIFICATE_CHAIN_ERROR,
e.getMessage());
+ }
+
+ private static final Logger log =
LoggerFactory.getLogger(ImportProviderCetificateCommand.class);
+}
diff --git
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/ImportProviderCertificateParameters.java
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/ImportProviderCertificateParameters.java
new file mode 100644
index 0000000..14a01fd
--- /dev/null
+++
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/ImportProviderCertificateParameters.java
@@ -0,0 +1,33 @@
+package org.ovirt.engine.core.common.action;
+
+import javax.validation.Valid;
+import javax.validation.constraints.NotNull;
+
+import org.ovirt.engine.core.common.businessentities.Provider;
+
+public class ImportProviderCertificateParameters extends ProviderParameters {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -5926150504207933496L;
+
+ @Valid
+ @NotNull
+ private String certificate;
+
+ private String encodedCertificate;
+
+ public ImportProviderCertificateParameters() {
+ }
+
+ public ImportProviderCertificateParameters(final Provider<?> provider,
final String encodedCertificate) {
+ super(provider);
+ this.encodedCertificate = encodedCertificate;
+ }
+
+ public String getEncodedCertificate() {
+ return encodedCertificate;
+ }
+
+}
diff --git
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
index e99a0ee..4fd3d76 100644
---
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
+++
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
@@ -318,6 +318,7 @@
AddNetworkOnProvider(1605, ActionGroup.CREATE_STORAGE_POOL_NETWORK, false,
QuotaDependency.NONE),
AddSubnetToProvider(1606, false, QuotaDependency.NONE),
RemoveSubnetFromProvider(1607, false, QuotaDependency.NONE),
+ ImportProviderCertificate(1608, false, QuotaDependency.NONE),
AddWatchdog(1700, ActionGroup.EDIT_VM_PROPERTIES, QuotaDependency.NONE),
UpdateWatchdog(1701, ActionGroup.EDIT_VM_PROPERTIES, QuotaDependency.NONE),
diff --git
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java
index 58e08fd..47b5941 100644
---
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java
+++
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java
@@ -50,6 +50,7 @@
GetDiscoveredHostListFromExternalProvider(),
GetProviderCertificateChainText,
GetProviderCertificateChain,
+ GetProviderCertificate,
GetHostsForStorageOperation,
GetServerSSHPublicKey,
GetServerSSHKeyFingerprint,
diff --git
a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/dataprovider/AsyncDataProvider.java
b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/dataprovider/AsyncDataProvider.java
index ee962cd..2b106a9 100644
---
a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/dataprovider/AsyncDataProvider.java
+++
b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/dataprovider/AsyncDataProvider.java
@@ -3027,9 +3027,23 @@
return source;
}
};
-
Frontend.getInstance().runQuery(VdcQueryType.GetProviderCertificateChainText,
new ProviderQueryParameters(provider), aQuery);
+
Frontend.getInstance().runQuery(VdcQueryType.GetProviderCertificateChain, new
ProviderQueryParameters(provider), aQuery);
}
+ public void getProviderCertificate(AsyncQuery aQuery, Provider provider) {
+ aQuery.converterCallback = new IAsyncConverter() {
+ @Override
+ public Object Convert(Object source, AsyncQuery _asyncQuery)
+ {
+ return source;
+ }
+ };
+ Frontend.getInstance().runQuery(VdcQueryType.GetProviderCertificate,
+ new ProviderQueryParameters(provider),
+ aQuery);
+ }
+
+
private void getAllChildVlanInterfaces(Guid vdsID,
List<VdsNetworkInterface> ifaces,
IFrontendMultipleQueryAsyncCallback callback)
diff --git
a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/providers/ProviderModel.java
b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/providers/ProviderModel.java
index ad8bd9d..1c33664 100644
---
a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/providers/ProviderModel.java
+++
b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/providers/ProviderModel.java
@@ -5,6 +5,7 @@
import java.util.Collections;
import java.util.List;
+import org.ovirt.engine.core.common.action.ImportProviderCertificateParameters;
import org.ovirt.engine.core.common.action.ProviderParameters;
import org.ovirt.engine.core.common.action.VdcActionType;
import org.ovirt.engine.core.common.action.VdcReturnValueBase;
@@ -67,6 +68,7 @@
private EntityModel<String> testResult = new EntityModel<String>();
private NeutronAgentModel neutronAgentModel = new NeutronAgentModel();
+ private String certificate;
public EntityModel<String> getName() {
return name;
@@ -336,7 +338,8 @@
public void onSuccess(Object model, Object result)
{
if (result != null) {
- ConfirmationModel confirmationModel =
getImportChainConfirmationModel((String) result);
+ certificate = (String)result;
+ ConfirmationModel confirmationModel =
getImportChainConfirmationModel(certificate);
sourceListModel.setConfirmWindow(confirmationModel);
} else {
stopProgress();
@@ -344,7 +347,7 @@
}
}
};
-
AsyncDataProvider.getInstance().getProviderCertificateChain(getCertChainQuery,
provider);
+
AsyncDataProvider.getInstance().getProviderCertificate(getCertChainQuery,
provider);
} else {
stopProgress();
setTestResultValue(res);
@@ -378,8 +381,8 @@
}
private void importChain() {
-
Frontend.getInstance().runAction(VdcActionType.ImportProviderCertificateChain,
- new ProviderParameters(provider),
+
Frontend.getInstance().runAction(VdcActionType.ImportProviderCertificate,
+ new ImportProviderCertificateParameters(provider, certificate),
new IFrontendActionAsyncCallback() {
@Override
--
To view, visit http://gerrit.ovirt.org/35485
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic9adb21ded6e6d9fb09fc68331872c1cd88f88a9
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
