Examples with VdcCertListParam com.emc.storageos.geomodel.VdcCertListParam used on opensource projects

Example 1 with VdcCertListParam

use of com.emc.storageos.geomodel.VdcCertListParam in project coprhd-controller by CoprHD.

the class AbstractVdcTaskOp method genCertOperationParam.

protected VdcCertListParam genCertOperationParam(String cmd) {
    Certificate cert = null;
    VdcCertListParam certsParam = new VdcCertListParam();
    certsParam.setCmd(cmd);
    certsParam.setTargetVdcId(operatedVdc.getId().toString());
    Certificate[] chain = null;
    try {
        String certChainOfOpeartedVdc = operatedVdc.getCertificateChain();
        if (certChainOfOpeartedVdc == null) {
            log.info("certChain for reconnected vdc is null, will find certificate in Keystore");
            cert = keystore.getCertificate(operatedVdc.getId().toString());
        } else {
            chain = KeyCertificatePairGenerator.getCertificateChainFromString(certChainOfOpeartedVdc);
            cert = chain[0];
        }
        certsParam.setTargetVdcCert(KeyCertificatePairGenerator.getCertificateAsString(cert));
    } catch (KeyStoreException ex) {
        log.error("Failed to get key from the keyStore at VDC " + operatedVdc.getLabel());
        throw GeoException.fatals.keyStoreFailure(operatedVdc.getLabel(), ex);
    } catch (CertificateException ex) {
        log.error("Failed to get proper certificate on VDC " + operatedVdc.getLabel());
        throw GeoException.fatals.connectVdcSyncCertFail(operatedVdc.getLabel(), ex);
    }
    return certsParam;
}

Example 2 with VdcCertListParam

use of com.emc.storageos.geomodel.VdcCertListParam in project coprhd-controller by CoprHD.

the class ConnectVdcTaskOp method checkAndSync.

/**
 * Precheck if vdc connect is permitted, then sync the new vdc config to all sites
 */
private void checkAndSync(InternalApiSignatureKeyGenerator apiSignatureGenerator, KeyStore keystore) {
    String shortId = vdcInfo.getProperty(GeoServiceJob.VDC_SHORT_ID);
    String vdcName = vdcInfo.getProperty(GeoServiceJob.VDC_NAME);
    lockHelper.acquire(shortId);
    log.info("Acquired global lock, go on with connect vdc");
    geoClientCache.clearCache();
    loadVdcInfo();
    // Check & verify connection status of my current vdc
    preSteps();
    // Have the certificate for the to be added vdc
    persistVdcCert(vdcName, vdcInfo.getProperty(GeoServiceJob.VDC_CERTIFICATE_CHAIN), true, shortId);
    // precheck
    VdcPreCheckResponse operatedVdcInfo = preCheck();
    // remove root's Tenant Roles or project ownerships in local vdc
    try {
        _permissionHelper.removeRootRoleAssignmentOnTenantAndProject();
    } catch (DatabaseException dbe) {
        throw GeoException.fatals.connectVdcRemoveRootRolesFailed(dbe);
    }
    String currentVdcIpsecKey = ipsecConfig.getPreSharedKeyFromZK();
    URI newVdcId = URIUtil.uri(vdcInfo.getProperty(GeoServiceJob.OPERATED_VDC_ID));
    GeoServiceHelper.backupOperationVdc(dbClient, JobType.VDC_CONNECT_JOB, newVdcId, null);
    VirtualDataCenter newVdc = GeoServiceHelper.prepareVirtualDataCenter(newVdcId, VirtualDataCenter.ConnectionStatus.CONNECTING, VirtualDataCenter.GeoReplicationStatus.REP_NONE, vdcInfo);
    dbClient.createObject(newVdc);
    helper.createVdcConfigInZk(mergeVdcInfo(operatedVdcInfo), currentVdcIpsecKey);
    // we should use uuid as cert name in trust store, but before we persist new vdc info
    // into db, we use vdc name as cert name, after we persist new vdc into db, persist uuid
    // as cert name and remove the one which use vdc name as cert name.
    persistVdcCert(newVdc.getId().toString(), newVdc.getCertificateChain(), true, shortId);
    removeVdcCert(vdcName, shortId);
    // add new remote VDC to the list of VDC to sync
    toBeSyncedVdc.add(newVdc);
    allVdc.add(newVdc);
    connectedVdc.add(newVdc);
    VdcUtil.invalidateVdcUrnCache();
    // Now set "operatedVdc as the newly created VDC
    operatedVdc = newVdc;
    // generate the cert chain to be synced
    VdcCertListParam certListParam = genCertListParam(VdcCertListParam.CMD_ADD_CERT);
    // from now on, vdc status will be marked as CONNECT_FAILED for any failure
    failedVdcStatus = ConnectionStatus.CONNECT_FAILED;
    // sync the new certificate to all connected sites
    syncCerts(VdcCertListParam.CMD_ADD_CERT, certListParam);
    VdcConfigSyncParam mergedVdcInfo = configMerge(operatedVdcInfo, currentVdcIpsecKey);
    if (mergedVdcInfo == null) {
        log.error("merge the vdc config of all sites failed");
        throw GeoException.fatals.mergeConfigFail();
    }
    try {
        configSync(mergedVdcInfo);
    } catch (GeoException ex) {
        throw ex;
    } catch (Exception e) {
        log.error("Failed to sync vdc config to all sites e=", e);
        throw GeoException.fatals.syncConfigFail(e);
    }
// do not release the global lock here; lock is released during post processing
}

Example 3 with VdcCertListParam

use of com.emc.storageos.geomodel.VdcCertListParam in project coprhd-controller by CoprHD.

the class ReconnectVdcTaskOp method syncCertForOperatedVdc.

/*
     * sync cert for operated vdc incase there is any add or delete vdc after it has been disconnected.
     * Will simulate the add vdc operation, add all existing certs from myVdc to operatedVdc
     */
private void syncCertForOperatedVdc() {
    VdcCertListParam certListParam = genCertListParam(VdcCertListParam.CMD_ADD_CERT);
    syncCertForSingleVdc(certListParam, operatedVdc);
}

Example 4 with VdcCertListParam

use of com.emc.storageos.geomodel.VdcCertListParam in project coprhd-controller by CoprHD.

the class AbstractVdcTaskOp method genCertListParam.

protected VdcCertListParam genCertListParam(String cmd) {
    log.info("generating certs sync parameter ...");
    VdcCertListParam certsParam = genCertOperationParam(cmd);
    // add certs of the current existing VDCs
    List<VdcCertParam> certs = certsParam.getVdcCerts();
    List<VirtualDataCenter> vdcList = getAllVdc();
    for (VirtualDataCenter vdc : vdcList) {
        if (!vdc.getId().equals(operatedVdc.getId())) {
            log.info("adding cert from vdc {} into sync param...", vdc.getId().toString());
            VdcCertParam certParam = new VdcCertParam();
            certParam.setVdcId(vdc.getId());
            try {
                Certificate cert = null;
                if (myVdc.getId().compareTo(vdc.getId()) == 0) {
                    log.info("it is local vdc {}", vdc.getId().toString());
                    Certificate[] certChain = null;
                    certChain = keystore.getCertificateChain(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS);
                    cert = certChain[0];
                } else {
                    log.info("it is a remote vdc {}", vdc.getId().toString());
                    cert = keystore.getCertificate(vdc.getId().toString());
                }
                certParam.setCertificate(KeyCertificatePairGenerator.getCertificateAsString(cert));
                certs.add(certParam);
            } catch (KeyStoreException ex) {
                log.error("Failed to get key from the keyStore at VDC " + vdc.getLabel());
                throw GeoException.fatals.keyStoreFailure(vdc.getLabel(), ex);
            } catch (CertificateException ex) {
                log.error("Failed to get proper certificate on VDC " + vdc.getLabel());
                throw GeoException.fatals.connectVdcSyncCertFail(vdc.getLabel(), ex);
            }
        }
    }
    return certsParam;
}