Example 1 with InvalidCertificate
use of com.vmware.vim.vasa._1_0.InvalidCertificate in project coprhd-controller by CoprHD.
the class ContextManagerImpl method registerVASACertificate.
/**
* vasaService interface
*/
@Override
public VasaProviderInfo registerVASACertificate(String username, String password, String certificateStr) throws InvalidCertificate, InvalidLogin, InvalidSession, StorageFault {
final String methodName = "registerVASACertificate() :";
log.debug(methodName + "Entry with inputs username[" + username + "] password[" + (password != null ? "****" : null) + "] certificateStr[" + (certificateStr != null ? "****" : null) + "]");
try {
_sosManager = new SOSManager();
/*
* Verify username/password before verifying certificate. This means
* that if both username/password and certificate are invalid
* InvalidLogin exception will be thrown.
*/
_sosManager.verifyLoginCredentials(username, password);
log.debug(methodName + "Valid username and password. User credentials accepted.");
String clientAddress = _sslUtil.checkHttpRequest(false, false);
X509Certificate x509Cert = (X509Certificate) _sslUtil.buildCertificate(certificateStr);
x509Cert.checkValidity();
if (!_sslUtil.certificateIsTrusted((Certificate) x509Cert)) {
_sslUtil.addCertificateToTrustStore(clientAddress, (Certificate) x509Cert);
log.trace(methodName + "new certificate added as trusted");
_sslUtil.refreshTrustStore();
invalidateSession();
} else {
log.trace(methodName + "certificate was already trusted");
}
log.trace(methodName + "vpInfo: defaultNameSpace[" + _vpInfo.getDefaultNamespace() + "] name[" + _vpInfo.getName() + "] sessionId[" + _vpInfo.getSessionId() + " vasaApiVersion[" + _vpInfo.getVasaApiVersion() + "] vasaProviderVersion[" + _vpInfo.getVasaProviderVersion() + "]");
log.debug(methodName + "Exit returning vpInfo");
return _vpInfo;
} catch (InvalidSession is) {
// thrown by sslUtil.checkHttpRequest()
log.error(methodName + "Session is invalid", is);
throw is;
} catch (InvalidCertificate ic) {
// thrown by sslUtil.buildCertificate()
log.error(methodName + "Certificate is invalid", ic);
throw ic;
} catch (CertificateExpiredException e) {
// thrown by x509Cert.checkValidity()
log.error(methodName + "Certificate is expired", e);
throw FaultUtil.InvalidCertificate(e);
} catch (CertificateNotYetValidException e) {
// thrown by x509Cert.checkValidity()
log.error(methodName + "Certificate is not in validity period ", e);
throw FaultUtil.InvalidCertificate(e);
} catch (InvalidLogin il) {
// thrown by verifyPassword();
log.error(methodName + "Invalid login", il);
throw il;
} catch (Exception e) {
log.error(methodName + "registration failed: ", e);
throw FaultUtil.StorageFault(methodName + "registration failed: ", e);
}
}
Also used :
InvalidCertificate(com.vmware.vim.vasa._1_0.InvalidCertificate)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
InvalidLogin(com.vmware.vim.vasa._1_0.InvalidLogin)
X509Certificate(java.security.cert.X509Certificate)
InvalidSession(com.vmware.vim.vasa._1_0.InvalidSession)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
X509Certificate(java.security.cert.X509Certificate)
InvalidCertificate(com.vmware.vim.vasa._1_0.InvalidCertificate)
Certificate(java.security.cert.Certificate)
Example 2 with InvalidCertificate
use of com.vmware.vim.vasa._1_0.InvalidCertificate in project coprhd-controller by CoprHD.
the class ServiceImpl method registerVASACertificate.
/**
* Verifies username, password and certificate provided. If inputs are valid
* an instance of VasaProviderInfo is returned
*
* @param username
* the username
* @param password
* the password
* @param certificateStr
* certificate string
* @return VasaProviderInfo with modelId, vendorId, VASA API version, VASA
* provider version and namespace
* @throws InvalidCertificate
* if certificate is invalid
* @throws InvalidLogin
* if login attempt is incorrect
*/
public VasaProviderInfo registerVASACertificate(String username, String password, String certificateStr) throws InvalidCertificate, InvalidLogin, InvalidSession, StorageFault {
// Mandatory function
final String methodName = "registerVASACertificate(): ";
log.info(methodName + "Entry with username[" + username + "], password[****], certificate[****]");
VasaProviderInfo vpinfo = contextManager.registerVASACertificate(username, password, certificateStr);
log.info(methodName + "Exit returning [vpInfo]");
return vpinfo;
}
Also used :
VasaProviderInfo(com.vmware.vim.vasa._1_0.data.xsd.VasaProviderInfo)
Example 3 with InvalidCertificate
use of com.vmware.vim.vasa._1_0.InvalidCertificate in project coprhd-controller by CoprHD.
the class SSLUtil method checkHttpRequest.
/**
* checkHttpRequest
*
* The term "Session" is overloaded. A Session can refer to either a SSL
* session or it can refer to a VASA session.
*
* If there is an error in either of the Session configurations, then this
* routine will throw the InvalidSession expection.
*
* @param validClientCertificateNeeded
* @param validSessionIdNeeed
*/
public String checkHttpRequest(boolean validSSLSessionNeeded, boolean validVASASessionNeeded) throws InvalidSession {
final String methodName = "checkHttpRequest(): ";
try {
/*
* Check for a valid context.
*/
log.trace(methodName + "Entry with inputs validSSLSessionNeeded[" + validSSLSessionNeeded + "] validVASASessionNeeded[" + validVASASessionNeeded + "]");
MessageContext currentMessageContext = MessageContext.getCurrentMessageContext();
if (currentMessageContext == null) {
throw FaultUtil.InvalidSession("No current message context");
}
String clientAddress = (String) currentMessageContext.getProperty("REMOTE_ADDR");
// log.debug("Request from client at ip addr: " + clientAddress);
HttpServletRequest req = (HttpServletRequest) currentMessageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
if (req == null) {
throw FaultUtil.InvalidSession("No HTTP Servlet Request");
}
/**
* Get SSL data
*/
String sslSessionId = (String) req.getAttribute("javax.servlet.request.ssl_session");
if (sslSessionId == null) {
/**
* This is not an SSL connection. If the service is not allowing
* none-SSL connections, throw an exception. Otherwise check for
* a valid VASA session if necessary.
*/
if (!mustUseSSL) {
if (validVASASessionNeeded) {
checkHttpForValidVASASession();
}
log.trace(methodName + "Exit returning clientAddress[" + clientAddress + "]");
return clientAddress;
} else {
throw FaultUtil.InvalidSession("Must use SSL connection");
}
}
/*
* At this point, it is known that there is a well formed HTTPS
* session.
*/
if (validSSLSessionNeeded) {
checkHttpForValidSSLSession(req);
}
if (validVASASessionNeeded) {
checkHttpForValidVASASession();
}
log.trace(methodName + "Exit returning clientAddress[" + clientAddress + "]");
return clientAddress;
} catch (InvalidCertificate ic) {
// InvalidCertificate can be thrown by certificateIsTrusted
log.error(methodName + "invalid certificate exception ", ic);
throw FaultUtil.InvalidSession("Non trusted certificate.");
} catch (InvalidSession is) {
log.error(methodName + "invalid session exception ", is);
throw is;
} catch (Exception e) {
log.error(methodName + "Exception occured ", e);
throw FaultUtil.InvalidSession("checkHttpSession unexpected exception. Convert to InvalidSession.", e);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
InvalidCertificate(com.vmware.vim.vasa._1_0.InvalidCertificate)
MessageContext(org.apache.axis2.context.MessageContext)
InvalidSession(com.vmware.vim.vasa._1_0.InvalidSession)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
Example 4 with InvalidCertificate
use of com.vmware.vim.vasa._1_0.InvalidCertificate in project coprhd-controller by CoprHD.
the class SSLUtil method thumbprintIsTrusted.
/**
* thumbprintIsTrusted
*
* @param thumbprint
*/
public void thumbprintIsTrusted(String thumbprint) throws InvalidCertificate {
try {
KeyStore ts = KeyStore.getInstance("JKS");
FileInputStream is = new FileInputStream(trustStoreFileName);
ts.load(is, trustStorePassword.toCharArray());
is.close();
Enumeration<String> aliases = ts.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (ts.isCertificateEntry(alias)) {
/**
* certificate is trusted
*/
X509Certificate tc = (X509Certificate) ts.getCertificate(alias);
if (thumbprint.equals(getCertificateThumbprint(ts.getCertificate(alias)))) {
try {
tc.checkValidity();
return;
} catch (Exception e) {
throw FaultUtil.InvalidCertificate("cert with thumprint is not valid", e);
}
}
}
}
throw FaultUtil.InvalidCertificate("could not find certifcate that matches thumbprint");
} catch (InvalidCertificate ic) {
throw ic;
} catch (Exception e) {
throw FaultUtil.InvalidCertificate("Exception: " + e);
}
}
Also used :
InvalidCertificate(com.vmware.vim.vasa._1_0.InvalidCertificate)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
Example 5 with InvalidCertificate
use of com.vmware.vim.vasa._1_0.InvalidCertificate in project coprhd-controller by CoprHD.
the class SSLUtil method buildCertificate.
/**
* buildCertificate Build a certificate from a Base64 formatted, PKCS#7
* encoding of the certificate
*
* @param certString
*/
public Certificate buildCertificate(String certString) throws InvalidCertificate {
try {
String base64Cert = formatCertificate(certString);
InputStream inBytes = new ByteArrayInputStream(base64Cert.getBytes());
CertificateFactory cf = CertificateFactory.getInstance("X.509");
assert inBytes.available() > 0;
Certificate certificate = cf.generateCertificate(inBytes);
inBytes.close();
return certificate;
} catch (Exception e) {
log.debug("buildCertificate: error " + e + " converted to InvalidCertificate.");
throw FaultUtil.InvalidCertificate("Could not build certificate");
}
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
CertificateFactory(java.security.cert.CertificateFactory)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X509Certificate(java.security.cert.X509Certificate)
InvalidCertificate(com.vmware.vim.vasa._1_0.InvalidCertificate)
Certificate(java.security.cert.Certificate)
Aggregations
InvalidCertificate (com.vmware.vim.vasa._1_0.InvalidCertificate)5
CertificateExpiredException (java.security.cert.CertificateExpiredException)5
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)5
X509Certificate (java.security.cert.X509Certificate)4
InvalidSession (com.vmware.vim.vasa._1_0.InvalidSession)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
CertificateEncodingException (java.security.cert.CertificateEncodingException)3
FileInputStream (java.io.FileInputStream)2
Certificate (java.security.cert.Certificate)2
SimpleTimeCounter (com.emc.storageos.vasa.util.internal.SimpleTimeCounter)1
InvalidLogin (com.vmware.vim.vasa._1_0.InvalidLogin)1
StorageFault (com.vmware.vim.vasa._1_0.StorageFault)1
VasaProviderInfo (com.vmware.vim.vasa._1_0.data.xsd.VasaProviderInfo)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
InputStream (java.io.InputStream)1
KeyStore (java.security.KeyStore)1
CertificateFactory (java.security.cert.CertificateFactory)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
MessageContext (org.apache.axis2.context.MessageContext)1
