Examples with Certificate org.apache.cloudstack.framework.ca.Certificate used on opensource projects

Example 1 with Certificate

use of org.apache.cloudstack.framework.ca.Certificate in project cloudstack by apache.

the class IssueCertificateCmd method execute.

// ///////////////////////////////////////////////////
// ///////////// API Implementation///////////////////
// ///////////////////////////////////////////////////
@Override
public void execute() {
    if (StringUtils.isEmpty(getCsr()) && getDomains().isEmpty()) {
        throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Please provide the domains or the CSR, none of them are provided");
    }
    final Certificate certificate = caManager.issueCertificate(getCsr(), getDomains(), getAddresses(), getValidityDuration(), getProvider());
    if (certificate == null) {
        throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to issue client certificate with given provider");
    }
    final CertificateResponse certificateResponse = new CertificateResponse();
    try {
        certificateResponse.setCertificate(CertUtils.x509CertificateToPem(certificate.getClientCertificate()));
        if (certificate.getPrivateKey() != null) {
            certificateResponse.setPrivateKey(CertUtils.privateKeyToPem(certificate.getPrivateKey()));
        }
        if (certificate.getCaCertificates() != null) {
            certificateResponse.setCaCertificate(CertUtils.x509CertificatesToPem(certificate.getCaCertificates()));
        }
    } catch (final IOException e) {
        LOG.error("Failed to generate and convert client certificate(s) to PEM due to error: ", e);
        throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to process and return client certificate");
    }
    certificateResponse.setResponseName(getCommandName());
    setResponseObject(certificateResponse);
}

Example 2 with Certificate

use of org.apache.cloudstack.framework.ca.Certificate in project cloudstack by apache.

the class VirtualMachineManagerImpl method setupAgentSecurity.

private void setupAgentSecurity(final Host vmHost, final Map<String, String> sshAccessDetails, final VirtualMachine vm) throws AgentUnavailableException, OperationTimedoutException {
    final String csr = caManager.generateKeyStoreAndCsr(vmHost, sshAccessDetails);
    if (org.apache.commons.lang3.StringUtils.isNotEmpty(csr)) {
        final Map<String, String> ipAddressDetails = new HashMap<>(sshAccessDetails);
        ipAddressDetails.remove(NetworkElementCommand.ROUTER_NAME);
        final Certificate certificate = caManager.issueCertificate(csr, Arrays.asList(vm.getHostName(), vm.getInstanceName()), new ArrayList<>(ipAddressDetails.values()), CAManager.CertValidityPeriod.value(), null);
        final boolean result = caManager.deployCertificate(vmHost, certificate, false, sshAccessDetails);
        if (!result) {
            s_logger.error("Failed to setup certificate for system vm: " + vm.getInstanceName());
        }
    } else {
        s_logger.error("Failed to setup keystore and generate CSR for system vm: " + vm.getInstanceName());
    }
}

Example 3 with Certificate

use of org.apache.cloudstack.framework.ca.Certificate in project cloudstack by apache.

the class RootCAProvider method generateCertificate.

// /////////////////////////////////////////////////////////
// ///////////// Root CA Private Methods ///////////////////
// /////////////////////////////////////////////////////////
private Certificate generateCertificate(final List<String> domainNames, final List<String> ipAddresses, final int validityDays) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, CertificateException, SignatureException, IOException, OperatorCreationException {
    if (domainNames == null || domainNames.size() < 1 || StringUtils.isEmpty(domainNames.get(0))) {
        throw new CloudRuntimeException("No domain name is specified, cannot generate certificate");
    }
    final String subject = "CN=" + domainNames.get(0);
    final KeyPair keyPair = CertUtils.generateRandomKeyPair(CAManager.CertKeySize.value());
    final X509Certificate clientCertificate = CertUtils.generateV3Certificate(caCertificate, caKeyPair, keyPair.getPublic(), subject, CAManager.CertSignatureAlgorithm.value(), validityDays, domainNames, ipAddresses);
    return new Certificate(clientCertificate, keyPair.getPrivate(), Collections.singletonList(caCertificate));
}

Example 4 with Certificate

use of org.apache.cloudstack.framework.ca.Certificate in project cloudstack by apache.

the class RootCAProvider method loadManagementKeyStore.

private boolean loadManagementKeyStore() {
    if (managementKeyStore != null) {
        return true;
    }
    final Certificate serverCertificate = issueCertificate(Collections.singletonList(NetUtils.getHostName()), NetUtils.getAllDefaultNicIps(), getCaValidityDays());
    if (serverCertificate == null || serverCertificate.getPrivateKey() == null) {
        throw new CloudRuntimeException("Failed to generate management server certificate and load management server keystore");
    }
    LOG.info("Creating new management server certificate and keystore");
    try {
        managementKeyStore = KeyStore.getInstance("JKS");
        managementKeyStore.load(null, null);
        managementKeyStore.setCertificateEntry(caAlias, caCertificate);
        managementKeyStore.setKeyEntry(managementAlias, serverCertificate.getPrivateKey(), getKeyStorePassphrase(), new X509Certificate[] { serverCertificate.getClientCertificate(), caCertificate });
    } catch (final CertificateException | NoSuchAlgorithmException | KeyStoreException | IOException e) {
        LOG.error("Failed to load root CA management-server keystore due to exception: ", e);
        return false;
    }
    return managementKeyStore != null;
}

Example 5 with Certificate

use of org.apache.cloudstack.framework.ca.Certificate in project cloudstack by apache.

the class CAManagerImpl method provisionCertificate.

@Override
@ActionEvent(eventType = EventTypes.EVENT_CA_CERTIFICATE_PROVISION, eventDescription = "provisioning certificate for host", async = true)
public boolean provisionCertificate(final Host host, final Boolean reconnect, final String caProvider) {
    if (host == null) {
        throw new CloudRuntimeException("Unable to find valid host to renew certificate for");
    }
    CallContext.current().setEventDetails("host id: " + host.getId());
    CallContext.current().putContextParameter(Host.class, host.getUuid());
    final String csr;
    try {
        csr = generateKeyStoreAndCsr(host, null);
        if (StringUtils.isEmpty(csr)) {
            return false;
        }
        final Certificate certificate = issueCertificate(csr, Arrays.asList(host.getName(), host.getPrivateIpAddress()), Arrays.asList(host.getPrivateIpAddress(), host.getPublicIpAddress(), host.getStorageIpAddress()), CAManager.CertValidityPeriod.value(), caProvider);
        return deployCertificate(host, certificate, reconnect, null);
    } catch (final AgentUnavailableException | OperationTimedoutException e) {
        LOG.error("Host/agent is not available or operation timed out, failed to setup keystore and generate CSR for host/agent id=" + host.getId() + ", due to: ", e);
        throw new CloudRuntimeException("Failed to generate keystore and get CSR from the host/agent id=" + host.getId());
    }
}