use of org.apache.cloudstack.framework.security.keystore.KeystoreVO in project cloudstack by apache.
the class SAML2AuthManagerImpl method initSP.
protected boolean initSP() {
KeystoreVO keyStoreVO = _ksDao.findByName(SAMLPluginConstants.SAMLSP_KEYPAIR);
if (keyStoreVO == null) {
try {
KeyPair keyPair = CertUtils.generateRandomKeyPair(4096);
_ksDao.save(SAMLPluginConstants.SAMLSP_KEYPAIR, SAMLUtils.encodePrivateKey(keyPair.getPrivate()), SAMLUtils.encodePublicKey(keyPair.getPublic()), "samlsp-keypair");
keyStoreVO = _ksDao.findByName(SAMLPluginConstants.SAMLSP_KEYPAIR);
s_logger.info("No SAML keystore found, created and saved a new Service Provider keypair");
} catch (final NoSuchProviderException | NoSuchAlgorithmException e) {
s_logger.error("Unable to create and save SAML keypair, due to: ", e);
}
}
String spId = SAMLServiceProviderID.value();
String spSsoUrl = SAMLServiceProviderSingleSignOnURL.value();
String spSloUrl = SAMLServiceProviderSingleLogOutURL.value();
String spOrgName = SAMLServiceProviderOrgName.value();
String spOrgUrl = SAMLServiceProviderOrgUrl.value();
String spContactPersonName = SAMLServiceProviderContactPersonName.value();
String spContactPersonEmail = SAMLServiceProviderContactEmail.value();
KeyPair spKeyPair = null;
X509Certificate spX509Key = null;
if (keyStoreVO != null) {
final PrivateKey privateKey = SAMLUtils.decodePrivateKey(keyStoreVO.getCertificate());
final PublicKey publicKey = SAMLUtils.decodePublicKey(keyStoreVO.getKey());
if (privateKey != null && publicKey != null) {
spKeyPair = new KeyPair(publicKey, privateKey);
KeystoreVO x509VO = _ksDao.findByName(SAMLPluginConstants.SAMLSP_X509CERT);
if (x509VO == null) {
try {
spX509Key = SAMLUtils.generateRandomX509Certificate(spKeyPair);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
ObjectOutput out = new ObjectOutputStream(bos);
out.writeObject(spX509Key);
out.flush();
_ksDao.save(SAMLPluginConstants.SAMLSP_X509CERT, Base64.encodeBase64String(bos.toByteArray()), "", "samlsp-x509cert");
bos.close();
} catch (final NoSuchAlgorithmException | NoSuchProviderException | CertificateException | SignatureException | InvalidKeyException | IOException | OperatorCreationException e) {
s_logger.error("SAML plugin won't be able to use X509 signed authentication", e);
}
} else {
try {
ByteArrayInputStream bi = new ByteArrayInputStream(Base64.decodeBase64(x509VO.getCertificate()));
ObjectInputStream si = new ObjectInputStream(bi);
spX509Key = (X509Certificate) si.readObject();
bi.close();
} catch (IOException | ClassNotFoundException ignored) {
s_logger.error("SAML Plugin won't be able to use X509 signed authentication. Failed to load X509 Certificate from Database.");
}
}
}
}
if (spKeyPair != null && spX509Key != null && spId != null && spSsoUrl != null && spSloUrl != null && spOrgName != null && spOrgUrl != null && spContactPersonName != null && spContactPersonEmail != null) {
_spMetadata.setEntityId(spId);
_spMetadata.setOrganizationName(spOrgName);
_spMetadata.setOrganizationUrl(spOrgUrl);
_spMetadata.setContactPersonName(spContactPersonName);
_spMetadata.setContactPersonEmail(spContactPersonEmail);
_spMetadata.setSsoUrl(spSsoUrl);
_spMetadata.setSloUrl(spSloUrl);
_spMetadata.setKeyPair(spKeyPair);
_spMetadata.setSigningCertificate(spX509Key);
_spMetadata.setEncryptionCertificate(spX509Key);
return true;
}
return false;
}
use of org.apache.cloudstack.framework.security.keystore.KeystoreVO in project cloudstack by apache.
the class ConsoleProxyManagerImpl method assignProxy.
@Override
public ConsoleProxyInfo assignProxy(final long dataCenterId, final long vmId) {
ConsoleProxyVO proxy = doAssignProxy(dataCenterId, vmId);
if (proxy == null) {
return null;
}
if (proxy.getPublicIpAddress() == null) {
s_logger.warn(String.format("Assigned console proxy [%s] does not have a valid public IP address.", proxy.toString()));
return null;
}
KeystoreVO ksVo = _ksDao.findByName(ConsoleProxyManager.CERTIFICATE_NAME);
if (proxy.isSslEnabled() && ksVo == null) {
s_logger.warn(String.format("SSL is enabled for console proxy [%s] but no server certificate found in database.", proxy.toString()));
}
if (staticPublicIp == null) {
return new ConsoleProxyInfo(proxy.isSslEnabled(), proxy.getPublicIpAddress(), consoleProxyPort, proxy.getPort(), consoleProxyUrlDomain);
} else {
return new ConsoleProxyInfo(proxy.isSslEnabled(), staticPublicIp, consoleProxyPort, staticPort, consoleProxyUrlDomain);
}
}
Aggregations