Search in sources :

Example 1 with KeystoreVO

use of org.apache.cloudstack.framework.security.keystore.KeystoreVO in project cloudstack by apache.

the class SAML2AuthManagerImpl method initSP.

protected boolean initSP() {
    KeystoreVO keyStoreVO = _ksDao.findByName(SAMLPluginConstants.SAMLSP_KEYPAIR);
    if (keyStoreVO == null) {
        try {
            KeyPair keyPair = CertUtils.generateRandomKeyPair(4096);
            _ksDao.save(SAMLPluginConstants.SAMLSP_KEYPAIR, SAMLUtils.encodePrivateKey(keyPair.getPrivate()), SAMLUtils.encodePublicKey(keyPair.getPublic()), "samlsp-keypair");
            keyStoreVO = _ksDao.findByName(SAMLPluginConstants.SAMLSP_KEYPAIR);
            s_logger.info("No SAML keystore found, created and saved a new Service Provider keypair");
        } catch (final NoSuchProviderException | NoSuchAlgorithmException e) {
            s_logger.error("Unable to create and save SAML keypair, due to: ", e);
        }
    }
    String spId = SAMLServiceProviderID.value();
    String spSsoUrl = SAMLServiceProviderSingleSignOnURL.value();
    String spSloUrl = SAMLServiceProviderSingleLogOutURL.value();
    String spOrgName = SAMLServiceProviderOrgName.value();
    String spOrgUrl = SAMLServiceProviderOrgUrl.value();
    String spContactPersonName = SAMLServiceProviderContactPersonName.value();
    String spContactPersonEmail = SAMLServiceProviderContactEmail.value();
    KeyPair spKeyPair = null;
    X509Certificate spX509Key = null;
    if (keyStoreVO != null) {
        final PrivateKey privateKey = SAMLUtils.decodePrivateKey(keyStoreVO.getCertificate());
        final PublicKey publicKey = SAMLUtils.decodePublicKey(keyStoreVO.getKey());
        if (privateKey != null && publicKey != null) {
            spKeyPair = new KeyPair(publicKey, privateKey);
            KeystoreVO x509VO = _ksDao.findByName(SAMLPluginConstants.SAMLSP_X509CERT);
            if (x509VO == null) {
                try {
                    spX509Key = SAMLUtils.generateRandomX509Certificate(spKeyPair);
                    ByteArrayOutputStream bos = new ByteArrayOutputStream();
                    ObjectOutput out = new ObjectOutputStream(bos);
                    out.writeObject(spX509Key);
                    out.flush();
                    _ksDao.save(SAMLPluginConstants.SAMLSP_X509CERT, Base64.encodeBase64String(bos.toByteArray()), "", "samlsp-x509cert");
                    bos.close();
                } catch (final NoSuchAlgorithmException | NoSuchProviderException | CertificateException | SignatureException | InvalidKeyException | IOException | OperatorCreationException e) {
                    s_logger.error("SAML plugin won't be able to use X509 signed authentication", e);
                }
            } else {
                try {
                    ByteArrayInputStream bi = new ByteArrayInputStream(Base64.decodeBase64(x509VO.getCertificate()));
                    ObjectInputStream si = new ObjectInputStream(bi);
                    spX509Key = (X509Certificate) si.readObject();
                    bi.close();
                } catch (IOException | ClassNotFoundException ignored) {
                    s_logger.error("SAML Plugin won't be able to use X509 signed authentication. Failed to load X509 Certificate from Database.");
                }
            }
        }
    }
    if (spKeyPair != null && spX509Key != null && spId != null && spSsoUrl != null && spSloUrl != null && spOrgName != null && spOrgUrl != null && spContactPersonName != null && spContactPersonEmail != null) {
        _spMetadata.setEntityId(spId);
        _spMetadata.setOrganizationName(spOrgName);
        _spMetadata.setOrganizationUrl(spOrgUrl);
        _spMetadata.setContactPersonName(spContactPersonName);
        _spMetadata.setContactPersonEmail(spContactPersonEmail);
        _spMetadata.setSsoUrl(spSsoUrl);
        _spMetadata.setSloUrl(spSloUrl);
        _spMetadata.setKeyPair(spKeyPair);
        _spMetadata.setSigningCertificate(spX509Key);
        _spMetadata.setEncryptionCertificate(spX509Key);
        return true;
    }
    return false;
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) ObjectOutput(java.io.ObjectOutput) PublicKey(java.security.PublicKey) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) SignatureException(java.security.SignatureException) IOException(java.io.IOException) ObjectOutputStream(java.io.ObjectOutputStream) InvalidKeyException(java.security.InvalidKeyException) X509Certificate(java.security.cert.X509Certificate) ByteArrayInputStream(java.io.ByteArrayInputStream) KeystoreVO(org.apache.cloudstack.framework.security.keystore.KeystoreVO) NoSuchProviderException(java.security.NoSuchProviderException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) ObjectInputStream(java.io.ObjectInputStream)

Example 2 with KeystoreVO

use of org.apache.cloudstack.framework.security.keystore.KeystoreVO in project cloudstack by apache.

the class ConsoleProxyManagerImpl method assignProxy.

@Override
public ConsoleProxyInfo assignProxy(final long dataCenterId, final long vmId) {
    ConsoleProxyVO proxy = doAssignProxy(dataCenterId, vmId);
    if (proxy == null) {
        return null;
    }
    if (proxy.getPublicIpAddress() == null) {
        s_logger.warn(String.format("Assigned console proxy [%s] does not have a valid public IP address.", proxy.toString()));
        return null;
    }
    KeystoreVO ksVo = _ksDao.findByName(ConsoleProxyManager.CERTIFICATE_NAME);
    if (proxy.isSslEnabled() && ksVo == null) {
        s_logger.warn(String.format("SSL is enabled for console proxy [%s] but no server certificate found in database.", proxy.toString()));
    }
    if (staticPublicIp == null) {
        return new ConsoleProxyInfo(proxy.isSslEnabled(), proxy.getPublicIpAddress(), consoleProxyPort, proxy.getPort(), consoleProxyUrlDomain);
    } else {
        return new ConsoleProxyInfo(proxy.isSslEnabled(), staticPublicIp, consoleProxyPort, staticPort, consoleProxyUrlDomain);
    }
}
Also used : ConsoleProxyInfo(com.cloud.info.ConsoleProxyInfo) KeystoreVO(org.apache.cloudstack.framework.security.keystore.KeystoreVO) ConsoleProxyVO(com.cloud.vm.ConsoleProxyVO)

Aggregations

KeystoreVO (org.apache.cloudstack.framework.security.keystore.KeystoreVO)2 ConsoleProxyInfo (com.cloud.info.ConsoleProxyInfo)1 ConsoleProxyVO (com.cloud.vm.ConsoleProxyVO)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 IOException (java.io.IOException)1 ObjectInputStream (java.io.ObjectInputStream)1 ObjectOutput (java.io.ObjectOutput)1 ObjectOutputStream (java.io.ObjectOutputStream)1 InvalidKeyException (java.security.InvalidKeyException)1 KeyPair (java.security.KeyPair)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 NoSuchProviderException (java.security.NoSuchProviderException)1 PrivateKey (java.security.PrivateKey)1 PublicKey (java.security.PublicKey)1 SignatureException (java.security.SignatureException)1 CertificateException (java.security.cert.CertificateException)1 X509Certificate (java.security.cert.X509Certificate)1 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)1