Updated Branches: refs/heads/vpc 281b23c2c -> c0fcca399
CS-15511: Not allow pfs parameter for customer VPN gateway Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/c0fcca39 Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/c0fcca39 Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/c0fcca39 Branch: refs/heads/vpc Commit: c0fcca3990ad2fd137e34ed5dea18b50967ef2a6 Parents: 281b23c Author: Sheng Yang <[email protected]> Authored: Thu Jul 19 15:08:56 2012 -0700 Committer: Sheng Yang <[email protected]> Committed: Thu Jul 19 15:10:31 2012 -0700 ---------------------------------------------------------------------- utils/src/com/cloud/utils/net/NetUtils.java | 19 +++++++++++----- utils/test/com/cloud/utils/net/NetUtilsTest.java | 6 ++-- 2 files changed, 16 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/c0fcca39/utils/src/com/cloud/utils/net/NetUtils.java ---------------------------------------------------------------------- diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java index 167e3fd..fe3dedc 100755 --- a/utils/src/com/cloud/utils/net/NetUtils.java +++ b/utils/src/com/cloud/utils/net/NetUtils.java @@ -1069,25 +1069,32 @@ public class NetUtils { if (policy.isEmpty()) { return false; } - String cipherHash = policy.split(";")[0]; + //String cipherHash = policy.split(";")[0]; + String cipherHash = policy; if (cipherHash.isEmpty()) { return false; } - String pfsGroup = null; - if (!policy.equals(cipherHash)) { - pfsGroup = policy.split(";")[1]; + String[] list = cipherHash.split("-"); + if (list.length != 2) { + return false; } - String cipher = cipherHash.split("-")[0]; - String hash = cipherHash.split("-")[1]; + String cipher = list[0]; + String hash = list[1]; if (!cipher.matches("des|3des|aes|aes128|aes256")) { return false; } if (!hash.matches("md5|sha1")) { return false; } + /* Disable pfsGroup support, see CS-15511 + String pfsGroup = null; + if (!policy.equals(cipherHash)) { + pfsGroup = policy.split(";")[1]; + } if (pfsGroup != null && !pfsGroup.matches("modp1024|modp1536")) { return false; } + */ } return true; } http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/c0fcca39/utils/test/com/cloud/utils/net/NetUtilsTest.java ---------------------------------------------------------------------- diff --git a/utils/test/com/cloud/utils/net/NetUtilsTest.java b/utils/test/com/cloud/utils/net/NetUtilsTest.java index 4bcddeb..b187b55 100644 --- a/utils/test/com/cloud/utils/net/NetUtilsTest.java +++ b/utils/test/com/cloud/utils/net/NetUtilsTest.java @@ -55,9 +55,9 @@ public class NetUtilsTest extends TestCase { public void testVpnPolicy() { assertTrue(NetUtils.isValidS2SVpnPolicy("aes-sha1")); - assertTrue(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024")); - assertTrue(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024,aes-sha1;modp1536")); - assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1;modp1536")); + assertFalse(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024")); + assertFalse(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024,aes-sha1;modp1536")); + assertFalse(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1;modp1536")); assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1")); assertFalse(NetUtils.isValidS2SVpnPolicy("abc-123,ase-sha1")); assertFalse(NetUtils.isValidS2SVpnPolicy("de-sh,aes-sha1"));
