harikrishna-patnala commented on code in PR #9255:
URL: https://github.com/apache/cloudstack/pull/9255#discussion_r1728731567
##########
server/src/main/java/com/cloud/server/ManagementServerImpl.java:
##########
@@ -4484,8 +4486,20 @@ public String uploadCertificate(final
UploadCustomCertificateCmd cmd) {
final String certificate = cmd.getCertificate();
final String key = cmd.getPrivateKey();
- if (cmd.getPrivateKey() != null &&
!_ksMgr.validateCertificate(certificate, key, cmd.getDomainSuffix())) {
- throw new InvalidParameterValueException("Failed to pass
certificate validation check");
+ if (key != null) {
+ Pair<Boolean, String> result =
_ksMgr.validateCertificate(certificate, key, cmd.getDomainSuffix());
+ if (!result.first()) {
+ throw new InvalidParameterValueException(String.format("Failed
to pass certificate validation check with error: %s", result.second()));
+ }
+ } else {
+ try {
+ s_logger.debug(String.format("Trying to validate the root
certificate format"));
+ CertificateHelper.buildCertificate(certificate);
+ } catch (CertificateException e) {
+ String errorMsg = String.format("Failed to pass certificate
validation check with error: Certificate validation failed due to exception:
%s", e.getMessage());
+ s_logger.error(errorMsg);
+ throw new InvalidParameterValueException(errorMsg);
+ }
}
Review Comment:
updated the PR with a new method @DaanHoogland
##########
framework/security/src/main/java/org/apache/cloudstack/framework/security/keystore/KeystoreManagerImpl.java:
##########
@@ -47,24 +48,27 @@ public class KeystoreManagerImpl extends ManagerBase
implements KeystoreManager
private KeystoreDao _ksDao;
@Override
- public boolean validateCertificate(String certificate, String key, String
domainSuffix) {
+ public Pair<Boolean, String> validateCertificate(String certificate,
String key, String domainSuffix) {
+ String errMsg = null;
if (StringUtils.isAnyEmpty(certificate, key, domainSuffix)) {
- s_logger.error("Invalid parameter found in (certificate, key,
domainSuffix) tuple for domain: " + domainSuffix);
- return false;
+ errMsg = String.format("Invalid parameter found in (certificate,
key, domainSuffix) tuple for domain: %s", domainSuffix);
+ s_logger.error(errMsg);
+ return new Pair<>(false, errMsg);
}
try {
String ksPassword = "passwordForValidation";
byte[] ksBits =
CertificateHelper.buildAndSaveKeystore(domainSuffix, certificate,
getKeyContent(key), ksPassword);
KeyStore ks = CertificateHelper.loadKeystore(ksBits, ksPassword);
if (ks != null)
- return true;
-
- s_logger.error("Unabled to construct keystore for domain: " +
domainSuffix);
+ return new Pair<>(true, errMsg);
+ errMsg = String.format("Unable to construct keystore for domain:
%s", domainSuffix);
Review Comment:
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
