Alon Bar-Lev has uploaded a new change for review. Change subject: pki: remove usage of /ca.crt uri ......................................................................
pki: remove usage of /ca.crt uri we have new servlet that can serve resources, so we can use this servlet instead of per resource URI. Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=961677 Change-Id: Iac544335e1a0c01388eae23405d83bdac4704d34 Signed-off-by: Alon Bar-Lev <[email protected]> --- M backend/manager/modules/root/src/main/webapp/WEB-INF/web.xml M backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/PKIResourceServlet.java M packaging/setup/ovirt_engine_setup/constants.py M packaging/setup/plugins/ovirt-engine-setup/pki/ca.py 4 files changed, 48 insertions(+), 45 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/87/20787/1 diff --git a/backend/manager/modules/root/src/main/webapp/WEB-INF/web.xml b/backend/manager/modules/root/src/main/webapp/WEB-INF/web.xml index 5239a36..9b37d6b 100644 --- a/backend/manager/modules/root/src/main/webapp/WEB-INF/web.xml +++ b/backend/manager/modules/root/src/main/webapp/WEB-INF/web.xml @@ -22,10 +22,6 @@ <param-name>attr-resource</param-name> <param-value>ca-certificate</param-value> </init-param> - <init-param> - <param-name>attr-format</param-name> - <param-value>X509-PEM-CA</param-value> - </init-param> </servlet> <servlet-mapping> <servlet-name>PKIResourceServlet.ca</servlet-name> diff --git a/backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/PKIResourceServlet.java b/backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/PKIResourceServlet.java index ee3bec7..0edd63c 100644 --- a/backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/PKIResourceServlet.java +++ b/backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/PKIResourceServlet.java @@ -23,15 +23,17 @@ public class PKIResourceServlet extends HttpServlet { - private class Details { + private static class Details { File file; + String format; String alias; - Details(File file, String alias) { + Details(File file, String format, String alias) { this.file = file; + this.format = format; this.alias = alias; } - Details(File file) { - this(file, null); + Details(File file, String format) { + this(file, format, null); } } @@ -39,58 +41,59 @@ private static final Logger log = Logger.getLogger(PKIResourceServlet.class); - private static final String PARAMETER_RESOURCE = "resource"; - private static final String PARAMETER_FORMAT = "format"; + private static Map<String, Details> pkiResources; - private String resource; - private String format; - - private Map<String, Details> pkiResources; - - @Override - public void init() throws ServletException { + static { EngineLocalConfig config = EngineLocalConfig.getInstance(); pkiResources = new HashMap<String, Details>(); - pkiResources.put("ca-certificate", new Details(config.getPKICACert())); - pkiResources.put("engine-certificate", new Details(config.getPKIEngineCert(), "ovirt-engine")); + pkiResources.put("ca-certificate", new Details(config.getPKICACert(), "X509-PEM-CA")); + pkiResources.put("engine-certificate", new Details(config.getPKIEngineCert(), "X509-PEM", "ovirt-engine")); + } - resource = getInitParameter(PARAMETER_RESOURCE); - format = getInitParameter(PARAMETER_FORMAT); + private String getMyParameter(String name, HttpServletRequest request) { + String value; + + value = request.getParameter(name); + if (value == null) { + value = (String)request.getAttribute(name); + } + if (value == null) { + value = getInitParameter(name); + } + return value; } @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - String localResource = (String)request.getAttribute(PARAMETER_RESOURCE); - String localFormat = (String)request.getAttribute(PARAMETER_FORMAT); + String resource = getMyParameter("resource", request); + String format = getMyParameter("format", request); + String alias = getMyParameter("alias", request); try { - if (localResource == null) { - localResource = resource; - } - if (localResource == null) { + if (resource == null) { throw new IllegalArgumentException("Missing resource name"); } - Details details = pkiResources.get(localResource); + Details details = pkiResources.get(resource); if (details == null) { - throw new IllegalArgumentException(String.format("Resource %1$s is invalid", localResource)); + throw new IllegalArgumentException(String.format("Resource %1$s is invalid", resource)); } - if (localFormat == null) { - localFormat = format; + if (format == null) { + format = details.format; } - if (localFormat == null) { - throw new IllegalArgumentException("Missing format"); + + if (alias == null) { + alias = details.alias; } try (InputStream in = new FileInputStream(details.file)) { - final CertificateFactory cf = CertificateFactory.getInstance("X.509"); - final Certificate certificate = cf.generateCertificate(in); + final Certificate certificate = CertificateFactory.getInstance("X.509").generateCertificate(in); - if (localFormat.startsWith("X509-PEM")) { - if (localFormat.endsWith("-CA")) { + if (format.startsWith("X509-PEM")) { + if (format.endsWith("-CA")) { response.setContentType("application/x-x509-ca-cert"); } else { @@ -115,20 +118,20 @@ ) ); } - else if ("RFC4716".equals(localFormat)) { + else if ("RFC4716".equals(format)) { response.setContentType("text/plain"); // do not let println to use platform specific new line response.getWriter().print( OpenSSHUtils.getKeyString( certificate.getPublicKey(), - details.alias + alias ) ); } else { throw new IllegalArgumentException( String.format( - "Unsupported output format %1$s", localFormat + "Unsupported output format %1$s", format ) ); } @@ -138,8 +141,8 @@ log.error( String.format( "Cannot send public key resource '%1$s' format '%2$s'", - localResource, - localFormat + resource, + format ), e ); @@ -149,8 +152,8 @@ log.error( String.format( "Cannot send public key resource '%1$s' format '%2$s'", - localResource, - localFormat + resource, + format ), e ); diff --git a/packaging/setup/ovirt_engine_setup/constants.py b/packaging/setup/ovirt_engine_setup/constants.py index 376f277..1e91dad 100644 --- a/packaging/setup/ovirt_engine_setup/constants.py +++ b/packaging/setup/ovirt_engine_setup/constants.py @@ -599,6 +599,9 @@ MAC_RANGE_BASE = '00:1a:4a' ENGINE_URI = '/ovirt-engine' + ENGINE_PKI_CA_URI = '%s/services/pki-resource?resource=ca-certificate' % ( + ENGINE_URI, + ) ENGINE_PACKAGE_NAME = 'ovirt-engine' ENGINE_PACKAGE_SETUP_NAME = '%s-setup' % ENGINE_PACKAGE_NAME diff --git a/packaging/setup/plugins/ovirt-engine-setup/pki/ca.py b/packaging/setup/plugins/ovirt-engine-setup/pki/ca.py index 1bf4df7..2f42639 100644 --- a/packaging/setup/plugins/ovirt-engine-setup/pki/ca.py +++ b/packaging/setup/plugins/ovirt-engine-setup/pki/ca.py @@ -187,13 +187,14 @@ content=osetuputil.processTemplate( name, { - '@AIA@': 'http://%s:%s/ca.crt' % ( + '@AIA@': 'http://%s:%s%s' % ( self.environment[ osetupcons.ConfigEnv.FQDN ], self.environment[ osetupcons.ConfigEnv.PUBLIC_HTTP_PORT ], + osetupcons.Const.ENGINE_PKI_CA_URI, ) } ), -- To view, visit http://gerrit.ovirt.org/20787 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Iac544335e1a0c01388eae23405d83bdac4704d34 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
