merge parent

eucalyptus · Apr 20, 2011 · df87885 · df87885
2 parents a981897 + fad4af8
commit df87885
Show file tree

Hide file tree

Showing 34 changed files with 871 additions and 971 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-eee-2.1.0
+eee-3.0.0
diff --git a/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAccountProxy.java b/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAccountProxy.java
@@ -325,7 +325,7 @@ public List<Authorization> lookupAccountGlobalAuthorizations( String resourceTyp
           .createCriteria( "statement" ).setCacheable( true )
           .createCriteria( "policy" ).setCacheable( true )
           .createCriteria( "group" ).setCacheable( true ).add( groupExample )
-          .createCriteria( "account" ).setCacheable( true ).add( Restrictions.idEq( accountId ) )
+          .createCriteria( "account" ).setCacheable( true ).add( Restrictions.eq( "accountNumber", accountId ) )
           .list( );
       db.commit( );
       List<Authorization> results = Lists.newArrayList( );
@@ -359,7 +359,7 @@ public List<Authorization> lookupAccountGlobalQuotas( String resourceType ) thro
           .createCriteria( "statement" ).setCacheable( true )
           .createCriteria( "policy" ).setCacheable( true )
           .createCriteria( "group" ).setCacheable( true ).add( groupExample )
-          .createCriteria( "account" ).setCacheable( true ).add( Restrictions.idEq( accountId ) )
+          .createCriteria( "account" ).setCacheable( true ).add( Restrictions.eq( "accountNumber", accountId ) )
           .list( );
       db.commit( );
       List<Authorization> results = Lists.newArrayList( );

diff --git a/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAuthBootstrapper.java b/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAuthBootstrapper.java
@@ -33,10 +33,6 @@ public boolean start( ) throws Exception {
   if(Components.lookup( Eucalyptus.class ).isAvailableLocally( )) {
       this.eusureSystemAdminExist( );
       LdapSync.start( );
-
-      // Remove once done.
-      //AuthTest.test( );
-
     }
     return true;
   }
@@ -85,14 +81,12 @@ private void eusureSystemAdminExist( ) throws Exception {
       Account account = Accounts.lookupAccountByName( Account.SYSTEM_ACCOUNT );
       account.lookupUserByName( User.ACCOUNT_ADMIN );
     } catch ( AuthException e ) {
+      LOG.debug( "System admin does not exist. Adding it now." );
       // Order matters.
       Account system = Accounts.addSystemAccount( );
       User admin = system.addUser( User.ACCOUNT_ADMIN, "/", true, true, null );
       admin.createKey( );
-      admin.createToken( );
-      admin.createConfirmationCode( );
       admin.createPassword( );
-      LOG.warn( "System admin does not exist. Adding it now.", e );
     }
   }
 }
diff --git a/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAuthUtils.java b/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAuthUtils.java
@@ -112,7 +112,7 @@ public static PolicyEntity getUniquePolicy( EntityWrapper db, String policyName,
     @SuppressWarnings( "unchecked" )
     List<PolicyEntity> policies = ( List<PolicyEntity> ) db
         .createCriteria( PolicyEntity.class ).setCacheable( true ).add( example )
-        .createCriteria( "group" ).setCacheable( true ).add( Restrictions.idEq( groupId ) )
+        .createCriteria( "group" ).setCacheable( true ).add( Restrictions.eq( "groupId", groupId ) )
         .list( );
     if ( policies.size( ) != 1 ) {
       throw new AuthException( "Found " + policies.size( ) + " policies" );

diff --git a/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseGroupProxy.java b/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseGroupProxy.java
@@ -148,7 +148,7 @@ public boolean hasUser( String userName ) throws AuthException {
       @SuppressWarnings( "unchecked" )
       List<UserEntity> users = ( List<UserEntity> ) db
           .createCriteria( UserEntity.class ).setCacheable( true ).add( userExample )
-          .createCriteria( "groups" ).setCacheable( true ).add( Restrictions.idEq( this.delegate.getGroupId( ) ) )
+          .createCriteria( "groups" ).setCacheable( true ).add( Restrictions.eq( "groupId", this.delegate.getGroupId( ) ) )
           .list( );
       db.commit( );
       return users.size( ) > 0;

diff --git a/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseUserProxy.java b/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseUserProxy.java
@@ -596,7 +596,7 @@ public List<Authorization> lookupAuthorizations( String resourceType ) throws Au
           .createCriteria( "statement" ).setCacheable( true )
           .createCriteria( "policy" ).setCacheable( true )
           .createCriteria( "group" ).setCacheable( true )
-          .createCriteria( "users" ).setCacheable( true ).add(Restrictions.idEq( userId ) )
+          .createCriteria( "users" ).setCacheable( true ).add(Restrictions.eq( "userId", userId ) )
           .list( );
       db.commit( );
       List<Authorization> results = Lists.newArrayList( );
@@ -625,7 +625,7 @@ public List<Authorization> lookupQuotas( String resourceType ) throws AuthExcept
           .createCriteria( "statement" ).setCacheable( true )
           .createCriteria( "policy" ).setCacheable( true )
           .createCriteria( "group" ).setCacheable( true )
-          .createCriteria( "users" ).add(Restrictions.idEq( userId ) )
+          .createCriteria( "users" ).add(Restrictions.eq( "userId", userId ) )
           .list( );
       db.commit( );
       List<Authorization> results = Lists.newArrayList( );

diff --git a/clc/modules/authentication/src/main/java/com/eucalyptus/auth/crypto/StringCrypto.java b/clc/modules/authentication/src/main/java/com/eucalyptus/auth/crypto/StringCrypto.java
@@ -0,0 +1,148 @@
+package com.eucalyptus.auth.crypto;
+
+import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Security;
+import java.util.Arrays;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.commons.codec.binary.Base64;
+import org.bouncycastle.util.encoders.UrlBase64;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import com.eucalyptus.component.auth.AbstractKeyStore;
+import com.eucalyptus.component.auth.EucaKeyStore;
+
+public class StringCrypto {
+
+	private final String ALIAS = "eucalyptus"; // TODO: don't hardcode these?
+	private final String PASSWORD = "eucalyptus";
+
+	private static AbstractKeyStore keystore;
+	private final String symmetricFormat = "DESede/CBC/PKCS5Padding";
+	private String asymmetricFormat = "RSA/ECB/PKCS1Padding";
+	private String provider = "BC";
+
+	public static byte [] cat (byte[] bs, byte[] bs2) {
+		byte [] result = Arrays.copyOf (bs, bs.length + bs2.length);
+		System.arraycopy(bs2, 0, result, bs.length, bs2.length);
+		return result;
+	}
+
+	public StringCrypto () { }
+
+	public StringCrypto (String format, String provider) 
+	{
+		this.asymmetricFormat = format;
+		this.provider = provider;
+		Security.addProvider( new BouncyCastleProvider( ) );
+		if (Security.getProvider (this.provider) == null) 
+			throw new RuntimeException("cannot find security provider " + this.provider);
+		keystore = EucaKeyStore.getInstance();
+		if (keystore==null || !keystore.containsEntry("eucalyptus")) 
+			throw new RuntimeException ("cannot load keystore or find the key");
+	}
+
+	public byte[] encrypt (String password) 
+	throws GeneralSecurityException 
+	{
+		Key pk = keystore.getCertificate(ALIAS).getPublicKey(); 
+		Cipher cipher = Cipher.getInstance(this.asymmetricFormat, this.provider);
+		cipher.init(Cipher.ENCRYPT_MODE, pk);
+		byte [] passwordEncrypted = cipher.doFinal(password.getBytes());
+		return UrlBase64.encode(passwordEncrypted);
+		//return cat (VMwareBrokerProperties.ENCRYPTION_FORMAT.getBytes(), UrlBase64.encode(passwordEncrypted)); // prepend format
+	}
+
+	public String decrypt (String passwordEncoded) 
+	throws GeneralSecurityException 
+	{
+		//String withoutPrefix = passwordEncoded.substring(VMwareBrokerProperties.ENCRYPTION_FORMAT.length(), passwordEncoded.length());
+		byte[] passwordEncrypted = UrlBase64.decode(passwordEncoded);
+		Key pk = keystore.getKey(ALIAS, PASSWORD);
+		Cipher cipher = Cipher.getInstance(this.asymmetricFormat, this.provider);
+		cipher.init(Cipher.DECRYPT_MODE, pk);
+		return new String(cipher.doFinal(passwordEncrypted));
+	}
+
+	/**
+	 * Decrypt base64 encoded password generated by openssl.
+	 * @param passwordEncrypted in base64
+	 * @return
+	 * @throws GeneralSecurityException
+	 */
+	public String decryptOpenssl(String passwordEncoded) throws GeneralSecurityException {
+	  // Somehow, UrlBase64 in BC can not decode openssl generated base64 string correctly.
+	  // We have to use the Base64 from Commons codec library.
+	  byte[] passwordEncrypted = Base64.decodeBase64(passwordEncoded.getBytes());
+	  Key pk = keystore.getKey(ALIAS, PASSWORD);
+	  Cipher cipher = Cipher.getInstance(this.asymmetricFormat, this.provider);
+	  cipher.init(Cipher.DECRYPT_MODE, pk);
+	  return new String(cipher.doFinal(passwordEncrypted));
+	}
+
+	 /**
+   * Decrypt base64 encoded password generated by openssl.
+   * @param format encryption format
+   * @param passwordEncrypted in base64
+   * @return
+   * @throws GeneralSecurityException
+   */
+  public String decryptOpenssl(String format, String passwordEncoded) throws GeneralSecurityException {
+    // Somehow, UrlBase64 in BC can not decode openssl generated base64 string correctly.
+    // We have to use the Base64 from Commons codec library.
+    byte[] passwordEncrypted = Base64.decodeBase64(passwordEncoded.getBytes());
+    Key pk = keystore.getKey(ALIAS, PASSWORD);
+    Cipher cipher = Cipher.getInstance(format, this.provider);
+    cipher.init(Cipher.DECRYPT_MODE, pk);
+    return new String(cipher.doFinal(passwordEncrypted));
+  }
+
+	private byte[] makeKey (String secret) throws NoSuchAlgorithmException 
+	{
+		// TODO: not sure about all this hanky-panky (this is from stackoverflow.com)
+		final MessageDigest md = MessageDigest.getInstance("md5");
+		final byte[] digestOfPassword = md.digest(secret.getBytes());
+		final byte[] keyBytes = Arrays.copyOf(digestOfPassword, 24);
+		for (int j = 0,  k = 16; j < 8;)
+		{
+			keyBytes[k++] = keyBytes[j++];
+		}
+		return keyBytes;
+	}
+
+	public byte[] encrypt (String string, String secret) 
+	throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException 
+	{		
+		final byte[] keyBytes = makeKey(secret);
+		final SecretKey key = new SecretKeySpec(keyBytes, "DESede");
+		final IvParameterSpec iv = new IvParameterSpec(new byte[8]);
+		final Cipher cipher = Cipher.getInstance(this.symmetricFormat);
+		cipher.init(Cipher.ENCRYPT_MODE, key, iv);
+		final byte[] stringEncrypted = cipher.doFinal(string.getBytes());
+		return UrlBase64.encode(stringEncrypted);
+	}
+
+	public String decrypt (byte[] stringEncoded, String secret) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException 
+	{
+		final byte[] keyBytes = makeKey(secret);
+		byte[] stringEncrypted = UrlBase64.decode(stringEncoded);
+		final SecretKey key = new SecretKeySpec(keyBytes, "DESede");
+		final IvParameterSpec iv = new IvParameterSpec(new byte[8]);
+		final Cipher cipher = Cipher.getInstance(this.symmetricFormat);
+		cipher.init(Cipher.DECRYPT_MODE, key, iv);
+		return new String(cipher.doFinal(stringEncrypted));
+	}
+}
diff --git a/clc/modules/authentication/src/main/java/com/eucalyptus/auth/crypto/StringCryptoTest.java b/clc/modules/authentication/src/main/java/com/eucalyptus/auth/crypto/StringCryptoTest.java
@@ -0,0 +1,37 @@
+package com.eucalyptus.auth.crypto;
+
+import java.io.ByteArrayOutputStream;
+import java.io.FileInputStream;
+import org.apache.commons.codec.binary.Base64;
+import org.bouncycastle.util.encoders.UrlBase64;
+
+public class StringCryptoTest {
+
+  /**
+   * @param args
+   */
+  public static void main( String[] args ) throws Exception {
+    // TODO Auto-generated method stub
+    StringCrypto sc = new StringCrypto( "RSA/ECB/PKCS1Padding", "BC" );
+    System.out.println( sc.decryptOpenssl( "N8MFkU9cbxKHvtD9Xq0JaAu2X65d90J1lD6wJ5UkcdX4LyUZv/sBtaa0HlXZlW64YoAzn02P+312GTTsGiUlBzbK8o5LbY8DHyOqH/thv3JhvLVLpQRTLBH+YnGzBwqybUnwGTz4dNxkKu52vA/FvGC7UNC/PHzxjN07CwZ1riJPoYB6vSyH41dVYbs+oLSm2FMXx+mLxKVYq4NoewSPiwn0fZHTITm6nvWi5IV2cNF+K+Ibgx9/QUanKHRjAmmvEHVIGQoXu72POkTjdNu+tqqNFN7jF3dD0/CuXVeSYx/auOHhQ6zTnDJdqPHWd2H9CQQU+nfHtsR3VG91vE73yA==" ) );
+  }
+
+  private static void printDec( byte[] ba ) {
+    for ( byte b : ba ) {
+      System.out.print( b + " " );
+    }
+    System.out.print( '\n' );
+  }
+
+  private static byte[] readfile( String filename ) throws Exception {
+    FileInputStream fis = new FileInputStream( filename );
+    ByteArrayOutputStream baos = new ByteArrayOutputStream( );
+    byte[] block = new byte[512];
+    int n;
+    while ( ( n = fis.read( block ) ) > 0 ) {
+      baos.write( block, 0, n );
+    }
+    return baos.toByteArray( );
+  }
+
+}
diff --git a/clc/modules/authentication/src/main/java/com/eucalyptus/auth/entities/CertificateEntity.java b/clc/modules/authentication/src/main/java/com/eucalyptus/auth/entities/CertificateEntity.java
@@ -8,10 +8,12 @@
 import javax.persistence.Lob;
 import javax.persistence.ManyToOne;
 import javax.persistence.PersistenceContext;
+import javax.persistence.PrePersist;
 import javax.persistence.Table;
 import javax.persistence.Transient;
 import org.hibernate.annotations.Cache;
 import org.hibernate.annotations.CacheConcurrencyStrategy;
+import com.eucalyptus.crypto.Crypto;
 import com.eucalyptus.entities.AbstractPersistent;
 
 /**
@@ -67,7 +69,14 @@ public static CertificateEntity newInstanceWithId( final String id ) {
     c.certificateId = id;
     return c;
   }
-
+
+  @PrePersist
+  public void generateOnCommit() {
+    if( this.certificateId == null ) {
+      this.certificateId = Crypto.getHmacProvider( ).generateQueryId( this.pem );
+    }
+  }
+
   @Override
   public boolean equals( final Object o ) {
     if ( this == o ) return true;

diff --git a/clc/modules/authentication/src/main/java/com/eucalyptus/auth/entities/GroupEntity.java b/clc/modules/authentication/src/main/java/com/eucalyptus/auth/entities/GroupEntity.java
@@ -12,10 +12,12 @@
 import javax.persistence.ManyToOne;
 import javax.persistence.OneToMany;
 import javax.persistence.PersistenceContext;
+import javax.persistence.PrePersist;
 import javax.persistence.Table;
 import javax.persistence.Transient;
 import org.hibernate.annotations.Cache;
 import org.hibernate.annotations.CacheConcurrencyStrategy;
+import com.eucalyptus.crypto.Crypto;
 import com.eucalyptus.entities.AbstractPersistent;
 import com.google.common.collect.Lists;
 
@@ -87,6 +89,13 @@ public static GroupEntity newInstanceWithGroupId( final String id ) {
     return g;
   }
 
+  @PrePersist
+  public void generateOnCommit() {
+    if( this.groupId == null ) {
+      this.groupId = Crypto.getHmacProvider( ).generateQueryId( this.name + System.currentTimeMillis( ) );
+    }
+  }
+
   @Override
   public boolean equals( final Object o ) {
     if ( this == o ) return true;