Ejemplo n.º 1
0
  public SslCertResponse createCertResponse(SslCertVO cert, List<LoadBalancerCertMapVO> lbCertMap) {
    SslCertResponse response = new SslCertResponse();

    Account account = _accountDao.findByIdIncludingRemoved(cert.getAccountId());

    response.setObjectName("sslcert");
    response.setId(cert.getUuid());
    response.setCertificate(cert.getCertificate());
    response.setPrivatekey(cert.getKey());
    response.setFingerprint(cert.getFingerPrint());
    response.setAccountName(account.getAccountName());

    if (cert.getChain() != null) response.setCertchain(cert.getChain());

    if (lbCertMap != null && !lbCertMap.isEmpty()) {
      List<String> lbIds = new ArrayList<String>();
      for (LoadBalancerCertMapVO mapVO : lbCertMap) {
        LoadBalancer lb = _entityMgr.findById(LoadBalancerVO.class, mapVO.getLbId());
        lbIds.add(lb.getUuid());
      }
      response.setLbIds(lbIds);
    }

    return response;
  }
Ejemplo n.º 2
0
  @DB
  @Override
  @ActionEvent(
      eventType = EventTypes.EVENT_LB_CERT_DELETE,
      eventDescription = "Deleting a certificate to cloudstack",
      async = false)
  public void deleteSslCert(DeleteSslCertCmd deleteSslCertCmd) {

    CallContext ctx = CallContext.current();
    Account caller = ctx.getCallingAccount();

    Long certId = deleteSslCertCmd.getId();
    SslCertVO certVO = _sslCertDao.findById(certId);

    if (certVO == null) {
      throw new InvalidParameterValueException("Invalid certificate id: " + certId);
    }
    _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, true, certVO);

    List<LoadBalancerCertMapVO> lbCertRule = _lbCertDao.listByCertId(certId);

    if ((lbCertRule != null) && (!lbCertRule.isEmpty())) {
      String lbUuids = "";

      for (LoadBalancerCertMapVO rule : lbCertRule) {
        LoadBalancerVO lb = _entityMgr.findById(LoadBalancerVO.class, rule.getLbId());
        lbUuids += " " + lb.getUuid();
      }

      throw new CloudRuntimeException("Certificate in use by a loadbalancer(s)" + lbUuids);
    }

    _sslCertDao.remove(certId);
  }
Ejemplo n.º 3
0
  @Override
  public List<SslCertResponse> listSslCerts(ListSslCertsCmd listSslCertCmd) {
    CallContext ctx = CallContext.current();
    Account caller = ctx.getCallingAccount();

    Long certId = listSslCertCmd.getCertId();
    Long accountId = listSslCertCmd.getAccountId();
    Long lbRuleId = listSslCertCmd.getLbId();

    List<SslCertResponse> certResponseList = new ArrayList<SslCertResponse>();

    if (certId == null && accountId == null && lbRuleId == null) {
      throw new InvalidParameterValueException(
          "Invalid parameters either certificate ID or Account ID or Loadbalancer ID required");
    }

    List<LoadBalancerCertMapVO> certLbMap = null;
    SslCertVO certVO = null;

    if (certId != null) {

      certVO = _sslCertDao.findById(certId);

      if (certVO == null) {
        throw new InvalidParameterValueException("Invalid certificate id: " + certId);
      }

      _accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, certVO);

      certLbMap = _lbCertDao.listByCertId(certId);

      certResponseList.add(createCertResponse(certVO, certLbMap));
      return certResponseList;
    }

    if (lbRuleId != null) {
      LoadBalancer lb = _entityMgr.findById(LoadBalancerVO.class, lbRuleId);

      if (lb == null) {
        throw new InvalidParameterValueException("found no loadbalancer  wth id: " + lbRuleId);
      }

      _accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, lb);

      // get the cert id
      LoadBalancerCertMapVO lbCertMapRule;
      lbCertMapRule = _lbCertDao.findByLbRuleId(lbRuleId);

      if (lbCertMapRule == null) {
        s_logger.debug("No certificate bound to loadbalancer id: " + lbRuleId);
        return certResponseList;
      }

      certVO = _sslCertDao.findById(lbCertMapRule.getCertId());
      certLbMap = _lbCertDao.listByCertId(lbCertMapRule.getCertId());

      certResponseList.add(createCertResponse(certVO, certLbMap));
      return certResponseList;
    }

    // reached here look by accountId
    List<SslCertVO> certVOList = _sslCertDao.listByAccountId(accountId);
    if (certVOList == null || certVOList.isEmpty()) return certResponseList;
    _accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, certVOList.get(0));

    for (SslCertVO cert : certVOList) {
      certLbMap = _lbCertDao.listByCertId(cert.getId());
      certResponseList.add(createCertResponse(cert, certLbMap));
    }

    return certResponseList;
  }