1
/*******************************************************************************
2
*Copyright (c) 2009 Eucalyptus Systems, Inc.
4
* This program is free software: you can redistribute it and/or modify
5
* it under the terms of the GNU General Public License as published by
6
* the Free Software Foundation, only version 3 of the License.
9
* This file is distributed in the hope that it will be useful, but WITHOUT
10
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14
* You should have received a copy of the GNU General Public License along
15
* with this program. If not, see <http://www.gnu.org/licenses/>.
17
* Please contact Eucalyptus Systems, Inc., 130 Castilian
18
* Dr., Goleta, CA 93101 USA or visit <http://www.eucalyptus.com/licenses/>
19
* if you need additional information or have any questions.
21
* This file may incorporate work covered under the following copyright and
24
* Software License Agreement (BSD License)
26
* Copyright (c) 2008, Regents of the University of California
27
* All rights reserved.
29
* Redistribution and use of this software in source and binary forms, with
30
* or without modification, are permitted provided that the following
33
* Redistributions of source code must retain the above copyright notice,
34
* this list of conditions and the following disclaimer.
36
* Redistributions in binary form must reproduce the above copyright
37
* notice, this list of conditions and the following disclaimer in the
38
* documentation and/or other materials provided with the distribution.
40
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
41
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
42
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
43
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
44
* OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
45
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
46
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
47
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
48
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
49
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
50
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. USERS OF
51
* THIS SOFTWARE ACKNOWLEDGE THE POSSIBLE PRESENCE OF OTHER OPEN SOURCE
52
* LICENSED MATERIAL, COPYRIGHTED MATERIAL OR PATENTED MATERIAL IN THIS
53
* SOFTWARE, AND IF ANY SUCH MATERIAL IS DISCOVERED THE PARTY DISCOVERING
54
* IT MAY INFORM DR. RICH WOLSKI AT THE UNIVERSITY OF CALIFORNIA, SANTA
55
* BARBARA WHO WILL THEN ASCERTAIN THE MOST APPROPRIATE REMEDY, WHICH IN
56
* THE REGENTS’ DISCRETION MAY INCLUDE, WITHOUT LIMITATION, REPLACEMENT
57
* OF THE CODE SO IDENTIFIED, LICENSING OF THE CODE SO IDENTIFIED, OR
58
* WITHDRAWAL OF THE CODE CAPABILITY TO THE EXTENT NEEDED TO COMPLY WITH
59
* ANY SUCH LICENSES OR RIGHTS.
60
*******************************************************************************/
63
* Author: Neil Soman neil@eucalyptus.com
66
package com.eucalyptus.util;
68
import java.security.PrivateKey;
69
import java.security.PublicKey;
71
import javax.crypto.Cipher;
73
import org.apache.log4j.Logger;
74
import org.bouncycastle.util.encoders.Base64;
76
import com.eucalyptus.auth.Authentication;
77
import com.eucalyptus.auth.SystemCredentialProvider;
78
import com.eucalyptus.auth.ClusterCredentials;
79
import com.eucalyptus.auth.SystemCredentialProvider;
80
import com.eucalyptus.auth.X509Cert;
81
import com.eucalyptus.bootstrap.Component;
82
import com.eucalyptus.entities.EntityWrapper;
83
import com.eucalyptus.util.EucalyptusCloudException;
84
import com.eucalyptus.util.StorageProperties;
86
public class BlockStorageUtil {
87
private static Logger LOG = Logger.getLogger(BlockStorageUtil.class);
89
public static String encryptNodeTargetPassword(String password) throws EucalyptusCloudException {
90
EntityWrapper<ClusterCredentials> credDb = Authentication.getEntityWrapper( );
92
ClusterCredentials credentials = credDb.getUnique( new ClusterCredentials( StorageProperties.NAME ) );
93
PublicKey ncPublicKey = X509Cert.toCertificate(credentials.getNodeCertificate()).getPublicKey();
95
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
96
cipher.init(Cipher.ENCRYPT_MODE, ncPublicKey);
97
return new String(Base64.encode(cipher.doFinal(password.getBytes())));
98
} catch ( Exception e ) {
99
LOG.error( "Unable to encrypt storage target password" );
101
throw new EucalyptusCloudException(e.getMessage(), e);
105
public static String encryptSCTargetPassword(String password) throws EucalyptusCloudException {
106
PublicKey scPublicKey = SystemCredentialProvider.getCredentialProvider(Component.storage).getKeyPair().getPublic();
109
cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
110
cipher.init(Cipher.ENCRYPT_MODE, scPublicKey);
111
return new String(Base64.encode(cipher.doFinal(password.getBytes())));
112
} catch (Exception e) {
113
LOG.error("Unable to encrypted storage target password");
114
throw new EucalyptusCloudException(e.getMessage(), e);
118
public static String decryptSCTargetPassword(String encryptedPassword) throws EucalyptusCloudException {
119
PrivateKey scPrivateKey = SystemCredentialProvider.getCredentialProvider(Component.storage).getPrivateKey();
121
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
122
cipher.init(Cipher.DECRYPT_MODE, scPrivateKey);
123
return new String(cipher.doFinal(Base64.decode(encryptedPassword)));
124
} catch(Exception ex) {
126
throw new EucalyptusCloudException("Unable to decrypt storage target password", ex);