68
68
import java.security.cert.X509Certificate;
69
69
import java.util.concurrent.ConcurrentHashMap;
70
70
import java.util.concurrent.ConcurrentMap;
72
71
import org.apache.log4j.Logger;
72
import com.eucalyptus.auth.crypto.Certs;
74
73
import com.eucalyptus.auth.util.EucaKeyStore;
75
import com.eucalyptus.auth.util.KeyTool;
74
import com.eucalyptus.auth.util.PEMFiles;
75
import com.eucalyptus.bootstrap.Bootstrap;
76
76
import com.eucalyptus.bootstrap.Bootstrapper;
77
77
import com.eucalyptus.bootstrap.Component;
78
import com.eucalyptus.bootstrap.Depends;
78
import com.eucalyptus.bootstrap.DependsLocal;
79
79
import com.eucalyptus.bootstrap.Provides;
80
import com.eucalyptus.bootstrap.Resource;
81
import com.eucalyptus.util.EucalyptusProperties;
80
import com.eucalyptus.bootstrap.RunDuring;
81
import com.eucalyptus.bootstrap.Bootstrap.Stage;
82
import com.eucalyptus.system.SubDirectory;
83
@Provides( resource = Resource.SystemCredentials )
84
@Depends( local = Component.eucalyptus )
84
@Provides( Component.any )
85
@RunDuring( Bootstrap.Stage.SystemCredentialsInit )
86
@DependsLocal( Component.eucalyptus )
85
87
public class SystemCredentialProvider extends Bootstrapper {
86
88
private static Logger LOG = Logger.getLogger( SystemCredentialProvider.class );
87
89
private static ConcurrentMap<Component, X509Certificate> certs = new ConcurrentHashMap<Component, X509Certificate>( );
155
157
private void createSystemCredentialProviderKey( Component name ) throws Exception {
156
KeyTool keyTool = new KeyTool( );
158
KeyPair sysKp = keyTool.getKeyPair( );
159
X509Certificate sysX509 = keyTool.getCertificate( sysKp, EucalyptusProperties.getDName( name.name( ) ) );
159
KeyPair sysKp = Certs.generateKeyPair( );
160
X509Certificate sysX509 = Certs.generateServiceCertificate( sysKp, name.name( ) );
161
if( Component.eucalyptus.equals( name ) ) {
162
PEMFiles.write( SubDirectory.KEYS.toString( ) + "/cloud-cert.pem", sysX509 );
163
PEMFiles.write( SubDirectory.KEYS.toString( ) + "/cloud-pk.pem", sysKp.getPrivate( ) );
160
165
SystemCredentialProvider.certs.put( name, sysX509 );
161
166
SystemCredentialProvider.keypairs.put( name, sysKp );
162
167
// TODO: might need separate keystore for euca/hsqldb/ssl/jetty/etc.
174
public boolean load( Resource current ) throws Exception {
179
public boolean load( Stage current ) throws Exception {
181
if ( !SystemCredentialProvider.check( Component.eucalyptus ) ) {
182
SystemCredentialProvider.init( Component.eucalyptus );
177
184
for ( Component c : Component.values( ) ) {
179
if ( !SystemCredentialProvider.check( c ) ) SystemCredentialProvider.init( c );
186
if ( !SystemCredentialProvider.check( c ) ) {
187
SystemCredentialProvider.init( c );
180
189
} catch ( Exception e ) {
185
194
} catch ( Exception e ) {
186
195
LOG.error( e, e );