apache
diff --git a/‎agent/src/main/java/com/cloud/agent/Agent.java‎
Lines changed: 0 additions & 28 deletions b/‎agent/src/main/java/com/cloud/agent/Agent.java‎
Lines changed: 0 additions & 28 deletions
diff --git a/‎…adTemplateDirectDownloadCertificate.java‎ ‎…emplateDirectDownloadCertificateCmd.java‎api/src/main/java/org/apache/cloudstack/api/command/admin/direct/download/UploadTemplateDirectDownloadCertificate.java renamed to api/src/main/java/org/apache/cloudstack/api/command/admin/direct/download/UploadTemplateDirectDownloadCertificateCmd.java
Lines changed: 92 additions & 90 deletions b/‎…adTemplateDirectDownloadCertificate.java‎ ‎…emplateDirectDownloadCertificateCmd.java‎api/src/main/java/org/apache/cloudstack/api/command/admin/direct/download/UploadTemplateDirectDownloadCertificate.java renamed to api/src/main/java/org/apache/cloudstack/api/command/admin/direct/download/UploadTemplateDirectDownloadCertificateCmd.java
Lines changed: 92 additions & 90 deletions
diff --git a/‎…load/SetupDirectDownloadCertificate.java‎ ‎…tupDirectDownloadCertificateCommand.java‎core/src/main/java/org/apache/cloudstack/agent/directdownload/SetupDirectDownloadCertificate.java renamed to core/src/main/java/org/apache/cloudstack/agent/directdownload/SetupDirectDownloadCertificateCommand.java
Lines changed: 2 additions & 2 deletions b/‎…load/SetupDirectDownloadCertificate.java‎ ‎…tupDirectDownloadCertificateCommand.java‎core/src/main/java/org/apache/cloudstack/agent/directdownload/SetupDirectDownloadCertificate.java renamed to core/src/main/java/org/apache/cloudstack/agent/directdownload/SetupDirectDownloadCertificateCommand.java
Lines changed: 2 additions & 2 deletions
diff --git a/‎plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSetupDirectDownloadCertificateCommandWrapper.java‎
Lines changed: 136 additions & 0 deletions b/‎plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSetupDirectDownloadCertificateCommandWrapper.java‎
Lines changed: 136 additions & 0 deletions
@@ -39,7 +39,6 @@
 
 import javax.naming.ConfigurationException;
 
-import org.apache.cloudstack.agent.directdownload.SetupDirectDownloadCertificate;
 import org.apache.cloudstack.agent.lb.SetupMSListAnswer;
 import org.apache.cloudstack.agent.lb.SetupMSListCommand;
 import org.apache.cloudstack.ca.PostCertificateRenewalCommand;
@@ -630,8 +629,6 @@ protected void processRequest(final Request request, final Link link) {
                         if (Host.Type.Routing.equals(_resource.getType())) {
                             scheduleServicesRestartTask();
                         }
-                    } else if (cmd instanceof SetupDirectDownloadCertificate) {
-                        answer = setupDirectDownloadCertificate((SetupDirectDownloadCertificate) cmd);
                     } else if (cmd instanceof SetupMSListCommand) {
                         answer = setupManagementServerList((SetupMSListCommand) cmd);
                     } else {
@@ -683,31 +680,6 @@ protected void processRequest(final Request request, final Link link) {
         }
     }
 
-    private Answer setupDirectDownloadCertificate(SetupDirectDownloadCertificate cmd) {
-        String certificate = cmd.getCertificate();
-        String certificateName = cmd.getCertificateName();
-        s_logger.info("Importing certificate " + certificateName + " into keystore");
-
-        final File agentFile = PropertiesUtil.findConfigFile("agent.properties");
-        if (agentFile == null) {
-            return new Answer(cmd, false, "Failed to find agent.properties file");
-        }
-
-        final String keyStoreFile = agentFile.getParent() + "/" + KeyStoreUtils.KS_FILENAME;
-
-        String cerFile = agentFile.getParent() + "/" + certificateName + ".cer";
-        Script.runSimpleBashScript(String.format("echo '%s' > %s", certificate, cerFile));
-
-        String privatePasswordFormat = "sed -n '/keystore.passphrase/p' '%s' 2>/dev/null  | sed 's/keystore.passphrase=//g' 2>/dev/null";
-        String privatePasswordCmd = String.format(privatePasswordFormat, agentFile.getAbsolutePath());
-        String privatePassword = Script.runSimpleBashScript(privatePasswordCmd);
-
-        String importCommandFormat = "keytool -importcert -file %s -keystore %s -alias '%s' -storepass '%s' -noprompt";
-        String importCmd = String.format(importCommandFormat, cerFile, keyStoreFile, certificateName, privatePassword);
-        Script.runSimpleBashScript(importCmd);
-        return new Answer(cmd, true, "Certificate " + certificateName + " imported");
-    }
-
     public Answer setupAgentKeystore(final SetupKeyStoreCommand cmd) {
         final String keyStorePassword = cmd.getKeystorePassword();
         final long validityDays = cmd.getValidityDays();
 
@@ -1,90 +1,92 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.direct.download;
-
-import com.cloud.exception.ConcurrentOperationException;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.exception.NetworkRuleConflictException;
-import org.apache.cloudstack.acl.RoleType;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.response.SuccessResponse;
-import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.direct.download.DirectDownloadManager;
-import org.apache.log4j.Logger;
-
-import javax.inject.Inject;
-
-@APICommand(name = UploadTemplateDirectDownloadCertificate.APINAME,
-        description = "Upload a certificate for HTTPS direct template download on KVM hosts",
-        responseObject = SuccessResponse.class,
-        requestHasSensitiveInfo = true,
-        responseHasSensitiveInfo = true,
-        since = "4.11.0",
-        authorized = {RoleType.Admin})
-public class UploadTemplateDirectDownloadCertificate extends BaseCmd {
-
-    @Inject
-    DirectDownloadManager directDownloadManager;
-
-    private static final Logger LOG = Logger.getLogger(UploadTemplateDirectDownloadCertificate.class);
-    public static final String APINAME = "uploadTemplateDirectDownloadCertificate";
-
-    @Parameter(name = ApiConstants.CERTIFICATE, type = BaseCmd.CommandType.STRING, required = true, length = 65535,
-            description = "SSL certificate")
-    private String certificate;
-
-    @Parameter(name = ApiConstants.NAME , type = BaseCmd.CommandType.STRING, required = true,
-            description = "Name for the uploaded certificate")
-    private String name;
-
-    @Parameter(name = ApiConstants.HYPERVISOR, type = BaseCmd.CommandType.STRING, required = true, description = "Hypervisor type")
-    private String hypervisor;
-
-    @Override
-    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException, NetworkRuleConflictException {
-        if (!hypervisor.equalsIgnoreCase("kvm")) {
-            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Currently supporting KVM hosts only");
-        }
-
-        SuccessResponse response = new SuccessResponse(getCommandName());
-        try {
-            LOG.debug("Uploading certificate " + name + " to agents for Direct Download");
-            boolean result = directDownloadManager.uploadCertificateToHosts(certificate, name, hypervisor);
-            response.setSuccess(result);
-            setResponseObject(response);
-        } catch (Exception e) {
-            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.getMessage());
-        }
-    }
-
-    @Override
-    public String getCommandName() {
-        return APINAME.toLowerCase() + BaseCmd.RESPONSE_SUFFIX;
-    }
-
-    @Override
-    public long getEntityOwnerId() {
-        return CallContext.current().getCallingAccount().getId();
-    }
-}
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.direct.download;
+
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.exception.NetworkRuleConflictException;
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.direct.download.DirectDownloadManager;
+import org.apache.log4j.Logger;
+
+import javax.inject.Inject;
+
+@APICommand(name = UploadTemplateDirectDownloadCertificateCmd.APINAME,
+        description = "Upload a certificate for HTTPS direct template download on KVM hosts",
+        responseObject = SuccessResponse.class,
+        requestHasSensitiveInfo = true,
+        responseHasSensitiveInfo = true,
+        since = "4.11.0",
+        authorized = {RoleType.Admin})
+public class UploadTemplateDirectDownloadCertificateCmd extends BaseCmd {
+
+    @Inject
+    DirectDownloadManager directDownloadManager;
+
+    private static final Logger LOG = Logger.getLogger(UploadTemplateDirectDownloadCertificateCmd.class);
+    public static final String APINAME = "uploadTemplateDirectDownloadCertificate";
+
+    @Parameter(name = ApiConstants.CERTIFICATE, type = BaseCmd.CommandType.STRING, required = true, length = 65535,
+            description = "SSL certificate")
+    private String certificate;
+
+    @Parameter(name = ApiConstants.NAME , type = BaseCmd.CommandType.STRING, required = true,
+            description = "Name for the uploaded certificate")
+    private String name;
+
+    @Parameter(name = ApiConstants.HYPERVISOR, type = BaseCmd.CommandType.STRING, required = true, description = "Hypervisor type")
+    private String hypervisor;
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException, NetworkRuleConflictException {
+        if (!hypervisor.equalsIgnoreCase("kvm")) {
+            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Currently supporting KVM hosts only");
+        }
+
+        SuccessResponse response = new SuccessResponse(getCommandName());
+        try {
+            LOG.debug("Uploading certificate " + name + " to agents for Direct Download");
+            boolean result = directDownloadManager.uploadCertificateToHosts(certificate, name, hypervisor);
+            response.setSuccess(result);
+            setResponseObject(response);
+        } catch (Exception e) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.getMessage());
+        }
+    }
+
+    @Override
+    public String getCommandName() {
+        return APINAME.toLowerCase() + BaseCmd.RESPONSE_SUFFIX;
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return CallContext.current().getCallingAccount().getId();
+    }
+}
+
+
@@ -20,12 +20,12 @@
 
 import com.cloud.agent.api.Command;
 
-public class SetupDirectDownloadCertificate extends Command {
+public class SetupDirectDownloadCertificateCommand extends Command {
 
     private String certificate;
     private String certificateName;
 
-    public SetupDirectDownloadCertificate(String certificate, String name) {
+    public SetupDirectDownloadCertificateCommand(String certificate, String name) {
         this.certificate = certificate;
         this.certificateName = name;
     }
 
@@ -0,0 +1,136 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+package com.cloud.hypervisor.kvm.resource.wrapper;
+
+import com.cloud.agent.api.Answer;
+import com.cloud.hypervisor.kvm.resource.LibvirtComputingResource;
+import com.cloud.resource.CommandWrapper;
+import com.cloud.resource.ResourceWrapper;
+import com.cloud.utils.PropertiesUtil;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.script.Script;
+import org.apache.cloudstack.agent.directdownload.SetupDirectDownloadCertificateCommand;
+import org.apache.cloudstack.utils.security.KeyStoreUtils;
+import org.apache.log4j.Logger;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+
+import static org.apache.commons.lang.StringUtils.isBlank;
+
+@ResourceWrapper(handles =  SetupDirectDownloadCertificateCommand.class)
+public class LibvirtSetupDirectDownloadCertificateCommandWrapper extends CommandWrapper<SetupDirectDownloadCertificateCommand, Answer, LibvirtComputingResource> {
+
+    private static final String temporaryCertFilePrefix = "CSCERTIFICATE";
+
+    private static final Logger s_logger = Logger.getLogger(LibvirtSetupDirectDownloadCertificateCommandWrapper.class);
+
+    /**
+     * Retrieve agent.properties file
+     */
+    private File getAgentPropertiesFile() throws FileNotFoundException {
+        final File agentFile = PropertiesUtil.findConfigFile("agent.properties");
+        if (agentFile == null) {
+            throw new FileNotFoundException("Failed to find agent.properties file");
+        }
+        return agentFile;
+    }
+
+    /**
+     * Get the property 'keystore.passphrase' value from agent.properties file
+     */
+    private String getKeystorePassword(File agentFile) {
+        String pass = null;
+        if (agentFile != null) {
+            try {
+                pass = PropertiesUtil.loadFromFile(agentFile).getProperty(KeyStoreUtils.KS_PASSPHRASE_PROPERTY);
+            } catch (IOException e) {
+                s_logger.error("Could not get 'keystore.passphrase' property value due to: " + e.getMessage());
+            }
+        }
+        return pass;
+    }
+
+    /**
+     * Get keystore path
+     */
+    private String getKeyStoreFilePath(File agentFile) {
+        return agentFile.getParent() + "/" + KeyStoreUtils.KS_FILENAME;
+    }
+
+    /**
+     * Import certificate from temporary file into keystore
+     */
+    private void importCertificate(String tempCerFilePath, String keyStoreFile, String certificateName, String privatePassword) {
+        s_logger.debug("Importing certificate from temporary file to keystore");
+        String importCommandFormat = "keytool -importcert -file %s -keystore %s -alias '%s' -storepass '%s' -noprompt";
+        String importCmd = String.format(importCommandFormat, tempCerFilePath, keyStoreFile, certificateName, privatePassword);
+        int result = Script.runSimpleBashScriptForExitValue(importCmd);
+        if (result != 0) {
+            s_logger.debug("Certificate " + certificateName + " not imported as it already exist on keystore");
+        }
+    }
+
+    /**
+     * Create temporary file and return its path
+     */
+    private String createTemporaryFile(File agentFile, String certificateName, String certificate) {
+        String tempCerFilePath = String.format("%s/%s-%s",
+                agentFile.getParent(), temporaryCertFilePrefix, certificateName);
+        s_logger.debug("Creating temporary certificate file into: " + tempCerFilePath);
+        int result = Script.runSimpleBashScriptForExitValue(String.format("echo '%s' > %s", certificate, tempCerFilePath));
+        if (result != 0) {
+            throw new CloudRuntimeException("Could not create the certificate file on path: " + tempCerFilePath);
+        }
+        return tempCerFilePath;
+    }
+
+    /**
+     * Remove temporary file
+     */
+    private void cleanupTemporaryFile(String temporaryFile) {
+        s_logger.debug("Cleaning up temporary certificate file");
+        Script.runSimpleBashScript("rm -f " + temporaryFile);
+    }
+
+    @Override
+    public Answer execute(SetupDirectDownloadCertificateCommand cmd, LibvirtComputingResource serverResource) {
+        String certificate = cmd.getCertificate();
+        String certificateName = cmd.getCertificateName();
+
+        try {
+            File agentFile = getAgentPropertiesFile();
+            String privatePassword = getKeystorePassword(agentFile);
+            if (isBlank(privatePassword)) {
+                return new Answer(cmd, false, "No password found for keystore: " + KeyStoreUtils.KS_FILENAME);
+            }
+
+            final String keyStoreFile = getKeyStoreFilePath(agentFile);
+            String temporaryFile = createTemporaryFile(agentFile, certificateName, certificate);
+            importCertificate(temporaryFile, keyStoreFile, certificateName, privatePassword);
+            cleanupTemporaryFile(temporaryFile);
+        } catch (FileNotFoundException | CloudRuntimeException e) {
+            s_logger.error("Error while setting up certificate " + certificateName, e);
+            return new Answer(cmd, false, e.getMessage());
+        }
+
+        return new Answer(cmd, true, "Certificate " + certificateName + " imported");
+    }
+}