Added password decryption functionality for Windows hosts

This commit is contained in:
Andrei Savu 2012-02-09 12:28:06 +02:00
parent 6704bed6dd
commit 88465a3eba
4 changed files with 197 additions and 13 deletions

View File

@ -0,0 +1,103 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.cloudstack.domain;
/**
* @author Andrei Savu
*/
public class EncryptedPasswordAndPrivateKey {
public static Builder builder() {
return new Builder();
}
public static class Builder {
private String encryptedPassword;
private String privateKey;
public Builder encryptedPassword(String encryptedPassword) {
this.encryptedPassword = encryptedPassword;
return this;
}
public Builder encryptedPassword(EncryptedPassword password) {
return encryptedPassword(password.getEncryptedPassword());
}
public Builder privateKey(String privateKey) {
this.privateKey = privateKey;
return this;
}
public EncryptedPasswordAndPrivateKey build() {
return new EncryptedPasswordAndPrivateKey(encryptedPassword, privateKey);
}
}
private final String encryptedPassword;
private final String privateKey;
public EncryptedPasswordAndPrivateKey(String encryptedPassword, String privateKey) {
this.encryptedPassword = encryptedPassword;
this.privateKey = privateKey;
}
/**
* @return the encrypted password String representation
*/
public String getEncryptedPassword() {
return encryptedPassword;
}
/**
* @return get the string representation of the private key
*/
public String getPrivateKey() {
return privateKey;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
EncryptedPasswordAndPrivateKey that = (EncryptedPasswordAndPrivateKey) o;
if (encryptedPassword != null ? !encryptedPassword.equals(that.encryptedPassword) : that.encryptedPassword != null)
return false;
if (privateKey != null ? !privateKey.equals(that.privateKey) : that.privateKey != null) return false;
return true;
}
@Override
public int hashCode() {
int result = encryptedPassword != null ? encryptedPassword.hashCode() : 0;
result = 31 * result + (privateKey != null ? privateKey.hashCode() : 0);
return result;
}
@Override
public String toString() {
return "EncryptedPasswordAndPrivateKey{" +
"encryptedPassword='" + encryptedPassword + '\'' +
", privateKey='" + privateKey + '\'' +
'}';
}
}

View File

@ -0,0 +1,61 @@
package org.jclouds.cloudstack.functions;
import com.google.common.base.Function;
import com.google.common.base.Throwables;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import org.jclouds.cloudstack.domain.EncryptedPasswordAndPrivateKey;
import org.jclouds.crypto.Crypto;
import org.jclouds.crypto.Pems;
import org.jclouds.domain.LoginCredentials;
import org.jclouds.encryption.internal.Base64;
import org.jclouds.javax.annotation.Nullable;
import javax.crypto.Cipher;
import java.nio.charset.Charset;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.KeySpec;
/**
* Given an encrypted Windows Administrator password and the decryption key, return a LoginCredentials instance.
*
* @author Richard Downer, Andrei Savu
*/
@Singleton
public class WindowsLoginCredentialsFromEncryptedData implements Function<EncryptedPasswordAndPrivateKey, LoginCredentials> {
private final Crypto crypto;
@Inject
public WindowsLoginCredentialsFromEncryptedData(Crypto crypto) {
this.crypto = crypto;
}
@Override
public LoginCredentials apply(@Nullable EncryptedPasswordAndPrivateKey dataAndKey) {
if (dataAndKey == null)
return null;
try {
KeySpec keySpec = Pems.privateKeySpec(dataAndKey.getPrivateKey());
KeyFactory kf = crypto.rsaKeyFactory();
PrivateKey privKey = kf.generatePrivate(keySpec);
Cipher cipher = crypto.cipher("RSA/NONE/PKCS1Padding");
cipher.init(Cipher.DECRYPT_MODE, privKey);
byte[] cipherText = Base64.decode(dataAndKey.getEncryptedPassword());
byte[] plainText = cipher.doFinal(cipherText);
String password = new String(plainText, Charset.forName("ASCII"));
return LoginCredentials.builder()
.user("Administrator")
.password(password)
.noPrivateKey()
.build();
} catch (Exception e) {
throw Throwables.propagate(e);
}
}
}

View File

@ -20,19 +20,24 @@ package org.jclouds.cloudstack.compute;
import org.jclouds.cloudstack.compute.options.CloudStackTemplateOptions; import org.jclouds.cloudstack.compute.options.CloudStackTemplateOptions;
import org.jclouds.cloudstack.domain.EncryptedPassword; import org.jclouds.cloudstack.domain.EncryptedPassword;
import org.jclouds.cloudstack.domain.EncryptedPasswordAndPrivateKey;
import org.jclouds.cloudstack.domain.Network; import org.jclouds.cloudstack.domain.Network;
import org.jclouds.cloudstack.domain.SshKeyPair; import org.jclouds.cloudstack.domain.SshKeyPair;
import org.jclouds.cloudstack.domain.TrafficType; import org.jclouds.cloudstack.domain.TrafficType;
import org.jclouds.cloudstack.features.BaseCloudStackClientLiveTest; import org.jclouds.cloudstack.features.BaseCloudStackClientLiveTest;
import org.jclouds.cloudstack.functions.WindowsLoginCredentialsFromEncryptedData;
import org.jclouds.cloudstack.options.ListNetworksOptions; import org.jclouds.cloudstack.options.ListNetworksOptions;
import org.jclouds.compute.RunNodesException; import org.jclouds.compute.RunNodesException;
import org.jclouds.compute.domain.NodeMetadata; import org.jclouds.compute.domain.NodeMetadata;
import org.jclouds.compute.domain.Template; import org.jclouds.compute.domain.Template;
import org.jclouds.compute.predicates.NodePredicates; import org.jclouds.compute.predicates.NodePredicates;
import org.testng.Assert; import org.jclouds.crypto.Crypto;
import org.jclouds.encryption.bouncycastle.BouncyCastleCrypto;
import org.testng.annotations.Test; import org.testng.annotations.Test;
import java.net.URI; import java.net.URI;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Set; import java.util.Set;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
@ -43,9 +48,9 @@ import static com.google.common.collect.Iterables.getOnlyElement;
import static com.google.common.collect.Sets.newTreeSet; import static com.google.common.collect.Sets.newTreeSet;
import static org.jclouds.cloudstack.options.CreateNetworkOptions.Builder.vlan; import static org.jclouds.cloudstack.options.CreateNetworkOptions.Builder.vlan;
import static org.jclouds.cloudstack.options.ListNetworkOfferingsOptions.Builder.specifyVLAN; import static org.jclouds.cloudstack.options.ListNetworkOfferingsOptions.Builder.specifyVLAN;
import static org.testng.Assert.assertEquals;
/** /**
*
* @author Adrian Cole * @author Adrian Cole
*/ */
@Test(groups = "live", testName = "CloudStackExperimentLiveTest") @Test(groups = "live", testName = "CloudStackExperimentLiveTest")
@ -66,7 +71,7 @@ public class CloudStackExperimentLiveTest extends BaseCloudStackClientLiveTest {
// Warning: the vlan id is not set in the response - using an workaround // Warning: the vlan id is not set in the response - using an workaround
URI broadcastUri = URI.create("vlan://" + vlanId); URI broadcastUri = URI.create("vlan://" + vlanId);
for(Network net : networks) { for (Network net : networks) {
if (broadcastUri.equals(net.getBroadcastURI())) { if (broadcastUri.equals(net.getBroadcastURI())) {
long jobId = domainAdminContext.getApi().getNetworkClient().deleteNetwork(net.getId()); long jobId = domainAdminContext.getApi().getNetworkClient().deleteNetwork(net.getId());
adminJobComplete.apply(jobId); adminJobComplete.apply(jobId);
@ -98,14 +103,14 @@ public class CloudStackExperimentLiveTest extends BaseCloudStackClientLiveTest {
// find a network offering that supports vlans in our zone // find a network offering that supports vlans in our zone
long offeringId = get( long offeringId = get(
context.getApi().getOfferingClient().listNetworkOfferings(specifyVLAN(true).zoneId(zoneId)), 0).getId(); context.getApi().getOfferingClient().listNetworkOfferings(specifyVLAN(true).zoneId(zoneId)), 0).getId();
// create an arbitrary network // create an arbitrary network
network = domainAdminContext.getApi() network = domainAdminContext.getApi()
.getNetworkClient() .getNetworkClient()
// startIP/endIP/netmask/gateway must be specified together // startIP/endIP/netmask/gateway must be specified together
.createNetworkInZone(zoneId, offeringId, group, group, .createNetworkInZone(zoneId, offeringId, group, group,
vlan(vlanId).startIP("192.168.1.2").netmask("255.255.255.0").gateway("192.168.1.1")); vlan(vlanId).startIP("192.168.1.2").netmask("255.255.255.0").gateway("192.168.1.1"));
// set options to specify this network id // set options to specify this network id
template.getOptions().as(CloudStackTemplateOptions.class).networkId(network.getId()); template.getOptions().as(CloudStackTemplateOptions.class).networkId(network.getId());
@ -127,7 +132,8 @@ public class CloudStackExperimentLiveTest extends BaseCloudStackClientLiveTest {
} }
@Test @Test
public void testCreateWindowsMachineWithKeyPairAndCheckIfTheGeneratedPasswordIsEncrypted() throws RunNodesException { public void testCreateWindowsMachineWithKeyPairAndCheckIfTheGeneratedPasswordIsEncrypted()
throws RunNodesException, NoSuchAlgorithmException, CertificateException {
// final Map<String, String> sshKey = SshKeys.generate(); // final Map<String, String> sshKey = SshKeys.generate();
// final String publicKey = sshKey.get("public"); // final String publicKey = sshKey.get("public");
@ -151,8 +157,12 @@ public class CloudStackExperimentLiveTest extends BaseCloudStackClientLiveTest {
EncryptedPassword password = client.getVirtualMachineClient() EncryptedPassword password = client.getVirtualMachineClient()
.getEncryptedPasswordForVirtualMachine(Long.parseLong(node.getId())); .getEncryptedPasswordForVirtualMachine(Long.parseLong(node.getId()));
Assert.fail("Private key:" + keyPair.getPrivateKey() + "\nPassword: " + password.getEncryptedPassword()); Crypto crypto = new BouncyCastleCrypto();
// TODO: decrypt the password WindowsLoginCredentialsFromEncryptedData passwordDecrypt = new WindowsLoginCredentialsFromEncryptedData(crypto);
assertEquals(passwordDecrypt.apply(EncryptedPasswordAndPrivateKey.builder()
.encryptedPassword(password).privateKey(keyPair.getPrivateKey()).build())
.getPassword(), "bX7vvptvw");
} finally { } finally {
if (node != null) { if (node != null) {

View File

@ -21,11 +21,17 @@ package org.jclouds.cloudstack.features;
import com.google.common.collect.ImmutableMultimap; import com.google.common.collect.ImmutableMultimap;
import org.jclouds.cloudstack.CloudStackContext; import org.jclouds.cloudstack.CloudStackContext;
import org.jclouds.cloudstack.domain.EncryptedPassword; import org.jclouds.cloudstack.domain.EncryptedPassword;
import org.jclouds.cloudstack.domain.EncryptedPasswordAndPrivateKey;
import org.jclouds.cloudstack.functions.WindowsLoginCredentialsFromEncryptedData;
import org.jclouds.crypto.Crypto;
import org.jclouds.encryption.bouncycastle.BouncyCastleCrypto;
import org.jclouds.http.HttpRequest; import org.jclouds.http.HttpRequest;
import org.jclouds.http.HttpResponse; import org.jclouds.http.HttpResponse;
import org.testng.annotations.Test; import org.testng.annotations.Test;
import java.net.URI; import java.net.URI;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertEquals;
@ -37,7 +43,7 @@ import static org.testng.Assert.assertEquals;
@Test(groups = "unit", testName = "VirtualMachineClientExpectTest") @Test(groups = "unit", testName = "VirtualMachineClientExpectTest")
public class VirtualMachineClientExpectTest extends BaseCloudStackRestClientExpectTest<VirtualMachineClient> { public class VirtualMachineClientExpectTest extends BaseCloudStackRestClientExpectTest<VirtualMachineClient> {
public void testGetPasswordForVirtualMachineWhenResponseIs2xx() { public void testGetPasswordForVirtualMachineWhenResponseIs2xx() throws NoSuchAlgorithmException, CertificateException {
String privateKey = "-----BEGIN RSA PRIVATE KEY-----\n" + String privateKey = "-----BEGIN RSA PRIVATE KEY-----\n" +
"MIICXgIBAAKBgQDnaPKhTNgw7qPJVp3qsT+7XhhAbip25a0AnUgq8Fb9LPcZk00p\n" + "MIICXgIBAAKBgQDnaPKhTNgw7qPJVp3qsT+7XhhAbip25a0AnUgq8Fb9LPcZk00p\n" +
"jm+m4JrKmDWKZWrHMNBhCNHMzvV9KrAXUMzL4s7mdEicbxTKratTYoyJM7a87bcZ\n" + "jm+m4JrKmDWKZWrHMNBhCNHMzvV9KrAXUMzL4s7mdEicbxTKratTYoyJM7a87bcZ\n" +
@ -77,7 +83,11 @@ public class VirtualMachineClientExpectTest extends BaseCloudStackRestClientExpe
assertEquals(actual, expected); assertEquals(actual, expected);
// TODO: decrypt the returned password using the private key Crypto crypto = new BouncyCastleCrypto();
WindowsLoginCredentialsFromEncryptedData passwordDecrypt = new WindowsLoginCredentialsFromEncryptedData(crypto);
assertEquals(passwordDecrypt.apply(EncryptedPasswordAndPrivateKey.builder()
.encryptedPassword(actual).privateKey(privateKey).build()).getPassword(), "bX7vvptvw");
} }
@Override @Override