HashMap<String, ? extends IManifest> pcrMap = null;
log.debug("About the add the host to the DB");
try {
ipAddress = InetAddress.getByName(host.getHostName().toString()).getHostAddress();
if (!ipAddress.equalsIgnoreCase(host.getIPAddress().toString())) {
throw new ASException(ErrorCode.AS_HOST_IPADDRESS_NOT_MATCHED, host.getHostName().toString(),host.getIPAddress().toString());
}
checkForDuplicate(host);
getBiosAndVMM(host);
log.info("Getting Server Identity.");
TblHosts tblHosts = new TblHosts();
tblHosts.setTlsPolicyName("TRUST_FIRST_CERTIFICATE");
tblHosts.setTlsKeystore(null);
log.debug("stdalex addHost cs == " + host.getAddOn_Connection_String());
tblHosts.setAddOnConnectionInfo(host.getAddOn_Connection_String());
if( host.getHostName() != null ) { tblHosts.setName(host.getHostName().toString()); }
if( host.getIPAddress() != null ) { tblHosts.setIPAddress(host.getIPAddress().toString()); }
if( host.getPort() != null ) { tblHosts.setPort(host.getPort()); }
if (canFetchAIKCertificateForHost(host.getVmm().getName())) { // datatype.Vmm
if(!host.getAddOn_Connection_String().toLowerCase().contains("citrix")){
certificate = getAIKCertificateForHost(tblHosts, host);
// we have to check that the aik certificate was signed by a trusted privacy ca
X509Certificate hostAikCert = X509Util.decodePemCertificate(certificate);
hostAikCert.checkValidity();
// read privacy ca certificate
InputStream privacyCaIn = new FileInputStream(ResourceFinder.getFile("PrivacyCA.cer")); // XXX TODO currently we only support one privacy CA cert... in the future we should read a PEM format file with possibly multiple trusted privacy ca certs
X509Certificate privacyCaCert = X509Util.decodeDerCertificate(IOUtils.toByteArray(privacyCaIn));
IOUtils.closeQuietly(privacyCaIn);
privacyCaCert.checkValidity();
// verify the trusted privacy ca signed this aik cert
hostAikCert.verify(privacyCaCert.getPublicKey()); // NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
}
}
else { // ESX host so get the location for the host and store in the
// table
pcrMap = getHostPcrManifest(tblHosts, host); // BUG #497 sending both the new TblHosts record and the TxtHost object just to get the TlsPolicy into the initial call so that with the trust_first_certificate policy we will obtain the host certificate now while adding it
log.info("Getting location for host from VCenter");
location = getLocation(pcrMap);
}
log.info("Saving Host in database with TlsPolicyName {} and TlsKeystoreLength {}", tblHosts.getTlsPolicyName(), tblHosts.getTlsKeystore() == null ? "null" : tblHosts.getTlsKeystore().length);
log.debug("Saving the host details in the DB");
saveHostInDatabase(tblHosts, host, certificate, location, pcrMap);
} catch (ASException ase) {
throw ase;
}
catch(CryptographyException e) {
throw new ASException(e,ErrorCode.AS_ENCRYPTION_ERROR, e.getCause() == null ? e.getMessage() : e.getCause().getMessage());
}
catch (Exception e) {
log.debug("beggining stack trace --------------");
e.printStackTrace();
log.debug("end stack trace --------------");
throw new ASException(e);
}
return "true";
}