From 6265ada1ef57e9c07981096be39d52bc5953b4b6 Mon Sep 17 00:00:00 2001
From: Yann Dirson <yann.dirson@vates.tech>
Date: Mon, 16 Sep 2024 15:42:57 +0200
Subject: [PATCH] Upgrade: forbid upgrading with a key XAPI will reject

XAPI now rejects the default keysize of 7.x era, which must be
regenerated before upgrading to 8.3.  Let the installer refuse to
initiate a situation where a Rolling Pool Upgrade would be unable to
proceed, with not-yet-updated slaves holding the running VMs getting
refused connection to the updated part of the pool.

Signed-off-by: Yann Dirson <yann.dirson@vates.tech>
---
 constants.py |  3 +++
 upgrade.py   | 12 ++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/constants.py b/constants.py
index e5a9c72b..6b9e5dcc 100644
--- a/constants.py
+++ b/constants.py
@@ -194,3 +194,6 @@ def error_string(error, logname, with_hd):
             SR_TYPE_LARGE_BLOCK = value
 except IOError:
     pass
+
+# crypto configuration
+MIN_KEY_SIZE = 2048
diff --git a/upgrade.py b/upgrade.py
index cddffa8c..35bd8238 100644
--- a/upgrade.py
+++ b/upgrade.py
@@ -6,6 +6,8 @@
 import re
 import shutil
 
+from OpenSSL import crypto
+
 import diskutil
 import product
 from xcp.version import *
@@ -217,12 +219,22 @@ def __init__(self, source):
             input_data = util.readKeyValueFile(default_storage_conf_path)
             self.storage_type = input_data['TYPE']
 
+        self.key_size = None
+        cert_path = os.path.join(primary_fs.mount_point, "etc/xensource/xapi-ssl.pem")
+        with open(cert_path, "r") as cert_file:
+            cert_text = cert_file.read()
+        cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_text)
+        self.key_size = cert.get_pubkey().bits()
+        logger.info("ExistingInstallation %s: certificate key size %s", source, self.key_size)
+
         primary_fs.unmount()
 
     def testUpgradeForbidden(self, tool):
         utilparts = tool.utilityPartitions()
         if tool.partTableType == constants.PARTITION_DOS and utilparts is not None:
             raise RuntimeError("Util partition detected on DOS partition type, upgrade forbidden.")
+        if self.key_size < constants.MIN_KEY_SIZE:
+            raise RuntimeError("Current server certificate is too small (%s bits), please regenerate with at least %s bits." % (self.key_size, constants.MIN_KEY_SIZE))
 
     convertTargetStateChanges = []
     convertTargetArgs = ['primary-disk', 'target-boot-mode', 'boot-partnum', 'primary-partnum', 'logs-partnum', 'swap-partnum', 'storage-partnum', 'backup-partnum']