mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
Merge release branch 4.18 to main
* 4.18: cleanup removal of physical network (#7630) console proxy: use AeadBase64Encryptor instead of AES/CBC/PKCS5Padding (#7237)
This commit is contained in:
Daan Hoogland
commit
02be2cdf67
@ -85,7 +85,6 @@ import org.jetbrains.annotations.Nullable;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
|
||||
import com.cloud.agent.AgentManager;
|
||||
import com.cloud.agent.api.Answer;
|
||||
import com.cloud.agent.api.Command;
|
||||
import com.cloud.agent.api.to.IpAddressTO;
|
||||
@ -148,7 +147,6 @@ import com.cloud.network.dao.IPAddressDao;
|
||||
import com.cloud.network.dao.IPAddressVO;
|
||||
import com.cloud.network.dao.Ipv6GuestPrefixSubnetNetworkMapDao;
|
||||
import com.cloud.network.dao.LoadBalancerDao;
|
||||
import com.cloud.network.dao.NetworkAccountDao;
|
||||
import com.cloud.network.dao.NetworkDao;
|
||||
import com.cloud.network.dao.NetworkDetailVO;
|
||||
import com.cloud.network.dao.NetworkDetailsDao;
|
||||
@ -163,7 +161,6 @@ import com.cloud.network.dao.PhysicalNetworkServiceProviderVO;
|
||||
import com.cloud.network.dao.PhysicalNetworkTrafficTypeDao;
|
||||
import com.cloud.network.dao.PhysicalNetworkTrafficTypeVO;
|
||||
import com.cloud.network.dao.PhysicalNetworkVO;
|
||||
import com.cloud.network.dao.VirtualRouterProviderDao;
|
||||
import com.cloud.network.element.NetworkElement;
|
||||
import com.cloud.network.element.OvsProviderVO;
|
||||
import com.cloud.network.element.VirtualRouterElement;
|
||||
@ -385,8 +382,6 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
|
||||
@Inject
|
||||
AccountService _accountService;
|
||||
@Inject
|
||||
NetworkAccountDao _networkAccountDao;
|
||||
@Inject
|
||||
VirtualMachineManager vmManager;
|
||||
@Inject
|
||||
Ipv6Service ipv6Service;
|
||||
@ -395,16 +390,12 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
|
||||
@Inject
|
||||
AlertManager alertManager;
|
||||
@Inject
|
||||
VirtualRouterProviderDao vrProviderDao;
|
||||
@Inject
|
||||
DomainRouterDao routerDao;
|
||||
@Inject
|
||||
DomainRouterJoinDao routerJoinDao;
|
||||
@Inject
|
||||
CommandSetupHelper commandSetupHelper;
|
||||
@Inject
|
||||
AgentManager agentManager;
|
||||
@Inject
|
||||
ServiceOfferingDao serviceOfferingDao;
|
||||
|
||||
@Autowired
|
||||
@ -4395,23 +4386,37 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
|
||||
return Transaction.execute(new TransactionCallback<Boolean>() {
|
||||
@Override
|
||||
public Boolean doInTransaction(TransactionStatus status) {
|
||||
// delete vlans for this zone
|
||||
List<VlanVO> vlans = _vlanDao.listVlansByPhysicalNetworkId(physicalNetworkId);
|
||||
for (VlanVO vlan : vlans) {
|
||||
_vlanDao.remove(vlan.getId());
|
||||
}
|
||||
|
||||
// Delete networks
|
||||
List<NetworkVO> networks = _networksDao.listByPhysicalNetwork(physicalNetworkId);
|
||||
if (networks != null && !networks.isEmpty()) {
|
||||
for (NetworkVO network : networks) {
|
||||
_networksDao.remove(network.getId());
|
||||
}
|
||||
}
|
||||
disablePhysicalNetwork(physicalNetworkId, pNetwork);
|
||||
deleteIpAddresses();
|
||||
deleteVlans();
|
||||
deleteNetworks();
|
||||
|
||||
// delete vnets
|
||||
_dcDao.deleteVnet(physicalNetworkId);
|
||||
|
||||
if (!deleteProviders()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// delete traffic types
|
||||
_pNTrafficTypeDao.deleteTrafficTypes(physicalNetworkId);
|
||||
|
||||
return _physicalNetworkDao.remove(physicalNetworkId);
|
||||
}
|
||||
|
||||
private void disablePhysicalNetwork(Long physicalNetworkId, PhysicalNetworkVO pNetwork) {
|
||||
pNetwork.setState(PhysicalNetwork.State.Disabled);
|
||||
_physicalNetworkDao.update(physicalNetworkId, pNetwork);
|
||||
}
|
||||
|
||||
private void deleteIpAddresses() {
|
||||
List<IPAddressVO> ipAddresses = _ipAddressDao.listByPhysicalNetworkId(physicalNetworkId);
|
||||
for (IPAddressVO ipaddress : ipAddresses) {
|
||||
_ipAddressDao.remove(ipaddress.getId());
|
||||
}
|
||||
}
|
||||
|
||||
private boolean deleteProviders() {
|
||||
// delete service providers
|
||||
List<PhysicalNetworkServiceProviderVO> providers = _pNSPDao.listBy(physicalNetworkId);
|
||||
|
||||
@ -4426,11 +4431,25 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
// delete traffic types
|
||||
_pNTrafficTypeDao.deleteTrafficTypes(physicalNetworkId);
|
||||
private void deleteNetworks() {
|
||||
// Delete networks
|
||||
List<NetworkVO> networks = _networksDao.listByPhysicalNetwork(physicalNetworkId);
|
||||
if (CollectionUtils.isNotEmpty(networks)) {
|
||||
for (NetworkVO network : networks) {
|
||||
_networksDao.remove(network.getId());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return _physicalNetworkDao.remove(physicalNetworkId);
|
||||
private void deleteVlans() {
|
||||
// delete vlans for this zone
|
||||
List<VlanVO> vlans = _vlanDao.listVlansByPhysicalNetworkId(physicalNetworkId);
|
||||
for (VlanVO vlan : vlans) {
|
||||
_vlanDao.remove(vlan.getId());
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@ -16,23 +16,15 @@
|
||||
// under the License.
|
||||
package com.cloud.servlet;
|
||||
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
|
||||
import javax.crypto.BadPaddingException;
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.IllegalBlockSizeException;
|
||||
import javax.crypto.NoSuchPaddingException;
|
||||
import javax.crypto.spec.IvParameterSpec;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.log4j.Logger;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import com.google.gson.GsonBuilder;
|
||||
|
||||
import com.cloud.utils.crypt.AeadBase64Encryptor;
|
||||
import com.cloud.utils.crypt.Base64Encryptor;
|
||||
|
||||
// To maintain independency of console proxy project, we duplicate this class from console proxy project
|
||||
public class ConsoleProxyPasswordBasedEncryptor {
|
||||
private static final Logger s_logger = Logger.getLogger(ConsoleProxyPasswordBasedEncryptor.class);
|
||||
@ -51,65 +43,16 @@ public class ConsoleProxyPasswordBasedEncryptor {
|
||||
if (text == null || text.isEmpty())
|
||||
return text;
|
||||
|
||||
try {
|
||||
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
|
||||
SecretKeySpec keySpec = new SecretKeySpec(keyIvPair.getKeyBytes(), "AES");
|
||||
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(keyIvPair.getIvBytes()));
|
||||
|
||||
byte[] encryptedBytes = cipher.doFinal(text.getBytes());
|
||||
return Base64.encodeBase64URLSafeString(encryptedBytes);
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (NoSuchPaddingException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (IllegalBlockSizeException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (BadPaddingException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (InvalidKeyException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (InvalidAlgorithmParameterException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
}
|
||||
Base64Encryptor encryptor = new AeadBase64Encryptor(keyIvPair.getKeyBytes(), keyIvPair.getIvBytes());
|
||||
return encryptor.encrypt(text);
|
||||
}
|
||||
|
||||
public String decryptText(String encryptedText) {
|
||||
if (encryptedText == null || encryptedText.isEmpty())
|
||||
return encryptedText;
|
||||
|
||||
try {
|
||||
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
|
||||
SecretKeySpec keySpec = new SecretKeySpec(keyIvPair.getKeyBytes(), "AES");
|
||||
cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(keyIvPair.getIvBytes()));
|
||||
|
||||
byte[] encryptedBytes = Base64.decodeBase64(encryptedText);
|
||||
return new String(cipher.doFinal(encryptedBytes));
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (NoSuchPaddingException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (IllegalBlockSizeException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (BadPaddingException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (InvalidKeyException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (InvalidAlgorithmParameterException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
}
|
||||
Base64Encryptor encryptor = new AeadBase64Encryptor(keyIvPair.getKeyBytes(), keyIvPair.getIvBytes());
|
||||
return encryptor.decrypt(encryptedText);
|
||||
}
|
||||
|
||||
public <T> String encryptObject(Class<?> clz, T obj) {
|
||||
|
||||
@ -16,30 +16,15 @@
|
||||
// under the License.
|
||||
package com.cloud.consoleproxy;
|
||||
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
|
||||
import javax.crypto.BadPaddingException;
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.IllegalBlockSizeException;
|
||||
import javax.crypto.NoSuchPaddingException;
|
||||
import javax.crypto.spec.IvParameterSpec;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.log4j.Logger;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import com.google.gson.GsonBuilder;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Kelven Yang
|
||||
* A simple password based encyrptor based on AES/CBC. It can serialize simple POJO object into URL safe string
|
||||
* and deserialize it back.
|
||||
*
|
||||
*/
|
||||
import com.cloud.utils.crypt.AeadBase64Encryptor;
|
||||
import com.cloud.utils.crypt.Base64Encryptor;
|
||||
|
||||
public class ConsoleProxyPasswordBasedEncryptor {
|
||||
private static final Logger s_logger = Logger.getLogger(ConsoleProxyPasswordBasedEncryptor.class);
|
||||
|
||||
@ -57,65 +42,16 @@ public class ConsoleProxyPasswordBasedEncryptor {
|
||||
if (text == null || text.isEmpty())
|
||||
return text;
|
||||
|
||||
try {
|
||||
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
|
||||
SecretKeySpec keySpec = new SecretKeySpec(keyIvPair.getKeyBytes(), "AES");
|
||||
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(keyIvPair.getIvBytes()));
|
||||
|
||||
byte[] encryptedBytes = cipher.doFinal(text.getBytes());
|
||||
return Base64.encodeBase64URLSafeString(encryptedBytes);
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (NoSuchPaddingException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (IllegalBlockSizeException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (BadPaddingException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (InvalidKeyException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (InvalidAlgorithmParameterException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
}
|
||||
Base64Encryptor encryptor = new AeadBase64Encryptor(keyIvPair.getKeyBytes(), keyIvPair.getIvBytes());
|
||||
return encryptor.encrypt(text);
|
||||
}
|
||||
|
||||
public String decryptText(String encryptedText) {
|
||||
if (encryptedText == null || encryptedText.isEmpty())
|
||||
return encryptedText;
|
||||
|
||||
try {
|
||||
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
|
||||
SecretKeySpec keySpec = new SecretKeySpec(keyIvPair.getKeyBytes(), "AES");
|
||||
cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(keyIvPair.getIvBytes()));
|
||||
|
||||
byte[] encryptedBytes = Base64.decodeBase64(encryptedText);
|
||||
return new String(cipher.doFinal(encryptedBytes));
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (NoSuchPaddingException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (IllegalBlockSizeException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (BadPaddingException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (InvalidKeyException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (InvalidAlgorithmParameterException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
}
|
||||
Base64Encryptor encryptor = new AeadBase64Encryptor(keyIvPair.getKeyBytes(), keyIvPair.getIvBytes());
|
||||
return encryptor.decrypt(encryptedText);
|
||||
}
|
||||
|
||||
public <T> String encryptObject(Class<?> clz, T obj) {
|
||||
|
||||
@ -29,9 +29,9 @@ import java.util.Base64;
|
||||
|
||||
public class AeadBase64Encryptor implements Base64Encryptor {
|
||||
Aead aead = null;
|
||||
private final byte[] aad = new byte[]{};
|
||||
private byte[] aad = new byte[]{};
|
||||
|
||||
public AeadBase64Encryptor(byte[] key) {
|
||||
private void initEncryptor(byte[] key) {
|
||||
try {
|
||||
AeadConfig.register();
|
||||
MessageDigest digest = MessageDigest.getInstance("SHA-256");
|
||||
@ -42,6 +42,15 @@ public class AeadBase64Encryptor implements Base64Encryptor {
|
||||
}
|
||||
}
|
||||
|
||||
public AeadBase64Encryptor(byte[] key) {
|
||||
initEncryptor(key);
|
||||
}
|
||||
|
||||
public AeadBase64Encryptor(byte[] key, byte[] aad) {
|
||||
initEncryptor(key);
|
||||
this.aad = aad;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String encrypt(String plain) {
|
||||
try {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user