apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-03 04:12:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-2552. Modify AWSAPI to decrypt db values using the decrypted database_key and not management_server_key

Browse Source
This commit is contained in:
Likitha Shetty 2013-05-17 13:12:36 +05:30
parent adbebc1892
commit 046580fcf1
1 changed files with 3 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
awsapi/src/com/cloud/bridge/persist/dao/CloudStackUserDaoImpl.java
View File

@ -19,15 +19,14 @@ package com.cloud.bridge.persist.dao;
import javax.ejb.Local;
import org.apache.log4j.Logger;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.springframework.stereotype.Component;
import com.cloud.bridge.model.CloudStackUserVO;
import com.cloud.bridge.util.EncryptionSecretKeyCheckerUtil;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
import com.cloud.utils.db.Transaction;
import com.cloud.utils.crypt.DBEncryptionUtil;
@Component
@Local(value={CloudStackUserDao.class})
@ -51,13 +50,8 @@ public class CloudStackUserDaoImpl extends GenericDaoBase<CloudStackUserVO, Stri
sc.setParameters("apiKey", accessKey);
user = findOneBy(sc);
if ( user != null && user.getSecretKey() != null) {
// if the cloud db is encrypted, decrypt the secret_key returned by cloud db before signature generation
if( EncryptionSecretKeyCheckerUtil.useEncryption() ) {
StandardPBEStringEncryptor encryptor = EncryptionSecretKeyCheckerUtil.getEncryptor();
cloudSecretKey = encryptor.decrypt( user.getSecretKey() );
} else {
cloudSecretKey = user.getSecretKey();
}
// User secret key could be encrypted
cloudSecretKey = DBEncryptionUtil.decrypt(user.getSecretKey());
}
return cloudSecretKey;
} finally {