CLOUDSTACK-5435 enabled encryption for ldap params

plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LDAPConfigCmd.java

@@ -21,9 +21,11 @@ import java.util.List;
 
 import javax.inject.Inject;
 
-import org.apache.commons.lang.StringEscapeUtils;
+import com.cloud.exception.ConcurrentOperationException;
-import org.apache.log4j.Logger;
+import com.cloud.exception.InsufficientCapacityException;
-
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.BaseCmd;
@@ -37,12 +39,9 @@ import org.apache.cloudstack.framework.config.impl.ConfigurationVO;
 import org.apache.cloudstack.ldap.LdapConfiguration;
 import org.apache.cloudstack.ldap.LdapConfigurationVO;
 import org.apache.cloudstack.ldap.LdapManager;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.log4j.Logger;
 
-import com.cloud.exception.ConcurrentOperationException;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.user.Account;
 import com.cloud.utils.Pair;
 
@@ -68,7 +67,7 @@ public class LDAPConfigCmd extends BaseCmd {
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
-    @Parameter(name = ApiConstants.LIST_ALL, type = CommandType.BOOLEAN, description = "If true return current LDAP configuration")
+    @Parameter(name = ApiConstants.LIST_ALL, type = BaseCmd.CommandType.BOOLEAN, description = "If true return current LDAP configuration")
     private Boolean listAll;
 
     @Parameter(name = ApiConstants.HOST_NAME, type = CommandType.STRING, description = "Hostname or ip address of the ldap server eg: my.ldap.com")
@@ -80,19 +79,13 @@ public class LDAPConfigCmd extends BaseCmd {
     @Parameter(name = ApiConstants.USE_SSL, type = CommandType.BOOLEAN, description = "Check Use SSL if the external LDAP server is configured for LDAP over SSL.")
     private Boolean useSSL;
 
-    @Parameter(name = ApiConstants.SEARCH_BASE,
+    @Parameter(name = ApiConstants.SEARCH_BASE, type = CommandType.STRING, description = "The search base defines the starting point for the search in the directory tree Example:  dc=cloud,dc=com.")
-               type = CommandType.STRING,
-               description = "The search base defines the starting point for the search in the directory tree Example:  dc=cloud,dc=com.")
     private String searchBase;
 
-    @Parameter(name = ApiConstants.QUERY_FILTER,
+    @Parameter(name = ApiConstants.QUERY_FILTER, type = CommandType.STRING, description = "You specify a query filter here, which narrows down the users, who can be part of this domain.")
-               type = CommandType.STRING,
-               description = "You specify a query filter here, which narrows down the users, who can be part of this domain.")
     private String queryFilter;
 
-    @Parameter(name = ApiConstants.BIND_DN,
+    @Parameter(name = ApiConstants.BIND_DN, type = CommandType.STRING, description = "Specify the distinguished name of a user with the search permission on the directory.")
-               type = CommandType.STRING,
-               description = "Specify the distinguished name of a user with the search permission on the directory.")
     private String bindDN;
 
     @Parameter(name = ApiConstants.BIND_PASSWORD, type = CommandType.STRING, description = "Enter the password.")
@@ -177,8 +170,7 @@ public class LDAPConfigCmd extends BaseCmd {
     /////////////////////////////////////////////////////
 
     @Override
-    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException,
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
-        ResourceAllocationException {
         if (getListAll()) {
             // return the existing conf
 
@@ -192,8 +184,7 @@ public class LDAPConfigCmd extends BaseCmd {
                 String searchBaseConfig = _ldapConfiguration.getBaseDn();
                 String bindDnConfig = _ldapConfiguration.getBindPrincipal();
                 for (LdapConfigurationVO ldapConfigurationVO : result.first()) {
-                    responses.add(createLDAPConfigResponse(ldapConfigurationVO.getHostname(), ldapConfigurationVO.getPort(), useSSlConfig, null, searchBaseConfig,
+                    responses.add(createLDAPConfigResponse(ldapConfigurationVO.getHostname(), ldapConfigurationVO.getPort(), useSSlConfig, null, searchBaseConfig, bindDnConfig));
-                        bindDnConfig));
                 }
             }
             response.setResponses(responses);
@@ -204,7 +195,7 @@ public class LDAPConfigCmd extends BaseCmd {
         } else {
             boolean result = updateLDAP();
             if (result) {
-                LDAPConfigResponse lr = createLDAPConfigResponse(getHostname(), getPort(), getUseSSL(), getQueryFilter(), getSearchBase(), getBindDN());
+                LDAPConfigResponse lr = this.createLDAPConfigResponse(getHostname(), getPort().toString(), getUseSSL(), getQueryFilter(), getSearchBase(), getBindDN());
                 lr.setResponseName(getCommandName());
                 setResponseObject(lr);
             }
@@ -212,10 +203,10 @@ public class LDAPConfigCmd extends BaseCmd {
 
     }
 
-    private LDAPConfigResponse createLDAPConfigResponse(String hostname, Integer port, Boolean useSSL, String queryFilter, String searchBase, String bindDN) {
+    private LDAPConfigResponse createLDAPConfigResponse(String hostname, String port, Boolean useSSL, String queryFilter, String searchBase, String bindDN) {
         LDAPConfigResponse lr = new LDAPConfigResponse();
         lr.setHostname(hostname);
-        lr.setPort(port.toString());
+        lr.setPort(port);
         lr.setUseSSL(useSSL.toString());
         lr.setQueryFilter(queryFilter);
         lr.setBindDN(bindDN);

plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapConfigurationResponse.java

@@ -16,11 +16,10 @@
 // under the License.
 package org.apache.cloudstack.api.response;
 
-import com.google.gson.annotations.SerializedName;
-
 import org.apache.cloudstack.api.BaseResponse;
 
 import com.cloud.serializer.Param;
+import com.google.gson.annotations.SerializedName;
 
 public class LdapConfigurationResponse extends BaseResponse {
     @SerializedName("hostname")
@@ -29,7 +28,7 @@ public class LdapConfigurationResponse extends BaseResponse {
 
     @SerializedName("port")
     @Param(description = "port")
-    private int port;
+    private String port;
 
     public LdapConfigurationResponse() {
         super();
@@ -40,7 +39,7 @@ public class LdapConfigurationResponse extends BaseResponse {
         this.hostname = hostname;
     }
 
-    public LdapConfigurationResponse(final String hostname, final int port) {
+    public LdapConfigurationResponse(final String hostname, final String port) {
         this.hostname = hostname;
         this.port = port;
     }
@@ -49,7 +48,7 @@ public class LdapConfigurationResponse extends BaseResponse {
         return hostname;
     }
 
-    public int getPort() {
+    public String getPort() {
         return port;
     }
 
@@ -57,7 +56,7 @@ public class LdapConfigurationResponse extends BaseResponse {
         this.hostname = hostname;
     }
 
-    public void setPort(final int port) {
+    public void setPort(final String port) {
         this.port = port;
     }
-}
+}

plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfigurationVO.java

@@ -16,6 +16,10 @@
 // under the License.
 package org.apache.cloudstack.ldap;
 
+import org.apache.cloudstack.api.InternalIdentity;
+
+import com.cloud.utils.db.Encrypt;
+
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.GeneratedValue;
@@ -23,26 +27,27 @@ import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Table;
 
-import org.apache.cloudstack.api.InternalIdentity;
-
 @Entity
 @Table(name = "ldap_configuration")
 public class LdapConfigurationVO implements InternalIdentity {
-    @Column(name = "hostname")
-    private String hostname;
 
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     @Column(name = "id")
     private Long id;
 
+    @Encrypt
+    @Column(name = "hostname")
+    private String hostname;
+
+    @Encrypt
     @Column(name = "port")
-    private int port;
+    private String port;
 
     public LdapConfigurationVO() {
     }
 
-    public LdapConfigurationVO(final String hostname, final int port) {
+    public LdapConfigurationVO(final String hostname, final String port) {
         this.hostname = hostname;
         this.port = port;
     }
@@ -56,11 +61,11 @@ public class LdapConfigurationVO implements InternalIdentity {
         return id;
     }
 
-    public int getPort() {
+    public String getPort() {
         return port;
     }
 
     public void setId(final long id) {
         this.id = id;
     }
-}
+}

plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java

@@ -24,9 +24,6 @@ import javax.inject.Inject;
 import javax.naming.NamingException;
 import javax.naming.directory.DirContext;
 
-import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
-
 import org.apache.cloudstack.api.LdapValidator;
 import org.apache.cloudstack.api.command.LDAPConfigCmd;
 import org.apache.cloudstack.api.command.LDAPRemoveCmd;
@@ -40,6 +37,8 @@ import org.apache.cloudstack.api.command.LdapUserSearchCmd;
 import org.apache.cloudstack.api.response.LdapConfigurationResponse;
 import org.apache.cloudstack.api.response.LdapUserResponse;
 import org.apache.cloudstack.ldap.dao.LdapConfigurationDao;
+import org.apache.log4j.Logger;
+import org.springframework.stereotype.Component;
 
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.utils.Pair;
@@ -76,10 +75,10 @@ public class LdapManagerImpl implements LdapManager, LdapValidator {
             try {
                 final String providerUrl = "ldap://" + hostname + ":" + port;
                 _ldapContextFactory.createBindContext(providerUrl);
-                configuration = new LdapConfigurationVO(hostname, port);
+                configuration = new LdapConfigurationVO(hostname, Integer.toString(port));
                 _ldapConfigurationDao.persist(configuration);
                 s_logger.info("Added new ldap server with hostname: " + hostname);
-                return new LdapConfigurationResponse(hostname, port);
+                return new LdapConfigurationResponse(hostname, Integer.toString(port));
             } catch (final NamingException e) {
                 throw new InvalidParameterValueException("Unable to bind to the given LDAP server");
             }

setup/db/db/schema-421to430.sql

@@ -618,7 +618,7 @@ INSERT INTO `cloud`.`configuration`(category, instance, component, name, value,
 CREATE TABLE `cloud`.`ldap_configuration` (
   `id` bigint unsigned NOT NULL auto_increment COMMENT 'id',
   `hostname` varchar(255) NOT NULL COMMENT 'the hostname of the ldap server',
-  `port` int(10) COMMENT 'port that the ldap server is listening on',
+  `port` varchar(255) COMMENT 'port that the ldap server is listening on',
   PRIMARY KEY  (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;