From 31771186fa46ca205a3d07d46bb27d4e3932dccd Mon Sep 17 00:00:00 2001
From: Daniel Augusto Veronezi Salvador
 <38945620+GutoVeronezi@users.noreply.github.com>
Date: Wed, 24 Feb 2021 08:15:12 -0300
Subject: [PATCH] Externalize TLS version on Quota's mailing (#4583)

Co-authored-by: Daniel Augusto Veronezi Salvador <daniel@scclouds.com.br>
---
 .../apache/cloudstack/quota/QuotaAlertManagerImpl.java | 10 ++++++++--
 .../apache/cloudstack/quota/constant/QuotaConfig.java  |  3 +++
 .../org/apache/cloudstack/quota/QuotaServiceImpl.java  |  2 +-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/framework/quota/src/main/java/org/apache/cloudstack/quota/QuotaAlertManagerImpl.java b/framework/quota/src/main/java/org/apache/cloudstack/quota/QuotaAlertManagerImpl.java
index 942aeb9b8f0..189a097ebf4 100644
--- a/framework/quota/src/main/java/org/apache/cloudstack/quota/QuotaAlertManagerImpl.java
+++ b/framework/quota/src/main/java/org/apache/cloudstack/quota/QuotaAlertManagerImpl.java
@@ -62,6 +62,7 @@ import com.google.common.base.Strings;
 import com.sun.mail.smtp.SMTPMessage;
 import com.sun.mail.smtp.SMTPSSLTransport;
 import com.sun.mail.smtp.SMTPTransport;
+import org.apache.commons.lang3.StringUtils;
 
 @Component
 public class QuotaAlertManagerImpl extends ManagerBase implements QuotaAlertManager {
@@ -114,8 +115,9 @@ public class QuotaAlertManagerImpl extends ManagerBase implements QuotaAlertMana
         String smtpUsername = configs.get(QuotaConfig.QuotaSmtpUser.key());
         String smtpPassword = configs.get(QuotaConfig.QuotaSmtpPassword.key());
         String emailSender = configs.get(QuotaConfig.QuotaSmtpSender.key());
+        String smtpEnabledSecurityProtocols = configs.get(QuotaConfig.QuotaSmtpEnabledSecurityProtocols.key());
         _lockAccountEnforcement = "true".equalsIgnoreCase(configs.get(QuotaConfig.QuotaEnableEnforcement.key()));
-        _emailQuotaAlert = new EmailQuotaAlert(smtpHost, smtpPort, useAuth, smtpUsername, smtpPassword, emailSender, _smtpDebug);
+        _emailQuotaAlert = new EmailQuotaAlert(smtpHost, smtpPort, useAuth, smtpUsername, smtpPassword, emailSender, smtpEnabledSecurityProtocols, _smtpDebug);
 
         return true;
     }
@@ -341,7 +343,7 @@ public class QuotaAlertManagerImpl extends ManagerBase implements QuotaAlertMana
         private final String _smtpPassword;
         private final String _emailSender;
 
-        public EmailQuotaAlert(String smtpHost, int smtpPort, boolean smtpUseAuth, final String smtpUsername, final String smtpPassword, String emailSender, boolean smtpDebug) {
+        public EmailQuotaAlert(String smtpHost, int smtpPort, boolean smtpUseAuth, final String smtpUsername, final String smtpPassword, String emailSender, String smtpEnabledSecurityProtocols, boolean smtpDebug) {
             _smtpHost = smtpHost;
             _smtpPort = smtpPort;
             _smtpUseAuth = smtpUseAuth;
@@ -365,6 +367,10 @@ public class QuotaAlertManagerImpl extends ManagerBase implements QuotaAlertMana
                     smtpProps.put("mail.smtps.user", smtpUsername);
                 }
 
+                if (StringUtils.isNotBlank(smtpEnabledSecurityProtocols)) {
+                    smtpProps.put("mail.smtp.ssl.protocols", smtpEnabledSecurityProtocols);
+                }
+
                 if (!Strings.isNullOrEmpty(smtpUsername) && !Strings.isNullOrEmpty(smtpPassword)) {
                     _smtpSession = Session.getInstance(smtpProps, new Authenticator() {
                         @Override
diff --git a/framework/quota/src/main/java/org/apache/cloudstack/quota/constant/QuotaConfig.java b/framework/quota/src/main/java/org/apache/cloudstack/quota/constant/QuotaConfig.java
index 73c9a80e3c9..14de1ce6b8c 100644
--- a/framework/quota/src/main/java/org/apache/cloudstack/quota/constant/QuotaConfig.java
+++ b/framework/quota/src/main/java/org/apache/cloudstack/quota/constant/QuotaConfig.java
@@ -51,6 +51,9 @@ public interface QuotaConfig {
     public static final ConfigKey<String> QuotaSmtpSender = new ConfigKey<String>("Advanced", String.class, "quota.usage.smtp.sender", "",
             "Sender of quota alert email (will be in the From header of the email)", true);
 
+    public static final ConfigKey<String> QuotaSmtpEnabledSecurityProtocols = new ConfigKey<String>("Advanced", String.class, "quota.usage.smtp.enabledSecurityProtocols", "",
+            "White-space separated security protocols; ex: \"TLSv1 TLSv1.1\". Supported protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1 and TLSv1.2", true);
+
     enum QuotaEmailTemplateTypes {
         QUOTA_LOW, QUOTA_EMPTY, QUOTA_UNLOCK_ACCOUNT, QUOTA_STATEMENT
     }
diff --git a/plugins/database/quota/src/main/java/org/apache/cloudstack/quota/QuotaServiceImpl.java b/plugins/database/quota/src/main/java/org/apache/cloudstack/quota/QuotaServiceImpl.java
index 7ac5655e088..80d69b9a533 100644
--- a/plugins/database/quota/src/main/java/org/apache/cloudstack/quota/QuotaServiceImpl.java
+++ b/plugins/database/quota/src/main/java/org/apache/cloudstack/quota/QuotaServiceImpl.java
@@ -137,7 +137,7 @@ public class QuotaServiceImpl extends ManagerBase implements QuotaService, Confi
     @Override
     public ConfigKey<?>[] getConfigKeys() {
         return new ConfigKey<?>[] {QuotaPluginEnabled, QuotaEnableEnforcement, QuotaCurrencySymbol, QuotaStatementPeriod, QuotaSmtpHost, QuotaSmtpPort, QuotaSmtpTimeout,
-                QuotaSmtpUser, QuotaSmtpPassword, QuotaSmtpAuthType, QuotaSmtpSender};
+                QuotaSmtpUser, QuotaSmtpPassword, QuotaSmtpAuthType, QuotaSmtpSender, QuotaSmtpEnabledSecurityProtocols};
     }
 
     @Override