bug 12337: encrypt Hidden category config values only

2025-10-26 08:42:29 +01:00 · 2011-12-20 12:58:24 +05:30 · 2011-12-20 12:58:24 +05:30 · cfb48fb7b7
commit cfb48fb7b7
parent 71d05d531e
7 changed files with 38 additions and 47 deletions
--- a/core/src/com/cloud/configuration/ConfigurationVO.java
+++ b/core/src/com/cloud/configuration/ConfigurationVO.java
@ -22,6 +22,8 @@ import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.Id;
 import javax.persistence.Table;
+
+import com.cloud.utils.crypt.DBEncryptionUtil;

@Entity
@Table(name="configuration")
@ -36,7 +38,7 @@ public class ConfigurationVO implements Configuration{
 	@Column(name="name")
    private String name;
 	
-	@Column(name="value", length=4095, encryptable=true)
+	@Column(name="value", length=4095)
    private String value;
 	
 	@Column(name="description", length=1024)
@ -88,8 +90,8 @@ public class ConfigurationVO implements Configuration{
 		this.name = name;
 	}

-	public String getValue() {
-		return value;
+	public String getValue() {
+		return ("Hidden".equals(getCategory()) ? DBEncryptionUtil.decrypt(value) : value);
 	}
 	
 	public void setValue(String value) {
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@ -2773,6 +2773,9 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
        String value = cmd.getValue();
        String description = cmd.getDescription();
        try {
+        	if("Hidden".equals(category)){
+        		value = DBEncryptionUtil.encrypt(value);
+        	}
            ConfigurationVO entity = new ConfigurationVO(category, instance, component, name, value, description);
            _configDao.persist(entity);
            s_logger.info("Successfully added configuration value into db: category:" + category + " instance:" + instance + " component:" + component + " name:" + name + " value:" + value);
--- a/server/src/com/cloud/configuration/dao/ConfigurationDao.java
+++ b/server/src/com/cloud/configuration/dao/ConfigurationDao.java
@ -59,7 +59,7 @@ public interface ConfigurationDao extends GenericDao<ConfigurationVO, String> {
     */
    public String getValue(String name);
    
-    public String getValueAndInitIfNotExist(String name, String initValue);
+    public String getValueAndInitIfNotExist(String name, String category, String initValue);
    

    /**
@ -69,6 +69,4 @@ public interface ConfigurationDao extends GenericDao<ConfigurationVO, String> {
    boolean isPremium();
    
    ConfigurationVO findByName(String name);
-
-    ConfigurationVO persistConfigValue(ConfigurationVO config);
 }
--- a/server/src/com/cloud/configuration/dao/ConfigurationDaoImpl.java
+++ b/server/src/com/cloud/configuration/dao/ConfigurationDaoImpl.java
@ -26,7 +26,6 @@ import java.util.Map;

 import javax.ejb.Local;
 import javax.naming.ConfigurationException;
-import javax.persistence.EntityExistsException;

 import org.apache.log4j.Logger;

@ -77,15 +76,18 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
            	if (config.getValue() != null)
            		_configs.put(config.getName(), config.getValue());
            }
+
+            if(!"DEFAULT".equals(instance)){
+            	//Default instance params are already added, need not add again 
+            	sc = InstanceSearch.create();
+            	sc.setParameters("instance", instance);

-            sc = InstanceSearch.create();
-            sc.setParameters("instance", instance);
+            	configurations = listIncludingRemovedBy(sc);

-            configurations = listIncludingRemovedBy(sc);
-
-            for (ConfigurationVO config : configurations) {
-            	if (config.getValue() != null)
-            		_configs.put(config.getName(), config.getValue());
+            	for (ConfigurationVO config : configurations) {
+            		if (config.getValue() != null)
+            			_configs.put(config.getName(), config.getValue());
+            	}
            }

        }
@ -125,7 +127,7 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
    	Transaction txn = Transaction.currentTxn();
 		try {
 			PreparedStatement stmt = txn.prepareStatement(UPDATE_CONFIGURATION_SQL);
-			stmt.setString(1, DBEncryptionUtil.encrypt(value));
+			stmt.setString(1, value);
 			stmt.setString(2, name);
 			stmt.executeUpdate();
 			return true;
@ -137,22 +139,13 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
    
    @Override
    public String getValue(String name) {
-    	SearchCriteria<ConfigurationVO> sc = NameSearch.create();
-        sc.setParameters("name", name);
-        List<ConfigurationVO> configurations = listIncludingRemovedBy(sc);
-        
-        if (configurations.size() == 0) {
-        	return null;
-        }
-        
-        ConfigurationVO config = configurations.get(0);
-        String value = config.getValue();
-        return value;
+    	ConfigurationVO config =  findByName(name);
+        return (config == null) ? null : config.getValue();
    }
    
    @Override
    @DB
-    public String getValueAndInitIfNotExist(String name, String initValue) {
+    public String getValueAndInitIfNotExist(String name, String category, String initValue) {
    	Transaction txn = Transaction.currentTxn();
    	PreparedStatement stmt = null;
    	PreparedStatement stmtInsert = null;
@ -166,19 +159,26 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
 				returnValue =  rs.getString(1);
 				if(returnValue != null) {
 					txn.commit();
-					return DBEncryptionUtil.decrypt(returnValue);
+					if("Hidden".equals(category)){
+						return DBEncryptionUtil.decrypt(returnValue);
+					} else {
+						return returnValue;
+					}
 				} else {
 					// restore init value
 					returnValue = initValue;
 				}
 			}
 			stmt.close();
-			
+
+			if("Hidden".equals(category)){
+				initValue = DBEncryptionUtil.encrypt(initValue);
+			}
 			stmtInsert = txn.prepareAutoCloseStatement(
 				"INSERT INTO configuration(instance, name, value, description) VALUES('DEFAULT', ?, ?, '') ON DUPLICATE KEY UPDATE value=?");
 			stmtInsert.setString(1, name);
-			stmtInsert.setString(2, DBEncryptionUtil.encrypt(initValue));
-			stmtInsert.setString(3, DBEncryptionUtil.encrypt(initValue));
+			stmtInsert.setString(2, initValue);
+			stmtInsert.setString(3, initValue);
 			if(stmtInsert.executeUpdate() < 1) {
 				throw new CloudRuntimeException("Unable to init configuration variable: " + name); 
 			}
@ -197,16 +197,4 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
        return findOneIncludingRemovedBy(sc);
    }
    
-    @Override
-    public ConfigurationVO persistConfigValue(ConfigurationVO config) {
-        ConfigurationVO vo = findByName(config.getName());
-        if (vo != null) {
-            return vo;
-        }
-        try {
-            return persist(config);
-        } catch (EntityExistsException e) {
-            return findByName(config.getName());
-        }
-    }
 }
--- a/server/src/com/cloud/server/ConfigurationServerImpl.java
+++ b/server/src/com/cloud/server/ConfigurationServerImpl.java
@ -485,14 +485,14 @@ public class ConfigurationServerImpl implements ConfigurationServer {
                    s_logger.info("Generated SSL keystore.");
                }
                String base64Keystore = getBase64Keystore(keystorePath);
-                ConfigurationVO configVO = new ConfigurationVO("Hidden", "DEFAULT", "management-server", "ssl.keystore", base64Keystore, "SSL Keystore for the management servers");
+                ConfigurationVO configVO = new ConfigurationVO("Hidden", "DEFAULT", "management-server", "ssl.keystore", DBEncryptionUtil.encrypt(base64Keystore), "SSL Keystore for the management servers");
            	_configDao.persist(configVO);
                s_logger.info("Stored SSL keystore to database.");
            } else if (keystoreFile.exists()) { // and dbExisted
                // Check if they are the same one, otherwise override with local keystore
                String base64Keystore = getBase64Keystore(keystorePath);
                if (base64Keystore.compareTo(dbString) != 0) {
-                    _configDao.update("ssl.keystore", base64Keystore);
+                    _configDao.update("ssl.keystore", DBEncryptionUtil.encrypt(base64Keystore));
                    s_logger.info("Updated database keystore with local one.");
                }
            } else { // !keystoreFile.exists() and dbExisted
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@ -3484,7 +3484,7 @@ public class ManagementServerImpl implements ManagementServer {
        // although we may have race conditioning here, database transaction serialization should
        // give us the same key
        if (_hashKey == null) {
-            _hashKey = _configDao.getValueAndInitIfNotExist(Config.HashKey.key(), UUID.randomUUID().toString());
+            _hashKey = _configDao.getValueAndInitIfNotExist(Config.HashKey.key(), Config.HashKey.getCategory(), UUID.randomUUID().toString());
        }
        return _hashKey;
    }
--- a/server/src/com/cloud/upgrade/dao/Upgrade2214to30.java
+++ b/server/src/com/cloud/upgrade/dao/Upgrade2214to30.java
@ -324,7 +324,7 @@ public class Upgrade2214to30 implements DbUpgrade {
    	PreparedStatement pstmt = null;
        ResultSet rs = null;
        try {
-            pstmt = conn.prepareStatement("select name, value from configuration");
+            pstmt = conn.prepareStatement("select name, value from configuration where category = 'Hidden'");
            rs = pstmt.executeQuery();
            while (rs.next()) {
                String name = rs.getString(1);