From cfb48fb7b7ed568320b1d0497ec4210ee03f7234 Mon Sep 17 00:00:00 2001
From: kishan <kishan@cloud.com>
Date: Tue, 20 Dec 2011 12:58:24 +0530
Subject: [PATCH] bug 12337: encrypt Hidden category config values only

---
 .../cloud/configuration/ConfigurationVO.java  |  8 ++-
 .../ConfigurationManagerImpl.java             |  3 +
 .../configuration/dao/ConfigurationDao.java   |  4 +-
 .../dao/ConfigurationDaoImpl.java             | 62 ++++++++-----------
 .../cloud/server/ConfigurationServerImpl.java |  4 +-
 .../cloud/server/ManagementServerImpl.java    |  2 +-
 .../cloud/upgrade/dao/Upgrade2214to30.java    |  2 +-
 7 files changed, 38 insertions(+), 47 deletions(-)

diff --git a/core/src/com/cloud/configuration/ConfigurationVO.java b/core/src/com/cloud/configuration/ConfigurationVO.java
index 95f32fd04db..3ddcbe1e307 100644
--- a/core/src/com/cloud/configuration/ConfigurationVO.java
+++ b/core/src/com/cloud/configuration/ConfigurationVO.java
@@ -22,6 +22,8 @@ import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.Id;
 import javax.persistence.Table;
+
+import com.cloud.utils.crypt.DBEncryptionUtil;
 
 @Entity
 @Table(name="configuration")
@@ -36,7 +38,7 @@ public class ConfigurationVO implements Configuration{
 	@Column(name="name")
     private String name;
 	
-	@Column(name="value", length=4095, encryptable=true)
+	@Column(name="value", length=4095)
     private String value;
 	
 	@Column(name="description", length=1024)
@@ -88,8 +90,8 @@ public class ConfigurationVO implements Configuration{
 		this.name = name;
 	}
 
-	public String getValue() {
-		return value;
+	public String getValue() {
+		return ("Hidden".equals(getCategory()) ? DBEncryptionUtil.decrypt(value) : value);
 	}
 	
 	public void setValue(String value) {
diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index b506bf7f9c4..57bf4ab456a 100755
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -2773,6 +2773,9 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
         String value = cmd.getValue();
         String description = cmd.getDescription();
         try {
+        	if("Hidden".equals(category)){
+        		value = DBEncryptionUtil.encrypt(value);
+        	}
             ConfigurationVO entity = new ConfigurationVO(category, instance, component, name, value, description);
             _configDao.persist(entity);
             s_logger.info("Successfully added configuration value into db: category:" + category + " instance:" + instance + " component:" + component + " name:" + name + " value:" + value);
diff --git a/server/src/com/cloud/configuration/dao/ConfigurationDao.java b/server/src/com/cloud/configuration/dao/ConfigurationDao.java
index 8c51eb9b694..8d1ff17d709 100644
--- a/server/src/com/cloud/configuration/dao/ConfigurationDao.java
+++ b/server/src/com/cloud/configuration/dao/ConfigurationDao.java
@@ -59,7 +59,7 @@ public interface ConfigurationDao extends GenericDao<ConfigurationVO, String> {
      */
     public String getValue(String name);
     
-    public String getValueAndInitIfNotExist(String name, String initValue);
+    public String getValueAndInitIfNotExist(String name, String category, String initValue);
     
 
     /**
@@ -69,6 +69,4 @@ public interface ConfigurationDao extends GenericDao<ConfigurationVO, String> {
     boolean isPremium();
     
     ConfigurationVO findByName(String name);
-
-    ConfigurationVO persistConfigValue(ConfigurationVO config);
 }
diff --git a/server/src/com/cloud/configuration/dao/ConfigurationDaoImpl.java b/server/src/com/cloud/configuration/dao/ConfigurationDaoImpl.java
index d72c48fca1d..4c180341fc7 100644
--- a/server/src/com/cloud/configuration/dao/ConfigurationDaoImpl.java
+++ b/server/src/com/cloud/configuration/dao/ConfigurationDaoImpl.java
@@ -26,7 +26,6 @@ import java.util.Map;
 
 import javax.ejb.Local;
 import javax.naming.ConfigurationException;
-import javax.persistence.EntityExistsException;
 
 import org.apache.log4j.Logger;
 
@@ -77,15 +76,18 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
             	if (config.getValue() != null)
             		_configs.put(config.getName(), config.getValue());
             }
+
+            if(!"DEFAULT".equals(instance)){
+            	//Default instance params are already added, need not add again 
+            	sc = InstanceSearch.create();
+            	sc.setParameters("instance", instance);
 
-            sc = InstanceSearch.create();
-            sc.setParameters("instance", instance);
+            	configurations = listIncludingRemovedBy(sc);
 
-            configurations = listIncludingRemovedBy(sc);
-
-            for (ConfigurationVO config : configurations) {
-            	if (config.getValue() != null)
-            		_configs.put(config.getName(), config.getValue());
+            	for (ConfigurationVO config : configurations) {
+            		if (config.getValue() != null)
+            			_configs.put(config.getName(), config.getValue());
+            	}
             }
 
         }
@@ -125,7 +127,7 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
     	Transaction txn = Transaction.currentTxn();
 		try {
 			PreparedStatement stmt = txn.prepareStatement(UPDATE_CONFIGURATION_SQL);
-			stmt.setString(1, DBEncryptionUtil.encrypt(value));
+			stmt.setString(1, value);
 			stmt.setString(2, name);
 			stmt.executeUpdate();
 			return true;
@@ -137,22 +139,13 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
     
     @Override
     public String getValue(String name) {
-    	SearchCriteria<ConfigurationVO> sc = NameSearch.create();
-        sc.setParameters("name", name);
-        List<ConfigurationVO> configurations = listIncludingRemovedBy(sc);
-        
-        if (configurations.size() == 0) {
-        	return null;
-        }
-        
-        ConfigurationVO config = configurations.get(0);
-        String value = config.getValue();
-        return value;
+    	ConfigurationVO config =  findByName(name);
+        return (config == null) ? null : config.getValue();
     }
     
     @Override
     @DB
-    public String getValueAndInitIfNotExist(String name, String initValue) {
+    public String getValueAndInitIfNotExist(String name, String category, String initValue) {
     	Transaction txn = Transaction.currentTxn();
     	PreparedStatement stmt = null;
     	PreparedStatement stmtInsert = null;
@@ -166,19 +159,26 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
 				returnValue =  rs.getString(1);
 				if(returnValue != null) {
 					txn.commit();
-					return DBEncryptionUtil.decrypt(returnValue);
+					if("Hidden".equals(category)){
+						return DBEncryptionUtil.decrypt(returnValue);
+					} else {
+						return returnValue;
+					}
 				} else {
 					// restore init value
 					returnValue = initValue;
 				}
 			}
 			stmt.close();
-			
+
+			if("Hidden".equals(category)){
+				initValue = DBEncryptionUtil.encrypt(initValue);
+			}
 			stmtInsert = txn.prepareAutoCloseStatement(
 				"INSERT INTO configuration(instance, name, value, description) VALUES('DEFAULT', ?, ?, '') ON DUPLICATE KEY UPDATE value=?");
 			stmtInsert.setString(1, name);
-			stmtInsert.setString(2, DBEncryptionUtil.encrypt(initValue));
-			stmtInsert.setString(3, DBEncryptionUtil.encrypt(initValue));
+			stmtInsert.setString(2, initValue);
+			stmtInsert.setString(3, initValue);
 			if(stmtInsert.executeUpdate() < 1) {
 				throw new CloudRuntimeException("Unable to init configuration variable: " + name); 
 			}
@@ -197,16 +197,4 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
         return findOneIncludingRemovedBy(sc);
     }
     
-    @Override
-    public ConfigurationVO persistConfigValue(ConfigurationVO config) {
-        ConfigurationVO vo = findByName(config.getName());
-        if (vo != null) {
-            return vo;
-        }
-        try {
-            return persist(config);
-        } catch (EntityExistsException e) {
-            return findByName(config.getName());
-        }
-    }
 }
diff --git a/server/src/com/cloud/server/ConfigurationServerImpl.java b/server/src/com/cloud/server/ConfigurationServerImpl.java
index 666f3c2081d..4e93afafadd 100644
--- a/server/src/com/cloud/server/ConfigurationServerImpl.java
+++ b/server/src/com/cloud/server/ConfigurationServerImpl.java
@@ -485,14 +485,14 @@ public class ConfigurationServerImpl implements ConfigurationServer {
                     s_logger.info("Generated SSL keystore.");
                 }
                 String base64Keystore = getBase64Keystore(keystorePath);
-                ConfigurationVO configVO = new ConfigurationVO("Hidden", "DEFAULT", "management-server", "ssl.keystore", base64Keystore, "SSL Keystore for the management servers");
+                ConfigurationVO configVO = new ConfigurationVO("Hidden", "DEFAULT", "management-server", "ssl.keystore", DBEncryptionUtil.encrypt(base64Keystore), "SSL Keystore for the management servers");
             	_configDao.persist(configVO);
                 s_logger.info("Stored SSL keystore to database.");
             } else if (keystoreFile.exists()) { // and dbExisted
                 // Check if they are the same one, otherwise override with local keystore
                 String base64Keystore = getBase64Keystore(keystorePath);
                 if (base64Keystore.compareTo(dbString) != 0) {
-                    _configDao.update("ssl.keystore", base64Keystore);
+                    _configDao.update("ssl.keystore", DBEncryptionUtil.encrypt(base64Keystore));
                     s_logger.info("Updated database keystore with local one.");
                 }
             } else { // !keystoreFile.exists() and dbExisted
diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index 6b20bc2a694..afde9d6e2ea 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -3484,7 +3484,7 @@ public class ManagementServerImpl implements ManagementServer {
         // although we may have race conditioning here, database transaction serialization should
         // give us the same key
         if (_hashKey == null) {
-            _hashKey = _configDao.getValueAndInitIfNotExist(Config.HashKey.key(), UUID.randomUUID().toString());
+            _hashKey = _configDao.getValueAndInitIfNotExist(Config.HashKey.key(), Config.HashKey.getCategory(), UUID.randomUUID().toString());
         }
         return _hashKey;
     }
diff --git a/server/src/com/cloud/upgrade/dao/Upgrade2214to30.java b/server/src/com/cloud/upgrade/dao/Upgrade2214to30.java
index 5edec7beee4..fb1609294b4 100644
--- a/server/src/com/cloud/upgrade/dao/Upgrade2214to30.java
+++ b/server/src/com/cloud/upgrade/dao/Upgrade2214to30.java
@@ -324,7 +324,7 @@ public class Upgrade2214to30 implements DbUpgrade {
     	PreparedStatement pstmt = null;
         ResultSet rs = null;
         try {
-            pstmt = conn.prepareStatement("select name, value from configuration");
+            pstmt = conn.prepareStatement("select name, value from configuration where category = 'Hidden'");
             rs = pstmt.executeQuery();
             while (rs.next()) {
                 String name = rs.getString(1);