apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-02 20:02:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug 12337: encrypt Hidden category config values only

Browse Source
This commit is contained in:
kishan 2011-12-20 12:58:24 +05:30
parent 71d05d531e
commit cfb48fb7b7
7 changed files with 38 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/src/com/cloud/configuration/ConfigurationVO.java
View File

@ -22,6 +22,8 @@ import javax.persistence.Column;
import javax.persistence.Entity; import javax.persistence.Entity;
import javax.persistence.Id; import javax.persistence.Id;
import javax.persistence.Table; import javax.persistence.Table;
import com.cloud.utils.crypt.DBEncryptionUtil;
@Entity @Entity
@Table(name="configuration") @Table(name="configuration")
@ -36,7 +38,7 @@ public class ConfigurationVO implements Configuration{
@Column(name="name") @Column(name="name")
private String name; private String name;
@Column(name="value", length=4095, encryptable=true) @Column(name="value", length=4095)
private String value; private String value;
@Column(name="description", length=1024) @Column(name="description", length=1024)
@ -88,8 +90,8 @@ public class ConfigurationVO implements Configuration{
this.name = name; this.name = name;
} }
public String getValue() { public String getValue() {
return value; return ("Hidden".equals(getCategory()) ? DBEncryptionUtil.decrypt(value) : value);
} }
public void setValue(String value) { public void setValue(String value) {

3
server/src/com/cloud/configuration/ConfigurationManagerImpl.java
View File

@ -2773,6 +2773,9 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
String value = cmd.getValue(); String value = cmd.getValue();
String description = cmd.getDescription(); String description = cmd.getDescription();
try { try {
if("Hidden".equals(category)){
value = DBEncryptionUtil.encrypt(value);
}
ConfigurationVO entity = new ConfigurationVO(category, instance, component, name, value, description); ConfigurationVO entity = new ConfigurationVO(category, instance, component, name, value, description);
_configDao.persist(entity); _configDao.persist(entity);
s_logger.info("Successfully added configuration value into db: category:" + category + " instance:" + instance + " component:" + component + " name:" + name + " value:" + value); s_logger.info("Successfully added configuration value into db: category:" + category + " instance:" + instance + " component:" + component + " name:" + name + " value:" + value);

4
server/src/com/cloud/configuration/dao/ConfigurationDao.java
View File

@ -59,7 +59,7 @@ public interface ConfigurationDao extends GenericDao<ConfigurationVO, String> {
*/ */
public String getValue(String name); public String getValue(String name);
public String getValueAndInitIfNotExist(String name, String initValue); public String getValueAndInitIfNotExist(String name, String category, String initValue);
/** /**
@ -69,6 +69,4 @@ public interface ConfigurationDao extends GenericDao<ConfigurationVO, String> {
boolean isPremium(); boolean isPremium();
ConfigurationVO findByName(String name); ConfigurationVO findByName(String name);
ConfigurationVO persistConfigValue(ConfigurationVO config);
} }

62
server/src/com/cloud/configuration/dao/ConfigurationDaoImpl.java
View File

@ -26,7 +26,6 @@ import java.util.Map;
import javax.ejb.Local; import javax.ejb.Local;
import javax.naming.ConfigurationException; import javax.naming.ConfigurationException;
import javax.persistence.EntityExistsException;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
@ -77,15 +76,18 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
if (config.getValue() != null) if (config.getValue() != null)
_configs.put(config.getName(), config.getValue()); _configs.put(config.getName(), config.getValue());
} }
if(!"DEFAULT".equals(instance)){
//Default instance params are already added, need not add again
sc = InstanceSearch.create();
sc.setParameters("instance", instance);
sc = InstanceSearch.create(); configurations = listIncludingRemovedBy(sc);
sc.setParameters("instance", instance);
configurations = listIncludingRemovedBy(sc); for (ConfigurationVO config : configurations) {
if (config.getValue() != null)
for (ConfigurationVO config : configurations) { _configs.put(config.getName(), config.getValue());
if (config.getValue() != null) }
_configs.put(config.getName(), config.getValue());
} }
} }
@ -125,7 +127,7 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
Transaction txn = Transaction.currentTxn(); Transaction txn = Transaction.currentTxn();
try { try {
PreparedStatement stmt = txn.prepareStatement(UPDATE_CONFIGURATION_SQL); PreparedStatement stmt = txn.prepareStatement(UPDATE_CONFIGURATION_SQL);
stmt.setString(1, DBEncryptionUtil.encrypt(value)); stmt.setString(1, value);
stmt.setString(2, name); stmt.setString(2, name);
stmt.executeUpdate(); stmt.executeUpdate();
return true; return true;
@ -137,22 +139,13 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
@Override @Override
public String getValue(String name) { public String getValue(String name) {
SearchCriteria<ConfigurationVO> sc = NameSearch.create(); ConfigurationVO config = findByName(name);
sc.setParameters("name", name); return (config == null) ? null : config.getValue();
List<ConfigurationVO> configurations = listIncludingRemovedBy(sc);
if (configurations.size() == 0) {
return null;
}
ConfigurationVO config = configurations.get(0);
String value = config.getValue();
return value;
} }
@Override @Override
@DB @DB
public String getValueAndInitIfNotExist(String name, String initValue) { public String getValueAndInitIfNotExist(String name, String category, String initValue) {
Transaction txn = Transaction.currentTxn(); Transaction txn = Transaction.currentTxn();
PreparedStatement stmt = null; PreparedStatement stmt = null;
PreparedStatement stmtInsert = null; PreparedStatement stmtInsert = null;
@ -166,19 +159,26 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
returnValue = rs.getString(1); returnValue = rs.getString(1);
if(returnValue != null) { if(returnValue != null) {
txn.commit(); txn.commit();
return DBEncryptionUtil.decrypt(returnValue); if("Hidden".equals(category)){
return DBEncryptionUtil.decrypt(returnValue);
} else {
return returnValue;
}
} else { } else {
// restore init value // restore init value
returnValue = initValue; returnValue = initValue;
} }
} }
stmt.close(); stmt.close();
if("Hidden".equals(category)){
initValue = DBEncryptionUtil.encrypt(initValue);
}
stmtInsert = txn.prepareAutoCloseStatement( stmtInsert = txn.prepareAutoCloseStatement(
"INSERT INTO configuration(instance, name, value, description) VALUES('DEFAULT', ?, ?, '') ON DUPLICATE KEY UPDATE value=?"); "INSERT INTO configuration(instance, name, value, description) VALUES('DEFAULT', ?, ?, '') ON DUPLICATE KEY UPDATE value=?");
stmtInsert.setString(1, name); stmtInsert.setString(1, name);
stmtInsert.setString(2, DBEncryptionUtil.encrypt(initValue)); stmtInsert.setString(2, initValue);
stmtInsert.setString(3, DBEncryptionUtil.encrypt(initValue)); stmtInsert.setString(3, initValue);
if(stmtInsert.executeUpdate() < 1) { if(stmtInsert.executeUpdate() < 1) {
throw new CloudRuntimeException("Unable to init configuration variable: " + name); throw new CloudRuntimeException("Unable to init configuration variable: " + name);
} }
@ -197,16 +197,4 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
return findOneIncludingRemovedBy(sc); return findOneIncludingRemovedBy(sc);
} }
@Override
public ConfigurationVO persistConfigValue(ConfigurationVO config) {
ConfigurationVO vo = findByName(config.getName());
if (vo != null) {
return vo;
}
try {
return persist(config);
} catch (EntityExistsException e) {
return findByName(config.getName());
}
}
} }

4
server/src/com/cloud/server/ConfigurationServerImpl.java
View File

@ -485,14 +485,14 @@ public class ConfigurationServerImpl implements ConfigurationServer {
s_logger.info("Generated SSL keystore."); s_logger.info("Generated SSL keystore.");
} }
String base64Keystore = getBase64Keystore(keystorePath); String base64Keystore = getBase64Keystore(keystorePath);
ConfigurationVO configVO = new ConfigurationVO("Hidden", "DEFAULT", "management-server", "ssl.keystore", base64Keystore, "SSL Keystore for the management servers"); ConfigurationVO configVO = new ConfigurationVO("Hidden", "DEFAULT", "management-server", "ssl.keystore", DBEncryptionUtil.encrypt(base64Keystore), "SSL Keystore for the management servers");
_configDao.persist(configVO); _configDao.persist(configVO);
s_logger.info("Stored SSL keystore to database."); s_logger.info("Stored SSL keystore to database.");
} else if (keystoreFile.exists()) { // and dbExisted } else if (keystoreFile.exists()) { // and dbExisted
// Check if they are the same one, otherwise override with local keystore // Check if they are the same one, otherwise override with local keystore
String base64Keystore = getBase64Keystore(keystorePath); String base64Keystore = getBase64Keystore(keystorePath);
if (base64Keystore.compareTo(dbString) != 0) { if (base64Keystore.compareTo(dbString) != 0) {
_configDao.update("ssl.keystore", base64Keystore); _configDao.update("ssl.keystore", DBEncryptionUtil.encrypt(base64Keystore));
s_logger.info("Updated database keystore with local one."); s_logger.info("Updated database keystore with local one.");
} }
} else { // !keystoreFile.exists() and dbExisted } else { // !keystoreFile.exists() and dbExisted

2
server/src/com/cloud/server/ManagementServerImpl.java
View File

@ -3484,7 +3484,7 @@ public class ManagementServerImpl implements ManagementServer {
// although we may have race conditioning here, database transaction serialization should // although we may have race conditioning here, database transaction serialization should
// give us the same key // give us the same key
if (_hashKey == null) { if (_hashKey == null) {
_hashKey = _configDao.getValueAndInitIfNotExist(Config.HashKey.key(), UUID.randomUUID().toString()); _hashKey = _configDao.getValueAndInitIfNotExist(Config.HashKey.key(), Config.HashKey.getCategory(), UUID.randomUUID().toString());
} }
return _hashKey; return _hashKey;
} }

2
server/src/com/cloud/upgrade/dao/Upgrade2214to30.java
View File

@ -324,7 +324,7 @@ public class Upgrade2214to30 implements DbUpgrade {
PreparedStatement pstmt = null; PreparedStatement pstmt = null;
ResultSet rs = null; ResultSet rs = null;
try { try {
pstmt = conn.prepareStatement("select name, value from configuration"); pstmt = conn.prepareStatement("select name, value from configuration where category = 'Hidden'");
rs = pstmt.executeQuery(); rs = pstmt.executeQuery();
while (rs.next()) { while (rs.next()) {
String name = rs.getString(1); String name = rs.getString(1);