etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CS-14611 : Not able to connect to cloudbridge db 

changes:
- Added the util code that CloudStack uses to decrypt the password
This commit is contained in:
prachi 2012-04-23 17:41:45 -07:00
parent e6a60dfdc3
commit 3207ef6b78
8 changed files with 222 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
awsapi/src/com/cloud/bridge/persist/dao/BaseDao.java Normal file
View File

@ -0,0 +1,75 @@
/*
* Copyright (C) 2011 Citrix Systems, Inc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.cloud.bridge.persist.dao;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Properties;
import org.apache.log4j.Logger;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.properties.EncryptableProperties;
import com.cloud.bridge.util.ConfigurationHelper;
import com.cloud.bridge.util.EncryptionSecretKeyCheckerUtil;
public class BaseDao {
public static final Logger logger = Logger.getLogger(BaseDao.class);
protected static String cloud_dbName = null;
protected static String dbHost = null;
protected static String dbUser = null;
protected static String dbPassword = null;
protected static String dbPort = null;
protected static String awsapi_dbName = null;
static{
logger.info("Initializing DB props");
File propertiesFile = ConfigurationHelper.findConfigurationFile("db.properties");
Properties EC2Prop = null;
if (null != propertiesFile) {
if(EncryptionSecretKeyCheckerUtil.useEncryption()){
StandardPBEStringEncryptor encryptor = EncryptionSecretKeyCheckerUtil.getEncryptor();
EC2Prop = new EncryptableProperties(encryptor);
} else {
EC2Prop = new Properties();
}
try {
EC2Prop.load( new FileInputStream( propertiesFile ));
} catch (FileNotFoundException e) {
logger.warn("Unable to open properties file: " + propertiesFile.getAbsolutePath(), e);
} catch (IOException e) {
logger.warn("Unable to read properties file: " + propertiesFile.getAbsolutePath(), e);
}
dbHost = EC2Prop.getProperty( "db.cloud.host" );
awsapi_dbName = EC2Prop.getProperty( "db.awsapi.name" );
cloud_dbName = EC2Prop.getProperty( "db.cloud.name" );
dbUser = EC2Prop.getProperty( "db.cloud.username" );
dbPassword = EC2Prop.getProperty( "db.cloud.password" );
dbPort = EC2Prop.getProperty( "db.cloud.port" );
}
}
public BaseDao() {
}
}

29
awsapi/src/com/cloud/bridge/persist/CloudStackDao.java → awsapi/src/com/cloud/bridge/persist/dao/CloudStackDao.java
View File

@ -13,7 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.cloud.bridge.persist;
package com.cloud.bridge.persist.dao;
import java.io.File;
import java.io.FileInputStream;
@ -31,35 +31,12 @@ import org.apache.log4j.Logger;
import com.cloud.bridge.util.ConfigurationHelper;
public class CloudStackDao {
public class CloudStackDao extends BaseDao {
public static final Logger logger = Logger.getLogger(CloudStackDao.class);
private Connection conn = null;
private String dbName = null;
private String dbHost = null;
private String dbUser = null;
private String dbPassword = null;
private String dbPort = null;
public CloudStackDao() {
File propertiesFile = ConfigurationHelper.findConfigurationFile("db.properties");
Properties EC2Prop = null;
if (null != propertiesFile) {
EC2Prop = new Properties();
try {
EC2Prop.load( new FileInputStream( propertiesFile ));
} catch (FileNotFoundException e) {
logger.warn("Unable to open properties file: " + propertiesFile.getAbsolutePath(), e);
} catch (IOException e) {
logger.warn("Unable to read properties file: " + propertiesFile.getAbsolutePath(), e);
}
dbHost = EC2Prop.getProperty( "db.cloud.host" );
dbName = EC2Prop.getProperty( "db.cloud.name" );
dbUser = EC2Prop.getProperty( "db.cloud.username" );
dbPassword = EC2Prop.getProperty( "db.cloud.password" );
dbPort = EC2Prop.getProperty( "db.cloud.port" );
}
}
@ -91,7 +68,7 @@ public class CloudStackDao {
throws InstantiationException, IllegalAccessException, ClassNotFoundException, SQLException {
if (null == conn) {
Class.forName( "com.mysql.jdbc.Driver" ).newInstance();
conn = DriverManager.getConnection( "jdbc:mysql://" + dbHost + ":" + dbPort + "/" + dbName, dbUser, dbPassword );
conn = DriverManager.getConnection( "jdbc:mysql://" + dbHost + ":" + dbPort + "/" + cloud_dbName, dbUser, dbPassword );
}
}

28
awsapi/src/com/cloud/bridge/persist/dao/OfferingDao.java
View File

@ -30,36 +30,14 @@ import org.apache.log4j.Logger;
import com.cloud.bridge.util.ConfigurationHelper;
public class OfferingDao {
public class OfferingDao extends BaseDao {
public static final Logger logger = Logger.getLogger(OfferingDao.class);
private Connection conn = null;
private String dbName = null;
private String dbHost = null;
private String dbUser = null;
private String dbPassword = null;
private String dbPort = null;
public OfferingDao()
{
File propertiesFile = ConfigurationHelper.findConfigurationFile("db.properties");
Properties EC2Prop = null;
if (null != propertiesFile) {
EC2Prop = new Properties();
try {
EC2Prop.load( new FileInputStream( propertiesFile ));
} catch (FileNotFoundException e) {
logger.warn("Unable to open properties file: " + propertiesFile.getAbsolutePath(), e);
} catch (IOException e) {
logger.warn("Unable to read properties file: " + propertiesFile.getAbsolutePath(), e);
}
dbHost = EC2Prop.getProperty( "db.cloud.host" );
dbName = EC2Prop.getProperty( "db.awsapi.name" );
dbUser = EC2Prop.getProperty( "db.cloud.username" );
dbPassword = EC2Prop.getProperty( "db.cloud.password" );
dbPort = EC2Prop.getProperty( "db.cloud.port" );
}
}
public int getOfferingCount()
@ -177,7 +155,7 @@ public class OfferingDao {
{
if (null == conn) {
Class.forName( "com.mysql.jdbc.Driver" ).newInstance();
conn = DriverManager.getConnection( "jdbc:mysql://" + dbHost + ":" + dbPort + "/" + dbName, dbUser, dbPassword );
conn = DriverManager.getConnection( "jdbc:mysql://" + dbHost + ":" + dbPort + "/" + awsapi_dbName, dbUser, dbPassword );
}
}

35
awsapi/src/com/cloud/bridge/persist/dao/UserCredentialsDao.java
View File

@ -15,54 +15,27 @@
*/
package com.cloud.bridge.persist.dao;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Properties;
import org.apache.log4j.Logger;
import com.cloud.bridge.model.UserCredentials;
import com.cloud.bridge.service.exception.NoSuchObjectException;
import com.cloud.bridge.util.ConfigurationHelper;
public class UserCredentialsDao {
public class UserCredentialsDao extends BaseDao{
public static final Logger logger = Logger.getLogger(UserCredentialsDao.class);
private Connection conn = null;
private String dbName = null;
private String dbHost = null;
private String dbUser = null;
private String dbPassword = null;
private String dbPort = null;
public UserCredentialsDao() {
File propertiesFile = ConfigurationHelper.findConfigurationFile("db.properties");
Properties EC2Prop = null;
if (null != propertiesFile) {
EC2Prop = new Properties();
try {
EC2Prop.load( new FileInputStream( propertiesFile ));
} catch (FileNotFoundException e) {
logger.warn("Unable to open properties file: " + propertiesFile.getAbsolutePath(), e);
} catch (IOException e) {
logger.warn("Unable to read properties file: " + propertiesFile.getAbsolutePath(), e);
}
dbHost = EC2Prop.getProperty( "db.cloud.host" );
dbName = EC2Prop.getProperty( "db.awsapi.name" );
dbUser = EC2Prop.getProperty( "db.cloud.username" );
dbPassword = EC2Prop.getProperty( "db.cloud.password" );
dbPort = EC2Prop.getProperty( "db.cloud.port" );
}
}
public void setUserKeys( String cloudAccessKey, String cloudSecretKey )
@ -164,7 +137,7 @@ public class UserCredentialsDao {
throws InstantiationException, IllegalAccessException, ClassNotFoundException, SQLException {
if (null == conn) {
Class.forName( "com.mysql.jdbc.Driver" ).newInstance();
conn = DriverManager.getConnection( "jdbc:mysql://" + dbHost + ":" + dbPort + "/" + dbName, dbUser, dbPassword );
conn = DriverManager.getConnection( "jdbc:mysql://" + dbHost + ":" + dbPort + "/" + awsapi_dbName, dbUser, dbPassword );
}
}

2
awsapi/src/com/cloud/bridge/service/EC2MainServlet.java
View File

@ -9,7 +9,7 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.cloud.bridge.persist.CloudStackDao;
import com.cloud.bridge.persist.dao.CloudStackDao;
import com.cloud.bridge.persist.dao.UserCredentialsDao;
import com.cloud.bridge.util.ConfigurationHelper;

12
awsapi/src/com/cloud/bridge/util/CloudSessionFactory.java
View File

@ -24,8 +24,11 @@ import java.util.Properties;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.cfg.Configuration;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.properties.EncryptableProperties;
import org.apache.log4j.Logger;
/**
* @author Kelven Yang
*/
@ -48,7 +51,14 @@ public class CloudSessionFactory {
String dbPort = null;
if (null != propertiesFile) {
dbProp = new Properties();
if(EncryptionSecretKeyCheckerUtil.useEncryption()){
StandardPBEStringEncryptor encryptor = EncryptionSecretKeyCheckerUtil.getEncryptor();
dbProp = new EncryptableProperties(encryptor);
} else {
dbProp = new Properties();
}
try {
dbProp.load( new FileInputStream( propertiesFile ));
} catch (FileNotFoundException e) {

122
awsapi/src/com/cloud/bridge/util/EncryptionSecretKeyCheckerUtil.java Normal file
View File

@ -0,0 +1,122 @@
package com.cloud.bridge.util;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.ServerSocket;
import java.net.Socket;
import java.util.Properties;
import org.apache.log4j.Logger;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
public class EncryptionSecretKeyCheckerUtil {
private static final Logger s_logger = Logger.getLogger(EncryptionSecretKeyCheckerUtil.class);
private static final String s_keyFile = "C://pscp//key";
private static final String s_envKey = "CLOUD_SECRET_KEY";
private static StandardPBEStringEncryptor s_encryptor = new StandardPBEStringEncryptor();
private static boolean s_useEncryption = false;
static{
//Get encryption type from db.properties
final File dbPropsFile = ConfigurationHelper.findConfigurationFile("db.properties");
final Properties dbProps = new Properties();
try {
dbProps.load(new FileInputStream(dbPropsFile));
final String encryptionType = dbProps.getProperty("db.cloud.encryption.type");
s_logger.debug("Encryption Type: "+ encryptionType);
if(encryptionType != null || !encryptionType.equals("none")){
s_encryptor.setAlgorithm("PBEWithMD5AndDES");
String secretKey = null;
SimpleStringPBEConfig stringConfig = new SimpleStringPBEConfig();
if(encryptionType.equals("file")){
try {
BufferedReader in = new BufferedReader(new FileReader(s_keyFile));
secretKey = in.readLine();
//Check for null or empty secret key
} catch (FileNotFoundException e) {
throw new RuntimeException("File containing secret key not found: "+s_keyFile, e);
} catch (IOException e) {
throw new RuntimeException("Error while reading secret key from: "+s_keyFile, e);
}
if(secretKey == null || secretKey.isEmpty()){
throw new RuntimeException("Secret key is null or empty in file "+s_keyFile);
}
} else if(encryptionType.equals("env")){
secretKey = System.getenv(s_envKey);
if(secretKey == null || secretKey.isEmpty()){
throw new RuntimeException("Environment variable "+s_envKey+" is not set or empty");
}
} else if(encryptionType.equals("web")){
ServerSocket serverSocket = null;
int port = 8097;
try {
serverSocket = new ServerSocket(port);
} catch (IOException ioex) {
throw new RuntimeException("Error initializing secret key reciever", ioex);
}
s_logger.info("Waiting for admin to send secret key on port "+port);
Socket clientSocket = null;
try {
clientSocket = serverSocket.accept();
} catch (IOException e) {
throw new RuntimeException("Accept failed on "+port);
}
PrintWriter out = new PrintWriter(clientSocket.getOutputStream(), true);
BufferedReader in = new BufferedReader(new InputStreamReader(clientSocket.getInputStream()));
String inputLine, outputLine;
if ((inputLine = in.readLine()) != null) {
secretKey = inputLine;
}
out.close();
in.close();
clientSocket.close();
serverSocket.close();
} else {
throw new RuntimeException("Invalid encryption type: "+encryptionType);
}
stringConfig.setPassword(secretKey);
s_encryptor.setConfig(stringConfig);
s_useEncryption = true;
}
} catch (FileNotFoundException e) {
throw new RuntimeException("File db.properties not found", e);
} catch (IOException e) {
throw new RuntimeException("Error while reading db.properties", e);
}
}
public static StandardPBEStringEncryptor getEncryptor() {
return s_encryptor;
}
public static boolean useEncryption(){
return s_useEncryption;
}
//Initialize encryptor for migration during secret key change
public static void initEncryptorForMigration(String secretKey){
s_encryptor.setAlgorithm("PBEWithMD5AndDES");
SimpleStringPBEConfig stringConfig = new SimpleStringPBEConfig();
stringConfig.setPassword(secretKey);
s_encryptor.setConfig(stringConfig);
s_useEncryption = true;
}
}

3
build/build-aws-api.xml
View File

@ -208,6 +208,7 @@
<copy todir="${server.deploy.to.dir}/webapps/awsapi/WEB-INF/lib">
<fileset dir="${jar.dir}">
<include name="cloud-awsapi.jar" />
<include name="cloud-jasypt-1.8.jar" />
</fileset>
</copy>
<copy todir="${server.deploy.to.dir}/webapps/awsapi/WEB-INF/lib">
@ -281,6 +282,7 @@
</fileset>
<fileset dir="${jar.dir}">
<include name="cloud-awsapi.jar" />
<include name="cloud-jasypt-1.8.jar" />
</fileset>
</copy>
<copy todir="${debian.tomcat.dir}/lib">
@ -353,6 +355,7 @@
</fileset>
<fileset dir="${jar.dir}">
<include name="cloud-awsapi.jar" />
<include name="cloud-jasypt-1.8.jar" />
</fileset>
</copy>
<copy todir="${rpm.tomcat.dir}/lib">