From 384bce1a97dd03c2297acd5dbada7bfaa3766074 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan.hoogland@shapeblue.com>
Date: Fri, 8 Jun 2018 12:55:05 +0200
Subject: [PATCH] update without decrypt doesn't work

---
 .../META-INF/db/schema-41100to41110.sql       | 12 ----
 .../upgrade/dao/Upgrade41100to41110.java      | 62 ++++++++++++++++++-
 2 files changed, 61 insertions(+), 13 deletions(-)

diff --git a/engine/schema/resources/META-INF/db/schema-41100to41110.sql b/engine/schema/resources/META-INF/db/schema-41100to41110.sql
index 228c39d0221..221a4756d30 100644
--- a/engine/schema/resources/META-INF/db/schema-41100to41110.sql
+++ b/engine/schema/resources/META-INF/db/schema-41100to41110.sql
@@ -91,15 +91,3 @@ INSERT IGNORE INTO `cloud`.`guest_os_hypervisor` (uuid,hypervisor_type, hypervis
 -- XCP-NG 7.4
 INSERT IGNORE INTO `cloud`.`hypervisor_capabilities`(uuid, hypervisor_type, hypervisor_version, max_guests_limit, max_data_volumes_limit, storage_motion_supported) values (UUID(), 'XenServer', 'XCP-ng 7.4.0', 500, 13, 1);
 INSERT IGNORE INTO `cloud`.`guest_os_hypervisor` (uuid,hypervisor_type, hypervisor_version, guest_os_name, guest_os_id, created, is_user_defined) SELECT UUID(),'Xenserver', 'XCP-ng 7.4.0', guest_os_name, guest_os_id, utc_timestamp(), 0  FROM `cloud`.`guest_os_hypervisor` WHERE hypervisor_type='Xenserver' AND hypervisor_version='7.4.0';
-
-UPDATE `cloud`.`configuration` SET `category`='Advanced' WHERE `name`='ldap.basedn';
-UPDATE `cloud`.`configuration` SET `category`='Advanced' WHERE `name`='ldap.bind.principal';
-UPDATE `cloud`.`configuration` SET `category`='Advanced' WHERE `name`='ldap.email.attribute';
-UPDATE `cloud`.`configuration` SET `category`='Advanced' WHERE `name`='ldap.firstname.attribute';
-UPDATE `cloud`.`configuration` SET `category`='Advanced' WHERE `name`='ldap.group.object';
-UPDATE `cloud`.`configuration` SET `category`='Advanced' WHERE `name`='ldap.group.user.uniquemember';
-UPDATE `cloud`.`configuration` SET `category`='Advanced' WHERE `name`='ldap.lastname.attribute';
-UPDATE `cloud`.`configuration` SET `category`='Advanced' WHERE `name`='ldap.search.group.principle';
-UPDATE `cloud`.`configuration` SET `category`='Advanced' WHERE `name`='ldap.truststore';
-UPDATE `cloud`.`configuration` SET `category`='Advanced' WHERE `name`='ldap.user.object';
-UPDATE `cloud`.`configuration` SET `category`='Advanced' WHERE `name`='ldap.username.attribute';
diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade41100to41110.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade41100to41110.java
index 3443e95242a..72490c63be6 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade41100to41110.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade41100to41110.java
@@ -19,7 +19,7 @@
 
 package com.cloud.upgrade.dao;
 
-import java.io.InputStream;
+import java.io.*;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
@@ -29,6 +29,7 @@ import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 
+import com.cloud.utils.crypt.*;
 import org.apache.log4j.Logger;
 
 import com.cloud.hypervisor.Hypervisor;
@@ -66,6 +67,65 @@ public class Upgrade41100to41110 implements DbUpgrade {
     @Override
     public void performDataMigration(Connection conn) {
         updateSystemVmTemplates(conn);
+        markUnnecessarySecureConfigsAsUnsecure(conn);
+    }
+
+    private void markUnnecessarySecureConfigsAsUnsecure(Connection conn) {
+        String[] unsecureItems = new String[] {
+                "ldap.basedn",
+                "ldap.bind.principal",
+                "ldap.email.attribute",
+                "ldap.firstname.attribute",
+                "ldap.group.object",
+                "ldap.group.user.uniquemember",
+                "ldap.lastname.attribute",
+                "ldap.search.group.principle",
+                "ldap.truststore",
+                "ldap.user.object",
+                "ldap.username.attribute"
+        };
+
+        for (String name : unsecureItems) {
+            uncrypt(conn, name);
+        }
+    }
+
+    /**
+     * if encrypted, decrypt the ldap hostname and port and then update as they are not encrypted now.
+     */
+    private void uncrypt(Connection conn, String name)
+    {
+        String value = null;
+        try (
+                PreparedStatement prepSelStmt = conn.prepareStatement("SELECT conf.category,conf.value FROM `cloud`.`configuration` conf WHERE conf.name= ?");
+        ) {
+            prepSelStmt.setString(1,name);
+            try (
+                    ResultSet resultSet = prepSelStmt.executeQuery();
+            ) {
+                if (resultSet.next()) {
+                    if ("Secure".equals(resultSet.getString(1))) {
+                        value = DBEncryptionUtil.decrypt(resultSet.getString(2));
+                        try (
+                                PreparedStatement prepUpdStmt= conn.prepareStatement("UPDATE `cloud`.`configuration` set category = 'Advanced', value = ? where name is ?" );
+                        ) {
+                            prepUpdStmt.setString(1, value);
+                            prepUpdStmt.setString(2, name);
+                            prepUpdStmt.execute();
+                        } catch (SQLException e) {
+                            if (LOG.isInfoEnabled()) {
+                                LOG.info("failed to update configuration item '"+name+"' with value '"+value+"'");
+                                if (LOG.isDebugEnabled()) {
+                                    LOG.debug("");
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        } catch (SQLException e) {
+            throw new CloudRuntimeException("failed to update configuration item '"+name+"' with value '"+value+"'", e);
+        }
     }
 
     @SuppressWarnings("serial")