From c4cf065a3f3e39c12d8f82da22ae8499c9207ac2 Mon Sep 17 00:00:00 2001 From: kishan Date: Tue, 5 Jun 2012 14:41:06 +0530 Subject: [PATCH] bug CS-15221: Encrypt config value before changing category to Hidden. Regression due to af1fc1cf5d361cb6d43e0107a644c42f645a0ccc status CS-15221: resolved fixed reviewed-by: Nitin --- .../cloud/upgrade/dao/Upgrade302to303.java | 42 +++++++++++++++++++ setup/db/db/schema-302to303.sql | 3 -- 2 files changed, 42 insertions(+), 3 deletions(-) diff --git a/server/src/com/cloud/upgrade/dao/Upgrade302to303.java b/server/src/com/cloud/upgrade/dao/Upgrade302to303.java index ce7c46a5953..51effefef00 100644 --- a/server/src/com/cloud/upgrade/dao/Upgrade302to303.java +++ b/server/src/com/cloud/upgrade/dao/Upgrade302to303.java @@ -16,6 +16,7 @@ package com.cloud.upgrade.dao; * @author Alena Prokharchyk */ import java.io.File; +import java.io.UnsupportedEncodingException; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; @@ -25,6 +26,7 @@ import java.util.UUID; import org.apache.log4j.Logger; // import com.cloud.dc.DataCenter.NetworkType; +import com.cloud.utils.crypt.DBEncryptionUtil; import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.utils.script.Script; @@ -59,6 +61,7 @@ public class Upgrade302to303 implements DbUpgrade { @Override public void performDataMigration(Connection conn) { setupExternalNetworkDevices(conn); + encryptConfig(conn); } private void setupExternalNetworkDevices(Connection conn) { @@ -249,6 +252,45 @@ public class Upgrade302to303 implements DbUpgrade { } } + private void encryptConfig(Connection conn){ + //Encrypt config params and change category to Hidden + s_logger.debug("Encrypting Config values"); + PreparedStatement pstmt = null; + ResultSet rs = null; + try { + pstmt = conn.prepareStatement("select name, value from `cloud`.`configuration` where name in ('router.ram.size', 'secondary.storage.vm', 'security.hash.key') and category <> 'Hidden'"); + rs = pstmt.executeQuery(); + while (rs.next()) { + String name = rs.getString(1); + String value = rs.getString(2); + if (value == null) { + continue; + } + String encryptedValue = DBEncryptionUtil.encrypt(value); + pstmt = conn.prepareStatement("update `cloud`.`configuration` set value=?, category = 'Hidden' where name=?"); + pstmt.setBytes(1, encryptedValue.getBytes("UTF-8")); + pstmt.setString(2, name); + pstmt.executeUpdate(); + } + } catch (SQLException e) { + throw new CloudRuntimeException("Unable encrypt configuration values ", e); + } catch (UnsupportedEncodingException e) { + throw new CloudRuntimeException("Unable encrypt configuration values ", e); + } finally { + try { + if (rs != null) { + rs.close(); + } + + if (pstmt != null) { + pstmt.close(); + } + } catch (SQLException e) { + } + } + s_logger.debug("Done encrypting Config values"); + } + @Override public File[] getCleanupScripts() { return null; diff --git a/setup/db/db/schema-302to303.sql b/setup/db/db/schema-302to303.sql index 97613b4c991..b3ab8dcfb1a 100755 --- a/setup/db/db/schema-302to303.sql +++ b/setup/db/db/schema-302to303.sql @@ -105,9 +105,6 @@ UPDATE `cloud`.`configuration` set component='NetworkManager' where name='router UPDATE `cloud`.`configuration` set component='NetworkManager' where name='router.template.id'; UPDATE `cloud`.`configuration` set category='Advanced' where name='capacity.skipcounting.hours'; UPDATE `cloud`.`configuration` set category='Advanced' where name='use.local.storage'; -UPDATE `cloud`.`configuration` set category='Hidden' where name='router.ram.size'; -UPDATE `cloud`.`configuration` set category='Hidden' where name='secondary.storage.vm'; -UPDATE `cloud`.`configuration` set category='Hidden' where name='security.hash.key'; UPDATE `cloud`.`configuration` set description = 'Percentage (as a value between 0 and 1) of local storage utilization above which alerts will be sent about low local storage available.' where name = 'cluster.localStorage.capacity.notificationthreshold'; DELETE FROM `cloud`.`configuration` WHERE name='direct.agent.pool.size';