cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kis...@apache.org
Subject git commit: updated refs/heads/4.2-forward to bbe8a6d
Date Thu, 22 Aug 2013 13:30:48 GMT
Updated Branches:
  refs/heads/4.2-forward a0f23d0f9 -> bbe8a6d26


CLOUDSTACK-4115 : Encrypt password in cluster_details table. This fix is to handle upgrades
from versions earlier than 3.0.5 and 4.0. Upgrade was not handled when the cluster_details
password encryption was introduced.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/bbe8a6d2
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/bbe8a6d2
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/bbe8a6d2

Branch: refs/heads/4.2-forward
Commit: bbe8a6d266cd9aff659b697ea1fcbc36ec854f5a
Parents: a0f23d0
Author: Kishan Kavala <kishan@cloud.com>
Authored: Thu Aug 22 18:52:34 2013 +0530
Committer: Kishan Kavala <kishan@cloud.com>
Committed: Thu Aug 22 19:00:24 2013 +0530

----------------------------------------------------------------------
 .../com/cloud/upgrade/dao/Upgrade302to40.java   | 39 +++++++++++++++++++
 .../com/cloud/upgrade/dao/Upgrade304to305.java  | 41 ++++++++++++++++++++
 2 files changed, 80 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bbe8a6d2/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java
index 11e5608..45f5f1b 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java
@@ -74,6 +74,7 @@ public class Upgrade302to40 extends Upgrade30xBase implements DbUpgrade
{
         setupExternalNetworkDevices(conn);
         fixZoneUsingExternalDevices(conn);
         encryptConfig(conn);
+        encryptClusterDetails(conn);
     }
 
     @Override
@@ -1072,4 +1073,42 @@ public class Upgrade302to40 extends Upgrade30xBase implements DbUpgrade
{
         }
         s_logger.debug("Done encrypting Config values");
     }
+
+    private void encryptClusterDetails(Connection conn) {
+        s_logger.debug("Encrypting cluster details");
+        PreparedStatement pstmt = null;
+        ResultSet rs = null;
+        try {
+            pstmt = conn.prepareStatement("select id, value from `cloud`.`cluster_details`
where name = 'password'");
+            rs = pstmt.executeQuery();
+            while (rs.next()) {
+                long id = rs.getLong(1);
+                String value = rs.getString(2);
+                if (value == null) {
+                    continue;
+                }
+                String encryptedValue = DBEncryptionUtil.encrypt(value);
+                pstmt = conn.prepareStatement("update `cloud`.`cluster_details` set value=?
where id=?");
+                pstmt.setBytes(1, encryptedValue.getBytes("UTF-8"));
+                pstmt.setLong(2, id);
+                pstmt.executeUpdate();
+            }
+        } catch (SQLException e) {
+            throw new CloudRuntimeException("Unable encrypt cluster_details values ", e);
+        } catch (UnsupportedEncodingException e) {
+            throw new CloudRuntimeException("Unable encrypt cluster_details values ", e);
+        } finally {
+            try {
+                if (rs != null) {
+                    rs.close();
+                }
+
+                if (pstmt != null) {
+                    pstmt.close();
+                }
+            } catch (SQLException e) {
+            }
+        }
+        s_logger.debug("Done encrypting cluster_details");
+    }
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bbe8a6d2/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java
index 3e8db4a..bfbce89 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java
@@ -19,6 +19,7 @@
 package com.cloud.upgrade.dao;
 
 import java.io.File;
+import java.io.UnsupportedEncodingException;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
@@ -27,6 +28,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.UUID;
 
+import com.cloud.utils.crypt.DBEncryptionUtil;
 import org.apache.log4j.Logger;
 
 import com.cloud.utils.exception.CloudRuntimeException;
@@ -68,6 +70,7 @@ public class Upgrade304to305 extends Upgrade30xBase implements DbUpgrade
{
         fixZoneUsingExternalDevices(conn);
 //        updateSystemVms(conn);
         fixForeignKeys(conn);
+        encryptClusterDetails(conn);
     }
 
     @Override
@@ -455,4 +458,42 @@ public class Upgrade304to305 extends Upgrade30xBase implements DbUpgrade
{
             throw new CloudRuntimeException("Unable to execute ssh_keypairs table update
for adding domain_id foreign key", e);
         }
     }
+
+    private void encryptClusterDetails(Connection conn) {
+        s_logger.debug("Encrypting cluster details");
+        PreparedStatement pstmt = null;
+        ResultSet rs = null;
+        try {
+            pstmt = conn.prepareStatement("select id, value from `cloud`.`cluster_details`
where name = 'password'");
+            rs = pstmt.executeQuery();
+            while (rs.next()) {
+                long id = rs.getLong(1);
+                String value = rs.getString(2);
+                if (value == null) {
+                    continue;
+                }
+                String encryptedValue = DBEncryptionUtil.encrypt(value);
+                pstmt = conn.prepareStatement("update `cloud`.`cluster_details` set value=?
where id=?");
+                pstmt.setBytes(1, encryptedValue.getBytes("UTF-8"));
+                pstmt.setLong(2, id);
+                pstmt.executeUpdate();
+            }
+        } catch (SQLException e) {
+            throw new CloudRuntimeException("Unable encrypt cluster_details values ", e);
+        } catch (UnsupportedEncodingException e) {
+            throw new CloudRuntimeException("Unable encrypt cluster_details values ", e);
+        } finally {
+            try {
+                if (rs != null) {
+                    rs.close();
+                }
+
+                if (pstmt != null) {
+                    pstmt.close();
+                }
+            } catch (SQLException e) {
+            }
+        }
+        s_logger.debug("Done encrypting cluster_details");
+    }
 }


Mime
View raw message