cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kis...@apache.org
Subject git commit: updated refs/heads/master to 95e1583
Date Tue, 06 Aug 2013 11:32:03 GMT
Updated Branches:
  refs/heads/master 31493d8d8 -> 95e15833b


Encrypt pre shared key in Site2Site customer gateway DB entries

Conflicts:
	engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/95e15833
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/95e15833
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/95e15833

Branch: refs/heads/master
Commit: 95e15833b99e30478509dddd51ef1ea3ce5273c2
Parents: 31493d8
Author: Kishan Kavala <kishan@cloud.com>
Authored: Tue Aug 6 16:48:50 2013 +0530
Committer: Kishan Kavala <kishan@cloud.com>
Committed: Tue Aug 6 17:01:31 2013 +0530

----------------------------------------------------------------------
 .../network/dao/Site2SiteCustomerGatewayVO.java |  2 +
 .../com/cloud/upgrade/dao/Upgrade410to420.java  | 39 ++++++++++++++++++++
 2 files changed, 41 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/95e15833/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java b/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java
index 80130ef..fe0a403 100644
--- a/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java
+++ b/engine/schema/src/com/cloud/network/dao/Site2SiteCustomerGatewayVO.java
@@ -27,6 +27,7 @@ import javax.persistence.Id;
 import javax.persistence.Table;
 
 import com.cloud.network.Site2SiteCustomerGateway;
+import com.cloud.utils.db.Encrypt;
 import com.cloud.utils.db.GenericDao;
 import org.apache.cloudstack.api.InternalIdentity;
 
@@ -50,6 +51,7 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway
{
     @Column(name="guest_cidr_list")
     private String guestCidrList;
 
+    @Encrypt
     @Column(name="ipsec_psk")
     private String ipsecPsk;
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/95e15833/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java
index c87547b..76c2951 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java
@@ -18,6 +18,7 @@
 package com.cloud.upgrade.dao;
 
 import java.io.File;
+import java.io.UnsupportedEncodingException;
 import java.sql.Connection;
 import java.sql.Date;
 import java.sql.PreparedStatement;
@@ -31,6 +32,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
+import com.cloud.utils.crypt.DBEncryptionUtil;
 import org.apache.log4j.Logger;
 import org.apache.cloudstack.engine.subsystem.api.storage.DataStoreProvider;
 import com.cloud.deploy.DeploymentPlanner;
@@ -98,6 +100,7 @@ public class Upgrade410to420 implements DbUpgrade {
         migrateSnapshotStoreRef(conn);
         fixNiciraKeys(conn);
         fixRouterKeys(conn);
+        encryptSite2SitePSK(conn);
     }
 
     private void fixBaremetalForeignKeys(Connection conn) {
@@ -1938,5 +1941,41 @@ public class Upgrade410to420 implements DbUpgrade {
             } catch (SQLException e) {
             }
         }
+    }    private void encryptSite2SitePSK(Connection conn) {
+        s_logger.debug("Encrypting Site2Site Customer Gateway pre-shared key");
+        PreparedStatement pstmt = null;
+        ResultSet rs = null;
+        try {
+            pstmt = conn.prepareStatement("select id, ipsec_psk from `cloud`.`s2s_customer_gateway`");
+            rs = pstmt.executeQuery();
+            while (rs.next()) {
+                long id = rs.getLong(1);
+                String value = rs.getString(2);
+                if (value == null) {
+                    continue;
+                }
+                String encryptedValue = DBEncryptionUtil.encrypt(value);
+                pstmt = conn.prepareStatement("update `cloud`.`s2s_customer_gateway` set
ipsec_psk=? where id=?");
+                pstmt.setBytes(1, encryptedValue.getBytes("UTF-8"));
+                pstmt.setLong(2, id);
+                pstmt.executeUpdate();
+            }
+        } catch (SQLException e) {
+            throw new CloudRuntimeException("Unable to encrypt Site2Site Customer Gateway
pre-shared key ", e);
+        } catch (UnsupportedEncodingException e) {
+            throw new CloudRuntimeException("Unable to encrypt Site2Site Customer Gateway
pre-shared key ", e);
+        } finally {
+            try {
+                if (rs != null) {
+                    rs.close();
+                }
+
+                if (pstmt != null) {
+                    pstmt.close();
+                }
+            } catch (SQLException e) {
+            }
+        }
+        s_logger.debug("Done encrypting Site2Site Customer Gateway pre-shared key");
     }
 }


Mime
View raw message