Animesh, Please apply bbe8a6d266cd9aff659b697ea1fcbc36ec854f5a from 4.2-forward to 4.2
Updated Branches: refs/heads/4.2-forward a0f23d0f9 -> bbe8a6d26 CLOUDSTACK-4115 : Encrypt password in cluster_details table. This fix is to handle upgrades from versions earlier than 3.0.5 and 4.0. Upgrade was not handled when the cluster_details password encryption was introduced. Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/bbe8a6d2 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/bbe8a6d2 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/bbe8a6d2 Branch: refs/heads/4.2-forward Commit: bbe8a6d266cd9aff659b697ea1fcbc36ec854f5a Parents: a0f23d0 Author: Kishan Kavala <kis...@cloud.com> Authored: Thu Aug 22 18:52:34 2013 +0530 Committer: Kishan Kavala <kis...@cloud.com> Committed: Thu Aug 22 19:00:24 2013 +0530 ---------------------------------------------------------------------- .../com/cloud/upgrade/dao/Upgrade302to40.java | 39 +++++++++++++++++++ .../com/cloud/upgrade/dao/Upgrade304to305.java | 41 ++++++++++++++++++++ 2 files changed, 80 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bbe8a6d2/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java index 11e5608..45f5f1b 100644 --- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java +++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java @@ -74,6 +74,7 @@ public class Upgrade302to40 extends Upgrade30xBase implements DbUpgrade { setupExternalNetworkDevices(conn); fixZoneUsingExternalDevices(conn); encryptConfig(conn); + encryptClusterDetails(conn); } @Override @@ -1072,4 +1073,42 @@ public class Upgrade302to40 extends Upgrade30xBase implements DbUpgrade { } s_logger.debug("Done encrypting Config values"); } + + private void encryptClusterDetails(Connection conn) { + s_logger.debug("Encrypting cluster details"); + PreparedStatement pstmt = null; + ResultSet rs = null; + try { + pstmt = conn.prepareStatement("select id, value from `cloud`.`cluster_details` where name = 'password'"); + rs = pstmt.executeQuery(); + while (rs.next()) { + long id = rs.getLong(1); + String value = rs.getString(2); + if (value == null) { + continue; + } + String encryptedValue = DBEncryptionUtil.encrypt(value); + pstmt = conn.prepareStatement("update `cloud`.`cluster_details` set value=? where id=?"); + pstmt.setBytes(1, encryptedValue.getBytes("UTF-8")); + pstmt.setLong(2, id); + pstmt.executeUpdate(); + } + } catch (SQLException e) { + throw new CloudRuntimeException("Unable encrypt cluster_details values ", e); + } catch (UnsupportedEncodingException e) { + throw new CloudRuntimeException("Unable encrypt cluster_details values ", e); + } finally { + try { + if (rs != null) { + rs.close(); + } + + if (pstmt != null) { + pstmt.close(); + } + } catch (SQLException e) { + } + } + s_logger.debug("Done encrypting cluster_details"); + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bbe8a6d2/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java index 3e8db4a..bfbce89 100644 --- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java +++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java @@ -19,6 +19,7 @@ package com.cloud.upgrade.dao; import java.io.File; +import java.io.UnsupportedEncodingException; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; @@ -27,6 +28,7 @@ import java.util.ArrayList; import java.util.List; import java.util.UUID; +import com.cloud.utils.crypt.DBEncryptionUtil; import org.apache.log4j.Logger; import com.cloud.utils.exception.CloudRuntimeException; @@ -68,6 +70,7 @@ public class Upgrade304to305 extends Upgrade30xBase implements DbUpgrade { fixZoneUsingExternalDevices(conn); // updateSystemVms(conn); fixForeignKeys(conn); + encryptClusterDetails(conn); } @Override @@ -455,4 +458,42 @@ public class Upgrade304to305 extends Upgrade30xBase implements DbUpgrade { throw new CloudRuntimeException("Unable to execute ssh_keypairs table update for adding domain_id foreign key", e); } } + + private void encryptClusterDetails(Connection conn) { + s_logger.debug("Encrypting cluster details"); + PreparedStatement pstmt = null; + ResultSet rs = null; + try { + pstmt = conn.prepareStatement("select id, value from `cloud`.`cluster_details` where name = 'password'"); + rs = pstmt.executeQuery(); + while (rs.next()) { + long id = rs.getLong(1); + String value = rs.getString(2); + if (value == null) { + continue; + } + String encryptedValue = DBEncryptionUtil.encrypt(value); + pstmt = conn.prepareStatement("update `cloud`.`cluster_details` set value=? where id=?"); + pstmt.setBytes(1, encryptedValue.getBytes("UTF-8")); + pstmt.setLong(2, id); + pstmt.executeUpdate(); + } + } catch (SQLException e) { + throw new CloudRuntimeException("Unable encrypt cluster_details values ", e); + } catch (UnsupportedEncodingException e) { + throw new CloudRuntimeException("Unable encrypt cluster_details values ", e); + } finally { + try { + if (rs != null) { + rs.close(); + } + + if (pstmt != null) { + pstmt.close(); + } + } catch (SQLException e) { + } + } + s_logger.debug("Done encrypting cluster_details"); + } } Updated Branches: refs/heads/4.2-forward a0f23d0f9 -> bbe8a6d26 CLOUDSTACK-4115 : Encrypt password in cluster_details table. This fix is to handle upgrades from versions earlier than 3.0.5 and 4.0. Upgrade was not handled when the cluster_details password encryption was introduced. Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/bbe8a6d2 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/bbe8a6d2 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/bbe8a6d2 Branch: refs/heads/4.2-forward Commit: bbe8a6d266cd9aff659b697ea1fcbc36ec854f5a Parents: a0f23d0 Author: Kishan Kavala <kis...@cloud.com> Authored: Thu Aug 22 18:52:34 2013 +0530 Committer: Kishan Kavala <kis...@cloud.com> Committed: Thu Aug 22 19:00:24 2013 +0530 ---------------------------------------------------------------------- .../com/cloud/upgrade/dao/Upgrade302to40.java | 39 +++++++++++++++++++ .../com/cloud/upgrade/dao/Upgrade304to305.java | 41 ++++++++++++++++++++ 2 files changed, 80 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bbe8a6d2/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java index 11e5608..45f5f1b 100644 --- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java +++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java @@ -74,6 +74,7 @@ public class Upgrade302to40 extends Upgrade30xBase implements DbUpgrade { setupExternalNetworkDevices(conn); fixZoneUsingExternalDevices(conn); encryptConfig(conn); + encryptClusterDetails(conn); } @Override @@ -1072,4 +1073,42 @@ public class Upgrade302to40 extends Upgrade30xBase implements DbUpgrade { } s_logger.debug("Done encrypting Config values"); } + + private void encryptClusterDetails(Connection conn) { + s_logger.debug("Encrypting cluster details"); + PreparedStatement pstmt = null; + ResultSet rs = null; + try { + pstmt = conn.prepareStatement("select id, value from `cloud`.`cluster_details` where name = 'password'"); + rs = pstmt.executeQuery(); + while (rs.next()) { + long id = rs.getLong(1); + String value = rs.getString(2); + if (value == null) { + continue; + } + String encryptedValue = DBEncryptionUtil.encrypt(value); + pstmt = conn.prepareStatement("update `cloud`.`cluster_details` set value=? where id=?"); + pstmt.setBytes(1, encryptedValue.getBytes("UTF-8")); + pstmt.setLong(2, id); + pstmt.executeUpdate(); + } + } catch (SQLException e) { + throw new CloudRuntimeException("Unable encrypt cluster_details values ", e); + } catch (UnsupportedEncodingException e) { + throw new CloudRuntimeException("Unable encrypt cluster_details values ", e); + } finally { + try { + if (rs != null) { + rs.close(); + } + + if (pstmt != null) { + pstmt.close(); + } + } catch (SQLException e) { + } + } + s_logger.debug("Done encrypting cluster_details"); + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bbe8a6d2/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java index 3e8db4a..bfbce89 100644 --- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java +++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java @@ -19,6 +19,7 @@ package com.cloud.upgrade.dao; import java.io.File; +import java.io.UnsupportedEncodingException; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; @@ -27,6 +28,7 @@ import java.util.ArrayList; import java.util.List; import java.util.UUID; +import com.cloud.utils.crypt.DBEncryptionUtil; import org.apache.log4j.Logger; import com.cloud.utils.exception.CloudRuntimeException; @@ -68,6 +70,7 @@ public class Upgrade304to305 extends Upgrade30xBase implements DbUpgrade { fixZoneUsingExternalDevices(conn); // updateSystemVms(conn); fixForeignKeys(conn); + encryptClusterDetails(conn); } @Override @@ -455,4 +458,42 @@ public class Upgrade304to305 extends Upgrade30xBase implements DbUpgrade { throw new CloudRuntimeException("Unable to execute ssh_keypairs table update for adding domain_id foreign key", e); } } + + private void encryptClusterDetails(Connection conn) { + s_logger.debug("Encrypting cluster details"); + PreparedStatement pstmt = null; + ResultSet rs = null; + try { + pstmt = conn.prepareStatement("select id, value from `cloud`.`cluster_details` where name = 'password'"); + rs = pstmt.executeQuery(); + while (rs.next()) { + long id = rs.getLong(1); + String value = rs.getString(2); + if (value == null) { + continue; + } + String encryptedValue = DBEncryptionUtil.encrypt(value); + pstmt = conn.prepareStatement("update `cloud`.`cluster_details` set value=? where id=?"); + pstmt.setBytes(1, encryptedValue.getBytes("UTF-8")); + pstmt.setLong(2, id); + pstmt.executeUpdate(); + } + } catch (SQLException e) { + throw new CloudRuntimeException("Unable encrypt cluster_details values ", e); + } catch (UnsupportedEncodingException e) { + throw new CloudRuntimeException("Unable encrypt cluster_details values ", e); + } finally { + try { + if (rs != null) { + rs.close(); + } + + if (pstmt != null) { + pstmt.close(); + } + } catch (SQLException e) { + } + } + s_logger.debug("Done encrypting cluster_details"); + } }
