Merge release branch 4.18 to main

DaanHoogland · DaanHoogland · commit 02be2cdf67d0 · 2023-07-05T11:52:23.000+02:00
* 4.18: cleanup removal of physical network (#7630) console proxy: use AeadBase64Encryptor instead of AES/CBC/PKCS5Padding (#7237)
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -85,7 +85,6 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 
-import com.cloud.agent.AgentManager;
 import com.cloud.agent.api.Answer;
 import com.cloud.agent.api.Command;
 import com.cloud.agent.api.to.IpAddressTO;
@@ -148,7 +147,6 @@
 import com.cloud.network.dao.IPAddressVO;
 import com.cloud.network.dao.Ipv6GuestPrefixSubnetNetworkMapDao;
 import com.cloud.network.dao.LoadBalancerDao;
-import com.cloud.network.dao.NetworkAccountDao;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.NetworkDetailVO;
 import com.cloud.network.dao.NetworkDetailsDao;
@@ -163,7 +161,6 @@
 import com.cloud.network.dao.PhysicalNetworkTrafficTypeDao;
 import com.cloud.network.dao.PhysicalNetworkTrafficTypeVO;
 import com.cloud.network.dao.PhysicalNetworkVO;
-import com.cloud.network.dao.VirtualRouterProviderDao;
 import com.cloud.network.element.NetworkElement;
 import com.cloud.network.element.OvsProviderVO;
 import com.cloud.network.element.VirtualRouterElement;
@@ -385,8 +382,6 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
     @Inject
     AccountService _accountService;
     @Inject
-    NetworkAccountDao _networkAccountDao;
-    @Inject
     VirtualMachineManager vmManager;
     @Inject
     Ipv6Service ipv6Service;
@@ -395,16 +390,12 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
     @Inject
     AlertManager alertManager;
     @Inject
-    VirtualRouterProviderDao vrProviderDao;
-    @Inject
     DomainRouterDao routerDao;
     @Inject
     DomainRouterJoinDao routerJoinDao;
     @Inject
     CommandSetupHelper commandSetupHelper;
     @Inject
-    AgentManager agentManager;
-    @Inject
     ServiceOfferingDao serviceOfferingDao;
 
     @Autowired
@@ -4395,23 +4386,37 @@ public boolean deletePhysicalNetwork(final Long physicalNetworkId) {
         return Transaction.execute(new TransactionCallback<Boolean>() {
             @Override
             public Boolean doInTransaction(TransactionStatus status) {
-                // delete vlans for this zone
-                List<VlanVO> vlans = _vlanDao.listVlansByPhysicalNetworkId(physicalNetworkId);
-                for (VlanVO vlan : vlans) {
-                    _vlanDao.remove(vlan.getId());
-                }
-
-                // Delete networks
-                List<NetworkVO> networks = _networksDao.listByPhysicalNetwork(physicalNetworkId);
-                if (networks != null && !networks.isEmpty()) {
-                    for (NetworkVO network : networks) {
-                        _networksDao.remove(network.getId());
-                    }
-                }
+                disablePhysicalNetwork(physicalNetworkId, pNetwork);
+                deleteIpAddresses();
+                deleteVlans();
+                deleteNetworks();
 
                 // delete vnets
                 _dcDao.deleteVnet(physicalNetworkId);
 
+                if (!deleteProviders()) {
+                    return false;
+                }
+
+                // delete traffic types
+                _pNTrafficTypeDao.deleteTrafficTypes(physicalNetworkId);
+
+                return _physicalNetworkDao.remove(physicalNetworkId);
+            }
+
+            private void disablePhysicalNetwork(Long physicalNetworkId, PhysicalNetworkVO pNetwork) {
+                pNetwork.setState(PhysicalNetwork.State.Disabled);
+                _physicalNetworkDao.update(physicalNetworkId, pNetwork);
+            }
+
+            private void deleteIpAddresses() {
+                List<IPAddressVO> ipAddresses = _ipAddressDao.listByPhysicalNetworkId(physicalNetworkId);
+                for (IPAddressVO ipaddress : ipAddresses) {
+                    _ipAddressDao.remove(ipaddress.getId());
+                }
+            }
+
+            private boolean deleteProviders() {
                 // delete service providers
                 List<PhysicalNetworkServiceProviderVO> providers = _pNSPDao.listBy(physicalNetworkId);
 
@@ -4426,11 +4431,25 @@ public Boolean doInTransaction(TransactionStatus status) {
                         return false;
                     }
                 }
+                return true;
+            }
 
-                // delete traffic types
-                _pNTrafficTypeDao.deleteTrafficTypes(physicalNetworkId);
+            private void deleteNetworks() {
+                // Delete networks
+                List<NetworkVO> networks = _networksDao.listByPhysicalNetwork(physicalNetworkId);
+                if (CollectionUtils.isNotEmpty(networks)) {
+                    for (NetworkVO network : networks) {
+                        _networksDao.remove(network.getId());
+                    }
+                }
+            }
 
-                return _physicalNetworkDao.remove(physicalNetworkId);
+            private void deleteVlans() {
+                // delete vlans for this zone
+                List<VlanVO> vlans = _vlanDao.listVlansByPhysicalNetworkId(physicalNetworkId);
+                for (VlanVO vlan : vlans) {
+                    _vlanDao.remove(vlan.getId());
+                }
             }
         });
     }
diff --git a/server/src/main/java/com/cloud/servlet/ConsoleProxyPasswordBasedEncryptor.java b/server/src/main/java/com/cloud/servlet/ConsoleProxyPasswordBasedEncryptor.java
@@ -16,23 +16,15 @@
 // under the License.
 package com.cloud.servlet;
 
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
 import org.apache.commons.codec.binary.Base64;
 import org.apache.log4j.Logger;
 
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 
+import com.cloud.utils.crypt.AeadBase64Encryptor;
+import com.cloud.utils.crypt.Base64Encryptor;
+
 // To maintain independency of console proxy project, we duplicate this class from console proxy project
 public class ConsoleProxyPasswordBasedEncryptor {
     private static final Logger s_logger = Logger.getLogger(ConsoleProxyPasswordBasedEncryptor.class);
@@ -51,65 +43,16 @@ public String encryptText(String text) {
         if (text == null || text.isEmpty())
             return text;
 
-        try {
-            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
-            SecretKeySpec keySpec = new SecretKeySpec(keyIvPair.getKeyBytes(), "AES");
-
-            cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(keyIvPair.getIvBytes()));
-
-            byte[] encryptedBytes = cipher.doFinal(text.getBytes());
-            return Base64.encodeBase64URLSafeString(encryptedBytes);
-        } catch (NoSuchAlgorithmException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (NoSuchPaddingException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (IllegalBlockSizeException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (BadPaddingException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (InvalidKeyException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (InvalidAlgorithmParameterException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        }
+        Base64Encryptor encryptor = new AeadBase64Encryptor(keyIvPair.getKeyBytes(), keyIvPair.getIvBytes());
+        return encryptor.encrypt(text);
     }
 
     public String decryptText(String encryptedText) {
         if (encryptedText == null || encryptedText.isEmpty())
             return encryptedText;
 
-        try {
-            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
-            SecretKeySpec keySpec = new SecretKeySpec(keyIvPair.getKeyBytes(), "AES");
-            cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(keyIvPair.getIvBytes()));
-
-            byte[] encryptedBytes = Base64.decodeBase64(encryptedText);
-            return new String(cipher.doFinal(encryptedBytes));
-        } catch (NoSuchAlgorithmException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (NoSuchPaddingException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (IllegalBlockSizeException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (BadPaddingException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (InvalidKeyException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (InvalidAlgorithmParameterException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        }
+        Base64Encryptor encryptor = new AeadBase64Encryptor(keyIvPair.getKeyBytes(), keyIvPair.getIvBytes());
+        return encryptor.decrypt(encryptedText);
     }
 
     public <T> String encryptObject(Class<?> clz, T obj) {
diff --git a/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyPasswordBasedEncryptor.java b/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyPasswordBasedEncryptor.java
@@ -16,30 +16,15 @@
 // under the License.
 package com.cloud.consoleproxy;
 
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
 import org.apache.commons.codec.binary.Base64;
 import org.apache.log4j.Logger;
 
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 
-/**
- *
- * @author Kelven Yang
- * A simple password based encyrptor based on AES/CBC. It can serialize simple POJO object into URL safe string
- * and deserialize it back.
- *
- */
+import com.cloud.utils.crypt.AeadBase64Encryptor;
+import com.cloud.utils.crypt.Base64Encryptor;
+
 public class ConsoleProxyPasswordBasedEncryptor {
     private static final Logger s_logger = Logger.getLogger(ConsoleProxyPasswordBasedEncryptor.class);
 
@@ -57,65 +42,16 @@ public String encryptText(String text) {
         if (text == null || text.isEmpty())
             return text;
 
-        try {
-            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
-            SecretKeySpec keySpec = new SecretKeySpec(keyIvPair.getKeyBytes(), "AES");
-
-            cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(keyIvPair.getIvBytes()));
-
-            byte[] encryptedBytes = cipher.doFinal(text.getBytes());
-            return Base64.encodeBase64URLSafeString(encryptedBytes);
-        } catch (NoSuchAlgorithmException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (NoSuchPaddingException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (IllegalBlockSizeException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (BadPaddingException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (InvalidKeyException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (InvalidAlgorithmParameterException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        }
+        Base64Encryptor encryptor = new AeadBase64Encryptor(keyIvPair.getKeyBytes(), keyIvPair.getIvBytes());
+        return encryptor.encrypt(text);
     }
 
     public String decryptText(String encryptedText) {
         if (encryptedText == null || encryptedText.isEmpty())
             return encryptedText;
 
-        try {
-            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
-            SecretKeySpec keySpec = new SecretKeySpec(keyIvPair.getKeyBytes(), "AES");
-            cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(keyIvPair.getIvBytes()));
-
-            byte[] encryptedBytes = Base64.decodeBase64(encryptedText);
-            return new String(cipher.doFinal(encryptedBytes));
-        } catch (NoSuchAlgorithmException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (NoSuchPaddingException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (IllegalBlockSizeException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (BadPaddingException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (InvalidKeyException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (InvalidAlgorithmParameterException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        }
+        Base64Encryptor encryptor = new AeadBase64Encryptor(keyIvPair.getKeyBytes(), keyIvPair.getIvBytes());
+        return encryptor.decrypt(encryptedText);
     }
 
     public <T> String encryptObject(Class<?> clz, T obj) {
diff --git a/utils/src/main/java/com/cloud/utils/crypt/AeadBase64Encryptor.java b/utils/src/main/java/com/cloud/utils/crypt/AeadBase64Encryptor.java
@@ -29,9 +29,9 @@
 
 public class AeadBase64Encryptor implements Base64Encryptor {
     Aead aead = null;
-    private final byte[] aad = new byte[]{};
+    private byte[] aad = new byte[]{};
 
-    public AeadBase64Encryptor(byte[] key) {
+    private void initEncryptor(byte[] key) {
         try {
             AeadConfig.register();
             MessageDigest digest = MessageDigest.getInstance("SHA-256");
@@ -42,6 +42,15 @@ public AeadBase64Encryptor(byte[] key) {
         }
     }
 
+    public AeadBase64Encryptor(byte[] key) {
+        initEncryptor(key);
+    }
+
+    public AeadBase64Encryptor(byte[] key, byte[] aad) {
+        initEncryptor(key);
+        this.aad = aad;
+    }
+
     @Override
     public String encrypt(String plain) {
         try {
