dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #42132
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 21522: Configuration now uses old DESede encryption; Confidential values are encrypted with AES128bit; M...
Merge authors:
Stian Sandvold (stian-sandvold)
------------------------------------------------------------
revno: 21522 [merge]
committer: Stian Sandvold <stian.sandvold@xxxxxxxxx>
branch nick: dhis2
timestamp: Wed 2015-12-23 15:25:50 +0100
message:
Configuration now uses old DESede encryption; Confidential values are encrypted with AES128bit; Missing required files when trying to encrypt or decrypt will result in exception, relayed by the webserver to the caller trough CRUDControllerAdvice
modified:
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/startup/InitTableAlteror.java
dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/configuration/hibernate/Configuration.hbm.xml
dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml
dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/startup/DefaultStartupRoutineExecutor.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/CrudControllerAdvice.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/startup/InitTableAlteror.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/startup/InitTableAlteror.java 2015-12-16 13:23:46 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/startup/InitTableAlteror.java 2015-12-23 14:03:46 +0000
@@ -29,7 +29,6 @@
*/
import org.amplecode.quick.StatementManager;
-import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hisp.dhis.jdbc.StatementBuilder;
@@ -40,6 +39,7 @@
import javax.annotation.Resource;
+
/**
* @author Lars Helge Overland
*/
@@ -55,10 +55,10 @@
private StatementBuilder statementBuilder;
@Resource( name = "stringEncryptor" )
- private PBEStringEncryptor oldPBEStringEncryptor;
+ PBEStringEncryptor oldPBEStringEncryptor;
@Resource( name = "strongStringEncryptor" )
- private PBEStringEncryptor newPBEStringEncryptor;
+ PBEStringEncryptor newPBEStringEncryptor;
// -------------------------------------------------------------------------
// Execute
@@ -68,7 +68,8 @@
@Transactional
public void execute()
{
- executeSql( "update dataelement set domaintype='AGGREGATE' where domaintype='aggregate' or domaintype is null;" );
+ executeSql(
+ "update dataelement set domaintype='AGGREGATE' where domaintype='aggregate' or domaintype is null;" );
executeSql( "update dataelement set domaintype='TRACKER' where domaintype='patient';" );
executeSql( "update users set invitation = false where invitation is null" );
executeSql( "alter table dataelement alter column domaintype set not null;" );
@@ -76,7 +77,7 @@
executeSql( "UPDATE programstageinstance SET status='ACTIVE' WHERE status='0';" );
executeSql( "UPDATE programstageinstance SET status='COMPLETED' WHERE status='1';" );
executeSql( "UPDATE programstageinstance SET status='SKIPPED' WHERE status='5';" );
- executeSql( "update users set externalauth = false where externalauth is null" );
+
executeSql( "ALTER TABLE program DROP COLUMN displayonallorgunit" );
upgradeProgramStageDataElements();
@@ -85,42 +86,27 @@
updateFeatureTypes();
updateValidationRuleEnums();
updateProgramStatus();
- reEncryptConfigurationPasswords();
+ updateSmtpPasswordColumn();
updateTimestamps();
executeSql( "ALTER TABLE program ALTER COLUMN \"type\" TYPE varchar(255);" );
executeSql( "update program set \"type\"='WITH_REGISTRATION' where type='1' or type='2'" );
executeSql( "update program set \"type\"='WITHOUT_REGISTRATION' where type='3'" );
-
- executeSql( "alter table programstage rename column irregular to repeatable" );
- executeSql( "update programstage set repeatable=false where repeatable is null" );
- executeSql( "update attribute set isunique=false where isunique is null" );
}
// -------------------------------------------------------------------------
// Supportive methods
// -------------------------------------------------------------------------
- private void reEncryptConfigurationPasswords()
+ private void updateSmtpPasswordColumn()
{
try
{
- String smtpPassword = statementManager.getHolder().queryForString( "SELECT smptpassword FROM configuration" );
- String remoteServerPassword = statementManager.getHolder().queryForString( "SELECT remoteserverpassword FROM configuration" );
-
- if ( StringUtils.isNotBlank( smtpPassword ) )
- {
- executeSql( "UPDATE configuration SET smtppassword = '" + newPBEStringEncryptor.encrypt( oldPBEStringEncryptor.decrypt( smtpPassword ) ) + "'" );
- executeSql( "ALTER TABLE configuration DROP COLUMN smptpassword" );
- }
-
- if ( StringUtils.isNotBlank( remoteServerPassword ) )
- {
- executeSql( "UPDATE configuration SET remotepassword = '" + newPBEStringEncryptor.encrypt( oldPBEStringEncryptor.decrypt( remoteServerPassword ) ) + "'" );
- executeSql( "ALTER TABLE configuration DROP COLUMN remoteserverpassword" );
- }
+ executeSql( "UPDATE configuration SET smtppassword = smptpassword" );
+ executeSql( "ALTER TABLE configuration DROP COLUMN smptpassword" );
+
}
- catch ( Exception ex )
+ catch(Exception ex)
{
log.debug( ex );
}
@@ -139,7 +125,6 @@
executeSql( "update trackedentityattributevalue set created=now() where created is null" );
executeSql( "update trackedentityattributevalue set lastupdated=now() where lastupdated is null" );
}
-
private void updateProgramStatus()
{
executeSql( "alter table programinstance alter column status type varchar(50)" );
@@ -210,11 +195,13 @@
executeSql( "update dataelement set valuetype='PERCENTAGE' where valuetype='int' and numbertype='percentage'" );
executeSql( "update dataelement set valuetype='UNIT_INTERVAL' where valuetype='int' and numbertype='unitInterval'" );
executeSql( "update dataelement set valuetype='NUMBER' where valuetype='int' and numbertype is null" );
+
executeSql( "alter table dataelement drop column numbertype" );
executeSql( "update dataelement set valuetype='TEXT' where valuetype='string' and texttype='text'" );
executeSql( "update dataelement set valuetype='LONG_TEXT' where valuetype='string' and texttype='longText'" );
executeSql( "update dataelement set valuetype='TEXT' where valuetype='string' and texttype is null" );
+
executeSql( "alter table dataelement drop column texttype" );
executeSql( "update dataelement set valuetype='DATE' where valuetype='date'" );
@@ -241,16 +228,6 @@
executeSql( "update trackedentityattribute set valuetype='TEXT' where valuetype is null" );
executeSql( "update optionset set valuetype='TEXT' where valuetype is null" );
- executeSql( "update attribute set valuetype='TEXT' where valuetype='string'" );
- executeSql( "update attribute set valuetype='LONG_TEXT' where valuetype='text'" );
- executeSql( "update attribute set valuetype='BOOLEAN' where valuetype='bool'" );
- executeSql( "update attribute set valuetype='DATE' where valuetype='date'" );
- executeSql( "update attribute set valuetype='NUMBER' where valuetype='number'" );
- executeSql( "update attribute set valuetype='INTEGER' where valuetype='integer'" );
- executeSql( "update attribute set valuetype='INTEGER_POSITIVE' where valuetype='positive_integer'" );
- executeSql( "update attribute set valuetype='INTEGER_NEGATIVE' where valuetype='negative_integer'" );
- executeSql( "update attribute set valuetype='TEXT' where valuetype='option_set'" );
- executeSql( "update attribute set valuetype='TEXT' where valuetype is null" );
}
private void upgradeProgramStageDataElements()
@@ -264,6 +241,7 @@
"sort_order,displayinreports,programstagesectionid,allowfuturedate,section_sort_order) " + "select " + autoIncr +
",programstageid,dataelementid,compulsory,allowprovidedelsewhere,sort_order,displayinreports,programstagesectionid,allowfuturedate,section_sort_order from programstage_dataelements";
+
executeSql( insertSql );
String dropSql = "drop table programstage_dataelements";
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/configuration/hibernate/Configuration.hbm.xml'
--- dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/configuration/hibernate/Configuration.hbm.xml 2015-12-01 17:19:15 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/configuration/hibernate/Configuration.hbm.xml 2015-12-23 13:59:37 +0000
@@ -39,9 +39,9 @@
<property name="remoteServerUsername" column="remoteserverusername" />
- <property name="remoteServerPassword" column="remotepassword" type="AESEncryptedString" />
+ <property name="remoteServerPassword" column="remoteserverpassword" type="encryptedString" />
- <property name="smtpPassword" column="smtppassword" type="AESEncryptedString" />
+ <property name="smtpPassword" column="smtppassword" type="encryptedString" />
<set name="corsWhitelist" table="configuration_corswhitelist">
<cache usage="read-write" />
=== modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml 2015-12-03 20:47:13 +0000
+++ dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml 2015-12-23 13:59:37 +0000
@@ -141,6 +141,6 @@
<property name="poolSize" value="4" />
</bean>
- <bean id="org.jasypt.salt.RandomSaltGenerator" class="org.jasypt.salt.RandomSaltGenerator"></bean>
+ <bean id="org.jasypt.salt.RandomSaltGenerator" class="org.jasypt.salt.RandomSaltGenerator"/>
</beans>
=== modified file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/startup/DefaultStartupRoutineExecutor.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/startup/DefaultStartupRoutineExecutor.java 2015-11-23 11:11:46 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/startup/DefaultStartupRoutineExecutor.java 2015-12-23 13:59:37 +0000
@@ -28,17 +28,17 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.List;
-
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hisp.dhis.external.conf.ConfigurationKey;
import org.hisp.dhis.external.conf.DhisConfigurationProvider;
import org.springframework.beans.factory.annotation.Autowired;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+
/**
* Default implementation of StartupRoutineExecutor. The execute method will
* execute the added StartupRoutines ordered by their runlevels. Startup routines
@@ -102,6 +102,7 @@
private void execute( boolean testing )
throws Exception
{
+
if ( TRUE.equalsIgnoreCase( System.getProperty( SKIP_PROP ) ) )
{
LOG.info( "Skipping startup routines, system property " + SKIP_PROP + " is true" );
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/CrudControllerAdvice.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/CrudControllerAdvice.java 2015-11-12 04:47:12 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/CrudControllerAdvice.java 2015-12-23 13:59:37 +0000
@@ -43,6 +43,7 @@
import org.hisp.dhis.webapi.controller.exception.NotFoundException;
import org.hisp.dhis.webapi.service.WebMessageService;
import org.hisp.dhis.webapi.utils.WebMessageUtils;
+import org.jasypt.exceptions.EncryptionOperationNotPossibleException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.web.bind.WebDataBinder;
@@ -79,6 +80,12 @@
} );
}
+ @ExceptionHandler( { EncryptionOperationNotPossibleException.class } )
+ public void encryptionOperationNotPossibleException( EncryptionOperationNotPossibleException ex, HttpServletResponse response, HttpServletRequest request )
+ {
+ webMessageService.send( WebMessageUtils.unathorized( "Could not encrypt data. This indicates a problem in your setup. Please refer to the DHIS2 manual for setting up encryption." ), response, request );
+ }
+
@ExceptionHandler( { NotAuthenticatedException.class } )
public void notAuthenticatedExceptionHandler( NotAuthenticatedException ex, HttpServletResponse response, HttpServletRequest request )
{
