dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 21637: cleaning up code in DefaultSystemSettingManager + throw exception if trying to encrypt when encry...

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Thu, 07 Jan 2016 09:11:27 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Merge authors:
  Stian Sandvold (stian-sandvold)
------------------------------------------------------------
revno: 21637 [merge]
committer: Stian Sandvold <stian.sandvold@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2016-01-07 10:10:38 +0100
message:
  cleaning up code in DefaultSystemSettingManager + throw exception if trying to encrypt when encryption is not configured correctly
modified:
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/setting/DefaultSystemSettingManager.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentityattributevalue/DefaultTrackedEntityAttributeValueService.java
  dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/setting/DefaultSystemSettingManager.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/setting/DefaultSystemSettingManager.java	2016-01-07 08:42:19 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/setting/DefaultSystemSettingManager.java	2016-01-07 09:08:16 +0000
@@ -28,31 +28,27 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-import java.io.Serializable;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Optional;
-import java.util.Set;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.TimeUnit;
-import java.util.stream.Collectors;
-
-import javax.annotation.Resource;
-
+import com.google.common.cache.Cache;
+import com.google.common.cache.CacheBuilder;
+import com.google.common.collect.Lists;
 import org.apache.commons.lang3.StringUtils;
+import org.hisp.dhis.external.conf.ConfigurationKey;
+import org.hisp.dhis.external.conf.DhisConfigurationProvider;
 import org.hisp.dhis.i18n.I18n;
 import org.hisp.dhis.i18n.I18nManager;
 import org.hisp.dhis.system.util.ValidationUtils;
 import org.jasypt.encryption.pbe.PBEStringEncryptor;
+import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
+import org.jasypt.salt.StringFixedSaltGenerator;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
 
-import com.google.common.cache.Cache;
-import com.google.common.cache.CacheBuilder;
-import com.google.common.collect.Lists;
+import javax.annotation.Resource;
+import java.io.Serializable;
+import java.util.*;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.TimeUnit;
+import java.util.stream.Collectors;
 
 /**
  * @author Stian Strandli
@@ -109,7 +105,7 @@
 
         SystemSetting setting = systemSettingStore.getByName( name );
 
-        if ( NAME_KEY_MAP.containsKey( name ) && NAME_KEY_MAP.get( name ).isConfidential() )
+        if ( isConfidential( name ) )
         {
             value = pbeStringEncryptor.encrypt( value.toString() );
         }
@@ -161,9 +157,11 @@
     {
         SystemSetting setting = systemSettingStore.getByName( name );
 
-        if ( NAME_KEY_MAP.containsKey( name ) && NAME_KEY_MAP.get( name ).isConfidential() )
+        if ( isConfidential( name ) )
         {
+
             setting.setValue( pbeStringEncryptor.decrypt( setting.getValue().toString() ) );
+
         }
 
         return setting != null && setting.hasValue() ? setting.getValue() : null;
@@ -197,7 +195,7 @@
 
         if ( setting != null && setting.hasValue() )
         {
-            return NAME_KEY_MAP.get( name ).isConfidential() ?
+            return isConfidential( name ) ?
                 Optional.of( pbeStringEncryptor.decrypt( setting.getValue().toString() ) ) :
                 Optional.of( setting.getValue() );
         }
@@ -205,15 +203,20 @@
         {
             return Optional.ofNullable( defaultValue );
         }
+
     }
 
     @Override
     public List<SystemSetting> getAllSystemSettings()
     {
+
+        /*
+         * Remove confidential settings from this list!
+         */
         return systemSettingStore.getAll().stream()
-            .filter( systemSetting -> !NAME_KEY_MAP.containsKey( systemSetting.getName() ) ||
-                !NAME_KEY_MAP.get( systemSetting.getName() ).isConfidential() )
+            .filter( systemSetting -> !isConfidential( systemSetting.getName() ) )
             .collect( Collectors.toList() );
+
     }
 
     @Override
@@ -426,4 +429,5 @@
     {
         return NAME_KEY_MAP.containsKey( name ) && NAME_KEY_MAP.get( name ).isConfidential();
     }
+
 }

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentityattributevalue/DefaultTrackedEntityAttributeValueService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentityattributevalue/DefaultTrackedEntityAttributeValueService.java	2016-01-04 02:27:49 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentityattributevalue/DefaultTrackedEntityAttributeValueService.java	2016-01-07 09:08:16 +0000
@@ -29,9 +29,11 @@
  */
 
 import org.hisp.dhis.common.AuditType;
+import org.hisp.dhis.external.conf.DhisConfigurationProvider;
 import org.hisp.dhis.trackedentity.TrackedEntityAttribute;
 import org.hisp.dhis.trackedentity.TrackedEntityInstance;
 import org.hisp.dhis.user.CurrentUserService;
+import org.jasypt.exceptions.EncryptionOperationNotPossibleException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.StringUtils;
@@ -63,6 +65,9 @@
     @Autowired
     private CurrentUserService currentUserService;
 
+    @Autowired
+    private DhisConfigurationProvider dhisConfigurationProvider;
+
     // -------------------------------------------------------------------------
     // Implementation methods
     // -------------------------------------------------------------------------
@@ -111,6 +116,11 @@
     @Override
     public void addTrackedEntityAttributeValue( TrackedEntityAttributeValue attributeValue )
     {
+        if(attributeValue.getAttribute().isConfidential() && !dhisConfigurationProvider.isEncryptionConfigured().isOk())
+        {
+            throw new EncryptionOperationNotPossibleException( "Unable to encrypt data. Encryption is not correctly configured." );
+        }
+
         attributeValue.setAutoFields();
 
         if ( attributeValue.getValue() != null )

=== modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml	2016-01-06 19:24:34 +0000
+++ dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml	2016-01-07 09:08:16 +0000
@@ -96,12 +96,6 @@
     <property name="defaultValue" value="J7GhAs287hsSQlKd9g5" />
   </bean>
 
-  <bean id="systemSettingEncryptionPassword" class="org.hisp.dhis.hibernate.ConnectionPropertyFactoryBean">
-    <property name="hibernateConfigurationProvider" ref="hibernateConfigurationProvider" />
-    <property name="hibernateProperty" value="encryption.password" />
-    <property name="defaultValue" value="J7GhAs287hsSQlKd9g5" />
-  </bean>
-
   <!-- Encryption -->
 
   <!-- Bouncy Castle Crypto APIs -->