dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #42316
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 21637: cleaning up code in DefaultSystemSettingManager + throw exception if trying to encrypt when encry...
Merge authors:
Stian Sandvold (stian-sandvold)
------------------------------------------------------------
revno: 21637 [merge]
committer: Stian Sandvold <stian.sandvold@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2016-01-07 10:10:38 +0100
message:
cleaning up code in DefaultSystemSettingManager + throw exception if trying to encrypt when encryption is not configured correctly
modified:
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/setting/DefaultSystemSettingManager.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentityattributevalue/DefaultTrackedEntityAttributeValueService.java
dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/setting/DefaultSystemSettingManager.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/setting/DefaultSystemSettingManager.java 2016-01-07 08:42:19 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/setting/DefaultSystemSettingManager.java 2016-01-07 09:08:16 +0000
@@ -28,31 +28,27 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-import java.io.Serializable;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Optional;
-import java.util.Set;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.TimeUnit;
-import java.util.stream.Collectors;
-
-import javax.annotation.Resource;
-
+import com.google.common.cache.Cache;
+import com.google.common.cache.CacheBuilder;
+import com.google.common.collect.Lists;
import org.apache.commons.lang3.StringUtils;
+import org.hisp.dhis.external.conf.ConfigurationKey;
+import org.hisp.dhis.external.conf.DhisConfigurationProvider;
import org.hisp.dhis.i18n.I18n;
import org.hisp.dhis.i18n.I18nManager;
import org.hisp.dhis.system.util.ValidationUtils;
import org.jasypt.encryption.pbe.PBEStringEncryptor;
+import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
+import org.jasypt.salt.StringFixedSaltGenerator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;
-import com.google.common.cache.Cache;
-import com.google.common.cache.CacheBuilder;
-import com.google.common.collect.Lists;
+import javax.annotation.Resource;
+import java.io.Serializable;
+import java.util.*;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.TimeUnit;
+import java.util.stream.Collectors;
/**
* @author Stian Strandli
@@ -109,7 +105,7 @@
SystemSetting setting = systemSettingStore.getByName( name );
- if ( NAME_KEY_MAP.containsKey( name ) && NAME_KEY_MAP.get( name ).isConfidential() )
+ if ( isConfidential( name ) )
{
value = pbeStringEncryptor.encrypt( value.toString() );
}
@@ -161,9 +157,11 @@
{
SystemSetting setting = systemSettingStore.getByName( name );
- if ( NAME_KEY_MAP.containsKey( name ) && NAME_KEY_MAP.get( name ).isConfidential() )
+ if ( isConfidential( name ) )
{
+
setting.setValue( pbeStringEncryptor.decrypt( setting.getValue().toString() ) );
+
}
return setting != null && setting.hasValue() ? setting.getValue() : null;
@@ -197,7 +195,7 @@
if ( setting != null && setting.hasValue() )
{
- return NAME_KEY_MAP.get( name ).isConfidential() ?
+ return isConfidential( name ) ?
Optional.of( pbeStringEncryptor.decrypt( setting.getValue().toString() ) ) :
Optional.of( setting.getValue() );
}
@@ -205,15 +203,20 @@
{
return Optional.ofNullable( defaultValue );
}
+
}
@Override
public List<SystemSetting> getAllSystemSettings()
{
+
+ /*
+ * Remove confidential settings from this list!
+ */
return systemSettingStore.getAll().stream()
- .filter( systemSetting -> !NAME_KEY_MAP.containsKey( systemSetting.getName() ) ||
- !NAME_KEY_MAP.get( systemSetting.getName() ).isConfidential() )
+ .filter( systemSetting -> !isConfidential( systemSetting.getName() ) )
.collect( Collectors.toList() );
+
}
@Override
@@ -426,4 +429,5 @@
{
return NAME_KEY_MAP.containsKey( name ) && NAME_KEY_MAP.get( name ).isConfidential();
}
+
}
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentityattributevalue/DefaultTrackedEntityAttributeValueService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentityattributevalue/DefaultTrackedEntityAttributeValueService.java 2016-01-04 02:27:49 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentityattributevalue/DefaultTrackedEntityAttributeValueService.java 2016-01-07 09:08:16 +0000
@@ -29,9 +29,11 @@
*/
import org.hisp.dhis.common.AuditType;
+import org.hisp.dhis.external.conf.DhisConfigurationProvider;
import org.hisp.dhis.trackedentity.TrackedEntityAttribute;
import org.hisp.dhis.trackedentity.TrackedEntityInstance;
import org.hisp.dhis.user.CurrentUserService;
+import org.jasypt.exceptions.EncryptionOperationNotPossibleException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.StringUtils;
@@ -63,6 +65,9 @@
@Autowired
private CurrentUserService currentUserService;
+ @Autowired
+ private DhisConfigurationProvider dhisConfigurationProvider;
+
// -------------------------------------------------------------------------
// Implementation methods
// -------------------------------------------------------------------------
@@ -111,6 +116,11 @@
@Override
public void addTrackedEntityAttributeValue( TrackedEntityAttributeValue attributeValue )
{
+ if(attributeValue.getAttribute().isConfidential() && !dhisConfigurationProvider.isEncryptionConfigured().isOk())
+ {
+ throw new EncryptionOperationNotPossibleException( "Unable to encrypt data. Encryption is not correctly configured." );
+ }
+
attributeValue.setAutoFields();
if ( attributeValue.getValue() != null )
=== modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml 2016-01-06 19:24:34 +0000
+++ dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml 2016-01-07 09:08:16 +0000
@@ -96,12 +96,6 @@
<property name="defaultValue" value="J7GhAs287hsSQlKd9g5" />
</bean>
- <bean id="systemSettingEncryptionPassword" class="org.hisp.dhis.hibernate.ConnectionPropertyFactoryBean">
- <property name="hibernateConfigurationProvider" ref="hibernateConfigurationProvider" />
- <property name="hibernateProperty" value="encryption.password" />
- <property name="defaultValue" value="J7GhAs287hsSQlKd9g5" />
- </bean>
-
<!-- Encryption -->
<!-- Bouncy Castle Crypto APIs -->