Merge branch 'fix-54828@@2' into '4.6.31'

cherry-pick  feature-haitai-4.5.3 to 4.6.31

See merge request zstackio/zstack!3854

Author: gitlab

conf/db/upgrade/V4.6.31__schema.sql

@@ -1,3 +1,22 @@
+CREATE TABLE IF NOT EXISTS `zstack`.`HaiTaiSecretResourcePoolVO` (
+    `uuid` varchar(32) NOT NULL UNIQUE,
+    `managementIp` varchar(32) NOT NULL,
+    `port` int unsigned NOT NULL,
+    `realm` varchar(32) NOT NULL,
+    PRIMARY KEY  (`uuid`),
+    CONSTRAINT fkHaiTaiSecretResourcePoolVOSecretResourcePoolVO FOREIGN KEY (uuid) REFERENCES SecretResourcePoolVO (uuid) ON UPDATE RESTRICT ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE IF NOT EXISTS `zstack`.`EncryptEntityMetadataVO` (
+    `id` bigint unsigned NOT NULL UNIQUE AUTO_INCREMENT,
+    `entityName` varchar(255) NOT NULL,
+    `columnName` varchar(255) NOT NULL,
+    `state` varchar(32) NOT NULL,
+    `lastOpDate` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00' ON UPDATE CURRENT_TIMESTAMP,
+    `createDate` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00',
+    PRIMARY KEY  (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
 ALTER TABLE `zstack`.`KVMHostVO` ADD COLUMN `osDistribution` varchar(64) DEFAULT NULL;
 ALTER TABLE `zstack`.`KVMHostVO` ADD COLUMN `osRelease` varchar(64) DEFAULT NULL;
 ALTER TABLE `zstack`.`KVMHostVO` ADD COLUMN `osVersion` varchar(64) DEFAULT NULL;

conf/persistence.xml

@@ -176,6 +176,7 @@
         <class>org.zstack.header.vm.devices.VmInstanceDeviceAddressVO</class>
         <class>org.zstack.header.vm.devices.VmInstanceDeviceAddressArchiveVO</class>
         <class>org.zstack.header.vm.devices.VmInstanceDeviceAddressGroupVO</class>
+        <class>org.zstack.header.core.encrypt.EncryptEntityMetadataVO</class>
         <class>org.zstack.storage.ceph.primary.CephOsdGroupVO</class>
         <class>org.zstack.sdnController.header.SdnControllerVO</class>
         <class>org.zstack.sdnController.header.HardwareL2VxlanNetworkPoolVO</class>

conf/springConfigXml/encrypt.xml

@@ -26,7 +26,7 @@
 
     <bean id="EncryptFacade" class="org.zstack.core.encrypt.EncryptFacadeImpl">
         <zstack:plugin>
-            <zstack:extension interface="org.zstack.header.Component"/>
+            <zstack:extension interface="org.zstack.header.Component" order="-1"/>
         </zstack:plugin>
     </bean>
 
@@ -43,4 +43,5 @@
     </bean>
 
     <bean id="PasswordConvert" class="org.zstack.core.convert.PasswordConverter" />
+    <bean id="SpecialDataConverter" class="org.zstack.core.convert.SpecialDataConverter" />
 </beans>

core/src/main/java/org/zstack/core/convert/SpecialDataConverter.java

@@ -0,0 +1,87 @@
+package org.zstack.core.convert;
+
+import org.apache.commons.lang.StringUtils;
+import org.springframework.beans.factory.annotation.Autowire;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Configurable;
+import org.springframework.stereotype.Component;
+import org.zstack.core.encrypt.EncryptFacade;
+import org.zstack.core.encrypt.EncryptGlobalConfig;
+import org.zstack.header.core.encrypt.PasswordEncryptType;
+import org.zstack.utils.Utils;
+import org.zstack.utils.logging.CLogger;
+
+import javax.persistence.AttributeConverter;
+import javax.persistence.Converter;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * @Author: DaoDao
+ * @Date: 2023/3/9
+ */
+@Component
+@Converter
+@Configurable(preConstruction = true, autowire = Autowire.BY_TYPE)
+public class SpecialDataConverter implements AttributeConverter<String, String> {
+    private static final CLogger logger = Utils.getLogger(SpecialDataConverter.class);
+
+    private static EncryptFacade encryptFacade;
+
+
+    @Autowired
+    public void init(EncryptFacade encryptFacade){
+        SpecialDataConverter.encryptFacade = encryptFacade;
+    }
+
+    @Override
+    public String convertToDatabaseColumn(String attribute) {
+        if (PasswordEncryptType.None.toString().equals(EncryptGlobalConfig.ENABLE_PASSWORD_ENCRYPT.value(String.class))) {
+            return attribute;
+        }
+        if (StringUtils.isEmpty(attribute)) {
+            return attribute;
+        }
+
+        if (!isMobileNO(attribute) && !checkEmail(attribute)) {
+            return attribute;
+        }
+
+        return encryptFacade.encrypt(attribute);
+    }
+
+    @Override
+    public String convertToEntityAttribute(String dbData) {
+        if (PasswordEncryptType.None.toString().equals(EncryptGlobalConfig.ENABLE_PASSWORD_ENCRYPT.value(String.class))) {
+            return dbData;
+        }
+
+        if (StringUtils.isEmpty(dbData)) {
+            return dbData ;
+        }
+
+        return encryptFacade.decrypt(dbData);
+    }
+
+    public static boolean isMobileNO(String mobiles) {
+        try {
+            Pattern p = Pattern
+                    .compile("[1][3456789][0-9]{9}$");
+            Matcher m = p.matcher(mobiles);
+            return m.matches();
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
+    public static boolean checkEmail(String email) {
+        try {
+            String EMAIL_PATTERN = "^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$";
+            Pattern pattern = Pattern.compile(EMAIL_PATTERN);;
+            Matcher matcher = pattern.matcher(email);
+            return matcher.matches();
+        } catch (Exception e) {
+            return false;
+        }
+    }
+}

core/src/main/java/org/zstack/core/encrypt/EncryptFacade.java

@@ -1,5 +1,7 @@
 package org.zstack.core.encrypt;
 
+import org.zstack.header.core.encrypt.EncryptEntityState;
+
 /**
  * Created by kayo on 2018/9/7.
  */
@@ -11,4 +13,6 @@ public interface EncryptFacade {
     EncryptFacadeResult<String> encrypt(String data, String algType);
 
     EncryptFacadeResult<String> decrypt(String data, String algType);
+
+    void updateEncryptDataStateIfExists(String entity, String column, EncryptEntityState state);
 }