F #3064: separate encrypted attrs by objects

* There are encrypted attributes for VMs, Hosts and VNets * For VMs the user template is also encrypted * For VNets its address ranges attributes are also encrypted Co-authored-by: Alejandro Huertas <ahuertas@opennebula.systems>
2025-09-27 13:44:17 +03:00 · 2019-09-12 16:25:23 +02:00
parent fe03644bc8
commit 3c2df22ad7
37 changed files with 599 additions and 301 deletions
--- a/include/PoolObjectSQL.h
+++ b/include/PoolObjectSQL.h
@@ -41,11 +41,8 @@ class PoolObjectSQL : public ObjectSQL, public ObjectXML
 public:
    /* ---------------------------------------------------------------------- */
    /* Class Constructors & Constants                                         */
-    /* Initialized during the startup phase by Nebula::start()                */
    /* ---------------------------------------------------------------------- */

-    static const vector<const SingleAttribute *> ENCRYPTED_ATTRIBUTES;
-
    /**
     *  OpenNebula objects. This definitions are used by other core components
     *  like the AuthZ/AuthN module
@@ -568,13 +565,15 @@ public:
        return locked;
    }

+    /**
+     *  Encrypt all secret attributes
+     */
+    virtual void encrypt();
+
    /**
     *  Decrypt all secret attributes
     */
-    virtual void decrypt_all_secrets()
-    {
-        decrypt_all_secrets(obj_template);
-    }
+    virtual void decrypt();

 protected:

@@ -728,32 +727,6 @@ protected:
     */
    int lock_db_from_xml();

-    /**
-     *  Crypt string using aes256cbc, use ONE_KEY as key
-     *  If key doesn't exists out = in
-     *    @param in plain text
-     *    @param out crypted text encoded as base64
-     */
-    static void encrypt(const std::string& in, std::string& out);
-
-    /**
-     *  Decrypt input text encoded as base64, using ONE_KEY as key
-     *  If key doesn't exists,
-     *    @param in base64 text crypted by aes256cbc
-     *    @param out plain text, if decryption succesfull.
-     *    @return true, if text was decrypted, false otherwise
-     */
-    static bool decrypt(const std::string& in, std::string& out);
-
-    /**
-     *  Encrypt all secret attributes
-     */
-    void encrypt_all_secrets(Template *tmpl);
-
-    /**
-     *  Decrypt all secret attributes
-     */
-    void decrypt_all_secrets(Template *tmpl);

    /**
     *  The object's unique ID