Externalize TLS version on Quota's mailing (apache#4583)

GutoVeronezi · Daniel Augusto Veronezi Salvador · web-flow · commit 31771186fa46 · 2021-02-24T11:15:12.000Z
Co-authored-by: Daniel Augusto Veronezi Salvador &lt;daniel@scclouds.com.br&gt;
diff --git a/framework/quota/src/main/java/org/apache/cloudstack/quota/QuotaAlertManagerImpl.java b/framework/quota/src/main/java/org/apache/cloudstack/quota/QuotaAlertManagerImpl.java
@@ -62,6 +62,7 @@
 import com.sun.mail.smtp.SMTPMessage;
 import com.sun.mail.smtp.SMTPSSLTransport;
 import com.sun.mail.smtp.SMTPTransport;
+import org.apache.commons.lang3.StringUtils;
 
 @Component
 public class QuotaAlertManagerImpl extends ManagerBase implements QuotaAlertManager {
@@ -114,8 +115,9 @@ public boolean configure(String name, Map<String, Object> params) throws Configu
         String smtpUsername = configs.get(QuotaConfig.QuotaSmtpUser.key());
         String smtpPassword = configs.get(QuotaConfig.QuotaSmtpPassword.key());
         String emailSender = configs.get(QuotaConfig.QuotaSmtpSender.key());
+        String smtpEnabledSecurityProtocols = configs.get(QuotaConfig.QuotaSmtpEnabledSecurityProtocols.key());
         _lockAccountEnforcement = "true".equalsIgnoreCase(configs.get(QuotaConfig.QuotaEnableEnforcement.key()));
-        _emailQuotaAlert = new EmailQuotaAlert(smtpHost, smtpPort, useAuth, smtpUsername, smtpPassword, emailSender, _smtpDebug);
+        _emailQuotaAlert = new EmailQuotaAlert(smtpHost, smtpPort, useAuth, smtpUsername, smtpPassword, emailSender, smtpEnabledSecurityProtocols, _smtpDebug);
 
         return true;
     }
@@ -341,7 +343,7 @@ static class EmailQuotaAlert {
         private final String _smtpPassword;
         private final String _emailSender;
 
-        public EmailQuotaAlert(String smtpHost, int smtpPort, boolean smtpUseAuth, final String smtpUsername, final String smtpPassword, String emailSender, boolean smtpDebug) {
+        public EmailQuotaAlert(String smtpHost, int smtpPort, boolean smtpUseAuth, final String smtpUsername, final String smtpPassword, String emailSender, String smtpEnabledSecurityProtocols, boolean smtpDebug) {
             _smtpHost = smtpHost;
             _smtpPort = smtpPort;
             _smtpUseAuth = smtpUseAuth;
@@ -365,6 +367,10 @@ public EmailQuotaAlert(String smtpHost, int smtpPort, boolean smtpUseAuth, final
                     smtpProps.put("mail.smtps.user", smtpUsername);
                 }
 
+                if (StringUtils.isNotBlank(smtpEnabledSecurityProtocols)) {
+                    smtpProps.put("mail.smtp.ssl.protocols", smtpEnabledSecurityProtocols);
+                }
+
                 if (!Strings.isNullOrEmpty(smtpUsername) && !Strings.isNullOrEmpty(smtpPassword)) {
                     _smtpSession = Session.getInstance(smtpProps, new Authenticator() {
                         @Override
diff --git a/framework/quota/src/main/java/org/apache/cloudstack/quota/constant/QuotaConfig.java b/framework/quota/src/main/java/org/apache/cloudstack/quota/constant/QuotaConfig.java
@@ -51,6 +51,9 @@ public interface QuotaConfig {
     public static final ConfigKey<String> QuotaSmtpSender = new ConfigKey<String>("Advanced", String.class, "quota.usage.smtp.sender", "",
             "Sender of quota alert email (will be in the From header of the email)", true);
 
+    public static final ConfigKey<String> QuotaSmtpEnabledSecurityProtocols = new ConfigKey<String>("Advanced", String.class, "quota.usage.smtp.enabledSecurityProtocols", "",
+            "White-space separated security protocols; ex: \"TLSv1 TLSv1.1\". Supported protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1 and TLSv1.2", true);
+
     enum QuotaEmailTemplateTypes {
         QUOTA_LOW, QUOTA_EMPTY, QUOTA_UNLOCK_ACCOUNT, QUOTA_STATEMENT
     }
diff --git a/plugins/database/quota/src/main/java/org/apache/cloudstack/quota/QuotaServiceImpl.java b/plugins/database/quota/src/main/java/org/apache/cloudstack/quota/QuotaServiceImpl.java
@@ -137,7 +137,7 @@ public String getConfigComponentName() {
     @Override
     public ConfigKey<?>[] getConfigKeys() {
         return new ConfigKey<?>[] {QuotaPluginEnabled, QuotaEnableEnforcement, QuotaCurrencySymbol, QuotaStatementPeriod, QuotaSmtpHost, QuotaSmtpPort, QuotaSmtpTimeout,
-                QuotaSmtpUser, QuotaSmtpPassword, QuotaSmtpAuthType, QuotaSmtpSender};
+                QuotaSmtpUser, QuotaSmtpPassword, QuotaSmtpAuthType, QuotaSmtpSender, QuotaSmtpEnabledSecurityProtocols};
     }
 
     @Override

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,9 @@ public interface QuotaConfig {`
`51`	`51`	`public static final ConfigKey<String> QuotaSmtpSender = new ConfigKey<String>("Advanced", String.class, "quota.usage.smtp.sender", "",`
`52`	`52`	`"Sender of quota alert email (will be in the From header of the email)", true);`
`53`	`53`
	`54`	`+ public static final ConfigKey<String> QuotaSmtpEnabledSecurityProtocols = new ConfigKey<String>("Advanced", String.class, "quota.usage.smtp.enabledSecurityProtocols", "",`
	`55`	`+ "White-space separated security protocols; ex: \"TLSv1 TLSv1.1\". Supported protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1 and TLSv1.2", true);`
	`56`	`+`
`54`	`57`	`enum QuotaEmailTemplateTypes {`
`55`	`58`	`QUOTA_LOW, QUOTA_EMPTY, QUOTA_UNLOCK_ACCOUNT, QUOTA_STATEMENT`
`56`	`59`	`}`
Original file line number	Diff line number	Diff line change
`@@ -137,7 +137,7 @@ public String getConfigComponentName() {`
`137`	`137`	`@Override`
`138`	`138`	`public ConfigKey<?>[] getConfigKeys() {`
`139`	`139`	`return new ConfigKey<?>[] {QuotaPluginEnabled, QuotaEnableEnforcement, QuotaCurrencySymbol, QuotaStatementPeriod, QuotaSmtpHost, QuotaSmtpPort, QuotaSmtpTimeout,`
`140`		`- QuotaSmtpUser, QuotaSmtpPassword, QuotaSmtpAuthType, QuotaSmtpSender};`
	`140`	`+ QuotaSmtpUser, QuotaSmtpPassword, QuotaSmtpAuthType, QuotaSmtpSender, QuotaSmtpEnabledSecurityProtocols};`
`141`	`141`	`}`
`142`	`142`
`143`	`143`	`@Override`