server: add user.password.reset.smtp.useStartTLS and enabledSecurityProtocols for password reset (#11228)

Author: weizhouapache

server/src/main/java/org/apache/cloudstack/user/UserPasswordResetManager.java

@@ -55,6 +55,17 @@ public interface UserPasswordResetManager {
             "Use auth in the SMTP server for sending emails for resetting password for ACS users",
             false, ConfigKey.Scope.Global);
 
+    ConfigKey<Boolean> UserPasswordResetSMTPUseStartTLS = new ConfigKey<>(ConfigKey.CATEGORY_ADVANCED,
+            Boolean.class, "user.password.reset.smtp.useStartTLS", "false",
+            "If set to true and if we enable security via user.password.reset.smtp.useAuth, this will enable StartTLS to secure the connection.",
+            true,
+            ConfigKey.Scope.Global);
+
+    ConfigKey<String> UserPasswordResetSMTPEnabledSecurityProtocols = new ConfigKey<String>(ConfigKey.CATEGORY_ADVANCED,
+            String.class, "user.password.reset.smtp.enabledSecurityProtocols", "",
+            "White-space separated security protocols; ex: \"TLSv1 TLSv1.1\". Supported protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1 and TLSv1.2",
+            true, ConfigKey.Kind.WhitespaceSeparatedListWithOptions, "SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2");
+
     ConfigKey<String> UserPasswordResetSMTPUsername = new ConfigKey<>(ConfigKey.CATEGORY_ADVANCED,
             String.class, "user.password.reset.smtp.username", null,
             "Username for SMTP server for sending emails for resetting password for ACS users",

server/src/main/java/org/apache/cloudstack/user/UserPasswordResetManagerImpl.java

@@ -93,6 +93,8 @@ public ConfigKey<?>[] getConfigKeys() {
                 UserPasswordResetSMTPHost,
                 UserPasswordResetSMTPPort,
                 UserPasswordResetSMTPUseAuth,
+                UserPasswordResetSMTPUseStartTLS,
+                UserPasswordResetSMTPEnabledSecurityProtocols,
                 UserPasswordResetSMTPUsername,
                 UserPasswordResetSMTPPassword,
                 PasswordResetMailTemplate
@@ -106,6 +108,8 @@ public boolean configure(String name, Map<String, Object> params) throws Configu
         Boolean useAuth = UserPasswordResetSMTPUseAuth.value();
         String username = UserPasswordResetSMTPUsername.value();
         String password = UserPasswordResetSMTPPassword.value();
+        Boolean useStartTLS = UserPasswordResetSMTPUseStartTLS.value();
+        String enabledSecurityProtocols = UserPasswordResetSMTPEnabledSecurityProtocols.value();
 
         if (!StringUtils.isEmpty(smtpHost) && smtpPort != null && smtpPort > 0) {
             String namespace = "password.reset.smtp";
@@ -117,6 +121,8 @@ public boolean configure(String name, Map<String, Object> params) throws Configu
             configs.put(getKey(namespace, SMTPMailSender.CONFIG_USE_AUTH), useAuth.toString());
             configs.put(getKey(namespace, SMTPMailSender.CONFIG_USERNAME), username);
             configs.put(getKey(namespace, SMTPMailSender.CONFIG_PASSWORD), password);
+            configs.put(getKey(namespace, SMTPMailSender.CONFIG_USE_STARTTLS), useStartTLS.toString());
+            configs.put(getKey(namespace, SMTPMailSender.CONFIG_ENABLED_SECURITY_PROTOCOLS), enabledSecurityProtocols);
 
             mailSender = new SMTPMailSender(configs, namespace);
         }