Commit e01a383

authored

[DE-1010] SSL configuration properties (#611)

1 parent 8994c00 commit e01a383Copy full SHA for e01a383

File tree

33 files changed

+211

-38

lines changed

core
- pom.xml
- src/main/java/com/arangodb
  - ArangoDB.java
  - config
    - ArangoConfigProperties.java
  - internal
    - ArangoDefaults.java
    - config
      - ArangoConfig.java
      - ArangoConfigPropertiesImpl.java
driver
- pom.xml
http-protocol
- pom.xml
- src/main/java/com/arangodb/http
  - HttpConnection.java
jackson-serde-json
- pom.xml
jackson-serde-vpack
- pom.xml
jsonb-serde
- pom.xml
pom.xml
release-parent
- pom.xml
shaded
- pom.xml
test-functional
- pom.xml
- src
  - test-ssl/java/com/arangodb
    - ArangoSslTest.java
  - test
    - java/com/arangodb
      - ArangoConfigTest.java
      - UserAgentTest.java
    - resources
      - META-INF/native-image
        resource-config.json
      - arangodb-ssl.properties
test-non-functional
- pom.xml
- src/test
  - java/mp
  - resources
    - arangodb-config-test.properties
test-parent
- pom.xml
test-perf
- pom.xml
test-resilience
- pom.xml
tutorial
- gradle
  - build.gradle
- maven
  - pom.xml
vst-protocol
- pom.xml
- src/main/java/com/arangodb/vst/internal
  - VstConnection.java

33 files changed

+211

-38

lines changed

`‎core/pom.xml`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`<relativePath>../release-parent</relativePath>`
`9`	`9`	`<groupId>com.arangodb</groupId>`
`10`	`10`	`<artifactId>release-parent</artifactId>`
`11`		`- <version>7.20.0</version>`
	`11`	`+ <version>7.21.0-SNAPSHOT</version>`
`12`	`12`	`</parent>`
`13`	`13`
`14`	`14`	`<name>core</name>`

`‎core/src/main/java/com/arangodb/ArangoDB.java`

Lines changed: 35 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -356,6 +356,7 @@ public interface ArangoDB extends ArangoSerdeAccessor {`
`356`	`356`	`/**`
`357`	`357`	`* Reset the server log levels`
`358`	`358`	`* Revert the server's log level settings to the values they had at startup, as determined by the startup options specified on the command-line, a configuration file, and the factory defaults.`
	`359`	`+ *`
`359`	`360`	`* @since ArangoDB 3.12`
`360`	`361`	`*/`
`361`	`362`	`LogLevelEntity resetLogLevels(LogLevelOptions options);`
`@@ -484,6 +485,39 @@ public Builder useSsl(final Boolean useSsl) {`
`484`	`485`	`return this;`
`485`	`486`	`}`
`486`	`487`
	`488`	`+ /**`
	`489`	`+ * Sets the SSL certificate value as Base64 encoded String`
	`490`	`+ *`
	`491`	`+ * @param sslCertValue the SSL certificate value as Base64 encoded String`
	`492`	`+ * @return {@link ArangoDB.Builder}`
	`493`	`+ */`
	`494`	`+ public Builder sslCertValue(final String sslCertValue) {`
	`495`	`+ config.setSslCertValue(sslCertValue);`
	`496`	`+ return this;`
	`497`	`+ }`
	`498`	`+`
	`499`	`+ /**`
	`500`	`+ * Sets the SSL Trust manager algorithm`
	`501`	`+ *`
	`502`	`+ * @param sslAlgorithm the name of the SSL Trust manager algorithm`
	`503`	`+ * @return {@link ArangoDB.Builder}`
	`504`	`+ */`
	`505`	`+ public Builder sslAlgorithm(final String sslAlgorithm) {`
	`506`	`+ config.setSslAlgorithm(sslAlgorithm);`
	`507`	`+ return this;`
	`508`	`+ }`
	`509`	`+`
	`510`	`+ /**`
	`511`	`+ * Sets the SSLContext protocol, default: {@code TLS}`
	`512`	`+ *`
	`513`	`+ * @param sslProtocol the name of the SSLContext protocol`
	`514`	`+ * @return {@link ArangoDB.Builder}`
	`515`	`+ */`
	`516`	`+ public Builder sslProtocol(final String sslProtocol) {`
	`517`	`+ config.setSslProtocol(sslProtocol);`
	`518`	`+ return this;`
	`519`	`+ }`
	`520`	`+`
`487`	`521`	`/**`
`488`	`522`	`* Sets the SSL context to be used when {@code true} is passed through {@link #useSsl(Boolean)}.`
`489`	`523`	`*`
`@@ -716,6 +750,7 @@ public Builder compressionLevel(Integer level) {`
`716`	`750`
`717`	`751`	`/**`
`718`	`752`	`* Configuration specific for {@link com.arangodb.internal.net.ProtocolProvider}.`
	`753`	`+ *`
`719`	`754`	`* @return {@link ArangoDB.Builder}`
`720`	`755`	`*/`
`721`	`756`	`public Builder protocolConfig(ProtocolConfig protocolConfig) {`

`‎core/src/main/java/com/arangodb/config/ArangoConfigProperties.java`

Lines changed: 15 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,9 @@ public interface ArangoConfigProperties {`
`19`	`19`	`String KEY_JWT = "jwt";`
`20`	`20`	`String KEY_TIMEOUT = "timeout";`
`21`	`21`	`String KEY_USE_SSL = "useSsl";`
	`22`	`+ String KEY_SSL_CERT_VALUE = "sslCertValue";`
	`23`	`+ String KEY_SSL_ALGORITHM = "sslAlgorithm";`
	`24`	`+ String KEY_SSL_PROTOCOL = "sslProtocol";`
`22`	`25`	`String KEY_VERIFY_HOST = "verifyHost";`
`23`	`26`	`String KEY_CHUNK_SIZE = "chunkSize";`
`24`	`27`	`String KEY_PIPELINING = "pipelining";`
`@@ -103,6 +106,18 @@ default Optional<Boolean> getUseSsl() {`
`103`	`106`	`return Optional.empty();`
`104`	`107`	`}`
`105`	`108`
	`109`	`+ default Optional<String> getSslCertValue() {`
	`110`	`+ return Optional.empty();`
	`111`	`+ }`
	`112`	`+`
	`113`	`+ default Optional<String> getSslAlgorithm() {`
	`114`	`+ return Optional.empty();`
	`115`	`+ }`
	`116`	`+`
	`117`	`+ default Optional<String> getSslProtocol() {`
	`118`	`+ return Optional.empty();`
	`119`	`+ }`
	`120`	`+`
`106`	`121`	`default Optional<Boolean> getVerifyHost() {`
`107`	`122`	`return Optional.empty();`
`108`	`123`	`}`

`‎core/src/main/java/com/arangodb/internal/ArangoDefaults.java`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,7 @@ public final class ArangoDefaults {`
`48`	`48`	`public static final Integer DEFAULT_TIMEOUT = 0;`
`49`	`49`	`public static final Long DEFAULT_CONNECTION_TTL_HTTP = 30_000L;`
`50`	`50`	`public static final Boolean DEFAULT_USE_SSL = false;`
	`51`	`+ public static final String DEFAULT_SSL_PROTOCOL = "TLS";`
`51`	`52`	`public static final Boolean DEFAULT_VERIFY_HOST = true;`
`52`	`53`	`public static final Integer DEFAULT_CHUNK_SIZE = 30_000;`
`53`	`54`	`public static final Boolean DEFAULT_PIPELINING = false;`

`‎core/src/main/java/com/arangodb/internal/config/ArangoConfig.java`

Lines changed: 48 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,12 @@`
`16`	`16`	`import com.fasterxml.jackson.databind.Module;`
`17`	`17`
`18`	`18`	`import javax.net.ssl.SSLContext;`
	`19`	`+import javax.net.ssl.TrustManagerFactory;`
	`20`	`+import java.io.ByteArrayInputStream;`
`19`	`21`	`import java.lang.reflect.InvocationTargetException;`
	`22`	`+import java.security.KeyStore;`
	`23`	`+import java.security.cert.Certificate;`
	`24`	`+import java.security.cert.CertificateFactory;`
`20`	`25`	`import java.util.*;`
`21`	`26`	`import java.util.concurrent.Executor;`
`22`	`27`	`import java.util.stream.Collectors;`
`@@ -30,6 +35,9 @@ public class ArangoConfig {`
`30`	`35`	`private String password;`
`31`	`36`	`private String jwt;`
`32`	`37`	`private Boolean useSsl;`
	`38`	`+ private Optional<String> sslCertValue;`
	`39`	`+ private Optional<String> sslAlgorithm;`
	`40`	`+ private String sslProtocol;`
`33`	`41`	`private SSLContext sslContext;`
`34`	`42`	`private Boolean verifyHost;`
`35`	`43`	`private Integer chunkSize;`
`@@ -69,6 +77,9 @@ public void loadProperties(final ArangoConfigProperties properties) {`
`69`	`77`	`// FIXME: make jwt field Optional`
`70`	`78`	`jwt = properties.getJwt().orElse(null);`
`71`	`79`	`useSsl = properties.getUseSsl().orElse(ArangoDefaults.DEFAULT_USE_SSL);`
	`80`	`+ sslCertValue = properties.getSslCertValue();`
	`81`	`+ sslAlgorithm = properties.getSslAlgorithm();`
	`82`	`+ sslProtocol = properties.getSslProtocol().orElse(ArangoDefaults.DEFAULT_SSL_PROTOCOL);`
`72`	`83`	`verifyHost = properties.getVerifyHost().orElse(ArangoDefaults.DEFAULT_VERIFY_HOST);`
`73`	`84`	`chunkSize = properties.getChunkSize().orElse(ArangoDefaults.DEFAULT_CHUNK_SIZE);`
`74`	`85`	`pipelining = properties.getPipelining().orElse(ArangoDefaults.DEFAULT_PIPELINING);`
`@@ -151,7 +162,22 @@ public void setUseSsl(Boolean useSsl) {`
`151`	`162`	`this.useSsl = useSsl;`
`152`	`163`	`}`
`153`	`164`
	`165`	`+ public void setSslCertValue(String sslCertValue) {`
	`166`	`+ this.sslCertValue = Optional.ofNullable(sslCertValue);`
	`167`	`+ }`
	`168`	`+`
	`169`	`+ public void setSslAlgorithm(String sslAlgorithm) {`
	`170`	`+ this.sslAlgorithm = Optional.ofNullable(sslAlgorithm);`
	`171`	`+ }`
	`172`	`+`
	`173`	`+ public void setSslProtocol(String sslProtocol) {`
	`174`	`+ this.sslProtocol = sslProtocol;`
	`175`	`+ }`
	`176`	`+`
`154`	`177`	`public SSLContext getSslContext() {`
	`178`	`+ if (sslContext == null) {`
	`179`	`+ sslContext = createSslContext();`
	`180`	`+ }`
`155`	`181`	`return sslContext;`
`156`	`182`	`}`
`157`	`183`
`@@ -342,4 +368,26 @@ public ProtocolConfig getProtocolConfig() {`
`342`	`368`	`public void setProtocolConfig(ProtocolConfig protocolConfig) {`
`343`	`369`	`this.protocolConfig = protocolConfig;`
`344`	`370`	`}`
	`371`	`+`
	`372`	`+ private SSLContext createSslContext() {`
	`373`	`+ try {`
	`374`	`+ if (sslCertValue.isPresent()) {`
	`375`	`+ ByteArrayInputStream is = new ByteArrayInputStream(Base64.getDecoder().decode(sslCertValue.get()));`
	`376`	`+ Certificate cert = CertificateFactory.getInstance("X.509").generateCertificate(is);`
	`377`	`+ KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());`
	`378`	`+ ks.load(null);`
	`379`	`+ ks.setCertificateEntry("arangodb", cert);`
	`380`	`+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(sslAlgorithm.orElseGet(TrustManagerFactory::getDefaultAlgorithm));`
	`381`	`+ tmf.init(ks);`
	`382`	`+ SSLContext sc = SSLContext.getInstance(sslProtocol);`
	`383`	`+ sc.init(null, tmf.getTrustManagers(), null);`
	`384`	`+ return sc;`
	`385`	`+ } else {`
	`386`	`+ return SSLContext.getDefault();`
	`387`	`+ }`
	`388`	`+ } catch (Exception e) {`
	`389`	`+ throw new RuntimeException(e);`
	`390`	`+ }`
	`391`	`+ }`
	`392`	`+`
`345`	`393`	`}`

`‎core/src/main/java/com/arangodb/internal/config/ArangoConfigPropertiesImpl.java`

Lines changed: 15 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -109,6 +109,21 @@ public Optional<Boolean> getUseSsl() {`
`109`	`109`	`return Optional.ofNullable(getProperty(KEY_USE_SSL)).map(Boolean::valueOf);`
`110`	`110`	`}`
`111`	`111`
	`112`	`+ @Override`
	`113`	`+ public Optional<String> getSslCertValue() {`
	`114`	`+ return Optional.ofNullable(getProperty(KEY_SSL_CERT_VALUE));`
	`115`	`+ }`
	`116`	`+`
	`117`	`+ @Override`
	`118`	`+ public Optional<String> getSslAlgorithm() {`
	`119`	`+ return Optional.ofNullable(getProperty(KEY_SSL_ALGORITHM));`
	`120`	`+ }`
	`121`	`+`
	`122`	`+ @Override`
	`123`	`+ public Optional<String> getSslProtocol() {`
	`124`	`+ return Optional.ofNullable(getProperty(KEY_SSL_PROTOCOL));`
	`125`	`+ }`
	`126`	`+`
`112`	`127`	`@Override`
`113`	`128`	`public Optional<Boolean> getVerifyHost() {`
`114`	`129`	`return Optional.ofNullable(getProperty(KEY_VERIFY_HOST)).map(Boolean::valueOf);`

`‎driver/pom.xml`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`<relativePath>../release-parent</relativePath>`
`9`	`9`	`<groupId>com.arangodb</groupId>`
`10`	`10`	`<artifactId>release-parent</artifactId>`
`11`		`- <version>7.20.0</version>`
	`11`	`+ <version>7.21.0-SNAPSHOT</version>`
`12`	`12`	`</parent>`
`13`	`13`
`14`	`14`	`<name>arangodb-java-driver</name>`

`‎http-protocol/pom.xml`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`<relativePath>../release-parent</relativePath>`
`9`	`9`	`<groupId>com.arangodb</groupId>`
`10`	`10`	`<artifactId>release-parent</artifactId>`
`11`		`- <version>7.20.0</version>`
	`11`	`+ <version>7.21.0-SNAPSHOT</version>`
`12`	`12`	`</parent>`
`13`	`13`
`14`	`14`	`<name>http-protocol</name>`

`‎http-protocol/src/main/java/com/arangodb/http/HttpConnection.java`

Lines changed: 1 addition & 12 deletions

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,6 @@`
`55`	`55`	`import org.slf4j.LoggerFactory;`
`56`	`56`
`57`	`57`	`import javax.net.ssl.SSLContext;`
`58`		`-import java.security.NoSuchAlgorithmException;`
`59`	`58`	`import java.util.Collections;`
`60`	`59`	`import java.util.Iterator;`
`61`	`60`	`import java.util.Map.Entry;`
`@@ -169,17 +168,7 @@ private static String getUserAgent() {`
`169`	`168`	`}`
`170`	`169`
`171`	`170`	`if (Boolean.TRUE.equals(config.getUseSsl())) {`
`172`		`- SSLContext ctx;`
`173`		`- if (config.getSslContext() != null) {`
`174`		`- ctx = config.getSslContext();`
`175`		`- } else {`
`176`		`- try {`
`177`		`- ctx = SSLContext.getDefault();`
`178`		`- } catch (NoSuchAlgorithmException e) {`
`179`		`- throw ArangoDBException.of(e);`
`180`		`- }`
`181`		`- }`
`182`		`-`
	`171`	`+ SSLContext ctx = config.getSslContext();`
`183`	`172`	`webClientOptions`
`184`	`173`	`.setSsl(true)`
`185`	`174`	`.setUseAlpn(true)`

`‎jackson-serde-json/pom.xml`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`<relativePath>../release-parent</relativePath>`
`9`	`9`	`<groupId>com.arangodb</groupId>`
`10`	`10`	`<artifactId>release-parent</artifactId>`
`11`		`- <version>7.20.0</version>`
	`11`	`+ <version>7.21.0-SNAPSHOT</version>`
`12`	`12`	`</parent>`
`13`	`13`
`14`	`14`	`<name>jackson-serde-json</name>`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit e01a383

File tree

33 files changed

33 files changed

`‎core/pom.xml`

`‎core/src/main/java/com/arangodb/ArangoDB.java`

`‎core/src/main/java/com/arangodb/config/ArangoConfigProperties.java`

`‎core/src/main/java/com/arangodb/internal/ArangoDefaults.java`

`‎core/src/main/java/com/arangodb/internal/config/ArangoConfig.java`

`‎core/src/main/java/com/arangodb/internal/config/ArangoConfigPropertiesImpl.java`

`‎driver/pom.xml`

`‎http-protocol/pom.xml`

`‎http-protocol/src/main/java/com/arangodb/http/HttpConnection.java`

`‎jackson-serde-json/pom.xml`

0 commit comments