Search in sources :

Example 1 with SslMode

use of io.vertx.mysqlclient.SslMode in project vertx-sql-client by eclipse-vertx.

the class InitialHandshakeCommandCodec method handleInitialHandshake.

private void handleInitialHandshake(ByteBuf payload) {
    encoder.clientCapabilitiesFlag = cmd.initialCapabilitiesFlags();
    encoder.encodingCharset = cmd.charsetEncoding();
    short protocolVersion = payload.readUnsignedByte();
    String serverVersion = BufferUtils.readNullTerminatedString(payload, StandardCharsets.US_ASCII);
    MySQLDatabaseMetadata md = MySQLDatabaseMetadata.parse(serverVersion);
    encoder.socketConnection.metaData = md;
    if (md.majorVersion() == 5 && (md.minorVersion() < 7 || (md.minorVersion() == 7 && md.microVersion() < 5))) {
    // EOF_HEADER has to be enabled for older MySQL version which does not support the CLIENT_DEPRECATE_EOF flag
    } else {
        encoder.clientCapabilitiesFlag |= CLIENT_DEPRECATE_EOF;
    }
    long connectionId = payload.readUnsignedIntLE();
    // read first part of scramble
    this.authPluginData = new byte[NONCE_LENGTH];
    payload.readBytes(authPluginData, 0, AUTH_PLUGIN_DATA_PART1_LENGTH);
    // filler
    payload.readByte();
    // read lower 2 bytes of Capabilities flags
    int lowerServerCapabilitiesFlags = payload.readUnsignedShortLE();
    short characterSet = payload.readUnsignedByte();
    int statusFlags = payload.readUnsignedShortLE();
    // read upper 2 bytes of Capabilities flags
    int capabilityFlagsUpper = payload.readUnsignedShortLE();
    final int serverCapabilitiesFlags = (lowerServerCapabilitiesFlags | (capabilityFlagsUpper << 16));
    // length of the combined auth_plugin_data (scramble)
    short lenOfAuthPluginData;
    boolean isClientPluginAuthSupported = (serverCapabilitiesFlags & CapabilitiesFlag.CLIENT_PLUGIN_AUTH) != 0;
    if (isClientPluginAuthSupported) {
        lenOfAuthPluginData = payload.readUnsignedByte();
    } else {
        payload.readerIndex(payload.readerIndex() + 1);
        lenOfAuthPluginData = 0;
    }
    // 10 bytes reserved
    payload.readerIndex(payload.readerIndex() + 10);
    // Rest of the plugin provided data
    payload.readBytes(authPluginData, AUTH_PLUGIN_DATA_PART1_LENGTH, Math.max(NONCE_LENGTH - AUTH_PLUGIN_DATA_PART1_LENGTH, lenOfAuthPluginData - 9));
    // reserved byte
    payload.readByte();
    // we assume the server supports auth plugin
    final String serverAuthPluginName = BufferUtils.readNullTerminatedString(payload, StandardCharsets.UTF_8);
    boolean upgradeToSsl;
    SslMode sslMode = cmd.sslMode();
    switch(sslMode) {
        case DISABLED:
            upgradeToSsl = false;
            break;
        case PREFERRED:
            upgradeToSsl = isTlsSupportedByServer(serverCapabilitiesFlags);
            break;
        case REQUIRED:
        case VERIFY_CA:
        case VERIFY_IDENTITY:
            upgradeToSsl = true;
            break;
        default:
            completionHandler.handle(CommandResponse.failure(new IllegalStateException("Unknown SSL mode to handle: " + sslMode)));
            return;
    }
    if (upgradeToSsl) {
        encoder.clientCapabilitiesFlag |= CLIENT_SSL;
        sendSslRequest();
        encoder.socketConnection.upgradeToSsl(upgrade -> {
            if (upgrade.succeeded()) {
                doSendHandshakeResponseMessage(serverAuthPluginName, cmd.authenticationPlugin(), authPluginData, serverCapabilitiesFlags);
            } else {
                completionHandler.handle(CommandResponse.failure(upgrade.cause()));
            }
        });
    } else {
        doSendHandshakeResponseMessage(serverAuthPluginName, cmd.authenticationPlugin(), authPluginData, serverCapabilitiesFlags);
    }
}
Also used : MySQLDatabaseMetadata(io.vertx.mysqlclient.impl.MySQLDatabaseMetadata) SslMode(io.vertx.mysqlclient.SslMode)

Example 2 with SslMode

use of io.vertx.mysqlclient.SslMode in project quarkus by quarkusio.

the class MySQLPoolRecorder method toMySQLConnectOptions.

private MySQLConnectOptions toMySQLConnectOptions(DataSourceRuntimeConfig dataSourceRuntimeConfig, DataSourceReactiveRuntimeConfig dataSourceReactiveRuntimeConfig, DataSourceReactiveMySQLConfig dataSourceReactiveMySQLConfig) {
    MySQLConnectOptions mysqlConnectOptions;
    if (dataSourceReactiveRuntimeConfig.url.isPresent()) {
        String url = dataSourceReactiveRuntimeConfig.url.get();
        // clean up the URL to make migrations easier
        if (url.startsWith("vertx-reactive:mysql://")) {
            url = url.substring("vertx-reactive:".length());
        }
        mysqlConnectOptions = MySQLConnectOptions.fromUri(url);
    } else {
        mysqlConnectOptions = new MySQLConnectOptions();
    }
    if (dataSourceRuntimeConfig.username.isPresent()) {
        mysqlConnectOptions.setUser(dataSourceRuntimeConfig.username.get());
    }
    if (dataSourceRuntimeConfig.password.isPresent()) {
        mysqlConnectOptions.setPassword(dataSourceRuntimeConfig.password.get());
    }
    // credentials provider
    if (dataSourceRuntimeConfig.credentialsProvider.isPresent()) {
        String beanName = dataSourceRuntimeConfig.credentialsProviderName.orElse(null);
        CredentialsProvider credentialsProvider = CredentialsProviderFinder.find(beanName);
        String name = dataSourceRuntimeConfig.credentialsProvider.get();
        Map<String, String> credentials = credentialsProvider.getCredentials(name);
        String user = credentials.get(USER_PROPERTY_NAME);
        String password = credentials.get(PASSWORD_PROPERTY_NAME);
        if (user != null) {
            mysqlConnectOptions.setUser(user);
        }
        if (password != null) {
            mysqlConnectOptions.setPassword(password);
        }
    }
    if (dataSourceReactiveMySQLConfig.cachePreparedStatements.isPresent()) {
        log.warn("datasource.reactive.mysql.cache-prepared-statements is deprecated, use datasource.reactive.cache-prepared-statements instead");
        mysqlConnectOptions.setCachePreparedStatements(dataSourceReactiveMySQLConfig.cachePreparedStatements.get());
    } else {
        mysqlConnectOptions.setCachePreparedStatements(dataSourceReactiveRuntimeConfig.cachePreparedStatements);
    }
    if (dataSourceReactiveMySQLConfig.charset.isPresent()) {
        mysqlConnectOptions.setCharset(dataSourceReactiveMySQLConfig.charset.get());
    }
    if (dataSourceReactiveMySQLConfig.collation.isPresent()) {
        mysqlConnectOptions.setCollation(dataSourceReactiveMySQLConfig.collation.get());
    }
    if (dataSourceReactiveMySQLConfig.sslMode.isPresent()) {
        final SslMode sslMode = dataSourceReactiveMySQLConfig.sslMode.get();
        mysqlConnectOptions.setSslMode(sslMode);
        // If sslMode is verify-identity, we also need a hostname verification algorithm
        if (sslMode == SslMode.VERIFY_IDENTITY && (!dataSourceReactiveRuntimeConfig.hostnameVerificationAlgorithm.isPresent() || "".equals(dataSourceReactiveRuntimeConfig.hostnameVerificationAlgorithm.get()))) {
            throw new IllegalArgumentException("quarkus.datasource.reactive.hostname-verification-algorithm must be specified under verify-identity sslmode");
        }
    }
    mysqlConnectOptions.setTrustAll(dataSourceReactiveRuntimeConfig.trustAll);
    configurePemTrustOptions(mysqlConnectOptions, dataSourceReactiveRuntimeConfig.trustCertificatePem);
    configureJksTrustOptions(mysqlConnectOptions, dataSourceReactiveRuntimeConfig.trustCertificateJks);
    configurePfxTrustOptions(mysqlConnectOptions, dataSourceReactiveRuntimeConfig.trustCertificatePfx);
    configurePemKeyCertOptions(mysqlConnectOptions, dataSourceReactiveRuntimeConfig.keyCertificatePem);
    configureJksKeyCertOptions(mysqlConnectOptions, dataSourceReactiveRuntimeConfig.keyCertificateJks);
    configurePfxKeyCertOptions(mysqlConnectOptions, dataSourceReactiveRuntimeConfig.keyCertificatePfx);
    mysqlConnectOptions.setReconnectAttempts(dataSourceReactiveRuntimeConfig.reconnectAttempts);
    mysqlConnectOptions.setReconnectInterval(dataSourceReactiveRuntimeConfig.reconnectInterval.toMillis());
    if (dataSourceReactiveRuntimeConfig.hostnameVerificationAlgorithm.isPresent()) {
        mysqlConnectOptions.setHostnameVerificationAlgorithm(dataSourceReactiveRuntimeConfig.hostnameVerificationAlgorithm.get());
    }
    return mysqlConnectOptions;
}
Also used : SslMode(io.vertx.mysqlclient.SslMode) MySQLConnectOptions(io.vertx.mysqlclient.MySQLConnectOptions) CredentialsProvider(io.quarkus.credentials.CredentialsProvider)

Aggregations

SslMode (io.vertx.mysqlclient.SslMode)2 CredentialsProvider (io.quarkus.credentials.CredentialsProvider)1 MySQLConnectOptions (io.vertx.mysqlclient.MySQLConnectOptions)1 MySQLDatabaseMetadata (io.vertx.mysqlclient.impl.MySQLDatabaseMetadata)1