use of io.vertx.mysqlclient.SslMode in project vertx-sql-client by eclipse-vertx.
the class InitialHandshakeCommandCodec method handleInitialHandshake.
private void handleInitialHandshake(ByteBuf payload) {
encoder.clientCapabilitiesFlag = cmd.initialCapabilitiesFlags();
encoder.encodingCharset = cmd.charsetEncoding();
short protocolVersion = payload.readUnsignedByte();
String serverVersion = BufferUtils.readNullTerminatedString(payload, StandardCharsets.US_ASCII);
MySQLDatabaseMetadata md = MySQLDatabaseMetadata.parse(serverVersion);
encoder.socketConnection.metaData = md;
if (md.majorVersion() == 5 && (md.minorVersion() < 7 || (md.minorVersion() == 7 && md.microVersion() < 5))) {
// EOF_HEADER has to be enabled for older MySQL version which does not support the CLIENT_DEPRECATE_EOF flag
} else {
encoder.clientCapabilitiesFlag |= CLIENT_DEPRECATE_EOF;
}
long connectionId = payload.readUnsignedIntLE();
// read first part of scramble
this.authPluginData = new byte[NONCE_LENGTH];
payload.readBytes(authPluginData, 0, AUTH_PLUGIN_DATA_PART1_LENGTH);
// filler
payload.readByte();
// read lower 2 bytes of Capabilities flags
int lowerServerCapabilitiesFlags = payload.readUnsignedShortLE();
short characterSet = payload.readUnsignedByte();
int statusFlags = payload.readUnsignedShortLE();
// read upper 2 bytes of Capabilities flags
int capabilityFlagsUpper = payload.readUnsignedShortLE();
final int serverCapabilitiesFlags = (lowerServerCapabilitiesFlags | (capabilityFlagsUpper << 16));
// length of the combined auth_plugin_data (scramble)
short lenOfAuthPluginData;
boolean isClientPluginAuthSupported = (serverCapabilitiesFlags & CapabilitiesFlag.CLIENT_PLUGIN_AUTH) != 0;
if (isClientPluginAuthSupported) {
lenOfAuthPluginData = payload.readUnsignedByte();
} else {
payload.readerIndex(payload.readerIndex() + 1);
lenOfAuthPluginData = 0;
}
// 10 bytes reserved
payload.readerIndex(payload.readerIndex() + 10);
// Rest of the plugin provided data
payload.readBytes(authPluginData, AUTH_PLUGIN_DATA_PART1_LENGTH, Math.max(NONCE_LENGTH - AUTH_PLUGIN_DATA_PART1_LENGTH, lenOfAuthPluginData - 9));
// reserved byte
payload.readByte();
// we assume the server supports auth plugin
final String serverAuthPluginName = BufferUtils.readNullTerminatedString(payload, StandardCharsets.UTF_8);
boolean upgradeToSsl;
SslMode sslMode = cmd.sslMode();
switch(sslMode) {
case DISABLED:
upgradeToSsl = false;
break;
case PREFERRED:
upgradeToSsl = isTlsSupportedByServer(serverCapabilitiesFlags);
break;
case REQUIRED:
case VERIFY_CA:
case VERIFY_IDENTITY:
upgradeToSsl = true;
break;
default:
completionHandler.handle(CommandResponse.failure(new IllegalStateException("Unknown SSL mode to handle: " + sslMode)));
return;
}
if (upgradeToSsl) {
encoder.clientCapabilitiesFlag |= CLIENT_SSL;
sendSslRequest();
encoder.socketConnection.upgradeToSsl(upgrade -> {
if (upgrade.succeeded()) {
doSendHandshakeResponseMessage(serverAuthPluginName, cmd.authenticationPlugin(), authPluginData, serverCapabilitiesFlags);
} else {
completionHandler.handle(CommandResponse.failure(upgrade.cause()));
}
});
} else {
doSendHandshakeResponseMessage(serverAuthPluginName, cmd.authenticationPlugin(), authPluginData, serverCapabilitiesFlags);
}
}
use of io.vertx.mysqlclient.SslMode in project quarkus by quarkusio.
the class MySQLPoolRecorder method toMySQLConnectOptions.
private MySQLConnectOptions toMySQLConnectOptions(DataSourceRuntimeConfig dataSourceRuntimeConfig, DataSourceReactiveRuntimeConfig dataSourceReactiveRuntimeConfig, DataSourceReactiveMySQLConfig dataSourceReactiveMySQLConfig) {
MySQLConnectOptions mysqlConnectOptions;
if (dataSourceReactiveRuntimeConfig.url.isPresent()) {
String url = dataSourceReactiveRuntimeConfig.url.get();
// clean up the URL to make migrations easier
if (url.startsWith("vertx-reactive:mysql://")) {
url = url.substring("vertx-reactive:".length());
}
mysqlConnectOptions = MySQLConnectOptions.fromUri(url);
} else {
mysqlConnectOptions = new MySQLConnectOptions();
}
if (dataSourceRuntimeConfig.username.isPresent()) {
mysqlConnectOptions.setUser(dataSourceRuntimeConfig.username.get());
}
if (dataSourceRuntimeConfig.password.isPresent()) {
mysqlConnectOptions.setPassword(dataSourceRuntimeConfig.password.get());
}
// credentials provider
if (dataSourceRuntimeConfig.credentialsProvider.isPresent()) {
String beanName = dataSourceRuntimeConfig.credentialsProviderName.orElse(null);
CredentialsProvider credentialsProvider = CredentialsProviderFinder.find(beanName);
String name = dataSourceRuntimeConfig.credentialsProvider.get();
Map<String, String> credentials = credentialsProvider.getCredentials(name);
String user = credentials.get(USER_PROPERTY_NAME);
String password = credentials.get(PASSWORD_PROPERTY_NAME);
if (user != null) {
mysqlConnectOptions.setUser(user);
}
if (password != null) {
mysqlConnectOptions.setPassword(password);
}
}
if (dataSourceReactiveMySQLConfig.cachePreparedStatements.isPresent()) {
log.warn("datasource.reactive.mysql.cache-prepared-statements is deprecated, use datasource.reactive.cache-prepared-statements instead");
mysqlConnectOptions.setCachePreparedStatements(dataSourceReactiveMySQLConfig.cachePreparedStatements.get());
} else {
mysqlConnectOptions.setCachePreparedStatements(dataSourceReactiveRuntimeConfig.cachePreparedStatements);
}
if (dataSourceReactiveMySQLConfig.charset.isPresent()) {
mysqlConnectOptions.setCharset(dataSourceReactiveMySQLConfig.charset.get());
}
if (dataSourceReactiveMySQLConfig.collation.isPresent()) {
mysqlConnectOptions.setCollation(dataSourceReactiveMySQLConfig.collation.get());
}
if (dataSourceReactiveMySQLConfig.sslMode.isPresent()) {
final SslMode sslMode = dataSourceReactiveMySQLConfig.sslMode.get();
mysqlConnectOptions.setSslMode(sslMode);
// If sslMode is verify-identity, we also need a hostname verification algorithm
if (sslMode == SslMode.VERIFY_IDENTITY && (!dataSourceReactiveRuntimeConfig.hostnameVerificationAlgorithm.isPresent() || "".equals(dataSourceReactiveRuntimeConfig.hostnameVerificationAlgorithm.get()))) {
throw new IllegalArgumentException("quarkus.datasource.reactive.hostname-verification-algorithm must be specified under verify-identity sslmode");
}
}
mysqlConnectOptions.setTrustAll(dataSourceReactiveRuntimeConfig.trustAll);
configurePemTrustOptions(mysqlConnectOptions, dataSourceReactiveRuntimeConfig.trustCertificatePem);
configureJksTrustOptions(mysqlConnectOptions, dataSourceReactiveRuntimeConfig.trustCertificateJks);
configurePfxTrustOptions(mysqlConnectOptions, dataSourceReactiveRuntimeConfig.trustCertificatePfx);
configurePemKeyCertOptions(mysqlConnectOptions, dataSourceReactiveRuntimeConfig.keyCertificatePem);
configureJksKeyCertOptions(mysqlConnectOptions, dataSourceReactiveRuntimeConfig.keyCertificateJks);
configurePfxKeyCertOptions(mysqlConnectOptions, dataSourceReactiveRuntimeConfig.keyCertificatePfx);
mysqlConnectOptions.setReconnectAttempts(dataSourceReactiveRuntimeConfig.reconnectAttempts);
mysqlConnectOptions.setReconnectInterval(dataSourceReactiveRuntimeConfig.reconnectInterval.toMillis());
if (dataSourceReactiveRuntimeConfig.hostnameVerificationAlgorithm.isPresent()) {
mysqlConnectOptions.setHostnameVerificationAlgorithm(dataSourceReactiveRuntimeConfig.hostnameVerificationAlgorithm.get());
}
return mysqlConnectOptions;
}
Aggregations