use of org.neo4j.configuration.ssl.SslPolicyConfig in project neo4j by neo4j.
the class InProcessServerBuilderIT method shouldAllowCustomServerAndDbConfig.
@Test
void shouldAllowCustomServerAndDbConfig() throws Exception {
// Given
trustAllSSLCerts();
// Get default trusted cypher suites
SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
List<String> defaultCiphers = Arrays.asList(ssf.getDefaultCipherSuites());
// When
SslPolicyConfig pem = SslPolicyConfig.forScope(HTTPS);
var certificates = directory.directory("certificates");
SelfSignedCertificateFactory.create(certificates, "private.key", "public.crt");
Files.createDirectories(certificates.resolve("trusted"));
Files.createDirectories(certificates.resolve("revoked"));
try (Neo4j neo4j = getTestBuilder(directory.homePath()).withConfig(HttpConnector.enabled, true).withConfig(HttpConnector.listen_address, new SocketAddress("localhost", 0)).withConfig(HttpsConnector.enabled, true).withConfig(HttpsConnector.listen_address, new SocketAddress("localhost", 0)).withConfig(GraphDatabaseSettings.dense_node_threshold, 20).withConfig(pem.enabled, Boolean.TRUE).withConfig(pem.base_directory, certificates).withConfig(pem.ciphers, defaultCiphers).withConfig(pem.tls_versions, List.of("TLSv1.2", "TLSv1.1", "TLSv1")).withConfig(pem.client_auth, ClientAuth.NONE).withConfig(pem.trust_all, true).build()) {
// Then
assertThat(HTTP.GET(neo4j.httpURI().toString()).status()).isEqualTo(200);
assertThat(HTTP.GET(neo4j.httpsURI().toString()).status()).isEqualTo(200);
Config config = ((GraphDatabaseAPI) neo4j.defaultDatabaseService()).getDependencyResolver().resolveDependency(Config.class);
assertEquals(20, config.get(GraphDatabaseSettings.dense_node_threshold));
}
}
use of org.neo4j.configuration.ssl.SslPolicyConfig in project neo4j by neo4j.
the class CommunityWebContainerBuilder method createConfiguration.
public Map<String, String> createConfiguration(Path temporaryFolder) {
Map<String, String> properties = stringMap(ServerSettings.db_api_path.name(), dbUri, ServerSettings.rest_api_path.name(), restUri);
addDefaultRelativeProperties(properties, temporaryFolder);
if (dataDir != null) {
properties.put(GraphDatabaseSettings.data_directory.name(), dataDir);
}
if (maxThreads != null) {
properties.put(ServerSettings.webserver_max_threads.name(), maxThreads);
}
if (thirdPartyPackages.keySet().size() > 0) {
properties.put(ServerSettings.third_party_packages.name(), asOneLine(thirdPartyPackages));
}
properties.put(HttpConnector.enabled.name(), String.valueOf(httpEnabled));
properties.put(HttpConnector.listen_address.name(), address.toString());
properties.put(HttpsConnector.enabled.name(), String.valueOf(httpsEnabled));
properties.put(HttpsConnector.listen_address.name(), httpsAddress.toString());
properties.put(GraphDatabaseSettings.neo4j_home.name(), temporaryFolder.toAbsolutePath().toString());
properties.put(GraphDatabaseSettings.auth_enabled.name(), FALSE);
if (httpsEnabled) {
var certificates = temporaryFolder.resolve("certificates");
SelfSignedCertificateFactory.create(certificates);
SslPolicyConfig policy = SslPolicyConfig.forScope(SslPolicyScope.HTTPS);
properties.put(policy.enabled.name(), Boolean.TRUE.toString());
properties.put(policy.base_directory.name(), certificates.toAbsolutePath().toString());
properties.put(policy.trust_all.name(), SettingValueParsers.TRUE);
properties.put(policy.client_auth.name(), ClientAuth.NONE.name());
}
properties.put(GraphDatabaseSettings.logs_directory.name(), temporaryFolder.resolve("logs").toAbsolutePath().toString());
properties.put(GraphDatabaseSettings.transaction_logs_root_path.name(), temporaryFolder.resolve("transaction-logs").toAbsolutePath().toString());
properties.put(GraphDatabaseSettings.pagecache_memory.name(), "8m");
properties.put(GraphDatabaseSettings.shutdown_transaction_end_timeout.name(), "0s");
for (Object key : arbitraryProperties.keySet()) {
properties.put(String.valueOf(key), String.valueOf(arbitraryProperties.get(key)));
}
return properties;
}
use of org.neo4j.configuration.ssl.SslPolicyConfig in project neo4j by neo4j.
the class OcspStaplingIT method setup.
@BeforeEach
void setup(TestInfo testInfo) throws IOException {
server.setConfigure(settings -> {
SslPolicyConfig policy = SslPolicyConfig.forScope(BOLT);
settings.put(policy.enabled, true);
settings.put(policy.public_certificate, endUserCertFile.toAbsolutePath());
settings.put(policy.private_key, endUserKeyFile.toAbsolutePath());
settings.put(BoltConnector.enabled, true);
settings.put(BoltConnector.encryption_level, OPTIONAL);
settings.put(CommonConnectorConfig.ocsp_stapling_enabled, true);
settings.put(BoltConnector.listen_address, new SocketAddress("localhost", 0));
});
server.init(testInfo);
}
use of org.neo4j.configuration.ssl.SslPolicyConfig in project neo4j by neo4j.
the class CertificatesIT method setup.
@BeforeEach
public void setup(TestInfo testInfo) throws IOException {
server.setConfigure(settings -> {
SslPolicyConfig policy = SslPolicyConfig.forScope(BOLT);
settings.put(policy.enabled, true);
settings.put(policy.public_certificate, certFile.toAbsolutePath());
settings.put(policy.private_key, keyFile.toAbsolutePath());
settings.put(BoltConnector.enabled, true);
settings.put(BoltConnector.encryption_level, OPTIONAL);
settings.put(BoltConnector.listen_address, new SocketAddress("localhost", 0));
});
server.init(testInfo);
}
use of org.neo4j.configuration.ssl.SslPolicyConfig in project neo4j by neo4j.
the class SslPolicyLoaderTest method shouldComplainIfMissingFile.
private void shouldComplainIfMissingFile(Path file, String expectedErrorMessage) throws IOException {
// given
Files.delete(file);
SslPolicyConfig policyConfig = SslPolicyConfig.forScope(TESTING);
Config config = newBuilder().set(neo4j_home, home.toAbsolutePath()).set(policyConfig.enabled, Boolean.TRUE).set(policyConfig.base_directory, Path.of("certificates/default")).build();
// when
Exception exception = assertThrows(Exception.class, () -> SslPolicyLoader.create(config, NullLogProvider.getInstance()));
assertThat(exception.getMessage()).contains(expectedErrorMessage);
assertThat(exception.getCause()).isInstanceOf(NoSuchFileException.class);
}
Aggregations