Search in sources :

Example 1 with SslPolicyConfig

use of org.neo4j.configuration.ssl.SslPolicyConfig in project neo4j by neo4j.

the class InProcessServerBuilderIT method shouldAllowCustomServerAndDbConfig.

@Test
void shouldAllowCustomServerAndDbConfig() throws Exception {
    // Given
    trustAllSSLCerts();
    // Get default trusted cypher suites
    SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
    List<String> defaultCiphers = Arrays.asList(ssf.getDefaultCipherSuites());
    // When
    SslPolicyConfig pem = SslPolicyConfig.forScope(HTTPS);
    var certificates = directory.directory("certificates");
    SelfSignedCertificateFactory.create(certificates, "private.key", "public.crt");
    Files.createDirectories(certificates.resolve("trusted"));
    Files.createDirectories(certificates.resolve("revoked"));
    try (Neo4j neo4j = getTestBuilder(directory.homePath()).withConfig(HttpConnector.enabled, true).withConfig(HttpConnector.listen_address, new SocketAddress("localhost", 0)).withConfig(HttpsConnector.enabled, true).withConfig(HttpsConnector.listen_address, new SocketAddress("localhost", 0)).withConfig(GraphDatabaseSettings.dense_node_threshold, 20).withConfig(pem.enabled, Boolean.TRUE).withConfig(pem.base_directory, certificates).withConfig(pem.ciphers, defaultCiphers).withConfig(pem.tls_versions, List.of("TLSv1.2", "TLSv1.1", "TLSv1")).withConfig(pem.client_auth, ClientAuth.NONE).withConfig(pem.trust_all, true).build()) {
        // Then
        assertThat(HTTP.GET(neo4j.httpURI().toString()).status()).isEqualTo(200);
        assertThat(HTTP.GET(neo4j.httpsURI().toString()).status()).isEqualTo(200);
        Config config = ((GraphDatabaseAPI) neo4j.defaultDatabaseService()).getDependencyResolver().resolveDependency(Config.class);
        assertEquals(20, config.get(GraphDatabaseSettings.dense_node_threshold));
    }
}
Also used : SslPolicyConfig(org.neo4j.configuration.ssl.SslPolicyConfig) SslPolicyConfig(org.neo4j.configuration.ssl.SslPolicyConfig) Config(org.neo4j.configuration.Config) SSLServerSocketFactory(javax.net.ssl.SSLServerSocketFactory) SocketAddress(org.neo4j.configuration.helpers.SocketAddress) Test(org.junit.jupiter.api.Test)

Example 2 with SslPolicyConfig

use of org.neo4j.configuration.ssl.SslPolicyConfig in project neo4j by neo4j.

the class CommunityWebContainerBuilder method createConfiguration.

public Map<String, String> createConfiguration(Path temporaryFolder) {
    Map<String, String> properties = stringMap(ServerSettings.db_api_path.name(), dbUri, ServerSettings.rest_api_path.name(), restUri);
    addDefaultRelativeProperties(properties, temporaryFolder);
    if (dataDir != null) {
        properties.put(GraphDatabaseSettings.data_directory.name(), dataDir);
    }
    if (maxThreads != null) {
        properties.put(ServerSettings.webserver_max_threads.name(), maxThreads);
    }
    if (thirdPartyPackages.keySet().size() > 0) {
        properties.put(ServerSettings.third_party_packages.name(), asOneLine(thirdPartyPackages));
    }
    properties.put(HttpConnector.enabled.name(), String.valueOf(httpEnabled));
    properties.put(HttpConnector.listen_address.name(), address.toString());
    properties.put(HttpsConnector.enabled.name(), String.valueOf(httpsEnabled));
    properties.put(HttpsConnector.listen_address.name(), httpsAddress.toString());
    properties.put(GraphDatabaseSettings.neo4j_home.name(), temporaryFolder.toAbsolutePath().toString());
    properties.put(GraphDatabaseSettings.auth_enabled.name(), FALSE);
    if (httpsEnabled) {
        var certificates = temporaryFolder.resolve("certificates");
        SelfSignedCertificateFactory.create(certificates);
        SslPolicyConfig policy = SslPolicyConfig.forScope(SslPolicyScope.HTTPS);
        properties.put(policy.enabled.name(), Boolean.TRUE.toString());
        properties.put(policy.base_directory.name(), certificates.toAbsolutePath().toString());
        properties.put(policy.trust_all.name(), SettingValueParsers.TRUE);
        properties.put(policy.client_auth.name(), ClientAuth.NONE.name());
    }
    properties.put(GraphDatabaseSettings.logs_directory.name(), temporaryFolder.resolve("logs").toAbsolutePath().toString());
    properties.put(GraphDatabaseSettings.transaction_logs_root_path.name(), temporaryFolder.resolve("transaction-logs").toAbsolutePath().toString());
    properties.put(GraphDatabaseSettings.pagecache_memory.name(), "8m");
    properties.put(GraphDatabaseSettings.shutdown_transaction_end_timeout.name(), "0s");
    for (Object key : arbitraryProperties.keySet()) {
        properties.put(String.valueOf(key), String.valueOf(arbitraryProperties.get(key)));
    }
    return properties;
}
Also used : SslPolicyConfig(org.neo4j.configuration.ssl.SslPolicyConfig)

Example 3 with SslPolicyConfig

use of org.neo4j.configuration.ssl.SslPolicyConfig in project neo4j by neo4j.

the class OcspStaplingIT method setup.

@BeforeEach
void setup(TestInfo testInfo) throws IOException {
    server.setConfigure(settings -> {
        SslPolicyConfig policy = SslPolicyConfig.forScope(BOLT);
        settings.put(policy.enabled, true);
        settings.put(policy.public_certificate, endUserCertFile.toAbsolutePath());
        settings.put(policy.private_key, endUserKeyFile.toAbsolutePath());
        settings.put(BoltConnector.enabled, true);
        settings.put(BoltConnector.encryption_level, OPTIONAL);
        settings.put(CommonConnectorConfig.ocsp_stapling_enabled, true);
        settings.put(BoltConnector.listen_address, new SocketAddress("localhost", 0));
    });
    server.init(testInfo);
}
Also used : SslPolicyConfig(org.neo4j.configuration.ssl.SslPolicyConfig) SocketAddress(org.neo4j.configuration.helpers.SocketAddress) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 4 with SslPolicyConfig

use of org.neo4j.configuration.ssl.SslPolicyConfig in project neo4j by neo4j.

the class CertificatesIT method setup.

@BeforeEach
public void setup(TestInfo testInfo) throws IOException {
    server.setConfigure(settings -> {
        SslPolicyConfig policy = SslPolicyConfig.forScope(BOLT);
        settings.put(policy.enabled, true);
        settings.put(policy.public_certificate, certFile.toAbsolutePath());
        settings.put(policy.private_key, keyFile.toAbsolutePath());
        settings.put(BoltConnector.enabled, true);
        settings.put(BoltConnector.encryption_level, OPTIONAL);
        settings.put(BoltConnector.listen_address, new SocketAddress("localhost", 0));
    });
    server.init(testInfo);
}
Also used : SslPolicyConfig(org.neo4j.configuration.ssl.SslPolicyConfig) SocketAddress(org.neo4j.configuration.helpers.SocketAddress) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 5 with SslPolicyConfig

use of org.neo4j.configuration.ssl.SslPolicyConfig in project neo4j by neo4j.

the class SslPolicyLoaderTest method shouldComplainIfMissingFile.

private void shouldComplainIfMissingFile(Path file, String expectedErrorMessage) throws IOException {
    // given
    Files.delete(file);
    SslPolicyConfig policyConfig = SslPolicyConfig.forScope(TESTING);
    Config config = newBuilder().set(neo4j_home, home.toAbsolutePath()).set(policyConfig.enabled, Boolean.TRUE).set(policyConfig.base_directory, Path.of("certificates/default")).build();
    // when
    Exception exception = assertThrows(Exception.class, () -> SslPolicyLoader.create(config, NullLogProvider.getInstance()));
    assertThat(exception.getMessage()).contains(expectedErrorMessage);
    assertThat(exception.getCause()).isInstanceOf(NoSuchFileException.class);
}
Also used : SslPolicyConfig(org.neo4j.configuration.ssl.SslPolicyConfig) SslPolicyConfig(org.neo4j.configuration.ssl.SslPolicyConfig) Config(org.neo4j.configuration.Config) NoSuchFileException(java.nio.file.NoSuchFileException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SSLException(javax.net.ssl.SSLException) CRLException(java.security.cert.CRLException)

Aggregations

SslPolicyConfig (org.neo4j.configuration.ssl.SslPolicyConfig)12 Config (org.neo4j.configuration.Config)6 IOException (java.io.IOException)3 SocketAddress (org.neo4j.configuration.helpers.SocketAddress)3 NoSuchFileException (java.nio.file.NoSuchFileException)2 CRLException (java.security.cert.CRLException)2 CertificateException (java.security.cert.CertificateException)2 SSLException (javax.net.ssl.SSLException)2 BeforeEach (org.junit.jupiter.api.BeforeEach)2 Test (org.junit.jupiter.api.Test)2 Path (java.nio.file.Path)1 SSLServerSocketFactory (javax.net.ssl.SSLServerSocketFactory)1 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)1 GraphDatabaseDependencies (org.neo4j.graphdb.facade.GraphDatabaseDependencies)1 DefaultFileSystemAbstraction (org.neo4j.io.fs.DefaultFileSystemAbstraction)1 Log4jLogProvider (org.neo4j.logging.log4j.Log4jLogProvider)1 LogConfig (org.neo4j.logging.log4j.LogConfig)1 Neo4jLoggerContext (org.neo4j.logging.log4j.Neo4jLoggerContext)1 SslPolicyLoader (org.neo4j.ssl.config.SslPolicyLoader)1