Example 6 with SslPolicyConfig
use of org.neo4j.configuration.ssl.SslPolicyConfig in project neo4j by neo4j.
the class SslPolicyLoaderTest method shouldThrowCertificateExceptionCreatingSslPolicy.
private void shouldThrowCertificateExceptionCreatingSslPolicy(String expectedMessage, Class<? extends Exception> expectedCause, boolean ignoreDotfiles) {
SslPolicyConfig policyConfig = SslPolicyConfig.forScope(TESTING);
Config config = newBuilder().set(neo4j_home, home.toAbsolutePath()).set(SslSystemInternalSettings.ignore_dotfiles, ignoreDotfiles).set(policyConfig.enabled, Boolean.TRUE).set(policyConfig.base_directory, Path.of("certificates/default")).build();
// when
Exception exception = assertThrows(Exception.class, () -> SslPolicyLoader.create(config, NullLogProvider.getInstance()));
assertThat(exception.getMessage()).contains(expectedMessage);
assertThat(exception.getCause()).isInstanceOf(expectedCause);
}
Also used :
SslPolicyConfig(org.neo4j.configuration.ssl.SslPolicyConfig)
SslPolicyConfig(org.neo4j.configuration.ssl.SslPolicyConfig)
Config(org.neo4j.configuration.Config)
NoSuchFileException(java.nio.file.NoSuchFileException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
SSLException(javax.net.ssl.SSLException)
CRLException(java.security.cert.CRLException)
Example 7 with SslPolicyConfig
use of org.neo4j.configuration.ssl.SslPolicyConfig in project neo4j-documentation by neo4j.
the class CommunityWebContainerBuilder method createConfiguration.
public Map<String, String> createConfiguration(Path temporaryFolder) {
Map<String, String> properties = stringMap(ServerSettings.db_api_path.name(), dbUri, ServerSettings.rest_api_path.name(), restUri);
addDefaultRelativeProperties(properties, temporaryFolder);
if (dataDir != null) {
properties.put(GraphDatabaseSettings.data_directory.name(), dataDir);
}
if (maxThreads != null) {
properties.put(ServerSettings.webserver_max_threads.name(), maxThreads);
}
if (thirdPartyPackages.keySet().size() > 0) {
properties.put(ServerSettings.third_party_packages.name(), asOneLine(thirdPartyPackages));
}
properties.put(HttpConnector.enabled.name(), String.valueOf(httpEnabled));
properties.put(HttpConnector.listen_address.name(), address.toString());
properties.put(HttpsConnector.enabled.name(), String.valueOf(httpsEnabled));
properties.put(HttpsConnector.listen_address.name(), httpsAddress.toString());
properties.put(BoltConnector.listen_address.name(), boltAddress.toString());
properties.put(GraphDatabaseSettings.neo4j_home.name(), temporaryFolder.toAbsolutePath().toString());
properties.put(GraphDatabaseSettings.auth_enabled.name(), FALSE);
if (httpsEnabled) {
var certificates = temporaryFolder.resolve("certificates");
SelfSignedCertificateFactory.create(certificates);
SslPolicyConfig policy = SslPolicyConfig.forScope(SslPolicyScope.HTTPS);
properties.put(policy.enabled.name(), Boolean.TRUE.toString());
properties.put(policy.base_directory.name(), certificates.toAbsolutePath().toString());
properties.put(policy.trust_all.name(), SettingValueParsers.TRUE);
properties.put(policy.client_auth.name(), ClientAuth.NONE.name());
}
properties.put(GraphDatabaseSettings.logs_directory.name(), temporaryFolder.resolve("logs-x").toAbsolutePath().toString());
properties.put(GraphDatabaseSettings.transaction_logs_root_path.name(), temporaryFolder.resolve("transaction-logs-x").toAbsolutePath().toString());
properties.put(GraphDatabaseSettings.pagecache_memory.name(), "8m");
properties.put(GraphDatabaseSettings.shutdown_transaction_end_timeout.name(), "0s");
for (Object key : arbitraryProperties.keySet()) {
properties.put(String.valueOf(key), String.valueOf(arbitraryProperties.get(key)));
}
return properties;
}
Also used :
SslPolicyConfig(org.neo4j.configuration.ssl.SslPolicyConfig)
Example 8 with SslPolicyConfig
use of org.neo4j.configuration.ssl.SslPolicyConfig in project neo4j by neo4j.
the class Neo4jWithSocket method installSelfSignedCertificateIfEncryptionEnabled.
private void installSelfSignedCertificateIfEncryptionEnabled(Map<Setting<?>, Object> settings) {
var encryptionLevel = settings.get(BoltConnector.encryption_level);
if (encryptionLevel != DISABLED) {
// Install self-signed certs if ssl is enabled
var certificates = workingDirectory.resolve("certificates");
SelfSignedCertificateFactory.create(certificates);
settings.put(SslPolicyConfig.forScope(SslPolicyScope.BOLT).enabled, Boolean.TRUE);
settings.put(SslPolicyConfig.forScope(SslPolicyScope.BOLT).base_directory, certificates);
}
SslPolicyConfig clusterConfig = SslPolicyConfig.forScope(SslPolicyScope.CLUSTER);
if (settings.containsKey(clusterConfig.enabled)) {
var clusterCertificates = workingDirectory.resolve("cluster-cert");
SelfSignedCertificateFactory.create(clusterCertificates);
settings.put(SslPolicyConfig.forScope(SslPolicyScope.CLUSTER).enabled, Boolean.TRUE);
settings.put(SslPolicyConfig.forScope(SslPolicyScope.CLUSTER).base_directory, clusterCertificates);
}
}
Also used :
SslPolicyConfig(org.neo4j.configuration.ssl.SslPolicyConfig)
Example 9 with SslPolicyConfig
use of org.neo4j.configuration.ssl.SslPolicyConfig in project neo4j by neo4j.
the class BaseBootstrapperIT method testStartupWithConnectors.
private void testStartupWithConnectors(boolean httpEnabled, boolean httpsEnabled, boolean boltEnabled) {
SslPolicyConfig httpsPolicy = SslPolicyConfig.forScope(SslPolicyScope.HTTPS);
if (httpsEnabled) {
// create self signed
SelfSignedCertificateFactory.create(testDirectory.absolutePath());
}
String[] config = { "-c", httpsEnabled ? configOption(httpsPolicy.enabled, SettingValueParsers.TRUE) : "", "-c", httpsEnabled ? configOption(httpsPolicy.base_directory, testDirectory.absolutePath().toString()) : "", "-c", HttpConnector.enabled.name() + "=" + httpEnabled, "-c", HttpConnector.listen_address.name() + "=localhost:0", "-c", HttpsConnector.enabled.name() + "=" + httpsEnabled, "-c", HttpsConnector.listen_address.name() + "=localhost:0", "-c", BoltConnector.enabled.name() + "=" + boltEnabled, "-c", BoltConnector.listen_address.name() + "=localhost:0" };
var allConfigOptions = ArrayUtils.addAll(config, getAdditionalArguments());
int resultCode = NeoBootstrapper.start(bootstrapper, allConfigOptions);
assertEquals(NeoBootstrapper.OK, resultCode);
assertEventually("Server was not started", bootstrapper::isRunning, Conditions.TRUE, 1, TimeUnit.MINUTES);
assertDbAccessibleAsEmbedded();
verifyConnector(db(), HttpConnector.NAME, httpEnabled);
verifyConnector(db(), HttpsConnector.NAME, httpsEnabled);
verifyConnector(db(), BoltConnector.NAME, boltEnabled);
}
Also used :
SslPolicyConfig(org.neo4j.configuration.ssl.SslPolicyConfig)
Example 10 with SslPolicyConfig
use of org.neo4j.configuration.ssl.SslPolicyConfig in project neo4j by neo4j.
the class AbstractInProcessNeo4jBuilder method build.
@Override
public InProcessNeo4j build() {
Path userLogFile = serverFolder.resolve("neo4j.log");
Path internalLogFile = serverFolder.resolve("debug.log");
config.set(ServerSettings.third_party_packages, unmanagedExtentions.toList());
config.set(GraphDatabaseSettings.store_internal_log_path, internalLogFile.toAbsolutePath());
var certificates = serverFolder.resolve("certificates");
if (disabledServer) {
config.set(HttpConnector.enabled, false);
config.set(HttpsConnector.enabled, false);
}
Config dbConfig = config.build();
if (dbConfig.get(HttpsConnector.enabled) || dbConfig.get(BoltConnector.enabled) && dbConfig.get(BoltConnector.encryption_level) != BoltConnector.EncryptionLevel.DISABLED) {
SelfSignedCertificateFactory.create(certificates);
List<SslPolicyConfig> policies = List.of(SslPolicyConfig.forScope(HTTPS), SslPolicyConfig.forScope(BOLT));
for (SslPolicyConfig policy : policies) {
config.set(policy.enabled, Boolean.TRUE);
config.set(policy.base_directory, certificates);
config.set(policy.trust_all, true);
config.set(policy.client_auth, ClientAuth.NONE);
}
dbConfig = config.build();
}
Neo4jLoggerContext loggerContext = LogConfig.createBuilder(new DefaultFileSystemAbstraction(), userLogFile, Level.INFO).withTimezone(dbConfig.get(db_timezone)).build();
var userLogProvider = new Log4jLogProvider(loggerContext);
GraphDatabaseDependencies dependencies = GraphDatabaseDependencies.newDependencies().userLogProvider(userLogProvider);
dependencies = dependencies.extensions(buildExtensionList(dependencies));
var managementService = createNeo(dbConfig, dependencies);
InProcessNeo4j controls = new InProcessNeo4j(serverFolder, userLogFile, internalLogFile, managementService, dbConfig, userLogProvider);
controls.start();
try {
fixtures.applyTo(controls);
} catch (Exception e) {
controls.close();
throw e;
}
return controls;
}
Also used :
Path(java.nio.file.Path)
SslPolicyConfig(org.neo4j.configuration.ssl.SslPolicyConfig)
Neo4jLoggerContext(org.neo4j.logging.log4j.Neo4jLoggerContext)
DefaultFileSystemAbstraction(org.neo4j.io.fs.DefaultFileSystemAbstraction)
SslPolicyConfig(org.neo4j.configuration.ssl.SslPolicyConfig)
Config(org.neo4j.configuration.Config)
LogConfig(org.neo4j.logging.log4j.LogConfig)
Log4jLogProvider(org.neo4j.logging.log4j.Log4jLogProvider)
GraphDatabaseDependencies(org.neo4j.graphdb.facade.GraphDatabaseDependencies)
IOException(java.io.IOException)
Aggregations
SslPolicyConfig (org.neo4j.configuration.ssl.SslPolicyConfig)12
Config (org.neo4j.configuration.Config)6
IOException (java.io.IOException)3
SocketAddress (org.neo4j.configuration.helpers.SocketAddress)3
NoSuchFileException (java.nio.file.NoSuchFileException)2
CRLException (java.security.cert.CRLException)2
CertificateException (java.security.cert.CertificateException)2
SSLException (javax.net.ssl.SSLException)2
BeforeEach (org.junit.jupiter.api.BeforeEach)2
Test (org.junit.jupiter.api.Test)2
Path (java.nio.file.Path)1
SSLServerSocketFactory (javax.net.ssl.SSLServerSocketFactory)1
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)1
GraphDatabaseDependencies (org.neo4j.graphdb.facade.GraphDatabaseDependencies)1
DefaultFileSystemAbstraction (org.neo4j.io.fs.DefaultFileSystemAbstraction)1
Log4jLogProvider (org.neo4j.logging.log4j.Log4jLogProvider)1
LogConfig (org.neo4j.logging.log4j.LogConfig)1
Neo4jLoggerContext (org.neo4j.logging.log4j.Neo4jLoggerContext)1
SslPolicyLoader (org.neo4j.ssl.config.SslPolicyLoader)1
