Examples with SslPolicyLoader org.neo4j.ssl.config.SslPolicyLoader used on opensource projects

Search in sources :

Example 1 with SslPolicyLoader

use of org.neo4j.ssl.config.SslPolicyLoader in project neo4j by neo4j.

the class BoltServer method createInternalProtocolInitializer.

private ProtocolInitializer createInternalProtocolInitializer(BoltProtocolFactory boltProtocolFactory, TransportThrottleGroup throttleGroup, ByteBufAllocator bufferAllocator) {
    SslContext sslCtx = null;
    SslPolicyLoader sslPolicyLoader = dependencyResolver.resolveDependency(SslPolicyLoader.class);
    boolean requireEncryption = sslPolicyLoader.hasPolicyForSource(CLUSTER);
    if (requireEncryption) {
        try {
            sslCtx = sslPolicyLoader.getPolicy(CLUSTER).nettyServerContext();
        } catch (SSLException e) {
            throw new RuntimeException("Failed to initialize SSL encryption support, which is required to start this connector. " + "Error was: " + e.getMessage(), e);
        }
    }
    SocketAddress internalListenAddress;
    if (config.isExplicitlySet(GraphDatabaseSettings.routing_listen_address)) {
        internalListenAddress = config.get(GraphDatabaseSettings.routing_listen_address).socketAddress();
    } else {
        // otherwise use same host as external connector but with default internal port
        internalListenAddress = new InetSocketAddress(config.get(BoltConnector.listen_address).getHostname(), config.get(GraphDatabaseSettings.routing_listen_address).getPort());
    }
    Duration channelTimeout = config.get(BoltConnectorInternalSettings.unsupported_bolt_unauth_connection_timeout);
    long maxMessageSize = config.get(BoltConnectorInternalSettings.unsupported_bolt_unauth_connection_max_inbound_bytes);
    return new SocketTransport(BoltConnector.NAME, internalListenAddress, sslCtx, requireEncryption, logService.getInternalLogProvider(), throttleGroup, boltProtocolFactory, connectionTracker, channelTimeout, maxMessageSize, bufferAllocator, boltMemoryPool);
}
Also used : InetSocketAddress(java.net.InetSocketAddress) SocketTransport(org.neo4j.bolt.transport.SocketTransport) SslPolicyLoader(org.neo4j.ssl.config.SslPolicyLoader) Duration(java.time.Duration) SocketAddress(java.net.SocketAddress) DomainSocketAddress(io.netty.channel.unix.DomainSocketAddress) InetSocketAddress(java.net.InetSocketAddress) SSLException(javax.net.ssl.SSLException) SslContext(io.netty.handler.ssl.SslContext)

Example 2 with SslPolicyLoader

use of org.neo4j.ssl.config.SslPolicyLoader in project neo4j by neo4j.

the class BoltServer method createExternalProtocolInitializer.

private ProtocolInitializer createExternalProtocolInitializer(BoltProtocolFactory boltProtocolFactory, TransportThrottleGroup throttleGroup, Log log, ByteBufAllocator bufferAllocator) {
    SslContext sslCtx;
    boolean requireEncryption;
    BoltConnector.EncryptionLevel encryptionLevel = config.get(BoltConnector.encryption_level);
    SslPolicyLoader sslPolicyLoader = dependencyResolver.resolveDependency(SslPolicyLoader.class);
    switch(encryptionLevel) {
        case REQUIRED:
            // Encrypted connections are mandatory.
            requireEncryption = true;
            sslCtx = createSslContext(sslPolicyLoader);
            break;
        case OPTIONAL:
            // Encrypted connections are optional.
            requireEncryption = false;
            sslCtx = createSslContext(sslPolicyLoader);
            break;
        case DISABLED:
            // Encryption is turned off.
            requireEncryption = false;
            sslCtx = null;
            break;
        default:
            // In the unlikely event that we happen to fall through to the default option here,
            // there is a mismatch between the BoltConnector.EncryptionLevel enum and the options
            // handled in this switch statement. In this case, we'll log a warning and default to
            // disabling encryption, since this mirrors the functionality introduced in 3.0.
            log.warn("Unhandled encryption level %s - assuming DISABLED.", encryptionLevel.name());
            requireEncryption = false;
            sslCtx = null;
            break;
    }
    SocketAddress listenAddress = config.get(BoltConnector.listen_address).socketAddress();
    Duration channelTimeout = config.get(BoltConnectorInternalSettings.unsupported_bolt_unauth_connection_timeout);
    long maxMessageSize = config.get(BoltConnectorInternalSettings.unsupported_bolt_unauth_connection_max_inbound_bytes);
    return new SocketTransport(BoltConnector.NAME, listenAddress, sslCtx, requireEncryption, logService.getInternalLogProvider(), throttleGroup, boltProtocolFactory, connectionTracker, channelTimeout, maxMessageSize, bufferAllocator, boltMemoryPool);
}
Also used : BoltConnector(org.neo4j.configuration.connectors.BoltConnector) SocketTransport(org.neo4j.bolt.transport.SocketTransport) SslPolicyLoader(org.neo4j.ssl.config.SslPolicyLoader) Duration(java.time.Duration) SocketAddress(java.net.SocketAddress) DomainSocketAddress(io.netty.channel.unix.DomainSocketAddress) InetSocketAddress(java.net.InetSocketAddress) SslContext(io.netty.handler.ssl.SslContext)

Example 3 with SslPolicyLoader

use of org.neo4j.ssl.config.SslPolicyLoader in project neo4j by neo4j.

the class AbstractNeoWebServer method configureWebServer.

protected void configureWebServer() {
    webServer.setHttpAddress(httpListenAddress);
    webServer.setHttpsAddress(httpsListenAddress);
    webServer.setMaxThreads(config.get(ServerSettings.webserver_max_threads));
    webServer.setWadlEnabled(config.get(ServerSettings.wadl_enabled));
    webServer.setComponentsBinder(createComponentsBinder());
    if (// only load sslPolicy when encryption is enabled
    httpsEnabled) {
        SslPolicyLoader sslPolicyLoader = sslPolicyFactorySupplier.get();
        if (sslPolicyLoader.hasPolicyForSource(HTTPS)) {
            webServer.setSslPolicy(sslPolicyLoader.getPolicy(HTTPS));
        }
    }
}
Also used : SslPolicyLoader(org.neo4j.ssl.config.SslPolicyLoader)

Example 4 with SslPolicyLoader

use of org.neo4j.ssl.config.SslPolicyLoader in project neo4j by neo4j.

the class SslPolicyLoaderTest method correctBehaviourIfDotfilesPresent.

@ParameterizedTest
@ValueSource(booleans = { true, false })
void correctBehaviourIfDotfilesPresent(boolean ignoreDotfiles) throws IOException {
    // given
    writeJunkToFile(baseDir, ".README");
    writeJunkToFile(trustedDir, ".README");
    writeJunkToFile(revokedDir, ".README");
    // when
    SslPolicyLoader sslPolicyLoader;
    if (!ignoreDotfiles) {
        assertThrows(Exception.class, () -> createSslPolicyLoader(ignoreDotfiles));
        return;
    } else {
        sslPolicyLoader = createSslPolicyLoader(ignoreDotfiles);
    }
    SslPolicy sslPolicy = sslPolicyLoader.getPolicy(TESTING);
    // then
    assertPolicyValid(sslPolicy);
}
Also used : SslPolicyLoader(org.neo4j.ssl.config.SslPolicyLoader) ValueSource(org.junit.jupiter.params.provider.ValueSource) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 5 with SslPolicyLoader

use of org.neo4j.ssl.config.SslPolicyLoader in project neo4j by neo4j.

the class SslPolicyLoaderTest method shouldNotComplainIfDotdirsPresent.

@ParameterizedTest
@ValueSource(booleans = { true, false })
void shouldNotComplainIfDotdirsPresent(boolean ignoreDotfiles) throws IOException {
    // given
    makeDir(baseDir, "..data");
    makeDir(trustedDir, "..data");
    makeDir(revokedDir, "..data");
    // when
    SslPolicyLoader sslPolicyLoader;
    if (!ignoreDotfiles) {
        Exception exception = assertThrows(Exception.class, () -> createSslPolicyLoader(ignoreDotfiles));
        assertThat(exception.getMessage()).contains("Failed to create trust manager");
        return;
    } else {
        sslPolicyLoader = createSslPolicyLoader(ignoreDotfiles);
    }
    // then
    SslPolicy sslPolicy = sslPolicyLoader.getPolicy(TESTING);
    assertPolicyValid(sslPolicy);
}
Also used : SslPolicyLoader(org.neo4j.ssl.config.SslPolicyLoader) NoSuchFileException(java.nio.file.NoSuchFileException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SSLException(javax.net.ssl.SSLException) CRLException(java.security.cert.CRLException) ValueSource(org.junit.jupiter.params.provider.ValueSource) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Aggregations

SslPolicyLoader (org.neo4j.ssl.config.SslPolicyLoader)8 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)5 ValueSource (org.junit.jupiter.params.provider.ValueSource)3 DomainSocketAddress (io.netty.channel.unix.DomainSocketAddress)2 SslContext (io.netty.handler.ssl.SslContext)2 InetSocketAddress (java.net.InetSocketAddress)2 SocketAddress (java.net.SocketAddress)2 Duration (java.time.Duration)2 SSLException (javax.net.ssl.SSLException)2 Test (org.junit.jupiter.api.Test)2 SocketTransport (org.neo4j.bolt.transport.SocketTransport)2 IOException (java.io.IOException)1 NoSuchFileException (java.nio.file.NoSuchFileException)1 CRLException (java.security.cert.CRLException)1 CertificateException (java.security.cert.CertificateException)1 Config (org.neo4j.configuration.Config)1 BoltConnector (org.neo4j.configuration.connectors.BoltConnector)1 SslPolicyConfig (org.neo4j.configuration.ssl.SslPolicyConfig)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial