Added implementation for database connection with postgresql over SSL (#16947)

* Added implementation for database connection with postgresql over SSL

* Deleted private key

* Refactored postgresoverssl

Author: ultimaterichy

persistence-modules/spring-jpa-3/certs/pg_client.crt

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEgTCCAmmgAwIBAgIUG2Bm4S/8YEFi+GX8rmKgpLEeomEwDQYJKoZIhvcNAQEL
+BQAwWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4X
+DTI0MDYyODA2NTMxMloXDTI1MTExMDA2NTMxMlowWDELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDERMA8GA1UEAwwIcG9zdGdyZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCl8WdMB5WB+zj0LBfZfGZhvTT/xFRlOWbt2DRahVfh3KOtOiIclN+l
+wzV51RzFVuiI4hpUOZH9HHECzuIgo90TVvNkcqAoYIjk/I4lfBR5ItZRSBuVr1jl
+HeYxZhcGwsSS2OLbqQ25Q2SYYV9Cjeh/jiXingy/h7uUF9i9wEppc4txzGiLHQcc
+y5LefNkf8IoUm4+nRbY0/7FFHCIo2Hy20Solog9gcFj39H5rIfISWYWUWKiGH4U0
+ghiU0D37PrUBzf2KliRPjhiW+qiVwfrcIBF+pIqJloLhPphlcufTxJLkW6E8tiCr
+3KyzxKeNPz8y8s++p55vb4P1pF9/nb2nAgMBAAGjQjBAMB0GA1UdDgQWBBSAowXS
+rnfntRKyzeKLq40ryD8FxDAfBgNVHSMEGDAWgBQfFIC2Ro62u4A+THnyQmeq1c88
+WjANBgkqhkiG9w0BAQsFAAOCAgEAPL8RC5fLUYQafB/HCu0zj0LyabhK9fcxq+Ft
+YclLVHH2JPDUdE4JMeKy28o2PNvqkiyQxFBt/WxOryJ0o6avnROK5Tom4EQTI6lo
+5l8U4rZOw/wLO3nCARLcNUlrZQFQgEo0e3+UYj8XLmTM3f+L5oezCXBJ3yIX3w/H
+PPFfZ4a+ZLKw4ebmCId5p3NfDqpPKLnDD0eWu6/egWA2YlCrvS2nG47EVSqDmHEM
+EVBxvOTA3kM5/wBYo+xQsnyuQ2Eltnkfi3TZwWbKF44wXMRv5ZEsLRzQ3lT4U+zP
+SzNFzqVCnI+fQawKS9mB0AKeMLh9RBokAMUTTrsnbFSsEL33JehGuoAiPubgwbUK
+nrUVB9Vwn9yh2YR3FzWHGZlgB64q7ZZrdfPJ1O1C5KkOM0O1msvFsNjs20j4Tcwc
+0ws0QzruVB99uvRU0BMA7BBb/jOz77eeFZ9S15NB5UkBAsb9WK8uuwId1wSptE0K
+NA6qtb8E9/ohPTyjxgtusnMipwFbormKA/7h4QH5CE/+dm7DjncbwaDYCuXxlN6T
+9hNNU2JzWEZiRgdATkykxl25NYXolAHT6HbWsBaEnhLaGCF3SIR+UeXhkZK1PGo0
+W8GGevYQd41dFfrTANi+z4I3rjqGFmWq+P99S4efRXmLMfM24BKgBQywLPj5sUvv
+ojAyFPg=
+-----END CERTIFICATE-----

persistence-modules/spring-jpa-3/certs/pg_client.jks

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFkzCCA3ugAwIBAgIUHmr96r2sLRK8s+dp6Sr5l0JG2WcwDQYJKoZIhvcNAQEL
+BQAwWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4X
+DTI0MDYyODA2NDgzNVoXDTI3MDQxODA2NDgzNVowWTELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA0w+KIS8t6m25xfPvl0hhaXIN2afIJ3J9PKxjP0TUHWQgQO2fnVWt
+H6TxwuUaZlUYjelNqGgFc2HEiZv5RNMEKPnLIBKDmeTZBk1eRQDWPpI+EN4hqw8M
+vdMTkTvPfEhjSRAkUSipGjyk6vZdB53RdtbsXCBOO0XDYCPHU7e7nwBIkTZzLiH5
+BmjidwD/gDElX7hZv7zkwr6yHtj1n0KfNQfAR3aes4LoegNvoIS3MOtsU9Hnx5Tm
+oL49EcA3KOAHZCPy7uX2fHVp//Bn1C8uOrqqSSYjrfyvVTF9BDrqpJPWgjijWzXA
+lhGCkEMKExDEhJigehAq8V78psgYwYQsGQUir28TIQGY8iFP9M55gdRvQzYQUIRs
+vr1tRzaNX7I2NCfjsgmYFvDlXReZJ6CtN+9HO3dHD/XIbGQI4aA3F3lceWp3m0eE
+S+kESOoGPr7qr514fQnDgY4JBSetc2835hKUQfyEulmbWZe4wq5kfFUumz51M4gI
+uinl91wnLx7CrIWQV2LRvNtFqJLAH2mbpDZx1NFqiQTleJI+q8bI5t5H4MqnXR1H
+lG9eJyDETwqvVsoJLGBQRCTIZhnrMS3AYUklrNmL/2/T4QgCTlEUBPUq3wb52BOz
+RRKY6bcj+TfnMb7Mvk+hvOHuiWQBCvpD3ByDbW/GRLctB+FqkQO1TeMCAwEAAaNT
+MFEwHQYDVR0OBBYEFB8UgLZGjra7gD5MefJCZ6rVzzxaMB8GA1UdIwQYMBaAFB8U
+gLZGjra7gD5MefJCZ6rVzzxaMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggIBAEA+z6wkJZWgIfB61D19oeMQQN9o6qlcgI3C9cOZnyyLShkCu6JqwrHG
+OhC9mZ+Zod1/3m1lLCZsS9+SVtQXQkuBprm6wZdMZeYWiuymYWkg353xP4yD3gYz
+I6hphWaRx4G8pxgLauKhu41RlwsgpQ0FiFhiuNvTLpT/PNOTkFckiJU+6bA25sNS
+CZ+1L8x4QgnwgEfw+v9hou0cVRo3F0PW3K9wAorKC2Uu5bHbGPBm68GV1aBQuzuD
+eqzaGwsh7aOROkU0av7GHvSBzRXbsCrNt0UfF32sqEsJlVVY6CxfJO2BNpi3fc2U
+8iH3vh9j9uaVUa03241nam2qrz63SDejfQ/NfvAbiWzaZDtV8MABQ2kdgjuovHCX
+Tz38ZvYgxV4pr8J3787e4Vp/oEDWa4TY9cvqZGihnn+rjlvkQB1wu2MVLObbekLu
+s+nUI73VRIKtkaJsnAXt5yji8jDy4P6pwnlFLeH4AGMdhORQmJuEv2eYDC8E9Gl3
+8LkdseJfQuzQRtPI5YBQpfHYWhtHFHo6+Eq/O1dSeWboI5V2ZFdMl5cZvwiu1VRn
+VzeXsJJw5giOFuYn7jO5k/lRsfVlRjrCh/FnZCaJD3QhuV7pyH/nab5OAMjd8UHp
+Eoiv7TogTvaTEfX78LHNOJFyHX+gLnDWZYDaX4SsjwvQqbKqx/19
+-----END CERTIFICATE-----

persistence-modules/spring-jpa-3/certs/pg_client.p12

@@ -26,6 +26,11 @@
             <artifactId>h2</artifactId>
             <version>${h2.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.postgresql</groupId>
+            <artifactId>postgresql</artifactId>
+            <version>42.7.3</version>
+        </dependency>
 
         <!-- test scoped -->
         <dependency>

persistence-modules/spring-jpa-3/certs/pg_client.pk8

@@ -0,0 +1,59 @@
+package com.baeldung.pgoverssl;
+
+import java.nio.file.Paths;
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.SQLException;
+import java.util.Map;
+import java.util.Properties;
+
+public class PgJdbc {
+
+    public void checkConnectionSsl(String url, String username, String password, Map<String, String> extraProps) {
+        // set up connection properties
+        Properties props = new Properties();
+        props.putAll(extraProps);
+        props.put("username", username);
+        props.put("password", password);
+        props.put("sslmode", "verify-ca");
+        props.put("ssl", "true");
+
+        try (Connection connection = DriverManager.getConnection(url, props)) {
+            if (!connection.isClosed()) {
+                connection.close();
+            }
+            // we had a successful connection
+            System.out.println("Connection was successful");
+        } catch (SQLException e) {
+            System.out.println("Connection failed");
+        }
+    }
+
+    public static void main(String[] args) {
+        PgJdbc pg = new PgJdbc();
+        String url = "jdbc:postgresql://localhost:5432/testdb";
+        String username = "postgres";
+        String password = "password";
+        // base path for files
+        String BASE_PATH = Paths.get(PgJdbc.class.getResource("/pgoverssl/certs").getPath())
+            .toAbsolutePath()
+            .toString();
+
+        Map<String, String> connectionProperties = Map.of("sslcert", BASE_PATH.concat("/pg_client.crt"), "sslkey", BASE_PATH.concat("/pg_client.pk8"),
+            "sslrootcert", BASE_PATH.concat("/root.crt"));
+
+        // connection with regular certificate and private key properties
+        System.out.println("Connection without keystore and truststore");
+        pg.checkConnectionSsl(url, username, password, connectionProperties);
+
+        //connection using keystore and truststore
+        System.setProperty("javax.net.ssl.keyStore", BASE_PATH.concat("/pg_client.jks"));
+        System.setProperty("javax.net.ssl.keyStorePassword", "password");
+        System.setProperty("javax.net.ssl.trustStore", BASE_PATH.concat("/truststore.jks"));
+        System.setProperty("javax.net.ssl.trustStorePassword", "password");
+
+        // connection using trust store
+        System.out.println("\nConnection using keystore and truststore");
+        pg.checkConnectionSsl(url, username, password, Map.of("sslfactory", "org.postgresql.ssl.DefaultJavaSSLFactory"));
+    }
+}

persistence-modules/spring-jpa-3/certs/root.crt

@@ -0,0 +1,12 @@
+package com.baeldung.pgoverssl;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication(scanBasePackages = "com.baeldung")
+public class PgSpringboot {
+
+    public static void main(String[] args) {
+        SpringApplication.run(PgSpringboot.class, args);
+    }
+}

persistence-modules/spring-jpa-3/certs/truststore.jks

@@ -0,0 +1,12 @@
+spring:
+  application:
+    name: postgresqlssltest
+  datasource:
+    url: jdbc:postgresql://localhost:5432/testdb?ssl=true&sslmode=verify-ca&sslrootcert=certs/root.crt&sslcert=certs/pg_client.crt&sslkey=certs/pg_client.pk8
+    username: postgres
+    password: "password"
+    driver-class-name: org.postgresql.Driver
+  jpa:
+    hibernate:
+      ddl-auto: update
+    database-platform: org.hibernate.dialect.PostgreSQLDialect