#370 Can now customize the protocol for "simple SSL"

Author: rjrudin

gradle.properties

@@ -1,6 +1,6 @@
 group=com.marklogic
 javadocsDir=../gh-pages-marklogic-java/javadocs
 version=3.15.1
-mlJavaclientUtilVersion=3.13.1
+mlJavaclientUtilVersion=3.13.2
 mlJunitVersion=3.2.0
 

src/main/java/com/marklogic/appdeployer/AppConfig.java

@@ -316,15 +316,29 @@ public TokenReplacer buildTokenReplacer() {
 	}
 
     public void setSimpleSslConfig() {
-		setRestSslContext(SimpleX509TrustManager.newSSLContext());
-		setRestSslHostnameVerifier(DatabaseClientFactory.SSLHostnameVerifier.ANY);
-		setRestTrustManager(new SimpleX509TrustManager());
+		setSimpleSslConfig(null);
+    }
+
+	/**
+	 * @param protocol the name of the SSL/TLS protocol to use; if null, will use whatever SimpleX509TrustManager defaults to
+	 */
+	public void setSimpleSslConfig(String protocol) {
+	    setRestSslContext(protocol != null ? SimpleX509TrustManager.newSSLContext(protocol) : SimpleX509TrustManager.newSSLContext());
+	    setRestSslHostnameVerifier(DatabaseClientFactory.SSLHostnameVerifier.ANY);
+	    setRestTrustManager(new SimpleX509TrustManager());
     }
 
     public void setAppServicesSimpleSslConfig() {
-		setAppServicesSslContext(SimpleX509TrustManager.newSSLContext());
-		setAppServicesSslHostnameVerifier(DatabaseClientFactory.SSLHostnameVerifier.ANY);
-		setAppServicesTrustManager(new SimpleX509TrustManager());
+		setAppServicesSimpleSslConfig(null);
+    }
+
+	/**
+	 * @param protocol the name of the SSL/TLS protocol to use; if null, will use whatever SimpleX509TrustManager defaults to
+	 */
+    public void setAppServicesSimpleSslConfig(String protocol) {
+	    setAppServicesSslContext(protocol != null ? SimpleX509TrustManager.newSSLContext(protocol) : SimpleX509TrustManager.newSSLContext());
+	    setAppServicesSslHostnameVerifier(DatabaseClientFactory.SSLHostnameVerifier.ANY);
+	    setAppServicesTrustManager(new SimpleX509TrustManager());
     }
 
     /**

src/main/java/com/marklogic/appdeployer/DefaultAppConfigFactory.java

@@ -4,6 +4,7 @@
 import com.marklogic.client.ext.SecurityContextType;
 import com.marklogic.mgmt.util.PropertySource;
 import com.marklogic.mgmt.util.PropertySourceFactory;
+import org.springframework.util.StringUtils;
 
 import java.io.File;
 import java.util.*;
@@ -218,10 +219,17 @@ public void initialize() {
 			logger.info("App Services external name: " + prop);
 			config.setAppServicesExternalName(prop);
 		});
+
 		propertyConsumerMap.put("mlAppServicesSimpleSsl", (config, prop) -> {
-			if ("true".equals(prop)) {
-				logger.info("Using simple SSL context and 'ANY' hostname verifier for authenticating against the App-Services server");
-				config.setAppServicesSimpleSslConfig();
+			if (StringUtils.hasText(prop) && !"false".equalsIgnoreCase(prop)) {
+				if ("true".equalsIgnoreCase(prop)) {
+					config.setAppServicesSimpleSslConfig();
+				} else {
+					config.setAppServicesSimpleSslConfig(prop);
+				}
+				String protocol = config.getAppServicesSslContext().getProtocol();
+				logger.info(format("Using protocol '%s' and 'ANY' hostname verifier for authenticating against the " +
+					"App-Services server", protocol));
 			}
 		});
 
@@ -284,10 +292,15 @@ public void initialize() {
 		 * setting this property will force the simplest SSL connection to be created.
 		 */
 		propertyConsumerMap.put("mlSimpleSsl", (config, prop) -> {
-			if ("true".equals(prop)) {
-				logger.info(
-					"Using simple SSL context and 'ANY' hostname verifier for authenticating against client REST API server");
-				config.setSimpleSslConfig();
+			if (StringUtils.hasText(prop) && !"false".equalsIgnoreCase(prop)) {
+				if ("true".equalsIgnoreCase(prop)) {
+					config.setSimpleSslConfig();
+				} else {
+					config.setSimpleSslConfig(prop);
+				}
+				String protocol = config.getRestSslContext().getProtocol();
+				logger.info(format("Using protocol '%s' and 'ANY' hostname verifier for authenticating against the " +
+					"client REST API server", protocol));
 			}
 		});
 

src/test/java/com/marklogic/appdeployer/DefaultAppConfigFactoryTest.java

@@ -577,6 +577,41 @@ public void dontModifySetOfDatabasesWithForestsOnOneHostIfItsBeenConfigured() {
 		final String message = "If the user has configured the set of databases, then the default schema and trigger databases names should not be added automatically";
 		assertFalse(message, set.contains("example-triggers"));
 		assertFalse(message, set.contains("example-schemas"));
+	}
+
+	@Test
+	public void appServicesSimpleSsl() {
+		AppConfig config = new DefaultAppConfigFactory(new SimplePropertySource("mlAppServicesSimpleSsl", "true")).newAppConfig();
+		assertEquals("TLSv1.2", config.getAppServicesSslContext().getProtocol());
+
+		config = new DefaultAppConfigFactory(new SimplePropertySource("mlAppServicesSimpleSsl", "TLSv1.2")).newAppConfig();
+		assertEquals("TLSv1.2", config.getAppServicesSslContext().getProtocol());
+
+		config = new DefaultAppConfigFactory(new SimplePropertySource("mlAppServicesSimpleSsl", "TLSv1.1")).newAppConfig();
+		assertEquals("TLSv1.1", config.getAppServicesSslContext().getProtocol());
+
+		config = new DefaultAppConfigFactory(new SimplePropertySource("mlAppServicesSimpleSsl", "false")).newAppConfig();
+		assertNull(config.getAppServicesSslContext());
+
+		config = new DefaultAppConfigFactory(new SimplePropertySource()).newAppConfig();
+		assertNull(config.getAppServicesSslContext());
+	}
+
+	@Test
+	public void restSimpleSsl() {
+		AppConfig config = new DefaultAppConfigFactory(new SimplePropertySource("mlSimpleSsl", "true")).newAppConfig();
+		assertEquals("TLSv1.2", config.getRestSslContext().getProtocol());
+
+		config = new DefaultAppConfigFactory(new SimplePropertySource("mlSimpleSsl", "TLSv1.2")).newAppConfig();
+		assertEquals("TLSv1.2", config.getRestSslContext().getProtocol());
+
+		config = new DefaultAppConfigFactory(new SimplePropertySource("mlSimpleSsl", "TLSv1.1")).newAppConfig();
+		assertEquals("TLSv1.1", config.getRestSslContext().getProtocol());
+
+		config = new DefaultAppConfigFactory(new SimplePropertySource("mlSimpleSsl", "false")).newAppConfig();
+		assertNull(config.getRestSslContext());
 
+		config = new DefaultAppConfigFactory(new SimplePropertySource()).newAppConfig();
+		assertNull(config.getRestSslContext());
 	}
 }