Merge pull request #469 from marklogic-community/feature/188-hostname-verifier

DEVEXP-188: User can now configure SSL hostname verifier

Author: rjrudin

src/main/java/com/marklogic/appdeployer/DefaultAppConfigFactory.java

@@ -1,6 +1,8 @@
 package com.marklogic.appdeployer;
 
+import com.marklogic.appdeployer.util.JavaClientUtil;
 import com.marklogic.client.DatabaseClient;
+import com.marklogic.client.DatabaseClientFactory;
 import com.marklogic.client.ext.SecurityContextType;
 import com.marklogic.mgmt.util.PropertySource;
 import com.marklogic.mgmt.util.PropertySourceFactory;
@@ -249,6 +251,11 @@ public void initialize() {
 			config.setAppServicesSslProtocol(prop);
 		});
 
+		propertyConsumerMap.put("mlAppServicesSslHostnameVerifier", (config, prop) -> {
+			logger.info("App-Services SSL hostname verifier: " + prop);
+			config.setAppServicesSslHostnameVerifier(JavaClientUtil.toSSLHostnameVerifier(prop));
+		});
+
 		propertyConsumerMap.put("mlAppServicesUseDefaultKeystore", (config, prop) -> {
 			logger.info("Using default JVM keystore for SSL for App-Services server: " + prop);
 			config.setAppServicesUseDefaultKeystore(Boolean.parseBoolean(prop));
@@ -350,6 +357,11 @@ public void initialize() {
 			config.setRestSslProtocol(prop);
 		});
 
+		propertyConsumerMap.put("mlRestSslHostnameVerifier", (config, prop) -> {
+			logger.info("REST SSL hostname verifier: " + prop);
+			config.setRestSslHostnameVerifier(JavaClientUtil.toSSLHostnameVerifier(prop));
+		});
+
 		propertyConsumerMap.put("mlRestUseDefaultKeystore", (config, prop) -> {
 			logger.info("Using default JVM keystore for SSL for client REST API server: " + prop);
 			config.setRestUseDefaultKeystore(Boolean.parseBoolean(prop));

src/main/java/com/marklogic/appdeployer/util/JavaClientUtil.java

@@ -0,0 +1,19 @@
+package com.marklogic.appdeployer.util;
+
+import com.marklogic.client.DatabaseClientFactory;
+
+public interface JavaClientUtil {
+
+	static DatabaseClientFactory.SSLHostnameVerifier toSSLHostnameVerifier(String type) {
+		if ("any".equalsIgnoreCase(type)) {
+			return DatabaseClientFactory.SSLHostnameVerifier.ANY;
+		}
+		if ("common".equalsIgnoreCase(type)) {
+			return DatabaseClientFactory.SSLHostnameVerifier.COMMON;
+		}
+		if ("strict".equalsIgnoreCase(type)) {
+			return DatabaseClientFactory.SSLHostnameVerifier.STRICT;
+		}
+		throw new IllegalArgumentException(String.format("Unrecognized SSLHostnameVerifier type: " + type));
+	}
+}

src/main/java/com/marklogic/mgmt/DefaultManageConfigFactory.java

@@ -1,5 +1,6 @@
 package com.marklogic.mgmt;
 
+import com.marklogic.appdeployer.util.JavaClientUtil;
 import com.marklogic.mgmt.util.PropertySource;
 import com.marklogic.mgmt.util.PropertySourceFactory;
 import org.springframework.util.StringUtils;
@@ -112,6 +113,11 @@ public void initialize() {
 		    config.setSslProtocol(prop);
 	    });
 
+		propertyConsumerMap.put("mlManageSslHostnameVerifier", (config, prop) -> {
+			logger.info("Manage SSL hostname verifier: " + prop);
+			config.setSslHostnameVerifier(JavaClientUtil.toSSLHostnameVerifier(prop));
+		});
+
 	    propertyConsumerMap.put("mlManageUseDefaultKeystore", (config, prop) -> {
 	    	logger.info("Using default JVM keystore for SSL for Manage app server: " + prop);
 	    	config.setUseDefaultKeystore(Boolean.parseBoolean(prop));

src/main/java/com/marklogic/mgmt/admin/DefaultAdminConfigFactory.java

@@ -1,5 +1,6 @@
 package com.marklogic.mgmt.admin;
 
+import com.marklogic.appdeployer.util.JavaClientUtil;
 import com.marklogic.mgmt.util.PropertySource;
 import com.marklogic.mgmt.util.PropertySourceFactory;
 
@@ -108,6 +109,11 @@ public void initialize() {
 		    config.setSslProtocol(prop);
 	    });
 
+		propertyConsumerMap.put("mlAdminSslHostnameVerifier", (config, prop) -> {
+			logger.info("Admin SSL hostname verifier: " + prop);
+			config.setSslHostnameVerifier(JavaClientUtil.toSSLHostnameVerifier(prop));
+		});
+
 	    propertyConsumerMap.put("mlAdminUseDefaultKeystore", (config, prop) -> {
 		    logger.info("Using default JVM keystore for SSL for Admin app server: " + prop);
 		    config.setUseDefaultKeystore(Boolean.parseBoolean(prop));

src/main/java/com/marklogic/rest/util/RestConfig.java

@@ -78,7 +78,8 @@ public DatabaseClientBuilder newDatabaseClientBuilder() {
 			.withCertificateFile(getCertFile())
 			.withCertificatePassword(getCertPassword())
 			.withKerberosPrincipal(getExternalName())
-			.withSAMLToken(getSamlToken());
+			.withSAMLToken(getSamlToken())
+			.withSSLHostnameVerifier(getSslHostnameVerifier());
 
 		if (getSslContext() != null) {
 			builder.withSSLContext(getSslContext());

src/test/java/com/marklogic/appdeployer/DefaultAppConfigFactoryTest.java

@@ -17,6 +17,7 @@
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.fail;
 
@@ -670,6 +671,31 @@ void cloudApiKeyAndBasePath() {
 		assertEquals("/test/path", config.getTestRestBasePath());
 	}
 
+	@Test
+	void sslHostnameVerifier() {
+		AppConfig config = new DefaultAppConfigFactory(new SimplePropertySource(
+			"mlRestSslHostnameVerifier", "any",
+			"mlAppServicesSslHostnameVerifier", "COMmon"
+		)).newAppConfig();
+
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.ANY, config.getRestSslHostnameVerifier());
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.COMMON, config.getAppServicesSslHostnameVerifier());
+
+		config = new DefaultAppConfigFactory(new SimplePropertySource(
+			"mlRestSslHostnameVerifier", "STRICT",
+			"mlAppServicesSslHostnameVerifier", "ANY"
+		)).newAppConfig();
+
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.STRICT, config.getRestSslHostnameVerifier());
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.ANY, config.getAppServicesSslHostnameVerifier());
+
+		IllegalArgumentException ex = assertThrows(IllegalArgumentException.class, () ->
+			new DefaultAppConfigFactory(new SimplePropertySource("mlRestSslHostnameVerifier", "bogus")).newAppConfig());
+		assertEquals("Unable to parse value 'bogus' for property 'mlRestSslHostnameVerifier'; " +
+				"cause: Unrecognized SSLHostnameVerifier type: bogus",
+			ex.getMessage());
+	}
+
 	@Test
 	void samlTokens() {
 		AppConfig config = new DefaultAppConfigFactory(new SimplePropertySource(

src/test/java/com/marklogic/mgmt/DefaultManageConfigFactoryTest.java

@@ -6,6 +6,7 @@
 import org.junit.jupiter.api.Test;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 public class DefaultManageConfigFactoryTest  {
@@ -165,6 +166,20 @@ void samlAuth() {
 		assertEquals("my-token", ((DatabaseClientFactory.SAMLAuthContext)bean.getSecurityContext()).getToken());
 	}
 
+	@Test
+	void sslHostnameVerifier() {
+		ManageConfig config = configure("mlManageSslHostnameVerifier", "common");
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.COMMON, config.getSslHostnameVerifier());
+
+		config = configure("mlManageSslHostnameVerifier", "ANY");
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.ANY, config.getSslHostnameVerifier());
+
+		config = configure("mlManageSslHostnameVerifier", "strICT");
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.STRICT, config.getSslHostnameVerifier());
+
+		assertThrows(IllegalArgumentException.class, () -> configure("mlManageSslHostnameVerifier", "bogus"));
+	}
+
 	private ManageConfig configure(String... properties) {
 		return new DefaultManageConfigFactory(new SimplePropertySource(properties)).newManageConfig();
 	}

src/test/java/com/marklogic/mgmt/admin/DefaultAdminConfigFactoryTest.java

@@ -1,12 +1,14 @@
 package com.marklogic.mgmt.admin;
 
 import com.marklogic.client.DatabaseClientFactory;
+import com.marklogic.mgmt.ManageConfig;
 import com.marklogic.mgmt.util.SimplePropertySource;
 import com.marklogic.rest.util.RestTemplateUtil;
 import org.junit.jupiter.api.Test;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 public class DefaultAdminConfigFactoryTest  {
@@ -123,6 +125,20 @@ void samlAuth() {
 		assertEquals("my-token", ((DatabaseClientFactory.SAMLAuthContext)bean.getSecurityContext()).getToken());
 	}
 
+	@Test
+	void sslHostnameVerifier() {
+		AdminConfig config = configure("mlAdminSslHostnameVerifier", "common");
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.COMMON, config.getSslHostnameVerifier());
+
+		config = configure("mlAdminSslHostnameVerifier", "ANY");
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.ANY, config.getSslHostnameVerifier());
+
+		config = configure("mlAdminSslHostnameVerifier", "strICT");
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.STRICT, config.getSslHostnameVerifier());
+
+		assertThrows(IllegalArgumentException.class, () -> configure("mlAdminSslHostnameVerifier", "bogus"));
+	}
+
 	private AdminConfig configure(String... properties) {
 		return new DefaultAdminConfigFactory(new SimplePropertySource(properties)).newAdminConfig();
 	}