#392 Can now create SSL connections using default keystore

Hacking around


asdfasdf


adsf


more


afasfd


asdf

Author: rjrudin

src/main/java/com/marklogic/appdeployer/AppConfig.java

@@ -12,10 +12,12 @@
 import com.marklogic.client.ext.SecurityContextType;
 import com.marklogic.client.ext.modulesloader.impl.PropertiesModuleManager;
 import com.marklogic.client.ext.modulesloader.ssl.SimpleX509TrustManager;
+import com.marklogic.client.ext.ssl.SslUtil;
 import com.marklogic.client.ext.tokenreplacer.DefaultTokenReplacer;
 import com.marklogic.client.ext.tokenreplacer.PropertiesSource;
 import com.marklogic.client.ext.tokenreplacer.RoxyTokenReplacer;
 import com.marklogic.client.ext.tokenreplacer.TokenReplacer;
+import org.springframework.util.StringUtils;
 
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.X509TrustManager;
@@ -92,7 +94,11 @@ public class AppConfig {
     private String restCertPassword;
     private String restExternalName;
     private X509TrustManager restTrustManager;
-    private Integer restPort = DEFAULT_PORT;
+	private boolean restUseDefaultKeystore;
+	private String restSslProtocol;
+	private String restTrustManagementAlgorithm;
+
+	private Integer restPort = DEFAULT_PORT;
     private Integer testRestPort;
 
     // Connection info for using the App Services client REST API - e.g. to load non-REST API modules
@@ -107,6 +113,9 @@ public class AppConfig {
 	private String appServicesCertPassword;
 	private String appServicesExternalName;
 	private X509TrustManager appServicesTrustManager;
+	private boolean appServicesUseDefaultKeystore;
+	private String appServicesSslProtocol;
+	private String appServicesTrustManagementAlgorithm;
 
     // These can all be set to override the default names that are generated off of the "name" attribute.
     private String groupName = DEFAULT_GROUP;
@@ -364,15 +373,24 @@ public DatabaseClient newTestDatabaseClient() {
     }
 
     public DatabaseClientConfig newRestDatabaseClientConfig(int port) {
-	    DatabaseClientConfig config = new DatabaseClientConfig(getHost(), port, getRestAdminUsername(), getRestAdminPassword());
-	    config.setCertFile(getRestCertFile());
-	    config.setCertPassword(getRestCertPassword());
+	    DatabaseClientConfig config = new DatabaseClientConfig(host, port, restAdminUsername, restAdminPassword);
+	    config.setCertFile(restCertFile);
+	    config.setCertPassword(restCertPassword);
 	    config.setConnectionType(restConnectionType);
-	    config.setExternalName(getRestExternalName());
+	    config.setExternalName(restExternalName);
 	    config.setSecurityContextType(restSecurityContextType);
-	    config.setSslContext(getRestSslContext());
-	    config.setSslHostnameVerifier(getRestSslHostnameVerifier());
-	    config.setTrustManager(restTrustManager);
+
+	    if (restUseDefaultKeystore) {
+		    config.setSslProtocol(StringUtils.hasText(restSslProtocol) ? restSslProtocol : SslUtil.DEFAULT_SSL_PROTOCOL);
+		    config.setTrustManagementAlgorithm(restTrustManagementAlgorithm);
+		    config.setSslHostnameVerifier(restSslHostnameVerifier != null ? restSslHostnameVerifier : SSLHostnameVerifier.ANY);
+	    }
+	    else {
+		    config.setSslContext(restSslContext);
+		    config.setTrustManager(restTrustManager);
+		    config.setSslHostnameVerifier(restSslHostnameVerifier);
+	    }
+
 	    return config;
     }
 
@@ -394,16 +412,25 @@ public DatabaseClient newSchemasDatabaseClient() {
     }
 
     public DatabaseClient newAppServicesDatabaseClient(String databaseName) {
-	    DatabaseClientConfig config = new DatabaseClientConfig(getHost(), getAppServicesPort(), getAppServicesUsername(), getAppServicesPassword());
-	    config.setCertFile(getAppServicesCertFile());
-	    config.setCertPassword(getAppServicesCertPassword());
+	    DatabaseClientConfig config = new DatabaseClientConfig(host, appServicesPort, appServicesUsername, appServicesPassword);
+	    config.setCertFile(appServicesCertFile);
+	    config.setCertPassword(appServicesCertPassword);
 	    config.setConnectionType(appServicesConnectionType);
 	    config.setDatabase(databaseName);
-	    config.setExternalName(getAppServicesExternalName());
+	    config.setExternalName(appServicesExternalName);
 	    config.setSecurityContextType(appServicesSecurityContextType);
-	    config.setSslContext(getAppServicesSslContext());
-	    config.setSslHostnameVerifier(getAppServicesSslHostnameVerifier());
-	    config.setTrustManager(appServicesTrustManager);
+
+	    if (appServicesUseDefaultKeystore) {
+		    config.setSslProtocol(StringUtils.hasText(appServicesSslProtocol) ? appServicesSslProtocol : SslUtil.DEFAULT_SSL_PROTOCOL);
+		    config.setTrustManagementAlgorithm(appServicesTrustManagementAlgorithm);
+		    config.setSslHostnameVerifier(appServicesSslHostnameVerifier != null ? appServicesSslHostnameVerifier : SSLHostnameVerifier.ANY);
+	    }
+	    else {
+		    config.setSslContext(appServicesSslContext);
+		    config.setTrustManager(appServicesTrustManager);
+		    config.setSslHostnameVerifier(appServicesSslHostnameVerifier);
+	    }
+
 	    return configuredDatabaseClientFactory.newDatabaseClient(config);
     }
 
@@ -1424,4 +1451,53 @@ public void setDeployAmpsWithCma(boolean b) {
 		getCmaConfig().setDeployAmps(b);
 	}
 	// End of methods still used by DHF 4.3.x
+
+
+	public boolean isRestUseDefaultKeystore() {
+		return restUseDefaultKeystore;
+	}
+
+	public void setRestUseDefaultKeystore(boolean restUseDefaultKeystore) {
+		this.restUseDefaultKeystore = restUseDefaultKeystore;
+	}
+
+	public String getRestSslProtocol() {
+		return restSslProtocol;
+	}
+
+	public void setRestSslProtocol(String restSslProtocol) {
+		this.restSslProtocol = restSslProtocol;
+	}
+
+	public String getRestTrustManagementAlgorithm() {
+		return restTrustManagementAlgorithm;
+	}
+
+	public void setRestTrustManagementAlgorithm(String restTrustManagementAlgorithm) {
+		this.restTrustManagementAlgorithm = restTrustManagementAlgorithm;
+	}
+
+	public boolean isAppServicesUseDefaultKeystore() {
+		return appServicesUseDefaultKeystore;
+	}
+
+	public void setAppServicesUseDefaultKeystore(boolean appServicesUseDefaultKeystore) {
+		this.appServicesUseDefaultKeystore = appServicesUseDefaultKeystore;
+	}
+
+	public String getAppServicesSslProtocol() {
+		return appServicesSslProtocol;
+	}
+
+	public void setAppServicesSslProtocol(String appServicesSslProtocol) {
+		this.appServicesSslProtocol = appServicesSslProtocol;
+	}
+
+	public String getAppServicesTrustManagementAlgorithm() {
+		return appServicesTrustManagementAlgorithm;
+	}
+
+	public void setAppServicesTrustManagementAlgorithm(String appServicesTrustManagementAlgorithm) {
+		this.appServicesTrustManagementAlgorithm = appServicesTrustManagementAlgorithm;
+	}
 }

src/main/java/com/marklogic/appdeployer/DefaultAppConfigFactory.java

@@ -238,6 +238,21 @@ public void initialize() {
 			}
 		});
 
+		propertyConsumerMap.put("mlAppServicesSslProtocol", (config, prop) -> {
+			logger.info("Using SSL protocol for App-Services server: " + prop);
+			config.setAppServicesSslProtocol(prop);
+		});
+
+		propertyConsumerMap.put("mlAppServicesUseDefaultKeystore", (config, prop) -> {
+			logger.info("Using default JVM keystore for SSL for App-Services server: " + prop);
+			config.setAppServicesUseDefaultKeystore(Boolean.parseBoolean(prop));
+		});
+
+		propertyConsumerMap.put("mlAppServicesTrustManagementAlgorithm", (config, prop) -> {
+			logger.info("Using trust management algorithm for SSL for App-Services server: " + prop);
+			config.setAppServicesTrustManagementAlgorithm(prop);
+		});
+
 		/**
 		 * Set this to true to prevent creating a REST API server by default.
 		 */
@@ -309,6 +324,22 @@ public void initialize() {
 			}
 		});
 
+		propertyConsumerMap.put("mlRestSslProtocol", (config, prop) -> {
+			logger.info("Using SSL protocol for client REST API server: " + prop);
+			config.setRestSslProtocol(prop);
+		});
+
+		propertyConsumerMap.put("mlRestUseDefaultKeystore", (config, prop) -> {
+			logger.info("Using default JVM keystore for SSL for client REST API server: " + prop);
+			config.setRestUseDefaultKeystore(Boolean.parseBoolean(prop));
+		});
+
+		propertyConsumerMap.put("mlRestTrustManagementAlgorithm", (config, prop) -> {
+			logger.info("Using trust management algorithm for SSL for client REST API server: " + prop);
+			config.setRestTrustManagementAlgorithm(prop);
+		});
+
+
 		/**
 		 * mlUsername and mlPassword are the default username/password for connecting to the app's REST server (if one
 		 * exists) and to App-Services on 8000. These are processed before the other username/password properties so that

src/main/java/com/marklogic/mgmt/DefaultManageConfigFactory.java

@@ -82,6 +82,21 @@ public void initialize() {
 		    config.setConfigureSimpleSsl(Boolean.parseBoolean(prop));
 	    });
 
+	    propertyConsumerMap.put("mlManageSslProtocol", (config, prop) -> {
+		    logger.info("Using SSL protocol for Manage app server: " + prop);
+		    config.setSslProtocol(prop);
+	    });
+
+	    propertyConsumerMap.put("mlManageUseDefaultKeystore", (config, prop) -> {
+	    	logger.info("Using default JVM keystore for SSL for Manage app server: " + prop);
+	    	config.setUseDefaultKeystore(Boolean.parseBoolean(prop));
+	    });
+
+	    propertyConsumerMap.put("mlManageTrustManagementAlgorithm", (config, prop) -> {
+		    logger.info("Using trust management algorithm for SSL for Manage app server: " + prop);
+		    config.setTrustManagementAlgorithm(prop);
+	    });
+
 	    propertyConsumerMap.put("mlManageCleanJsonPayloads", (config, prop) -> {
 		    logger.info("Cleaning Management API JSON payloads: " + prop);
 		    config.setCleanJsonPayloads(Boolean.parseBoolean(prop));

src/main/java/com/marklogic/mgmt/admin/DefaultAdminConfigFactory.java

@@ -78,6 +78,21 @@ public void initialize() {
 		    logger.info("Use simple SSL for Admin interface: " + prop);
 		    config.setConfigureSimpleSsl(Boolean.parseBoolean(prop));
 	    });
+
+	    propertyConsumerMap.put("mlAdminSslProtocol", (config, prop) -> {
+		    logger.info("Using SSL protocol for Admin app server: " + prop);
+		    config.setSslProtocol(prop);
+	    });
+
+	    propertyConsumerMap.put("mlAdminUseDefaultKeystore", (config, prop) -> {
+		    logger.info("Using default JVM keystore for SSL for Admin app server: " + prop);
+		    config.setUseDefaultKeystore(Boolean.parseBoolean(prop));
+	    });
+
+	    propertyConsumerMap.put("mlAdminTrustManagementAlgorithm", (config, prop) -> {
+		    logger.info("Using trust management algorithm for SSL for Admin app server: " + prop);
+		    config.setTrustManagementAlgorithm(prop);
+	    });
     }
 
     @Override

src/main/java/com/marklogic/rest/util/RestConfig.java

@@ -13,7 +13,12 @@ public class RestConfig {
 	private String username;
 	private String password;
 	private String scheme = "http";
+
 	private boolean configureSimpleSsl;
+	private boolean useDefaultKeystore;
+	private String sslProtocol;
+	private String trustManagementAlgorithm;
+
 	private SSLContext sslContext;
 	private X509HostnameVerifier hostnameVerifier;
 
@@ -116,4 +121,28 @@ public X509HostnameVerifier getHostnameVerifier() {
 	public void setHostnameVerifier(X509HostnameVerifier hostnameVerifier) {
 		this.hostnameVerifier = hostnameVerifier;
 	}
+
+	public String getSslProtocol() {
+		return sslProtocol;
+	}
+
+	public void setSslProtocol(String sslProtocol) {
+		this.sslProtocol = sslProtocol;
+	}
+
+	public String getTrustManagementAlgorithm() {
+		return trustManagementAlgorithm;
+	}
+
+	public void setTrustManagementAlgorithm(String trustManagementAlgorithm) {
+		this.trustManagementAlgorithm = trustManagementAlgorithm;
+	}
+
+	public boolean isUseDefaultKeystore() {
+		return useDefaultKeystore;
+	}
+
+	public void setUseDefaultKeystore(boolean useDefaultKeystore) {
+		this.useDefaultKeystore = useDefaultKeystore;
+	}
 }