This repository has been archived by the owner on Dec 3, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 222
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SSL is disabled by default to avoid POLA violations. It is possible to enable and control SSL behavior via url parameters: - `sslmode=<mode>` enable ssl (prefer/require/verify-ca/verify-full [recommended]) - `sslrootcert=<path.pem>` specifies trusted certificates (JDK cacert if missing) Client certificate authentication is not implemented, due to lack of time and interest, but it should be easy to add.
- Loading branch information
Showing
21 changed files
with
364 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 31 additions & 0 deletions
31
db-async-common/src/main/scala/com/github/mauricio/async/db/SSLConfiguration.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
package com.github.mauricio.async.db | ||
|
||
import java.io.File | ||
|
||
import SSLConfiguration.Mode | ||
|
||
/** | ||
* | ||
* Contains the SSL configuration necessary to connect to a database. | ||
* | ||
* @param mode whether and with what priority a SSL connection will be negotiated, default disabled | ||
* @param rootCert path to PEM encoded trusted root certificates, None to use internal JDK cacerts, defaults to None | ||
* | ||
*/ | ||
case class SSLConfiguration(mode: Mode.Value = Mode.Disable, rootCert: Option[java.io.File] = None) | ||
|
||
object SSLConfiguration { | ||
|
||
object Mode extends Enumeration { | ||
val Disable = Value("disable") // only try a non-SSL connection | ||
val Prefer = Value("prefer") // first try an SSL connection; if that fails, try a non-SSL connection | ||
val Require = Value("require") // only try an SSL connection, but don't verify Certificate Authority | ||
val VerifyCA = Value("verify-ca") // only try an SSL connection, and verify that the server certificate is issued by a trusted certificate authority (CA) | ||
val VerifyFull = Value("verify-full") // only try an SSL connection, verify that the server certificate is issued by a trusted CA and that the server host name matches that in the certificate | ||
} | ||
|
||
def apply(properties: Map[String, String]): SSLConfiguration = SSLConfiguration( | ||
mode = Mode.withName(properties.get("sslmode").getOrElse("disable")), | ||
rootCert = properties.get("sslrootcert").map(new File(_)) | ||
) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
16 changes: 16 additions & 0 deletions
16
...c/src/main/scala/com/github/mauricio/async/db/postgresql/encoders/SSLMessageEncoder.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
package com.github.mauricio.async.db.postgresql.encoders | ||
|
||
import io.netty.buffer.ByteBuf | ||
import io.netty.buffer.Unpooled | ||
|
||
object SSLMessageEncoder { | ||
|
||
def encode(): ByteBuf = { | ||
val buffer = Unpooled.buffer() | ||
buffer.writeInt(8) | ||
buffer.writeShort(1234) | ||
buffer.writeShort(5679) | ||
buffer | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 changes: 3 additions & 0 deletions
3
...n/scala/com/github/mauricio/async/db/postgresql/messages/backend/SSLResponseMessage.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
package com.github.mauricio.async.db.postgresql.messages.backend | ||
|
||
case class SSLResponseMessage(supported: Boolean) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 changes: 3 additions & 0 deletions
3
...cala/com/github/mauricio/async/db/postgresql/messages/frontend/InitialClientMessage.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
package com.github.mauricio.async.db.postgresql.messages.frontend | ||
|
||
trait InitialClientMessage |
5 changes: 5 additions & 0 deletions
5
...n/scala/com/github/mauricio/async/db/postgresql/messages/frontend/SSLRequestMessage.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
package com.github.mauricio.async.db.postgresql.messages.frontend | ||
|
||
import com.github.mauricio.async.db.postgresql.messages.backend.ServerMessage | ||
|
||
object SSLRequestMessage extends InitialClientMessage |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.