Only read cred file if ssl configured

neo4j · Feb 25, 2016 · 55c6fad · 55c6fad
1 parent b9dbbc6
commit 55c6fad
Showing 1 changed file with 44 additions and 27 deletions.
diff --git a/community/server/src/main/java/org/neo4j/server/AbstractNeoServer.java b/community/server/src/main/java/org/neo4j/server/AbstractNeoServer.java
@@ -30,6 +30,7 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
+import java.util.Optional;
 import java.util.function.Function;
 import java.util.function.Supplier;
 import java.util.regex.Pattern;
@@ -127,7 +128,7 @@ public abstract class AbstractNeoServer implements NeoServer
     protected WebServer webServer;
 
     protected Supplier<BasicAuthManager> authManagerSupplier;
-    protected KeyStoreInformation keyStoreInfo;
+    protected Optional<KeyStoreInformation> keyStoreInfo;
 
     private DatabaseActions databaseActions;
 
@@ -308,10 +309,10 @@ private void configureWebServer() throws Exception
         webServer.setWadlEnabled( config.get( ServerSettings.wadl_enabled ) );
         webServer.setDefaultInjectables( createDefaultInjectables() );
 
-        if ( sslEnabled )
+        if ( keyStoreInfo.isPresent() )
         {
             log.info( "Enabling HTTPS on port %s", sslPort );
-            webServer.setHttpsCertificateInformation( keyStoreInfo );
+            webServer.setHttpsCertificateInformation( keyStoreInfo.get() );
         }
     }
 
@@ -406,43 +407,59 @@ protected Pattern[] getUriWhitelist()
         return DEFAULT_URI_WHITELIST;
     }
 
-    protected KeyStoreInformation createKeyStore()
+    protected Optional<KeyStoreInformation> createKeyStore()
     {
-        File privateKeyPath = config.get( ServerSettings.tls_key_file ).getAbsoluteFile();
-        File certificatePath = config.get( ServerSettings.tls_certificate_file ).getAbsoluteFile();
+        boolean httpsEnabled = getHttpsEnabled();
 
-        try
+        if (httpsEnabled)
         {
-            // If neither file is specified
-            if ( (!certificatePath.exists() && !privateKeyPath.exists()) )
+            File privateKeyPath = config.get( ServerSettings.tls_key_file ).getAbsoluteFile();
+            File certificatePath = config.get( ServerSettings.tls_certificate_file ).getAbsoluteFile();
+
+            try
             {
-                //noinspection deprecation
-                log.info( "No SSL certificate found, generating a self-signed certificate.." );
-                Certificates certFactory = new Certificates();
-                certFactory.createSelfSignedCertificate( certificatePath, privateKeyPath, getWebServerAddress() );
+                // If neither file is specified
+                if ( (!certificatePath.exists() && !privateKeyPath.exists()) )
+                {
+                    //noinspection deprecation
+                    log.info( "No SSL certificate found, generating a self-signed certificate.." );
+                    Certificates certFactory = new Certificates();
+                    certFactory.createSelfSignedCertificate( certificatePath, privateKeyPath, getWebServerAddress() );
+                }
+
+                // Make sure both files were there, or were generated
+                if ( !certificatePath.exists() )
+                {
+                    throw new ServerStartupException(
+                            String.format(
+                                    "TLS private key found, but missing certificate at '%s'. Cannot start server without certificate.",
+
+                                    certificatePath ) );
+                }
+                if ( !privateKeyPath.exists() )
+                {
+                    throw new ServerStartupException(
+                            String.format(
+                                    "TLS certificate found, but missing key at '%s'. Cannot start server without key.",
+                                    privateKeyPath ) );
+                }
+
+                return Optional.of( new KeyStoreFactory().createKeyStore( privateKeyPath, certificatePath ) );
             }
-
-            // Make sure both files were there, or were generated
-            if( !certificatePath.exists() )
+            catch ( GeneralSecurityException e )
             {
                 throw new ServerStartupException(
-                        String.format("TLS private key found, but missing certificate at '%s'. Cannot start server without certificate.", certificatePath ) );
+                        "TLS certificate error occurred, unable to start server: " + e.getMessage(), e );
             }
-            if( !privateKeyPath.exists() )
+            catch ( IOException | OperatorCreationException e )
             {
                 throw new ServerStartupException(
-                        String.format("TLS certificate found, but missing key at '%s'. Cannot start server without key.", privateKeyPath ) );
+                        "IO problem while loading or creating TLS certificates: " + e.getMessage(), e );
             }
-
-            return new KeyStoreFactory().createKeyStore( privateKeyPath, certificatePath );
         }
-        catch( GeneralSecurityException e )
-        {
-            throw new ServerStartupException( "TLS certificate error occurred, unable to start server: " + e.getMessage(), e );
-        }
-        catch( IOException | OperatorCreationException e )
+        else
         {
-            throw new ServerStartupException( "IO problem while loading or creating TLS certificates: " + e.getMessage(), e );
+            return Optional.empty();
         }
     }