DEVEXP-585 Can now configure 2-way SSL #1614
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumped the version to 6.4-SNAPSHOT as well so we can start using it in the Mule connector. The main value here is in TwoWaySSLTest, which can use these new properties instead of having to construct an SSLContext itself.
rjrudin
commented
Oct 24, 2023
| // Approaches 2 and 3 - user defines an SSL protocol. | ||
| // Approach 2 - "default" is a convenience for using the JVM's default SSLContext. | ||
| // Approach 3 - create a new SSLContext, and initialize it if the user-provided TrustManager is not null. | ||
| // Approach 2 - user wants two-way SSL via a keystore. |
There was a problem hiding this comment.
We had 4 approaches before, we now have 5 - the new approach number 2 is for two-way SSL via a keystore.
| } | ||
| if (!(trustManagers[0] instanceof X509TrustManager)) { | ||
| throw new RuntimeException("Default trust manager is not an X509TrustManager: " + trustManagers[0]); | ||
| } | ||
| return trustManagers; | ||
| } | ||
|
|
||
| /** | ||
| * Captures the oft-repeated boilerplate Java code for creating an SSLContext based on a key store. |
There was a problem hiding this comment.
This is the location of the main annoying code that a user would otherwise have to write themselves.
| if (Common.USE_REVERSE_PROXY_SERVER) { | ||
| return; | ||
| } | ||
|
|
||
| // This client uses our Java KeyStore file with a client certificate in it, so it should work. | ||
| DatabaseClient clientWithCert = Common.newClientBuilder() | ||
| .withKeyStorePath(keyStoreFile.getAbsolutePath()) |
There was a problem hiding this comment.
This is the main value of this story - the user only needs to provide a couple properties for 2-way SSL now instead of all the annoying code for building their own SSL context with all the proper error handling.
BillFarber
approved these changes
Oct 25, 2023
anu3990
approved these changes
Oct 25, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumped the version to 6.4-SNAPSHOT as well so we can start using it in the Mule connector.
The main value here is in TwoWaySSLTest, which can use these new properties instead of having to construct an SSLContext itself.