-
Notifications
You must be signed in to change notification settings - Fork 73
DEVEXP-585 Can now configure 2-way SSL #1614
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Bumped the version to 6.4-SNAPSHOT as well so we can start using it in the Mule connector. The main value here is in TwoWaySSLTest, which can use these new properties instead of having to construct an SSLContext itself.
// Approaches 2 and 3 - user defines an SSL protocol. | ||
// Approach 2 - "default" is a convenience for using the JVM's default SSLContext. | ||
// Approach 3 - create a new SSLContext, and initialize it if the user-provided TrustManager is not null. | ||
// Approach 2 - user wants two-way SSL via a keystore. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We had 4 approaches before, we now have 5 - the new approach number 2 is for two-way SSL via a keystore.
} | ||
if (!(trustManagers[0] instanceof X509TrustManager)) { | ||
throw new RuntimeException("Default trust manager is not an X509TrustManager: " + trustManagers[0]); | ||
} | ||
return trustManagers; | ||
} | ||
|
||
/** | ||
* Captures the oft-repeated boilerplate Java code for creating an SSLContext based on a key store. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the location of the main annoying code that a user would otherwise have to write themselves.
if (Common.USE_REVERSE_PROXY_SERVER) { | ||
return; | ||
} | ||
|
||
// This client uses our Java KeyStore file with a client certificate in it, so it should work. | ||
DatabaseClient clientWithCert = Common.newClientBuilder() | ||
.withKeyStorePath(keyStoreFile.getAbsolutePath()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the main value of this story - the user only needs to provide a couple properties for 2-way SSL now instead of all the annoying code for building their own SSL context with all the proper error handling.
Bumped the version to 6.4-SNAPSHOT as well so we can start using it in the Mule connector.
The main value here is in TwoWaySSLTest, which can use these new properties instead of having to construct an SSLContext itself.