Skip to content

DEVEXP-585 Can now configure 2-way SSL #1614

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 25, 2023
Merged

Conversation

rjrudin
Copy link
Contributor

@rjrudin rjrudin commented Oct 24, 2023

Bumped the version to 6.4-SNAPSHOT as well so we can start using it in the Mule connector.

The main value here is in TwoWaySSLTest, which can use these new properties instead of having to construct an SSLContext itself.

Bumped the version to 6.4-SNAPSHOT as well so we can start using it in the Mule connector. 

The main value here is in TwoWaySSLTest, which can use these new properties instead of having to construct an SSLContext itself.
// Approaches 2 and 3 - user defines an SSL protocol.
// Approach 2 - "default" is a convenience for using the JVM's default SSLContext.
// Approach 3 - create a new SSLContext, and initialize it if the user-provided TrustManager is not null.
// Approach 2 - user wants two-way SSL via a keystore.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We had 4 approaches before, we now have 5 - the new approach number 2 is for two-way SSL via a keystore.

}
if (!(trustManagers[0] instanceof X509TrustManager)) {
throw new RuntimeException("Default trust manager is not an X509TrustManager: " + trustManagers[0]);
}
return trustManagers;
}

/**
* Captures the oft-repeated boilerplate Java code for creating an SSLContext based on a key store.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the location of the main annoying code that a user would otherwise have to write themselves.

if (Common.USE_REVERSE_PROXY_SERVER) {
return;
}

// This client uses our Java KeyStore file with a client certificate in it, so it should work.
DatabaseClient clientWithCert = Common.newClientBuilder()
.withKeyStorePath(keyStoreFile.getAbsolutePath())
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the main value of this story - the user only needs to provide a couple properties for 2-way SSL now instead of all the annoying code for building their own SSL context with all the proper error handling.

@rjrudin rjrudin merged commit d37662a into develop Oct 25, 2023
@rjrudin rjrudin deleted the feature/585-2way-ssl branch October 25, 2023 18:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants