From d0263bab3e7e3bd55617658225b01a327bf0c1bd Mon Sep 17 00:00:00 2001 From: injectives <11927660+injectives@users.noreply.github.com> Date: Wed, 3 Aug 2022 14:00:15 +0100 Subject: [PATCH] Update RevocationStrategy name to RevocationCheckingStrategy (#1283) --- .../main/java/org/neo4j/driver/Config.java | 12 ++--- ...y.java => RevocationCheckingStrategy.java} | 9 ++-- .../driver/internal/SecuritySettings.java | 16 +++---- .../internal/security/SecurityPlan.java | 4 +- .../internal/security/SecurityPlanImpl.java | 47 ++++++++++--------- .../java/org/neo4j/driver/ConfigTest.java | 18 +++---- .../integration/ChannelConnectorImplIT.java | 4 +- .../driver/internal/SecuritySettingsTest.java | 14 +++--- .../NettyChannelInitializerTest.java | 6 +-- 9 files changed, 68 insertions(+), 62 deletions(-) rename driver/src/main/java/org/neo4j/driver/{RevocationStrategy.java => RevocationCheckingStrategy.java} (77%) diff --git a/driver/src/main/java/org/neo4j/driver/Config.java b/driver/src/main/java/org/neo4j/driver/Config.java index f32ce174b1..3ab7f9e479 100644 --- a/driver/src/main/java/org/neo4j/driver/Config.java +++ b/driver/src/main/java/org/neo4j/driver/Config.java @@ -691,7 +691,7 @@ public enum Strategy { private final Strategy strategy; private final List certFiles; private boolean hostnameVerificationEnabled = true; - private RevocationStrategy revocationStrategy = RevocationStrategy.NO_CHECKS; + private RevocationCheckingStrategy revocationCheckingStrategy = RevocationCheckingStrategy.NO_CHECKS; private TrustStrategy(Strategy strategy) { this(strategy, Collections.emptyList()); @@ -802,8 +802,8 @@ public static TrustStrategy trustAllCertificates() { * The revocation strategy used for verifying certificates. * @return this {@link TrustStrategy}'s revocation strategy */ - public RevocationStrategy revocationStrategy() { - return revocationStrategy; + public RevocationCheckingStrategy revocationCheckingStrategy() { + return revocationCheckingStrategy; } /** @@ -812,7 +812,7 @@ public RevocationStrategy revocationStrategy() { * @return the current trust strategy */ public TrustStrategy withoutCertificateRevocationChecks() { - this.revocationStrategy = RevocationStrategy.NO_CHECKS; + this.revocationCheckingStrategy = RevocationCheckingStrategy.NO_CHECKS; return this; } @@ -824,7 +824,7 @@ public TrustStrategy withoutCertificateRevocationChecks() { * @return the current trust strategy */ public TrustStrategy withVerifyIfPresentRevocationChecks() { - this.revocationStrategy = RevocationStrategy.VERIFY_IF_PRESENT; + this.revocationCheckingStrategy = RevocationCheckingStrategy.VERIFY_IF_PRESENT; return this; } @@ -838,7 +838,7 @@ public TrustStrategy withVerifyIfPresentRevocationChecks() { * @return the current trust strategy */ public TrustStrategy withStrictRevocationChecks() { - this.revocationStrategy = RevocationStrategy.STRICT; + this.revocationCheckingStrategy = RevocationCheckingStrategy.STRICT; return this; } } diff --git a/driver/src/main/java/org/neo4j/driver/RevocationStrategy.java b/driver/src/main/java/org/neo4j/driver/RevocationCheckingStrategy.java similarity index 77% rename from driver/src/main/java/org/neo4j/driver/RevocationStrategy.java rename to driver/src/main/java/org/neo4j/driver/RevocationCheckingStrategy.java index e5a6c4fc24..ffeb751b03 100644 --- a/driver/src/main/java/org/neo4j/driver/RevocationStrategy.java +++ b/driver/src/main/java/org/neo4j/driver/RevocationCheckingStrategy.java @@ -18,7 +18,10 @@ */ package org.neo4j.driver; -public enum RevocationStrategy { +/** + * Defines strategy for revocation checks. + */ +public enum RevocationCheckingStrategy { /** Don't do any OCSP revocation checks, regardless whether there are stapled revocation statuses or not. */ NO_CHECKS, /** Verify OCSP revocation checks when the revocation status is stapled to the certificate, continue if not. */ @@ -26,7 +29,7 @@ public enum RevocationStrategy { /** Require stapled revocation status and verify OCSP revocation checks, fail if no revocation status is stapled to the certificate. */ STRICT; - public static boolean requiresRevocationChecking(RevocationStrategy revocationStrategy) { - return revocationStrategy.equals(STRICT) || revocationStrategy.equals(VERIFY_IF_PRESENT); + public static boolean requiresRevocationChecking(RevocationCheckingStrategy revocationCheckingStrategy) { + return revocationCheckingStrategy.equals(STRICT) || revocationCheckingStrategy.equals(VERIFY_IF_PRESENT); } } diff --git a/driver/src/main/java/org/neo4j/driver/internal/SecuritySettings.java b/driver/src/main/java/org/neo4j/driver/internal/SecuritySettings.java index 6c55e17be7..c86daeeb88 100644 --- a/driver/src/main/java/org/neo4j/driver/internal/SecuritySettings.java +++ b/driver/src/main/java/org/neo4j/driver/internal/SecuritySettings.java @@ -26,7 +26,7 @@ import java.io.Serializable; import java.security.GeneralSecurityException; import org.neo4j.driver.Config; -import org.neo4j.driver.RevocationStrategy; +import org.neo4j.driver.RevocationCheckingStrategy; import org.neo4j.driver.exceptions.ClientException; import org.neo4j.driver.internal.security.SecurityPlan; import org.neo4j.driver.internal.security.SecurityPlanImpl; @@ -67,7 +67,7 @@ private boolean hasEqualTrustStrategy(SecuritySettings other) { return t1.isHostnameVerificationEnabled() == t2.isHostnameVerificationEnabled() && t1.strategy() == t2.strategy() && t1.certFiles().equals(t2.certFiles()) - && t1.revocationStrategy() == t2.revocationStrategy(); + && t1.revocationCheckingStrategy() == t2.revocationCheckingStrategy(); } public SecurityPlan createSecurityPlan(String uriScheme) { @@ -93,9 +93,9 @@ private void assertSecuritySettingsNotUserConfigured(String uriScheme) { private SecurityPlan createSecurityPlanFromScheme(String scheme) throws GeneralSecurityException, IOException { if (isHighTrustScheme(scheme)) { - return SecurityPlanImpl.forSystemCASignedCertificates(true, RevocationStrategy.NO_CHECKS); + return SecurityPlanImpl.forSystemCASignedCertificates(true, RevocationCheckingStrategy.NO_CHECKS); } else { - return SecurityPlanImpl.forAllCertificates(false, RevocationStrategy.NO_CHECKS); + return SecurityPlanImpl.forAllCertificates(false, RevocationCheckingStrategy.NO_CHECKS); } } @@ -107,16 +107,16 @@ private static SecurityPlan createSecurityPlanImpl(boolean encrypted, Config.Tru throws GeneralSecurityException, IOException { if (encrypted) { boolean hostnameVerificationEnabled = trustStrategy.isHostnameVerificationEnabled(); - RevocationStrategy revocationStrategy = trustStrategy.revocationStrategy(); + RevocationCheckingStrategy revocationCheckingStrategy = trustStrategy.revocationCheckingStrategy(); switch (trustStrategy.strategy()) { case TRUST_CUSTOM_CA_SIGNED_CERTIFICATES: return SecurityPlanImpl.forCustomCASignedCertificates( - trustStrategy.certFiles(), hostnameVerificationEnabled, revocationStrategy); + trustStrategy.certFiles(), hostnameVerificationEnabled, revocationCheckingStrategy); case TRUST_SYSTEM_CA_SIGNED_CERTIFICATES: return SecurityPlanImpl.forSystemCASignedCertificates( - hostnameVerificationEnabled, revocationStrategy); + hostnameVerificationEnabled, revocationCheckingStrategy); case TRUST_ALL_CERTIFICATES: - return SecurityPlanImpl.forAllCertificates(hostnameVerificationEnabled, revocationStrategy); + return SecurityPlanImpl.forAllCertificates(hostnameVerificationEnabled, revocationCheckingStrategy); default: throw new ClientException("Unknown TLS authentication strategy: " + trustStrategy.strategy().name()); diff --git a/driver/src/main/java/org/neo4j/driver/internal/security/SecurityPlan.java b/driver/src/main/java/org/neo4j/driver/internal/security/SecurityPlan.java index 0390f1c7ea..2a823cac4b 100644 --- a/driver/src/main/java/org/neo4j/driver/internal/security/SecurityPlan.java +++ b/driver/src/main/java/org/neo4j/driver/internal/security/SecurityPlan.java @@ -19,7 +19,7 @@ package org.neo4j.driver.internal.security; import javax.net.ssl.SSLContext; -import org.neo4j.driver.RevocationStrategy; +import org.neo4j.driver.RevocationCheckingStrategy; /** * A SecurityPlan consists of encryption and trust details. @@ -31,5 +31,5 @@ public interface SecurityPlan { boolean requiresHostnameVerification(); - RevocationStrategy revocationStrategy(); + RevocationCheckingStrategy revocationCheckingStrategy(); } diff --git a/driver/src/main/java/org/neo4j/driver/internal/security/SecurityPlanImpl.java b/driver/src/main/java/org/neo4j/driver/internal/security/SecurityPlanImpl.java index b3f1be0555..492ebf3557 100644 --- a/driver/src/main/java/org/neo4j/driver/internal/security/SecurityPlanImpl.java +++ b/driver/src/main/java/org/neo4j/driver/internal/security/SecurityPlanImpl.java @@ -18,8 +18,8 @@ */ package org.neo4j.driver.internal.security; -import static org.neo4j.driver.RevocationStrategy.VERIFY_IF_PRESENT; -import static org.neo4j.driver.RevocationStrategy.requiresRevocationChecking; +import static org.neo4j.driver.RevocationCheckingStrategy.VERIFY_IF_PRESENT; +import static org.neo4j.driver.RevocationCheckingStrategy.requiresRevocationChecking; import static org.neo4j.driver.internal.util.CertificateTool.loadX509Cert; import java.io.File; @@ -41,36 +41,39 @@ import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; -import org.neo4j.driver.RevocationStrategy; +import org.neo4j.driver.RevocationCheckingStrategy; /** * A SecurityPlan consists of encryption and trust details. */ public class SecurityPlanImpl implements SecurityPlan { public static SecurityPlan forAllCertificates( - boolean requiresHostnameVerification, RevocationStrategy revocationStrategy) + boolean requiresHostnameVerification, RevocationCheckingStrategy revocationCheckingStrategy) throws GeneralSecurityException { SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(new KeyManager[0], new TrustManager[] {new TrustAllTrustManager()}, null); - return new SecurityPlanImpl(true, sslContext, requiresHostnameVerification, revocationStrategy); + return new SecurityPlanImpl(true, sslContext, requiresHostnameVerification, revocationCheckingStrategy); } public static SecurityPlan forCustomCASignedCertificates( - List certFiles, boolean requiresHostnameVerification, RevocationStrategy revocationStrategy) + List certFiles, + boolean requiresHostnameVerification, + RevocationCheckingStrategy revocationCheckingStrategy) throws GeneralSecurityException, IOException { - SSLContext sslContext = configureSSLContext(certFiles, revocationStrategy); - return new SecurityPlanImpl(true, sslContext, requiresHostnameVerification, revocationStrategy); + SSLContext sslContext = configureSSLContext(certFiles, revocationCheckingStrategy); + return new SecurityPlanImpl(true, sslContext, requiresHostnameVerification, revocationCheckingStrategy); } public static SecurityPlan forSystemCASignedCertificates( - boolean requiresHostnameVerification, RevocationStrategy revocationStrategy) + boolean requiresHostnameVerification, RevocationCheckingStrategy revocationCheckingStrategy) throws GeneralSecurityException, IOException { - SSLContext sslContext = configureSSLContext(Collections.emptyList(), revocationStrategy); - return new SecurityPlanImpl(true, sslContext, requiresHostnameVerification, revocationStrategy); + SSLContext sslContext = configureSSLContext(Collections.emptyList(), revocationCheckingStrategy); + return new SecurityPlanImpl(true, sslContext, requiresHostnameVerification, revocationCheckingStrategy); } - private static SSLContext configureSSLContext(List customCertFiles, RevocationStrategy revocationStrategy) + private static SSLContext configureSSLContext( + List customCertFiles, RevocationCheckingStrategy revocationCheckingStrategy) throws GeneralSecurityException, IOException { KeyStore trustedKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustedKeyStore.load(null, null); @@ -83,7 +86,7 @@ private static SSLContext configureSSLContext(List customCertFiles, Revoca } PKIXBuilderParameters pkixBuilderParameters = - configurePKIXBuilderParameters(trustedKeyStore, revocationStrategy); + configurePKIXBuilderParameters(trustedKeyStore, revocationCheckingStrategy); SSLContext sslContext = SSLContext.getInstance("TLS"); TrustManagerFactory trustManagerFactory = @@ -101,11 +104,11 @@ private static SSLContext configureSSLContext(List customCertFiles, Revoca } private static PKIXBuilderParameters configurePKIXBuilderParameters( - KeyStore trustedKeyStore, RevocationStrategy revocationStrategy) + KeyStore trustedKeyStore, RevocationCheckingStrategy revocationCheckingStrategy) throws InvalidAlgorithmParameterException, KeyStoreException { PKIXBuilderParameters pkixBuilderParameters = null; - if (requiresRevocationChecking(revocationStrategy)) { + if (requiresRevocationChecking(revocationCheckingStrategy)) { // Configure certificate revocation checking (X509CertSelector() selects all certificates) pkixBuilderParameters = new PKIXBuilderParameters(trustedKeyStore, new X509CertSelector()); @@ -115,7 +118,7 @@ private static PKIXBuilderParameters configurePKIXBuilderParameters( // enables status_request extension in client hello System.setProperty("jdk.tls.client.enableStatusRequestExtension", "true"); - if (revocationStrategy.equals(VERIFY_IF_PRESENT)) { + if (revocationCheckingStrategy.equals(VERIFY_IF_PRESENT)) { // enables soft-fail behaviour if no stapled response found. Security.setProperty("ocsp.enable", "true"); } @@ -146,23 +149,23 @@ private static void loadSystemCertificates(KeyStore trustedKeyStore) throws Gene } public static SecurityPlan insecure() { - return new SecurityPlanImpl(false, null, false, RevocationStrategy.NO_CHECKS); + return new SecurityPlanImpl(false, null, false, RevocationCheckingStrategy.NO_CHECKS); } private final boolean requiresEncryption; private final SSLContext sslContext; private final boolean requiresHostnameVerification; - private final RevocationStrategy revocationStrategy; + private final RevocationCheckingStrategy revocationCheckingStrategy; private SecurityPlanImpl( boolean requiresEncryption, SSLContext sslContext, boolean requiresHostnameVerification, - RevocationStrategy revocationStrategy) { + RevocationCheckingStrategy revocationCheckingStrategy) { this.requiresEncryption = requiresEncryption; this.sslContext = sslContext; this.requiresHostnameVerification = requiresHostnameVerification; - this.revocationStrategy = revocationStrategy; + this.revocationCheckingStrategy = revocationCheckingStrategy; } @Override @@ -181,8 +184,8 @@ public boolean requiresHostnameVerification() { } @Override - public RevocationStrategy revocationStrategy() { - return revocationStrategy; + public RevocationCheckingStrategy revocationCheckingStrategy() { + return revocationCheckingStrategy; } private static class TrustAllTrustManager implements X509TrustManager { diff --git a/driver/src/test/java/org/neo4j/driver/ConfigTest.java b/driver/src/test/java/org/neo4j/driver/ConfigTest.java index 29740202b6..468e222ad8 100644 --- a/driver/src/test/java/org/neo4j/driver/ConfigTest.java +++ b/driver/src/test/java/org/neo4j/driver/ConfigTest.java @@ -26,9 +26,9 @@ import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; import static org.mockito.Mockito.mock; -import static org.neo4j.driver.RevocationStrategy.NO_CHECKS; -import static org.neo4j.driver.RevocationStrategy.STRICT; -import static org.neo4j.driver.RevocationStrategy.VERIFY_IF_PRESENT; +import static org.neo4j.driver.RevocationCheckingStrategy.NO_CHECKS; +import static org.neo4j.driver.RevocationCheckingStrategy.STRICT; +import static org.neo4j.driver.RevocationCheckingStrategy.VERIFY_IF_PRESENT; import static org.neo4j.driver.internal.handlers.pulln.FetchSizeUtil.DEFAULT_FETCH_SIZE; import java.io.File; @@ -282,16 +282,16 @@ void shouldEnableAndDisableHostnameVerificationOnTrustStrategy() { @Test void shouldEnableAndDisableCertificateRevocationChecksOnTestStrategy() { Config.TrustStrategy trustStrategy = Config.TrustStrategy.trustSystemCertificates(); - assertEquals(NO_CHECKS, trustStrategy.revocationStrategy()); + assertEquals(NO_CHECKS, trustStrategy.revocationCheckingStrategy()); assertSame(trustStrategy, trustStrategy.withoutCertificateRevocationChecks()); - assertEquals(NO_CHECKS, trustStrategy.revocationStrategy()); + assertEquals(NO_CHECKS, trustStrategy.revocationCheckingStrategy()); assertSame(trustStrategy, trustStrategy.withStrictRevocationChecks()); - assertEquals(STRICT, trustStrategy.revocationStrategy()); + assertEquals(STRICT, trustStrategy.revocationCheckingStrategy()); assertSame(trustStrategy, trustStrategy.withVerifyIfPresentRevocationChecks()); - assertEquals(VERIFY_IF_PRESENT, trustStrategy.revocationStrategy()); + assertEquals(VERIFY_IF_PRESENT, trustStrategy.revocationCheckingStrategy()); } @Test @@ -429,8 +429,8 @@ void shouldSerialize() throws Exception { config.trustStrategy().isHostnameVerificationEnabled(), verify.trustStrategy().isHostnameVerificationEnabled()); assertEquals( - config.trustStrategy().revocationStrategy(), - verify.trustStrategy().revocationStrategy()); + config.trustStrategy().revocationCheckingStrategy(), + verify.trustStrategy().revocationCheckingStrategy()); assertEquals(config.userAgent(), verify.userAgent()); assertEquals(config.isMetricsEnabled(), verify.isMetricsEnabled()); assertEquals(config.metricsAdapter(), verify.metricsAdapter()); diff --git a/driver/src/test/java/org/neo4j/driver/integration/ChannelConnectorImplIT.java b/driver/src/test/java/org/neo4j/driver/integration/ChannelConnectorImplIT.java index 2583563415..e99e963a84 100644 --- a/driver/src/test/java/org/neo4j/driver/integration/ChannelConnectorImplIT.java +++ b/driver/src/test/java/org/neo4j/driver/integration/ChannelConnectorImplIT.java @@ -49,7 +49,7 @@ import org.junit.jupiter.api.extension.RegisterExtension; import org.neo4j.driver.AuthToken; import org.neo4j.driver.AuthTokens; -import org.neo4j.driver.RevocationStrategy; +import org.neo4j.driver.RevocationCheckingStrategy; import org.neo4j.driver.exceptions.AuthenticationException; import org.neo4j.driver.exceptions.ServiceUnavailableException; import org.neo4j.driver.internal.BoltServerAddress; @@ -222,6 +222,6 @@ private ChannelConnectorImpl newConnector( } private static SecurityPlan trustAllCertificates() throws GeneralSecurityException { - return SecurityPlanImpl.forAllCertificates(false, RevocationStrategy.NO_CHECKS); + return SecurityPlanImpl.forAllCertificates(false, RevocationCheckingStrategy.NO_CHECKS); } } diff --git a/driver/src/test/java/org/neo4j/driver/internal/SecuritySettingsTest.java b/driver/src/test/java/org/neo4j/driver/internal/SecuritySettingsTest.java index b2aaa8baeb..86c0688f5e 100644 --- a/driver/src/test/java/org/neo4j/driver/internal/SecuritySettingsTest.java +++ b/driver/src/test/java/org/neo4j/driver/internal/SecuritySettingsTest.java @@ -22,9 +22,9 @@ import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.neo4j.driver.RevocationStrategy.NO_CHECKS; -import static org.neo4j.driver.RevocationStrategy.STRICT; -import static org.neo4j.driver.RevocationStrategy.VERIFY_IF_PRESENT; +import static org.neo4j.driver.RevocationCheckingStrategy.NO_CHECKS; +import static org.neo4j.driver.RevocationCheckingStrategy.STRICT; +import static org.neo4j.driver.RevocationCheckingStrategy.VERIFY_IF_PRESENT; import java.io.File; import java.io.IOException; @@ -77,7 +77,7 @@ void testSystemCertCompatibleConfiguration(String scheme) throws Exception { assertTrue(securityPlan.requiresEncryption()); assertTrue(securityPlan.requiresHostnameVerification()); - assertEquals(NO_CHECKS, securityPlan.revocationStrategy()); + assertEquals(NO_CHECKS, securityPlan.revocationCheckingStrategy()); } @ParameterizedTest @@ -178,7 +178,7 @@ void testConfigureStrictRevocationChecking(String scheme) { SecurityPlan securityPlan = securitySettings.createSecurityPlan(scheme); - assertEquals(STRICT, securityPlan.revocationStrategy()); + assertEquals(STRICT, securityPlan.revocationCheckingStrategy()); } @ParameterizedTest @@ -192,7 +192,7 @@ void testConfigureVerifyIfPresentRevocationChecking(String scheme) { SecurityPlan securityPlan = securitySettings.createSecurityPlan(scheme); - assertEquals(VERIFY_IF_PRESENT, securityPlan.revocationStrategy()); + assertEquals(VERIFY_IF_PRESENT, securityPlan.revocationCheckingStrategy()); } @ParameterizedTest @@ -205,7 +205,7 @@ void testRevocationCheckingDisabledByDefault(String scheme) { SecurityPlan securityPlan = securitySettings.createSecurityPlan(scheme); - assertEquals(NO_CHECKS, securityPlan.revocationStrategy()); + assertEquals(NO_CHECKS, securityPlan.revocationCheckingStrategy()); } @Nested diff --git a/driver/src/test/java/org/neo4j/driver/internal/async/connection/NettyChannelInitializerTest.java b/driver/src/test/java/org/neo4j/driver/internal/async/connection/NettyChannelInitializerTest.java index 30bc28e3ed..d00e967dbc 100644 --- a/driver/src/test/java/org/neo4j/driver/internal/async/connection/NettyChannelInitializerTest.java +++ b/driver/src/test/java/org/neo4j/driver/internal/async/connection/NettyChannelInitializerTest.java @@ -43,7 +43,7 @@ import javax.net.ssl.SSLParameters; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.Test; -import org.neo4j.driver.RevocationStrategy; +import org.neo4j.driver.RevocationCheckingStrategy; import org.neo4j.driver.internal.BoltServerAddress; import org.neo4j.driver.internal.security.SecurityPlan; import org.neo4j.driver.internal.security.SecurityPlanImpl; @@ -134,7 +134,7 @@ void shouldNotEnableHostnameVerificationWhenNotConfigured() throws Exception { private void testHostnameVerificationSetting(boolean enabled, String expectedValue) throws Exception { NettyChannelInitializer initializer = - newInitializer(SecurityPlanImpl.forAllCertificates(enabled, RevocationStrategy.NO_CHECKS)); + newInitializer(SecurityPlanImpl.forAllCertificates(enabled, RevocationCheckingStrategy.NO_CHECKS)); initializer.initChannel(channel); @@ -158,6 +158,6 @@ private static NettyChannelInitializer newInitializer( } private static SecurityPlan trustAllCertificates() throws GeneralSecurityException { - return SecurityPlanImpl.forAllCertificates(false, RevocationStrategy.NO_CHECKS); + return SecurityPlanImpl.forAllCertificates(false, RevocationCheckingStrategy.NO_CHECKS); } }