Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Check for equality of value instead of equality of instance. #1100

Merged
merged 2 commits into from
Dec 20, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import java.io.IOException;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.util.Objects;

import org.neo4j.driver.Config;
import org.neo4j.driver.exceptions.ClientException;
Expand Down Expand Up @@ -59,7 +60,20 @@ public Config.TrustStrategy trustStrategy()

private boolean isCustomized()
{
return this != DEFAULT;
return !(DEFAULT.encrypted() == this.encrypted() && DEFAULT.hasEqualTrustStrategy( this ));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed this is the source of contention across serialization exercises. This change would fix that.

}

private boolean hasEqualTrustStrategy( SecuritySettings other )
{
Config.TrustStrategy t1 = this.trustStrategy;
Config.TrustStrategy t2 = other.trustStrategy;
if ( t1 == t2 )
{
return true;
}

return t1.isHostnameVerificationEnabled() == t2.isHostnameVerificationEnabled() && t1.strategy() == t2.strategy() &&
Objects.equals( t1.certFile(), t2.certFile() ) && t1.revocationStrategy() == t2.revocationStrategy();
}

public SecurityPlan createSecurityPlan( String uriScheme )
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,21 +18,29 @@
*/
package org.neo4j.driver.internal;

import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import org.junit.platform.commons.support.ReflectionSupport;

import java.io.File;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.stream.Stream;

import org.neo4j.driver.Config;
import org.neo4j.driver.exceptions.ClientException;
import org.neo4j.driver.internal.security.SecurityPlan;
import org.neo4j.driver.util.TestUtil;

import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.neo4j.driver.internal.RevocationStrategy.STRICT;
import static org.neo4j.driver.internal.RevocationStrategy.NO_CHECKS;
import static org.neo4j.driver.internal.RevocationStrategy.STRICT;
import static org.neo4j.driver.internal.RevocationStrategy.VERIFY_IF_PRESENT;

class SecuritySettingsTest
Expand Down Expand Up @@ -98,7 +106,7 @@ void testSelfSignedCertConfigDisablesHostnameVerification( String scheme ) throw
void testThrowsOnUserCustomizedEncryption( String scheme )
{
SecuritySettings securitySettings = new SecuritySettings.SecuritySettingsBuilder()
.withoutEncryption()
.withEncryption()
.build();

ClientException ex =
Expand All @@ -113,7 +121,7 @@ void testThrowsOnUserCustomizedEncryption( String scheme )
void testThrowsOnUserCustomizedTrustConfiguration( String scheme )
{
SecuritySettings securitySettings = new SecuritySettings.SecuritySettingsBuilder()
.withTrustStrategy( Config.TrustStrategy.trustSystemCertificates() )
.withTrustStrategy( Config.TrustStrategy.trustAllCertificates() )
.build();

ClientException ex =
Expand Down Expand Up @@ -218,4 +226,102 @@ void testRevocationCheckingDisabledByDefault( String scheme )
assertEquals( NO_CHECKS, securityPlan.revocationStrategy() );
}

@Nested
class SerializationTests
{
Method isCustomized = ReflectionSupport.findMethod( SecuritySettings.class, "isCustomized" ).orElseThrow(
() -> new RuntimeException( "This test requires isCustomized to be present." ) );

boolean isCustomized( SecuritySettings securitySettings )
{
isCustomized.setAccessible( true );
try
{
return (boolean) isCustomized.invoke( securitySettings );
}
catch ( IllegalAccessException | InvocationTargetException e )
{
throw new RuntimeException( e );
}
}

@Test
void defaultSettingsShouldNotBeCustomizedWhenReadBack() throws IOException, ClassNotFoundException
{
SecuritySettings securitySettings = new SecuritySettings.SecuritySettingsBuilder().build();

assertFalse( isCustomized( securitySettings ) );

SecuritySettings verify = TestUtil.serializeAndReadBack( securitySettings, SecuritySettings.class );

assertFalse( isCustomized( verify ) );
}

@Test
void defaultsShouldBeCheckCorrect() throws IOException, ClassNotFoundException
{
SecuritySettings securitySettings = new SecuritySettings.SecuritySettingsBuilder().withoutEncryption().withTrustStrategy(
Config.TrustStrategy.trustSystemCertificates() ).build();

// The settings are still equivalent to the defaults, even if the builder has been used. It is not customized.
assertFalse( isCustomized( securitySettings ) );

SecuritySettings verify = TestUtil.serializeAndReadBack( securitySettings, SecuritySettings.class );

assertFalse( isCustomized( verify ) );
}

@Test
void shouldReadBackChangedEncryption() throws IOException, ClassNotFoundException
{
SecuritySettings securitySettings =
new SecuritySettings.SecuritySettingsBuilder().withEncryption().withTrustStrategy( Config.TrustStrategy.trustSystemCertificates() ).build();

assertTrue( isCustomized( securitySettings ) );
assertTrue( securitySettings.encrypted() );

SecuritySettings verify = TestUtil.serializeAndReadBack( securitySettings, SecuritySettings.class );

assertTrue( isCustomized( verify ) );
assertTrue( securitySettings.encrypted() );
}

@Test
void shouldReadBackChangedStrategey() throws IOException, ClassNotFoundException
{
SecuritySettings securitySettings =
new SecuritySettings.SecuritySettingsBuilder().withoutEncryption().withTrustStrategy( Config.TrustStrategy.trustAllCertificates() ).build();

// The settings are still equivalent to the defaults, even if the builder has been used. It is not customized.
assertTrue( isCustomized( securitySettings ) );
assertFalse( securitySettings.encrypted() );
assertEquals( Config.TrustStrategy.trustAllCertificates().strategy(), securitySettings.trustStrategy().strategy() );

SecuritySettings verify = TestUtil.serializeAndReadBack( securitySettings, SecuritySettings.class );

assertTrue( isCustomized( verify ) );
assertFalse( securitySettings.encrypted() );
assertEquals( Config.TrustStrategy.trustAllCertificates().strategy(), securitySettings.trustStrategy().strategy() );
}

@Test
void shouldReadBackChangedCertFile() throws IOException, ClassNotFoundException
{
SecuritySettings securitySettings = new SecuritySettings.SecuritySettingsBuilder().withoutEncryption().withTrustStrategy(
Config.TrustStrategy.trustCustomCertificateSignedBy( new File( "some.cert" ) ) ).build();

// The settings are still equivalent to the defaults, even if the builder has been used. It is not customized.
assertTrue( isCustomized( securitySettings ) );
assertFalse( securitySettings.encrypted() );
assertEquals( Config.TrustStrategy.trustCustomCertificateSignedBy( new File( "some.cert" ) ).strategy(),
securitySettings.trustStrategy().strategy() );

SecuritySettings verify = TestUtil.serializeAndReadBack( securitySettings, SecuritySettings.class );

assertTrue( isCustomized( verify ) );
assertFalse( securitySettings.encrypted() );
assertEquals( Config.TrustStrategy.trustCustomCertificateSignedBy( new File( "some.cert" ) ).strategy(),
securitySettings.trustStrategy().strategy() );
}
}
}