Added SSL support

[Mart-Bogdan]

Added SSL support, see #43
Now can be used with Heroku, as heroku supports only SSL.

[vietj]

@Mart-Bogdan have you signed the Eclipse CA ?

[Mart-Bogdan]

@vietj I belive yes, I've made some PRs to one of your repos(if I remember correctly) . But that was quite a while, I do not remember exactly whole process.

[Mart-Bogdan]

I've checked, yes I'm signed it. Do I need to sign off commits in this repo?

[Mart-Bogdan]

Hello, @vietj so this can be merged?

[Narigo]

Let me review it on Friday... sorry :/ Am 11.05.2017 13:48 schrieb "Bogdan Mart" <notifications@github.com>:

…

Hello, @vietj <https://github.com/vietj> so this can be merged? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#78 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABr5uTKrDMJAEqawRdCNkSTEIEveQNnaks5r4vVugaJpZM4NVrbf> .

[Mart-Bogdan]

@Narigo thanks

[Narigo]

Would it be possible to add a test for this change?

[Narigo]

sslMode and sslRootCert would be more appropriate names (maxPoolSize and queryTimeout are camel cased as well)

[Mart-Bogdan]

Seems reasonable.

[Mart-Bogdan]

But I won't change "verify-ca" and "verify-full" as it's direct values passed to underlying library.

[Mart-Bogdan]

Would it be possible to add a test for this change?
I'm quite not sure how to test it. AFAIK postgresql by default allows both SSL and non SSL connections in default configuration.

Honestly, I didn't figured out how to run your tests. Can it be run without Docker?
But anyway how can be tested SSL, perhaps try to connect heroku database? and check if it work (they require SSL)

[Mart-Bogdan]

@Narigo database test connection is configured at this method io.vertx.ext.asyncsql.PostgreSQLClientTest#init?

But i'm still not sure how to test this functionality.

[Mart-Bogdan]

Hello, @Narigo, what do you think?
I have no idea how to check connectivity to ssl, but I would like to see this merged, so I won't have to use custom build from fork in local repository.

[Narigo]

Hi @Mart-Bogdan and sorry for being so late with replies here. I try to check the code myself this week and get back to you on the weekend. If @pmlopes has time to have a look, especially regarding testing the SSL stuff, I guess we could use helpful input ;)

[Narigo]

I've tried to get this running but had trouble getting the environment to work. Maybe some docker expert could help us here? @cescoffier @vietj @pmlopes ?

Two test cases like this should suffice, but I'm unsure how to get it into a test environment / set up that environment using docker:

  @Test
  public void testCorrectSslConfiguration(TestContext context) {
    Async async = context.async();
    String path = getClass()
      .getResource("/ssl-docker/server.crt")
      .getPath();

    System.out.println("Path = " + path);

    JsonObject sslConfig = new JsonObject()
      .put("sslMode", "require")
      .put("sslRootCert", path);

    client = createClient(vertx, sslConfig);

    client.getConnection(sqlConnectionAsyncResult -> {
      sqlConnectionAsyncResult.cause().printStackTrace();
      context.assertTrue(sqlConnectionAsyncResult.succeeded());
      conn = sqlConnectionAsyncResult.result();
      conn.query("SELECT 1", ar -> {
        if (ar.failed()) {
          context.fail("Should not fail on ssl connection");
        } else {
          async.complete();
        }
      });
    });
  }

  @Test
  public void testWrongSslConfiguration(TestContext context) {
    Async async = context.async();
    client = createClient(vertx,
      new JsonObject()
        .put("host", System.getProperty("db.host", "localhost"))
        .put("sslMode", "verify-ca")
        .put("sslRootCert", "something-wrong.crt")
    );

    client.getConnection(sqlConnectionAsyncResult -> {
      context.assertTrue(sqlConnectionAsyncResult.failed());
      async.complete();
    });
  }

I've created a folder /src/test/resources/ssl-docker with a server.crt and server.key file (which I borrowed from the tests of the underlying driver's SSL implementation). Then I added a file called init.sh with contents found here. Running the PostgreSQL docker through this command: docker run -it --rm -v $(pwd)/src/test/resources/ssl-docker/:/docker-entrypoint-initdb.d/ --name vertx-postgres -e POSTGRES_USER=vertx -e POSTGRES_PASSWORD=password -e POSTGRES_DB=testdb -p 5432:5432 postgres -l and executing mvn test yielded a timeout on the testCorrectSslConfiguration. The terminal running the docker command additionally logs LOG: could not accept SSL connection: EOF detected while the test is running (waiting for the timeout) and LOG: could not receive data from client: Connection reset by peer when the timeout occurred.

I'm pretty sure I'm doing something wrong here, so help is highly appreciated... :)
I guess we need to change the way we run the docker image (otherwise the tests will fail because no SSL is activated) and add this to Travis as well...

[Mart-Bogdan]

Hi there, I've managet to get Docler runing on my machine, and configured SSL image of postgreSQL.
I'm planing to add test to this PR this week.

@vietj Would it be ok, if I change port numbers used for my-sql and postgre-sql? Currently default ones are being used, but that won't work if databases are installed on machine.

I want to chage ports for both DBs in tests, and add second instance of postgre, with SSL.

[Narigo]

@Mart-Bogdan I finally came around fixing this. I've added tests and how to run the ssl docker stuff. I also rebased everything on the latest master, so I'll create a new PR for you to review the tests.

[Narigo]

I'll close this in favor of the rebased version with tests over here: #88