Review feedback

gjmwoods · gjmwoods · commit fdc6e955f431 · 2020-08-21T13:51:54.000+01:00
diff --git a/driver/src/main/java/org/neo4j/driver/internal/security/SecurityPlanImpl.java b/driver/src/main/java/org/neo4j/driver/internal/security/SecurityPlanImpl.java
@@ -63,7 +63,7 @@ public static SecurityPlan forSystemCASignedCertificates( boolean requiresHostna
         return new SecurityPlanImpl( true, sslContext, requiresHostnameVerification, requiresRevocationChecking );
     }
 
-    public static SSLContext configureSSLContext( File customCertFile, boolean requiresRevocationChecking )
+    private static SSLContext configureSSLContext( File customCertFile, boolean requiresRevocationChecking )
             throws GeneralSecurityException, IOException
     {
         KeyStore trustedKeyStore = KeyStore.getInstance( KeyStore.getDefaultType() );
@@ -85,18 +85,16 @@ public static SSLContext configureSSLContext( File customCertFile, boolean requi
         // sets checking of stapled ocsp response
         pkixBuilderParameters.setRevocationEnabled( requiresRevocationChecking );
 
-        // enables status_request exentension in client hello
+        // enables status_request extension in client hello
         if ( requiresRevocationChecking )
         {
             System.setProperty( "jdk.tls.client.enableStatusRequestExtension", "true" );
         }
 
-        // Create TrustManager from TrustedKeyStore
-        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
-        trustManagerFactory.init( new CertPathTrustManagerParameters( pkixBuilderParameters ) );
-
         SSLContext sslContext = SSLContext.getInstance( "TLS" );
 
+        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
+        trustManagerFactory.init( new CertPathTrustManagerParameters( pkixBuilderParameters ) );
         sslContext.init( new KeyManager[0], trustManagerFactory.getTrustManagers(), null );
 
         return sslContext;
diff --git a/driver/src/main/java/org/neo4j/driver/internal/util/CertificateTool.java b/driver/src/main/java/org/neo4j/driver/internal/util/CertificateTool.java
@@ -36,7 +36,7 @@
 /**
  * A tool used to save, load certs, etc.
  */
-public class CertificateTool
+public final class CertificateTool
 {
     private static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
     private static final String END_CERT = "-----END CERTIFICATE-----";
@@ -170,6 +170,10 @@ public static String X509CertToString( String cert )
         String cert64CharPerLine = cert.replaceAll( "(.{64})", "$1\n" );
         return BEGIN_CERT + "\n" + cert64CharPerLine + "\n"+ END_CERT + "\n";
     }
+
+    private CertificateTool()
+    {
+    }
 }
 
 
diff --git a/driver/src/test/java/org/neo4j/driver/internal/SecuritySettingsTest.java b/driver/src/test/java/org/neo4j/driver/internal/SecuritySettingsTest.java
@@ -23,13 +23,11 @@
 import org.junit.jupiter.params.provider.MethodSource;
 
 import java.util.stream.Stream;
-import javax.net.ssl.SSLContext;
 
 import org.neo4j.driver.Config;
 import org.neo4j.driver.exceptions.ClientException;
 import org.neo4j.driver.internal.security.SecurityPlan;
 
-import static org.junit.Assert.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -75,11 +73,9 @@ void testSystemCertCompatibleConfiguration( String scheme ) throws Exception
 
         SecurityPlan securityPlan = securitySettings.createSecurityPlan( scheme );
 
-        SSLContext defaultContext = SSLContext.getDefault();
-
         assertTrue( securityPlan.requiresEncryption() );
         assertTrue( securityPlan.requiresHostnameVerification() );
-        assertEquals( defaultContext, securityPlan.sslContext() );
+        assertFalse( securityPlan.requiresRevocationChecking() );
     }
 
     @ParameterizedTest
@@ -140,7 +136,7 @@ void testThrowsOnUserCustomizedTrustConfigurationAndEncryption( String scheme )
         assertTrue( ex.getMessage().contains( String.format( "Scheme %s is not configurable with manual encryption and trust settings", scheme ) ));
     }
 
-    @ParameterizedTest()
+    @ParameterizedTest
     @MethodSource( "unencryptedSchemes" )
     void testNoEncryption( String scheme )
     {
@@ -151,7 +147,7 @@ void testNoEncryption( String scheme )
         assertFalse( securityPlan.requiresEncryption() );
     }
 
-    @ParameterizedTest()
+    @ParameterizedTest
     @MethodSource( "unencryptedSchemes" )
     void testConfiguredEncryption( String scheme )
     {
@@ -163,7 +159,7 @@ void testConfiguredEncryption( String scheme )
         assertTrue( securityPlan.requiresEncryption() );
     }
 
-    @ParameterizedTest()
+    @ParameterizedTest
     @MethodSource( "unencryptedSchemes" )
     void testConfiguredAllCertificates( String scheme)
     {
@@ -177,7 +173,7 @@ void testConfiguredAllCertificates( String scheme)
         assertTrue( securityPlan.requiresEncryption() );
     }
 
-    @ParameterizedTest()
+    @ParameterizedTest
     @MethodSource( "unencryptedSchemes" )
     void testConfigureRevocationChecking( String scheme )
     {
@@ -191,7 +187,7 @@ void testConfigureRevocationChecking( String scheme )
         assertTrue( securityPlan.requiresRevocationChecking() );
     }
 
-    @ParameterizedTest()
+    @ParameterizedTest
     @MethodSource( "unencryptedSchemes" )
     void testRevocationCheckingDisabledByDefault( String scheme )
     {

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@`
`36`	`36`	`/**`
`37`	`37`	`* A tool used to save, load certs, etc.`
`38`	`38`	`*/`
`39`		`-public class CertificateTool`
	`39`	`+public final class CertificateTool`
`40`	`40`	`{`
`41`	`41`	`private static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";`
`42`	`42`	`private static final String END_CERT = "-----END CERTIFICATE-----";`
`@@ -170,6 +170,10 @@ public static String X509CertToString( String cert )`
`170`	`170`	`String cert64CharPerLine = cert.replaceAll( "(.{64})", "$1\n" );`
`171`	`171`	`return BEGIN_CERT + "\n" + cert64CharPerLine + "\n"+ END_CERT + "\n";`
`172`	`172`	`}`
	`173`	`+`
	`174`	`+ private CertificateTool()`
	`175`	`+ {`
	`176`	`+ }`
`173`	`177`	`}`
`174`	`178`
`175`	`179`
Original file line number	Diff line number	Diff line change
`@@ -23,13 +23,11 @@`
`23`	`23`	`import org.junit.jupiter.params.provider.MethodSource;`
`24`	`24`
`25`	`25`	`import java.util.stream.Stream;`
`26`		`-import javax.net.ssl.SSLContext;`
`27`	`26`
`28`	`27`	`import org.neo4j.driver.Config;`
`29`	`28`	`import org.neo4j.driver.exceptions.ClientException;`
`30`	`29`	`import org.neo4j.driver.internal.security.SecurityPlan;`
`31`	`30`
`32`		`-import static org.junit.Assert.assertEquals;`
`33`	`31`	`import static org.junit.jupiter.api.Assertions.assertFalse;`
`34`	`32`	`import static org.junit.jupiter.api.Assertions.assertThrows;`
`35`	`33`	`import static org.junit.jupiter.api.Assertions.assertTrue;`
`@@ -75,11 +73,9 @@ void testSystemCertCompatibleConfiguration( String scheme ) throws Exception`
`75`	`73`
`76`	`74`	`SecurityPlan securityPlan = securitySettings.createSecurityPlan( scheme );`
`77`	`75`
`78`		`- SSLContext defaultContext = SSLContext.getDefault();`
`79`		`-`
`80`	`76`	`assertTrue( securityPlan.requiresEncryption() );`
`81`	`77`	`assertTrue( securityPlan.requiresHostnameVerification() );`
`82`		`- assertEquals( defaultContext, securityPlan.sslContext() );`
	`78`	`+ assertFalse( securityPlan.requiresRevocationChecking() );`
`83`	`79`	`}`
`84`	`80`
`85`	`81`	`@ParameterizedTest`
`@@ -140,7 +136,7 @@ void testThrowsOnUserCustomizedTrustConfigurationAndEncryption( String scheme )`
`140`	`136`	`assertTrue( ex.getMessage().contains( String.format( "Scheme %s is not configurable with manual encryption and trust settings", scheme ) ));`
`141`	`137`	`}`
`142`	`138`
`143`		`- @ParameterizedTest()`
	`139`	`+ @ParameterizedTest`
`144`	`140`	`@MethodSource( "unencryptedSchemes" )`
`145`	`141`	`void testNoEncryption( String scheme )`
`146`	`142`	`{`
`@@ -151,7 +147,7 @@ void testNoEncryption( String scheme )`
`151`	`147`	`assertFalse( securityPlan.requiresEncryption() );`
`152`	`148`	`}`
`153`	`149`
`154`		`- @ParameterizedTest()`
	`150`	`+ @ParameterizedTest`
`155`	`151`	`@MethodSource( "unencryptedSchemes" )`
`156`	`152`	`void testConfiguredEncryption( String scheme )`
`157`	`153`	`{`
`@@ -163,7 +159,7 @@ void testConfiguredEncryption( String scheme )`
`163`	`159`	`assertTrue( securityPlan.requiresEncryption() );`
`164`	`160`	`}`
`165`	`161`
`166`		`- @ParameterizedTest()`
	`162`	`+ @ParameterizedTest`
`167`	`163`	`@MethodSource( "unencryptedSchemes" )`
`168`	`164`	`void testConfiguredAllCertificates( String scheme)`
`169`	`165`	`{`
`@@ -177,7 +173,7 @@ void testConfiguredAllCertificates( String scheme)`
`177`	`173`	`assertTrue( securityPlan.requiresEncryption() );`
`178`	`174`	`}`
`179`	`175`
`180`		`- @ParameterizedTest()`
	`176`	`+ @ParameterizedTest`
`181`	`177`	`@MethodSource( "unencryptedSchemes" )`
`182`	`178`	`void testConfigureRevocationChecking( String scheme )`
`183`	`179`	`{`
`@@ -191,7 +187,7 @@ void testConfigureRevocationChecking( String scheme )`
`191`	`187`	`assertTrue( securityPlan.requiresRevocationChecking() );`
`192`	`188`	`}`
`193`	`189`
`194`		`- @ParameterizedTest()`
	`190`	`+ @ParameterizedTest`
`195`	`191`	`@MethodSource( "unencryptedSchemes" )`
`196`	`192`	`void testRevocationCheckingDisabledByDefault( String scheme )`
`197`	`193`	`{`