diff --git a/driver/src/main/java/org/neo4j/driver/internal/DriverFactory.java b/driver/src/main/java/org/neo4j/driver/internal/DriverFactory.java index 11925ce3c9..bd30a26322 100644 --- a/driver/src/main/java/org/neo4j/driver/internal/DriverFactory.java +++ b/driver/src/main/java/org/neo4j/driver/internal/DriverFactory.java @@ -225,10 +225,7 @@ private static SecurityPlan createSecurityPlan( BoltServerAddress address, Confi private static SecurityPlan createSecurityPlanImpl( BoltServerAddress address, Config config ) throws GeneralSecurityException, IOException { - Config.EncryptionLevel encryptionLevel = config.encryptionLevel(); - boolean requiresEncryption = encryptionLevel.equals( REQUIRED ); - - if ( requiresEncryption ) + if ( config.encrypted() ) { Logger logger = config.logging().getLog( "session" ); switch ( config.trustStrategy().strategy() ) diff --git a/driver/src/main/java/org/neo4j/driver/v1/Config.java b/driver/src/main/java/org/neo4j/driver/v1/Config.java index 79247fc145..7c1b3ece4b 100644 --- a/driver/src/main/java/org/neo4j/driver/v1/Config.java +++ b/driver/src/main/java/org/neo4j/driver/v1/Config.java @@ -65,8 +65,8 @@ public class Config */ private final long idleTimeBeforeConnectionTest; - /** Level of encryption we need to adhere to */ - private final EncryptionLevel encryptionLevel; + /** Indicator for encrypted traffic */ + private final boolean encrypted; /** Strategy for how to trust encryption certificate */ private final TrustStrategy trustStrategy; @@ -86,7 +86,7 @@ private Config( ConfigBuilder builder) this.idleTimeBeforeConnectionTest = builder.idleTimeBeforeConnectionTest; this.maxIdleConnectionPoolSize = builder.maxIdleConnectionPoolSize; - this.encryptionLevel = builder.encryptionLevel; + this.encrypted = builder.encrypted; this.trustStrategy = builder.trustStrategy; this.routingFailureLimit = builder.routingFailureLimit; this.routingRetryDelayMillis = builder.routingRetryDelayMillis; @@ -156,9 +156,18 @@ public int connectionTimeoutMillis() /** * @return the level of encryption required for all connections. */ + @Deprecated public EncryptionLevel encryptionLevel() { - return encryptionLevel; + return encrypted ? EncryptionLevel.REQUIRED : EncryptionLevel.NONE; + } + + /** + * @return indicator for encrypted communication. + */ + public boolean encrypted() + { + return encrypted; } /** @@ -205,7 +214,7 @@ public static class ConfigBuilder private boolean logLeakedSessions; private int maxIdleConnectionPoolSize = PoolSettings.DEFAULT_MAX_IDLE_CONNECTION_POOL_SIZE; private long idleTimeBeforeConnectionTest = PoolSettings.DEFAULT_IDLE_TIME_BEFORE_CONNECTION_TEST; - private EncryptionLevel encryptionLevel = EncryptionLevel.REQUIRED; + private boolean encrypted = true; private TrustStrategy trustStrategy = trustAllCertificates(); private int routingFailureLimit = 1; private long routingRetryDelayMillis = TimeUnit.SECONDS.toMillis( 5 ); @@ -328,9 +337,30 @@ public ConfigBuilder withConnectionLivenessCheckTimeout( long value, TimeUnit un * @param level the TLS level to use * @return this builder */ + @Deprecated public ConfigBuilder withEncryptionLevel( EncryptionLevel level ) { - this.encryptionLevel = level; + this.encrypted = level == EncryptionLevel.REQUIRED; + return this; + } + + /** + * Set to use encrypted traffic. + * @return this builder + */ + public ConfigBuilder withEncryption() + { + this.encrypted = true; + return this; + } + + /** + * Set to use unencrypted traffic. + * @return this builder + */ + public ConfigBuilder withoutEncryption() + { + this.encrypted = false; return this; } diff --git a/driver/src/test/java/org/neo4j/driver/internal/RoutingDriverBoltKitTest.java b/driver/src/test/java/org/neo4j/driver/internal/RoutingDriverBoltKitTest.java index 9379de3305..3f51300892 100644 --- a/driver/src/test/java/org/neo4j/driver/internal/RoutingDriverBoltKitTest.java +++ b/driver/src/test/java/org/neo4j/driver/internal/RoutingDriverBoltKitTest.java @@ -63,7 +63,7 @@ public class RoutingDriverBoltKitTest public ExpectedException exception = ExpectedException.none(); private static final Config config = Config.build() - .withEncryptionLevel( Config.EncryptionLevel.NONE ) + .withoutEncryption() .withLogging( new ConsoleLogging( Level.INFO ) ).toConfig(); @Test diff --git a/driver/src/test/java/org/neo4j/driver/v1/integration/CausalClusteringIT.java b/driver/src/test/java/org/neo4j/driver/v1/integration/CausalClusteringIT.java index bee737376f..48ab9bb921 100644 --- a/driver/src/test/java/org/neo4j/driver/v1/integration/CausalClusteringIT.java +++ b/driver/src/test/java/org/neo4j/driver/v1/integration/CausalClusteringIT.java @@ -211,7 +211,7 @@ public void shouldDropBrokenOldSessions() throws Exception Config config = Config.build() .withConnectionLivenessCheckTimeout( livenessCheckTimeoutMinutes, TimeUnit.MINUTES ) - .withEncryptionLevel( Config.EncryptionLevel.NONE ) + .withoutEncryption() .toConfig(); FakeClock clock = new FakeClock(); diff --git a/driver/src/test/java/org/neo4j/driver/v1/integration/DriverCloseIT.java b/driver/src/test/java/org/neo4j/driver/v1/integration/DriverCloseIT.java index 273bebf55d..3813298538 100644 --- a/driver/src/test/java/org/neo4j/driver/v1/integration/DriverCloseIT.java +++ b/driver/src/test/java/org/neo4j/driver/v1/integration/DriverCloseIT.java @@ -169,7 +169,7 @@ public void tearDown() throws Exception protected Driver createDriver() { Config config = Config.build() - .withEncryptionLevel( Config.EncryptionLevel.NONE ) + .withoutEncryption() .withLogging( new ConsoleLogging( Level.OFF ) ) .toConfig(); diff --git a/driver/src/test/java/org/neo4j/driver/v1/integration/EncryptionIT.java b/driver/src/test/java/org/neo4j/driver/v1/integration/EncryptionIT.java index 90f8fb887c..96de5220f1 100644 --- a/driver/src/test/java/org/neo4j/driver/v1/integration/EncryptionIT.java +++ b/driver/src/test/java/org/neo4j/driver/v1/integration/EncryptionIT.java @@ -37,7 +37,7 @@ public class EncryptionIT public void shouldOperateWithNoEncryption() throws Exception { // Given - Driver driver = GraphDatabase.driver( neo4j.uri(), Config.build().withEncryptionLevel( NONE ).toConfig() ); + Driver driver = GraphDatabase.driver( neo4j.uri(), Config.build().withoutEncryption().toConfig() ); // Then assertThat( driver.isEncrypted(), equalTo( false ) ); @@ -60,7 +60,7 @@ public void shouldOperateWithNoEncryption() throws Exception public void shouldOperateWithRequiredEncryption() throws Exception { // Given - Driver driver = GraphDatabase.driver( neo4j.uri(), Config.build().withEncryptionLevel( REQUIRED ).toConfig() ); + Driver driver = GraphDatabase.driver( neo4j.uri(), Config.build().withEncryption().toConfig() ); // Then assertThat( driver.isEncrypted(), equalTo( true ) ); diff --git a/driver/src/test/java/org/neo4j/driver/v1/integration/ErrorIT.java b/driver/src/test/java/org/neo4j/driver/v1/integration/ErrorIT.java index fd6f434a80..dbcd57db9d 100644 --- a/driver/src/test/java/org/neo4j/driver/v1/integration/ErrorIT.java +++ b/driver/src/test/java/org/neo4j/driver/v1/integration/ErrorIT.java @@ -160,7 +160,7 @@ public void shouldGetHelpfulErrorWhenTryingToConnectToHttpPort() throws Throwabl // Given //the http server needs some time to start up Thread.sleep( 2000 ); - Config config = Config.build().withEncryptionLevel( Config.EncryptionLevel.NONE ).toConfig(); + Config config = Config.build().withoutEncryption().toConfig(); try ( Driver driver = GraphDatabase.driver( "bolt://localhost:7474", config ); Session session = driver.session() ) { diff --git a/driver/src/test/java/org/neo4j/driver/v1/integration/ServerKilledIT.java b/driver/src/test/java/org/neo4j/driver/v1/integration/ServerKilledIT.java index b59732e68e..56ad1b53a3 100644 --- a/driver/src/test/java/org/neo4j/driver/v1/integration/ServerKilledIT.java +++ b/driver/src/test/java/org/neo4j/driver/v1/integration/ServerKilledIT.java @@ -62,26 +62,24 @@ public class ServerKilledIT @Parameters(name = "{0} connections") public static Collection data() { return Arrays.asList(new Object[][] { - { "plaintext", Config.EncryptionLevel.NONE }, - { "tls encrypted", Config.EncryptionLevel.REQUIRED } + { "plaintext", Config.build().withoutEncryption() }, + { "tls encrypted", Config.build().withEncryption() } }); } - private Config.EncryptionLevel encryptionLevel; + private Config.ConfigBuilder config; - public ServerKilledIT( String testName, Config.EncryptionLevel encryptionLevel ) + public ServerKilledIT( String testName, Config.ConfigBuilder config ) { - this.encryptionLevel = encryptionLevel; + this.config = config; } @Test public void shouldRecoverFromServerRestart() throws Throwable { - // Given - // config with sessionLivenessCheckTimeout not set, i.e. turned off - Config config = Config.build().withEncryptionLevel( encryptionLevel ).toConfig(); + // Given config with sessionLivenessCheckTimeout not set, i.e. turned off - try ( Driver driver = GraphDatabase.driver( Neo4jRunner.DEFAULT_URI, config ) ) + try ( Driver driver = GraphDatabase.driver( Neo4jRunner.DEFAULT_URI, config.toConfig() ) ) { acquireAndReleaseConnections( 4, driver ); @@ -118,13 +116,11 @@ public void shouldDropBrokenOldSessions() throws Throwable { // config with set liveness check timeout int livenessCheckTimeoutMinutes = 10; - Config config = Config.build().withEncryptionLevel( encryptionLevel ) - .withConnectionLivenessCheckTimeout( livenessCheckTimeoutMinutes, TimeUnit.MINUTES ) - .toConfig(); + config.withConnectionLivenessCheckTimeout( livenessCheckTimeoutMinutes, TimeUnit.MINUTES ); FakeClock clock = new FakeClock(); - try ( Driver driver = createDriver( clock, config ) ) + try ( Driver driver = createDriver( clock, config.toConfig() ) ) { acquireAndReleaseConnections( 5, driver ); diff --git a/driver/src/test/java/org/neo4j/driver/v1/integration/TLSSocketChannelIT.java b/driver/src/test/java/org/neo4j/driver/v1/integration/TLSSocketChannelIT.java index 3ce12b4e39..f7ccf47b34 100644 --- a/driver/src/test/java/org/neo4j/driver/v1/integration/TLSSocketChannelIT.java +++ b/driver/src/test/java/org/neo4j/driver/v1/integration/TLSSocketChannelIT.java @@ -298,7 +298,7 @@ public void shouldPerformTLSHandshakeWithTheSameTrustedServerCert() throws Throw public void shouldEstablishTLSConnection() throws Throwable { - Config config = Config.build().withEncryptionLevel( Config.EncryptionLevel.REQUIRED ).toConfig(); + Config config = Config.build().withEncryption().toConfig(); try( Driver driver = GraphDatabase.driver( Neo4jRunner.DEFAULT_URI, config ); Session session = driver.session() ) diff --git a/driver/src/test/java/org/neo4j/driver/v1/stress/SessionPoolingStressIT.java b/driver/src/test/java/org/neo4j/driver/v1/stress/SessionPoolingStressIT.java index fb2de1f55c..34a0f226a6 100644 --- a/driver/src/test/java/org/neo4j/driver/v1/stress/SessionPoolingStressIT.java +++ b/driver/src/test/java/org/neo4j/driver/v1/stress/SessionPoolingStressIT.java @@ -80,7 +80,7 @@ public void tearDown() throws Exception public void shouldWorkFine() throws Throwable { Config config = Config.build() - .withEncryptionLevel( Config.EncryptionLevel.NONE ) + .withoutEncryption() .toConfig(); driver = driver( neo4j.uri(), config ); diff --git a/driver/src/test/java/org/neo4j/driver/v1/tck/DriverSecurityComplianceSteps.java b/driver/src/test/java/org/neo4j/driver/v1/tck/DriverSecurityComplianceSteps.java index c3f72df5af..c27bfd0fef 100644 --- a/driver/src/test/java/org/neo4j/driver/v1/tck/DriverSecurityComplianceSteps.java +++ b/driver/src/test/java/org/neo4j/driver/v1/tck/DriverSecurityComplianceSteps.java @@ -205,7 +205,7 @@ public void aRunningNeo4jDatabaseUsingACertificateSignedByTheSameTrustedCertific // give root certificate to driver driver = GraphDatabase.driver( Neo4jRunner.DEFAULT_URI, - Config.build().withEncryptionLevel( EncryptionLevel.REQUIRED ) + Config.build().withEncryption() .withTrustStrategy( trustCustomCertificateSignedBy( rootCert ) ).toConfig() ); // generate certificate signing request and get a certificate signed by the root private key @@ -229,7 +229,7 @@ public void aRunningNeo4jDatabaseUsingThatExactTrustedCertificate() { driver = GraphDatabase.driver( Neo4jRunner.DEFAULT_URI, - Config.build().withEncryptionLevel( EncryptionLevel.REQUIRED ) + Config.build().withEncryption() .withTrustStrategy( trustCustomCertificateSignedBy( new File( HOME_DIR, DEFAULT_TLS_CERT_PATH ) ) ) .toConfig() ); @@ -245,7 +245,7 @@ public void aRunningNeo4jDatabaseUsingACertNotSignedByTheTrustedCertificates() t // give root certificate to driver driver = GraphDatabase.driver( Neo4jRunner.DEFAULT_URI, - Config.build().withEncryptionLevel( EncryptionLevel.REQUIRED ) + Config.build().withEncryption() .withTrustStrategy( trustCustomCertificateSignedBy( cert ) ).toConfig() ); } diff --git a/driver/src/test/java/org/neo4j/driver/v1/util/StubServer.java b/driver/src/test/java/org/neo4j/driver/v1/util/StubServer.java index a8f2c1e659..17d3ee0fb6 100644 --- a/driver/src/test/java/org/neo4j/driver/v1/util/StubServer.java +++ b/driver/src/test/java/org/neo4j/driver/v1/util/StubServer.java @@ -39,7 +39,7 @@ public class StubServer private static final int SOCKET_CONNECT_ATTEMPTS = 20; public static final Config INSECURE_CONFIG = Config.build() - .withEncryptionLevel( Config.EncryptionLevel.NONE ).toConfig(); + .withoutEncryption().toConfig(); // This may be thrown if the driver has not been closed properly public static class ForceKilled extends Exception {} diff --git a/driver/src/test/java/org/neo4j/driver/v1/util/cc/Cluster.java b/driver/src/test/java/org/neo4j/driver/v1/util/cc/Cluster.java index 2a46f3d0ba..10876bc11d 100644 --- a/driver/src/test/java/org/neo4j/driver/v1/util/cc/Cluster.java +++ b/driver/src/test/java/org/neo4j/driver/v1/util/cc/Cluster.java @@ -392,7 +392,7 @@ private static Config driverConfig() // try to build config for a very lightweight driver return Config.build() .withTrustStrategy( trustAllCertificates() ) - .withEncryptionLevel( Config.EncryptionLevel.NONE ) + .withEncryption() .withMaxIdleSessions( 1 ) .withConnectionLivenessCheckTimeout( 1, TimeUnit.HOURS ) .toConfig(); diff --git a/examples/src/main/java/org/neo4j/docs/driver/Examples.java b/examples/src/main/java/org/neo4j/docs/driver/Examples.java index 81c2a1df38..d57f28d413 100644 --- a/examples/src/main/java/org/neo4j/docs/driver/Examples.java +++ b/examples/src/main/java/org/neo4j/docs/driver/Examples.java @@ -258,7 +258,7 @@ public static Driver requireEncryption() throws Exception { // tag::tls-require-encryption[] Driver driver = GraphDatabase.driver( "bolt://localhost:7687", AuthTokens.basic( "neo4j", "neo4j" ), - Config.build().withEncryptionLevel( Config.EncryptionLevel.REQUIRED ).toConfig() ); + Config.build().withEncryption().toConfig() ); // end::tls-require-encryption[] return driver; @@ -270,7 +270,7 @@ public static Driver trustOnFirstUse() throws Exception // tag::tls-trust-on-first-use[] Driver driver = GraphDatabase.driver( "bolt://localhost:7687", AuthTokens.basic( "neo4j", "neo4j" ), Config.build() - .withEncryptionLevel( Config.EncryptionLevel.REQUIRED ) + .withEncryption() .withTrustStrategy( Config.TrustStrategy.trustOnFirstUse( new File( "/path/to/neo4j_known_hosts" ) ) ) .toConfig() ); @@ -284,7 +284,7 @@ public static Driver trustSignedCertificates() throws Exception // tag::tls-signed[] Driver driver = GraphDatabase.driver( "bolt://localhost:7687", AuthTokens.basic( "neo4j", "neo4j" ), Config.build() - .withEncryptionLevel( Config.EncryptionLevel.REQUIRED ) + .withEncryption() .withTrustStrategy( Config.TrustStrategy .trustCustomCertificateSignedBy( new File( "/path/to/ca-certificate.pem" ) ) ) .toConfig() ); @@ -297,7 +297,7 @@ public static Driver connectWithAuthDisabled() throws Exception { // tag::connect-with-auth-disabled[] Driver driver = GraphDatabase.driver( "bolt://localhost:7687", - Config.build().withEncryptionLevel( Config.EncryptionLevel.REQUIRED ).toConfig() ); + Config.build().withEncryption().toConfig() ); // end::connect-with-auth-disabled[] return driver;