mike-jumper commented on a change in pull request #492: URL: https://github.com/apache/guacamole-client/pull/492#discussion_r440537216
########## File path: extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLSSLMode.java ########## @@ -0,0 +1,104 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.postgresql.conf; + +import org.apache.guacamole.properties.EnumGuacamoleProperty.PropertyValue; + +/** + * Possible values for PostgreSQL SSL connectivity. + */ +public enum PostgreSQLSSLMode { + + /** + * Do not use SSL to connect to server. + */ + @PropertyValue("disable") + DISABLE("disable"), + + /** + * Allow SSL connections, but try non-SSL, first. + */ + @PropertyValue("allow") + ALLOW("allow"), + + /** + * Prefer SSL connections, falling back to non-SSL if that fails. + */ + @PropertyValue("prefer") + PREFER("prefer"), + + /** + * Require SSL connections, do not connect if SSL fails. + */ + @PropertyValue("require") + REQUIRE("require"), + + /** + * Require SSL connections and validate the CA certificate. + */ + @PropertyValue("verify-ca") + VERIFY_CA("verify-ca"), + + /** + * Require SSL connections and validate both the CA and server certificates. + */ + @PropertyValue("verify-full") + VERIFY_FULL("verify-full"); + + /** + * The value actually passed on to the JDBC driver. + */ + private final String configValue; + + /** + * Create a new instance of this enum with the given configValue as the + * value that will be used when configuring the JDBC driver. + * + * @param configValue + * The value to use when configuring the JDBC driver. + */ + PostgreSQLSSLMode(String configValue) { + this.configValue = configValue; + } + + @Override + public String toString() { + return configValue; + } Review comment: I suggest providing access to this value in a way that is specifically tied to the fact that it is the configuration value for the JDBC driver (and documented as such), rather than overriding `toString()`. ########## File path: extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java ########## @@ -79,6 +84,37 @@ public MySQLAuthenticationProviderModule(MySQLEnvironment environment) // Allow use of multiple statements within a single query driverProperties.setProperty("allowMultiQueries", "true"); + // Set the SSL mode to use when conncting + MySQLSSLMode sslMode = environment.getMySQLSSLMode(); + driverProperties.setProperty("sslMode", sslMode.toString()); + + // Set legacy properties + if (sslMode == MySQLSSLMode.DISABLED) + driverProperties.setProperty("useSSL", "false"); Review comment: If `MySQLSSLMode.DISABLED` represents `useSSL=false`, is the value set for `sslMode` above correct in this case? Is specifying `sslMode` legal if `useSSL=false` is also specified? ########## File path: extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java ########## @@ -79,6 +84,37 @@ public MySQLAuthenticationProviderModule(MySQLEnvironment environment) // Allow use of multiple statements within a single query driverProperties.setProperty("allowMultiQueries", "true"); + // Set the SSL mode to use when conncting + MySQLSSLMode sslMode = environment.getMySQLSSLMode(); + driverProperties.setProperty("sslMode", sslMode.toString()); Review comment: With `MySQLSSLMode` now refactored to rely on `@PropertyValue`, this may not return the value you expect. The `MySQLSSLMode` enum should expose a means of retrieving the value required by the JDBC driver. ########## File path: extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLSSLMode.java ########## @@ -0,0 +1,104 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.postgresql.conf; + +import org.apache.guacamole.properties.EnumGuacamoleProperty.PropertyValue; + +/** + * Possible values for PostgreSQL SSL connectivity. + */ +public enum PostgreSQLSSLMode { + + /** + * Do not use SSL to connect to server. + */ + @PropertyValue("disable") + DISABLE("disable"), + + /** + * Allow SSL connections, but try non-SSL, first. + */ + @PropertyValue("allow") + ALLOW("allow"), + + /** + * Prefer SSL connections, falling back to non-SSL if that fails. + */ + @PropertyValue("prefer") + PREFER("prefer"), + + /** + * Require SSL connections, do not connect if SSL fails. + */ + @PropertyValue("require") + REQUIRE("require"), + + /** + * Require SSL connections and validate the CA certificate. + */ + @PropertyValue("verify-ca") + VERIFY_CA("verify-ca"), + + /** + * Require SSL connections and validate both the CA and server certificates. + */ + @PropertyValue("verify-full") + VERIFY_FULL("verify-full"); + + /** + * The value actually passed on to the JDBC driver. + */ + private final String configValue; + + /** + * Create a new instance of this enum with the given configValue as the + * value that will be used when configuring the JDBC driver. + * + * @param configValue + * The value to use when configuring the JDBC driver. + */ + PostgreSQLSSLMode(String configValue) { + this.configValue = configValue; + } + + @Override + public String toString() { + return configValue; + } + + /** + * Given the String value, determine the correct enum value that matches + * the string, or null if there is no match. + * + * @param value + * The String value to test to find a match. + * + * @return + * The enum value matching the given String. + */ + public static PostgreSQLSSLMode getValue(String value) { Review comment: Is this still used? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
