Accept SSL certificates by providing a URL to use cert from within a jar

[resolves pgjdbc#313]

Author: isabek

src/main/java/io/r2dbc/postgresql/PostgresqlConnectionConfiguration.java

@@ -34,7 +34,9 @@
 
 import javax.net.ssl.HostnameVerifier;
 import java.io.File;
+import java.net.MalformedURLException;
 import java.net.Socket;
+import java.net.URL;
 import java.time.Duration;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -331,20 +333,20 @@ public static final class Builder {
         private String socket;
 
         @Nullable
-        private String sslCert = null;
+        private URL sslCert = null;
 
         private HostnameVerifier sslHostnameVerifier = DefaultHostnameVerifier.INSTANCE;
 
         @Nullable
-        private String sslKey = null;
+        private URL sslKey = null;
 
         private SSLMode sslMode = SSLMode.DISABLE;
 
         @Nullable
         private CharSequence sslPassword = null;
 
         @Nullable
-        private String sslRootCert = null;
+        private URL sslRootCert = null;
 
         private Function<SslContextBuilder, SslContextBuilder> sslContextBuilderCustomizer = Function.identity();
 
@@ -637,8 +639,8 @@ public Builder sslContextBuilderCustomizer(Function<SslContextBuilder, SslContex
          * @param sslCert an X.509 certificate chain file in PEM format
          * @return this {@link Builder}
          */
-        public Builder sslCert(String sslCert) {
-            this.sslCert = Assert.requireFileExistsOrNull(sslCert, "sslCert must not be null and must exist");
+        public Builder sslCert(URL sslCert) {
+            this.sslCert = Assert.requireUrlExistsOrNull(sslCert, "sslCert must not be null and must exist");
             return this;
         }
 
@@ -659,8 +661,8 @@ public Builder sslHostnameVerifier(HostnameVerifier sslHostnameVerifier) {
          * @param sslKey a PKCS#8 private key file in PEM format
          * @return this {@link Builder}
          */
-        public Builder sslKey(String sslKey) {
-            this.sslKey = Assert.requireFileExistsOrNull(sslKey, "sslKey must not be null and must exist");
+        public Builder sslKey(URL sslKey) {
+            this.sslKey = Assert.requireUrlExistsOrNull(sslKey, "sslKey must not be null and must exist");
             return this;
         }
 
@@ -692,8 +694,8 @@ public Builder sslPassword(@Nullable CharSequence sslPassword) {
          * @param sslRootCert an X.509 certificate chain file in PEM format
          * @return this {@link Builder}
          */
-        public Builder sslRootCert(String sslRootCert) {
-            this.sslRootCert = Assert.requireFileExistsOrNull(sslRootCert, "sslRootCert must not be null and must exist");
+        public Builder sslRootCert(URL sslRootCert) {
+            this.sslRootCert = Assert.requireUrlExistsOrNull(sslRootCert, "sslRootCert must not be null and must exist");
             return this;
         }
 
@@ -779,14 +781,14 @@ private Supplier<SslProvider> createSslProvider() {
             SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
             if (this.sslMode.verifyCertificate()) {
                 if (this.sslRootCert != null) {
-                    sslContextBuilder.trustManager(new File(this.sslRootCert));
+                    sslContextBuilder.trustManager(new File(this.sslRootCert.getFile()));
                 }
             } else {
                 sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
             }
 
-            String sslKey = this.sslKey;
-            String sslCert = this.sslCert;
+            URL sslKey = this.sslKey;
+            URL sslCert = this.sslCert;
 
             // Emulate Libpq behavior
             // Determining the default file location
@@ -801,20 +803,28 @@ private Supplier<SslProvider> createSslProvider() {
             if (sslCert == null) {
                 String pathname = defaultDir + "postgresql.crt";
                 if (new File(pathname).exists()) {
-                    sslCert = pathname;
+                    try {
+                        sslCert = new URL(pathname);
+                    } catch (MalformedURLException e) {
+                        throw new RuntimeException(e);
+                    }
                 }
             }
 
             if (sslKey == null) {
                 String pathname = defaultDir + "postgresql.pk8";
                 if (new File(pathname).exists()) {
-                    sslKey = pathname;
+                    try {
+                        sslKey = new URL(pathname);
+                    } catch (MalformedURLException e) {
+                        throw new RuntimeException(e);
+                    }
                 }
             }
 
             if (sslKey != null && sslCert != null) {
                 String sslPassword = this.sslPassword == null ? null : this.sslPassword.toString();
-                sslContextBuilder.keyManager(new File(sslCert), new File(sslKey), sslPassword);
+                sslContextBuilder.keyManager(new File(sslCert.getFile()), new File(sslKey.getFile()), sslPassword);
             }
 
             return () -> SslProvider.builder()

src/main/java/io/r2dbc/postgresql/PostgresqlConnectionFactoryProvider.java

@@ -26,6 +26,7 @@
 import io.r2dbc.spi.Option;
 
 import javax.net.ssl.HostnameVerifier;
+import java.net.URL;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.function.Function;
@@ -107,9 +108,9 @@ public final class PostgresqlConnectionFactoryProvider implements ConnectionFact
     public static final Option<Function<SslContextBuilder, SslContextBuilder>> SSL_CONTEXT_BUILDER_CUSTOMIZER = Option.valueOf("sslContextBuilderCustomizer");
 
     /**
-     * Full path for the certificate file.
+     * File path for the certificate file.
      */
-    public static final Option<String> SSL_CERT = Option.valueOf("sslCert");
+    public static final Option<URL> SSL_CERT = Option.valueOf("sslCert");
 
     /**
      * Class name of hostname verifier. Defaults to {@link DefaultHostnameVerifier}.
@@ -119,7 +120,7 @@ public final class PostgresqlConnectionFactoryProvider implements ConnectionFact
     /**
      * Full path for the key file.
      */
-    public static final Option<String> SSL_KEY = Option.valueOf("sslKey");
+    public static final Option<URL> SSL_KEY = Option.valueOf("sslKey");
 
     /**
      * Ssl mode. Default: disabled
@@ -132,9 +133,9 @@ public final class PostgresqlConnectionFactoryProvider implements ConnectionFact
     public static final Option<String> SSL_PASSWORD = Option.valueOf("sslPassword");
 
     /**
-     * File name of the SSL root certificate.
+     * File path of the SSL root certificate.
      */
-    public static final Option<String> SSL_ROOT_CERT = Option.valueOf("sslRootCert");
+    public static final Option<URL> SSL_ROOT_CERT = Option.valueOf("sslRootCert");
 
     /**
      * Enable TCP KeepAlive.

src/main/java/io/r2dbc/postgresql/util/Assert.java

@@ -19,6 +19,7 @@
 import reactor.util.annotation.Nullable;
 
 import java.io.File;
+import java.net.URL;
 
 /**
  * Assertion library for the implementation.
@@ -147,4 +148,23 @@ public static void isTrue(boolean expression, String message) {
         }
     }
 
+    /**
+     * Checks that the provided URL exists or null.
+     *
+     * @param url    url to check
+     * @param message the message to use in exception if type is not as required
+     * @return existing url
+     * @throws IllegalArgumentException if {@code value} is not of the required type
+     * @throws IllegalArgumentException if {@code value}, {@code type}, or {@code message} is {@code null}
+     */
+    public static URL requireUrlExistsOrNull(@Nullable URL url, String message) {
+        if (url == null) {
+            throw new IllegalArgumentException(message);
+        }
+        if (!new File(url.getFile()).exists()) {
+            throw new IllegalArgumentException(message);
+        }
+        return url;
+    }
+
 }

src/test/java/io/r2dbc/postgresql/client/ReactorNettyClientIntegrationTests.java

@@ -727,8 +727,8 @@ void verifyCa() {
             void verifyCaWithCustomizer() {
                 client(
                     c -> c.sslContextBuilderCustomizer(sslContextBuilder -> {
-                        return sslContextBuilder.trustManager(new File(SERVER.getServerCrt()))
-                            .keyManager(new File(SERVER.getClientCrt()), new File(SERVER.getClientKey()));
+                        return sslContextBuilder.trustManager(new File(SERVER.getServerCrt().getFile()))
+                            .keyManager(new File(SERVER.getClientCrt().getFile()), new File(SERVER.getClientKey().getFile()));
                     })
                         .sslMode(SSLMode.VERIFY_CA),
                     c -> c

src/test/java/io/r2dbc/postgresql/util/PostgresqlServerExtension.java

@@ -33,10 +33,7 @@
 import java.io.File;
 import java.io.FileReader;
 import java.io.IOException;
-import java.net.URISyntaxException;
 import java.net.URL;
-import java.nio.file.Path;
-import java.nio.file.Paths;
 import java.util.Properties;
 import java.util.function.Supplier;
 
@@ -134,12 +131,12 @@ private void initializeConnectors() {
         this.jdbcOperations = new JdbcTemplate(this.dataSource);
     }
 
-    public String getClientCrt() {
-        return getResourcePath("client.crt").toAbsolutePath().toString();
+    public URL getClientCrt() {
+        return getResourceUrl("client.crt");
     }
 
-    public String getClientKey() {
-        return getResourcePath("client.key").toAbsolutePath().toString();
+    public URL getClientKey() {
+        return getResourceUrl("client.key");
     }
 
     public PostgresqlConnectionConfiguration.Builder configBuilder() {
@@ -171,12 +168,12 @@ public int getPort() {
         return this.postgres.getPort();
     }
 
-    public String getServerCrt() {
-        return getResourcePath("server.crt").toAbsolutePath().toString();
+    public URL getServerCrt() {
+        return getResourceUrl("server.crt");
     }
 
-    public String getServerKey() {
-        return getResourcePath("server.key").toAbsolutePath().toString();
+    public URL getServerKey() {
+        return getResourceUrl("server.key");
     }
 
     public String getUsername() {
@@ -207,22 +204,18 @@ private <T extends PostgreSQLContainer<T>> T container() {
         return container;
     }
 
-    private Path getResourcePath(String name) {
+    private URL getResourceUrl(String name) {
 
         URL resource = getClass().getClassLoader().getResource(name);
         if (resource == null) {
             throw new IllegalStateException("Resource not found: " + name);
         }
 
-        try {
-            return Paths.get(resource.toURI());
-        } catch (URISyntaxException e) {
-            throw new IllegalStateException("Cannot convert to path for: " + name, e);
-        }
+        return resource;
     }
 
     private MountableFile getHostPath(String name, int mode) {
-        return forHostPath(getResourcePath(name), mode);
+        return forHostPath(getResourceUrl(name).getPath(), mode);
     }
 
     /**