Fixed failing tests in the code

Author: Zhen Li

driver/src/main/java/org/neo4j/driver/internal/connector/socket/SocketClient.java

@@ -204,7 +204,7 @@ public static ByteChannel create( String host, int port, Config config, Logger l
                 channel = new TLSSocketChannel( host, port, soChannel, logger, config.trustStrategy() );
                 break;
             }
-            case REJECTED:
+            case NONE:
             {
                 channel = new AllOrNothingChannel( soChannel );
                 break;

driver/src/main/java/org/neo4j/driver/internal/connector/socket/TrustOnFirstUseTrustManager.java

@@ -39,7 +39,7 @@
  * References:
  * http://stackoverflow.com/questions/6802421/how-to-compare-distinct-implementations-of-java-security-cert-x509certificate?answertab=votes#tab-top
  */
-class TrustOnFirstUseTrustManager implements X509TrustManager
+public class TrustOnFirstUseTrustManager implements X509TrustManager
 {
     /**
      * A list of pairs (known_server certificate) are stored in this file.
@@ -48,7 +48,7 @@ class TrustOnFirstUseTrustManager implements X509TrustManager
      * Then when we try to connect to a known server again, we will authenticate the server by checking if it provides
      * the same certificate as the one saved in this file.
      */
-    private final File knownCerts;
+    private final File knownHosts;
 
     /** The server ip:port (in digits) of the server that we are currently connected to */
     private final String serverId;
@@ -57,11 +57,11 @@ class TrustOnFirstUseTrustManager implements X509TrustManager
     /** The known certificate we've registered for this server */
     private String fingerprint;
 
-    TrustOnFirstUseTrustManager( String host, int port, File knownCerts, Logger logger ) throws IOException
+    TrustOnFirstUseTrustManager( String host, int port, File knownHosts, Logger logger ) throws IOException
     {
         this.logger = logger;
         this.serverId = host + ":" + port;
-        this.knownCerts = knownCerts;
+        this.knownHosts = knownHosts;
         load();
     }
 
@@ -72,12 +72,12 @@ class TrustOnFirstUseTrustManager implements X509TrustManager
      */
     private void load() throws IOException
     {
-        if ( !knownCerts.exists() )
+        if ( !knownHosts.exists() )
         {
             return;
         }
 
-        BufferedReader reader = new BufferedReader( new FileReader( knownCerts ) );
+        BufferedReader reader = new BufferedReader( new FileReader( knownHosts ) );
         String line;
         while ( (line = reader.readLine()) != null )
         {
@@ -96,7 +96,7 @@ private void load() throws IOException
     }
 
     /**
-     * Save a new (server_ip, cert) pair into knownCerts file
+     * Save a new (server_ip, cert) pair into knownHosts file
      *
      * @param fingerprint the SHA-512 fingerprint of the host certificate
      */
@@ -107,7 +107,7 @@ private void saveTrustedHost( String fingerprint ) throws IOException
         logger.warn( "Adding %s as known and trusted certificate for %s.", fingerprint, serverId );
         createKnownCertFileIfNotExists();
 
-        BufferedWriter writer = new BufferedWriter( new FileWriter( knownCerts, true ) );
+        BufferedWriter writer = new BufferedWriter( new FileWriter( knownHosts, true ) );
         writer.write( serverId + " " + this.fingerprint );
         writer.newLine();
         writer.close();
@@ -143,7 +143,7 @@ public void checkServerTrusted( X509Certificate[] chain, String authType )
                 throw new CertificateException( String.format(
                         "Failed to save the server ID and the certificate received from the server to file %s.\n" +
                         "Server ID: %s\nReceived cert:\n%s",
-                        knownCerts.getAbsolutePath(), serverId, X509CertToString( cert ) ), e );
+                        knownHosts.getAbsolutePath(), serverId, X509CertToString( cert ) ), e );
             }
         }
         else
@@ -157,7 +157,7 @@ public void checkServerTrusted( X509Certificate[] chain, String authType )
                         "`%s` " +
                         "in the file `%s`.\n" +
                         "The old certificate saved in file is:\n%sThe New certificate received is:\n%s",
-                        serverId, serverId, knownCerts.getAbsolutePath(),
+                        serverId, serverId, knownHosts.getAbsolutePath(),
                         X509CertToString( this.fingerprint ), X509CertToString( cert ) ) );
             }
         }
@@ -183,31 +183,42 @@ public static String fingerprint( X509Certificate cert ) throws CertificateExcep
 
     private File createKnownCertFileIfNotExists() throws IOException
     {
-        if ( !knownCerts.exists() )
+        if ( !knownHosts.exists() )
         {
-            File parentDir = knownCerts.getParentFile();
-            if( parentDir != null && !parentDir.exists() )
+            File parentDir = knownHosts.getParentFile();
+            try
             {
-                if(!parentDir.mkdirs()) {
-                    throw new IOException( "Failed to create directories for the known hosts file in " + knownCerts.getAbsolutePath() + ". This is usually " +
-                                           "because you do not have write permissions to the directory. Try configuring the Neo4j driver to use a file " +
-                                           "system location you do have write permissions to." );
+                if ( parentDir != null && !parentDir.exists() )
+                {
+                    if ( !parentDir.mkdirs() )
+                    {
+                        throw new IOException( "Failed to create directories for the known hosts file in " + knownHosts.getAbsolutePath() +
+                                               ". This is usually because you do not have write permissions to the directory. " +
+                                               "Try configuring the Neo4j driver to use a file system location you do have write permissions to." );
+                    }
+                }
+                if ( !knownHosts.createNewFile() )
+                {
+                    throw new IOException( "Failed to create a known hosts file at " + knownHosts.getAbsolutePath() +
+                                           ". This is usually because you do not have write permissions to the directory. " +
+                                           "Try configuring the Neo4j driver to use a file system location you do have write permissions to." );
                 }
             }
-            if(!knownCerts.createNewFile()) {
-                throw new IOException( "Failed to create a known hosts file at " + knownCerts.getAbsolutePath() + ". This is usually " +
-                                       "because you do not have write permissions to the directory. Try configuring the Neo4j driver to use a file " +
-                                       "system location you do have write permissions to." );
+            catch( SecurityException e )
+            {
+                throw new IOException( "Failed to create known host file and/or parent directories at " + knownHosts.getAbsolutePath() +
+                                       ". This is usually because you do not have write permission to the directory. " +
+                                       "Try configuring the Neo4j driver to use a file location you have write permissions to." );
             }
-            BufferedWriter writer = new BufferedWriter( new FileWriter( knownCerts ) );
+            BufferedWriter writer = new BufferedWriter( new FileWriter( knownHosts ) );
             writer.write( "# This file contains trusted certificates for Neo4j servers, it's created by Neo4j drivers." );
             writer.newLine();
             writer.write( "# You can configure the location of this file in `org.neo4j.driver.Config`" );
             writer.newLine();
             writer.close();
         }
 
-        return knownCerts;
+        return knownHosts;
     }
 
     /**

driver/src/main/java/org/neo4j/driver/v1/Config.java

@@ -24,6 +24,7 @@
 import org.neo4j.driver.internal.logging.JULogging;
 import org.neo4j.driver.internal.spi.Logging;
 
+import static java.lang.System.getProperty;
 import static org.neo4j.driver.v1.Config.TrustStrategy.*;
 
 /**
@@ -138,7 +139,8 @@ public static class ConfigBuilder
         private int connectionPoolSize = 50;
         private long idleTimeBeforeConnectionTest = 200;
         private EncryptionLevel encruptionLevel = EncryptionLevel.REQUIRED;
-        private TrustStrategy trustStrategy = trustOnFirstUse( new File( System.getProperty( "user.home" ), ".neo4j/neo4j_known_certs" ) );
+        private TrustStrategy trustStrategy = trustOnFirstUse(
+                new File( getProperty( "user.home" ), ".neo4j/neo4j_known_hosts" ) );
 
         private ConfigBuilder() {}
 
@@ -246,7 +248,7 @@ public Config toConfig()
     public enum EncryptionLevel
     {
         /** With this level, the driver will only connect to the server if it can do it without encryption. */
-        REJECTED,
+        NONE,
 
         /** With this level, the driver will only connect to the server it if can do it with encryption. */
         REQUIRED

driver/src/test/java/org/neo4j/driver/internal/ConfigTest.java

@@ -24,13 +24,14 @@
 
 import org.neo4j.driver.v1.Config;
 
+import static java.lang.System.getProperty;
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertThat;
 
 public class ConfigTest
 {
-    private static final File DEFAULT_KNOWN_CERTS = new File( System.getProperty( "user.home" ), ".neo4j/neo4j_known_certs" );
+    private static final File DEFAULT_KNOWN_HOSTS = new File( getProperty( "user.home" ), ".neo4j/neo4j_known_hosts" );
 
     @Test
     public void shouldDefaultToKnownCerts()
@@ -43,14 +44,14 @@ public void shouldDefaultToKnownCerts()
 
         // Then
         assertEquals( authConfig.strategy(), Config.TrustStrategy.Strategy.TRUST_ON_FIRST_USE );
-        assertEquals( DEFAULT_KNOWN_CERTS.getAbsolutePath(), authConfig.certFile().getAbsolutePath() );
+        assertEquals( DEFAULT_KNOWN_HOSTS.getAbsolutePath(), authConfig.certFile().getAbsolutePath() );
     }
 
     @Test
     public void shouldChangeToNewKnownCerts()
     {
         // Given
-        File knownCerts = new File( "new_known_certs" );
+        File knownCerts = new File( "new_known_hosts" );
         Config config = Config.build().withTrustStrategy( Config.TrustStrategy.trustOnFirstUse( knownCerts ) ).toConfig();
 
         // When
@@ -83,14 +84,14 @@ public void shouldConfigureMinIdleTime() throws Throwable
         Config config = Config.build().withSessionLivenessCheckTimeout( 1337 ).toConfig();
 
         // then
-        assertThat( config.idleTimeBeforeConnectionTest(), equalTo( 1337l ));
+        assertThat( config.idleTimeBeforeConnectionTest(), equalTo( 1337l ) );
     }
 
     public static void deleteDefaultKnownCertFileIfExists()
     {
-        if( DEFAULT_KNOWN_CERTS.exists() )
+        if( DEFAULT_KNOWN_HOSTS.exists() )
         {
-            DEFAULT_KNOWN_CERTS.delete();
+            DEFAULT_KNOWN_HOSTS.delete();
         }
     }
 

driver/src/test/java/org/neo4j/driver/v1/integration/TLSSocketChannelIT.java

@@ -18,24 +18,21 @@
  */
 package org.neo4j.driver.v1.integration;
 
+import org.junit.BeforeClass;
+import org.junit.Rule;
+import org.junit.Test;
+
 import java.io.BufferedWriter;
 import java.io.File;
 import java.io.FileWriter;
 import java.io.IOException;
-import java.io.InputStream;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.URI;
 import java.nio.channels.SocketChannel;
 import java.security.cert.X509Certificate;
-import java.util.Scanner;
 import javax.net.ssl.SSLHandshakeException;
-import javax.xml.bind.DatatypeConverter;
 
-import org.junit.Rule;
-import org.junit.Test;
-
-import org.neo4j.driver.internal.ConfigTest;
 import org.neo4j.driver.internal.connector.socket.TLSSocketChannel;
 import org.neo4j.driver.internal.spi.Logger;
 import org.neo4j.driver.internal.util.CertificateTool;
@@ -44,6 +41,7 @@
 import org.neo4j.driver.v1.GraphDatabase;
 import org.neo4j.driver.v1.ResultCursor;
 import org.neo4j.driver.v1.util.CertificateToolTest;
+import org.neo4j.driver.v1.util.Neo4jInstaller;
 import org.neo4j.driver.v1.util.Neo4jRunner;
 import org.neo4j.driver.v1.util.TestNeo4j;
 
@@ -53,16 +51,24 @@
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
+import static org.neo4j.driver.internal.connector.socket.TrustOnFirstUseTrustManager.fingerprint;
 
 public class TLSSocketChannelIT
 {
     @Rule
     public TestNeo4j neo4j = new TestNeo4j();
 
+    @BeforeClass
+    public static void setup() throws IOException, InterruptedException
+    {
+        /* uncomment for JSSE debugging info */
+//         System.setProperty( "javax.net.debug", "all" );
+    }
+
     @Test
     public void shouldPerformTLSHandshakeWithEmptyKnownCertsFile() throws Throwable
     {
-        File knownCerts = File.createTempFile( "neo4j_known_certs", ".tmp" );
+        File knownCerts = File.createTempFile( "neo4j_known_hosts", ".tmp" );
         knownCerts.deleteOnExit();
 
         performTLSHandshakeUsingKnownCerts( knownCerts );
@@ -92,7 +98,7 @@ public void shouldFailTLSHandshakeDueToWrongCertInKnownCertsFile() throws Throwa
         // Given
         SocketChannel channel = SocketChannel.open();
         channel.connect( new InetSocketAddress( "localhost", 7687 ) );
-        File knownCerts = File.createTempFile( "neo4j_known_certs", ".tmp" );
+        File knownCerts = File.createTempFile( "neo4j_known_hosts", ".tmp" );
         knownCerts.deleteOnExit();
 
         //create a Fake Cert for the server in knownCert
@@ -129,7 +135,7 @@ private void createFakeServerCertPairInKnownCerts( String host, int port, File k
         String serverId = ip + ":" + port;
 
         X509Certificate cert = CertificateToolTest.generateSelfSignedCertificate();
-        String certStr = DatatypeConverter.printBase64Binary( cert.getEncoded() );
+        String certStr = fingerprint(cert);
 
         BufferedWriter writer = new BufferedWriter( new FileWriter( knownCerts, true ) );
         writer.write( serverId + "," + certStr );
@@ -174,17 +180,15 @@ public void shouldFailTLSHandshakeDueToServerCertNotSignedByKnownCA() throws Thr
     @Test
     public void shouldPerformTLSHandshakeWithTrustedServerCert() throws Throwable
     {
-        // Given
-        TestKeys keys = testKeys();
-        neo4j.restartServerOnEmptyDatabase( Neo4jSettings.DEFAULT.usingEncryptionKeyAndCert( keys.serverKey, keys.serverCert ) );
 
         Logger logger = mock( Logger.class );
         SocketChannel channel = SocketChannel.open();
         channel.connect( new InetSocketAddress( "localhost", 7687 ) );
 
         // When
         TLSSocketChannel sslChannel = new TLSSocketChannel( "localhost", 7687, channel, logger,
-                Config.TrustStrategy.trustSignedBy( keys.signingCert ) );
+                Config.TrustStrategy.trustSignedBy(
+                        new File( Neo4jInstaller.neo4jHomeDir, "conf/ssl/snakeoil.cert") ) );
         sslChannel.close();
 
         // Then
@@ -196,7 +200,7 @@ public void shouldPerformTLSHandshakeWithTrustedServerCert() throws Throwable
     @Test
     public void shouldEstablishTLSConnection() throws Throwable
     {
-        ConfigTest.deleteDefaultKnownCertFileIfExists();
+
         Config config = Config.build().withEncryptionLevel( Config.EncryptionLevel.REQUIRED ).toConfig();
 
         Driver driver = GraphDatabase.driver(
@@ -210,33 +214,4 @@ public void shouldEstablishTLSConnection() throws Throwable
 
         driver.close();
     }
-
-    class TestKeys
-    {
-        final File serverKey;
-        final File serverCert;
-        final File signingCert;
-
-        TestKeys( File serverKey, File serverCert, File signingCert )
-        {
-            this.serverKey = serverKey;
-            this.serverCert = serverCert;
-            this.signingCert = signingCert;
-        }
-    }
-
-    TestKeys testKeys() throws IOException
-    {
-        return new TestKeys( fileFromCertResource( "server.key" ), fileFromCertResource( "server.crt" ), fileFromCertResource( "ca.crt" ) );
-    }
-
-    private File fileFromCertResource( String fileName ) throws IOException
-    {
-        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream( "certificates/" + fileName );
-        try ( Scanner scanner = new Scanner( resourceAsStream ).useDelimiter( "\\A" ) )
-        {
-            String contents = scanner.next();
-            return new File( neo4j.putTmpFile( fileName, "", contents ).getFile() );
-        }
-    }
 }

driver/src/test/java/org/neo4j/driver/v1/util/CertificateToolTest.java

@@ -18,19 +18,19 @@
  */
 package org.neo4j.driver.v1.util;
 
-import java.io.File;
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.GeneralSecurityException;
-import java.security.KeyPair;
 import java.security.KeyPairGenerator;
-import java.security.KeyStore;
-import java.security.SecureRandom;
 import java.security.Security;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.Date;
 import java.util.Enumeration;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.SecureRandom;
+import java.io.File;
 
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;