Default to unencrypted connection on the driver.

Removed insecure TrustAllCerts SecurityPlan.
Default to always perform client host name verification when encryption is on.

Deleted some code used to support server version earlier than 3.3.0.

Author: Zhen Li

driver/src/main/java/org/neo4j/driver/Config.java

@@ -34,7 +34,6 @@
 import org.neo4j.driver.util.Immutable;
 import org.neo4j.driver.util.Resource;
 
-import static org.neo4j.driver.Config.TrustStrategy.trustAllCertificates;
 import static org.neo4j.driver.Logging.javaUtilLogging;
 
 /**
@@ -249,8 +248,8 @@ public static class ConfigBuilder
         private long idleTimeBeforeConnectionTest = PoolSettings.DEFAULT_IDLE_TIME_BEFORE_CONNECTION_TEST;
         private long maxConnectionLifetimeMillis = PoolSettings.DEFAULT_MAX_CONNECTION_LIFETIME;
         private long connectionAcquisitionTimeoutMillis = PoolSettings.DEFAULT_CONNECTION_ACQUISITION_TIMEOUT;
-        private boolean encrypted = true;
-        private TrustStrategy trustStrategy = trustAllCertificates();
+        private boolean encrypted = false;
+        private TrustStrategy trustStrategy = TrustStrategy.trustSystemCertificates();
         private int routingFailureLimit = RoutingSettings.DEFAULT.maxRoutingFailures();
         private long routingRetryDelayMillis = RoutingSettings.DEFAULT.retryTimeoutDelay();
         private long routingTablePurgeDelayMillis = RoutingSettings.DEFAULT.routingTablePurgeDelayMs();
@@ -439,7 +438,7 @@ public ConfigBuilder withoutEncryption()
 
         /**
          * Specify how to determine the authenticity of an encryption certificate provided by the Neo4j instance we are connecting to.
-         * This defaults to {@link TrustStrategy#trustAllCertificates()}.
+         * This defaults to {@link TrustStrategy#trustSystemCertificates()}.
          * See {@link TrustStrategy#trustCustomCertificateSignedBy(File)} for using certificate signatures instead to verify
          * trust.
          * <p>
@@ -688,16 +687,13 @@ public static class TrustStrategy
          */
         public enum Strategy
         {
-            TRUST_ALL_CERTIFICATES,
-
             TRUST_CUSTOM_CA_SIGNED_CERTIFICATES,
-
             TRUST_SYSTEM_CA_SIGNED_CERTIFICATES
         }
 
         private final Strategy strategy;
         private final File certFile;
-        private boolean hostnameVerificationEnabled;
+        private boolean hostnameVerificationEnabled = true;
 
         private TrustStrategy( Strategy strategy )
         {
@@ -786,16 +782,5 @@ public static TrustStrategy trustSystemCertificates()
         {
             return new TrustStrategy( Strategy.TRUST_SYSTEM_CA_SIGNED_CERTIFICATES );
         }
-
-        /**
-         * Trust strategy for certificates that can be verified through the local system store.
-         *
-         * @return an authentication config
-         * @since 1.1
-         */
-        public static TrustStrategy trustAllCertificates()
-        {
-            return new TrustStrategy( Strategy.TRUST_ALL_CERTIFICATES );
-        }
     }
 }

driver/src/main/java/org/neo4j/driver/internal/DriverFactory.java

@@ -186,10 +186,6 @@ protected InternalDriver createDirectDriver( SecurityPlan securityPlan, BoltServ
     protected InternalDriver createRoutingDriver( SecurityPlan securityPlan, BoltServerAddress address, ConnectionPool connectionPool,
             EventExecutorGroup eventExecutorGroup, RoutingSettings routingSettings, RetryLogic retryLogic, MetricsProvider metricsProvider, Config config )
     {
-        if ( !securityPlan.isRoutingCompatible() )
-        {
-            throw new IllegalArgumentException( "The chosen security plan is not compatible with a routing driver" );
-        }
         ConnectionProvider connectionProvider = createLoadBalancer( address, connectionPool, eventExecutorGroup,
                 config, routingSettings );
         SessionFactory sessionFactory = createSessionFactory( connectionProvider, retryLogic, config );
@@ -285,7 +281,7 @@ private static SecurityPlan createSecurityPlan( BoltServerAddress address, Confi
     {
         try
         {
-            return createSecurityPlanImpl( address, config );
+            return createSecurityPlanImpl( config );
         }
         catch ( GeneralSecurityException | IOException ex )
         {
@@ -297,13 +293,11 @@ private static SecurityPlan createSecurityPlan( BoltServerAddress address, Confi
      * Establish a complete SecurityPlan based on the details provided for
      * driver construction.
      */
-    @SuppressWarnings( "deprecation" )
-    private static SecurityPlan createSecurityPlanImpl( BoltServerAddress address, Config config )
+    private static SecurityPlan createSecurityPlanImpl( Config config )
             throws GeneralSecurityException, IOException
     {
         if ( config.encrypted() )
         {
-            Logger logger = config.logging().getLog( "SecurityPlan" );
             Config.TrustStrategy trustStrategy = config.trustStrategy();
             boolean hostnameVerificationEnabled = trustStrategy.isHostnameVerificationEnabled();
             switch ( trustStrategy.strategy() )
@@ -312,8 +306,6 @@ private static SecurityPlan createSecurityPlanImpl( BoltServerAddress address, C
                 return SecurityPlan.forCustomCASignedCertificates( trustStrategy.certFile(), hostnameVerificationEnabled );
             case TRUST_SYSTEM_CA_SIGNED_CERTIFICATES:
                 return SecurityPlan.forSystemCASignedCertificates( hostnameVerificationEnabled );
-            case TRUST_ALL_CERTIFICATES:
-                return SecurityPlan.forAllCertificates( hostnameVerificationEnabled );
             default:
                 throw new ClientException(
                         "Unknown TLS authentication strategy: " + trustStrategy.strategy().name() );

driver/src/main/java/org/neo4j/driver/internal/async/connection/ChannelPipelineBuilderImpl.java

@@ -39,7 +39,7 @@ public void build( MessageFormat messageFormat, ChannelPipeline pipeline, Loggin
         pipeline.addLast( new InboundMessageHandler( messageFormat, logging ) );
 
         // outbound handlers
-        pipeline.addLast( OutboundMessageHandler.NAME, new OutboundMessageHandler( messageFormat, logging ) );
+        pipeline.addLast( new OutboundMessageHandler( messageFormat, logging ) );
 
         // last one - error handler
         pipeline.addLast( new ChannelErrorHandler( logging ) );

driver/src/main/java/org/neo4j/driver/internal/async/outbound/OutboundMessageHandler.java

@@ -36,9 +36,6 @@
 
 public class OutboundMessageHandler extends MessageToMessageEncoder<Message>
 {
-    public static final String NAME = OutboundMessageHandler.class.getSimpleName();
-
-    private final MessageFormat messageFormat;
     private final ChunkAwareByteBufOutput output;
     private final MessageFormat.Writer writer;
     private final Logging logging;
@@ -47,14 +44,8 @@ public class OutboundMessageHandler extends MessageToMessageEncoder<Message>
 
     public OutboundMessageHandler( MessageFormat messageFormat, Logging logging )
     {
-        this( messageFormat, true, logging );
-    }
-
-    private OutboundMessageHandler( MessageFormat messageFormat, boolean byteArraySupportEnabled, Logging logging )
-    {
-        this.messageFormat = messageFormat;
         this.output = new ChunkAwareByteBufOutput();
-        this.writer = messageFormat.newWriter( output, byteArraySupportEnabled );
+        this.writer = messageFormat.newWriter( output );
         this.logging = logging;
     }
 
@@ -98,9 +89,4 @@ protected void encode( ChannelHandlerContext ctx, Message msg, List<Object> out
         BoltProtocolUtil.writeMessageBoundary( messageBuf );
         out.add( messageBuf );
     }
-
-    public OutboundMessageHandler withoutByteArraySupport()
-    {
-        return new OutboundMessageHandler( messageFormat, false, logging );
-    }
 }

driver/src/main/java/org/neo4j/driver/internal/handlers/InitResponseHandler.java

@@ -50,7 +50,6 @@ public void onSuccess( Map<String,Value> metadata )
         {
             ServerVersion serverVersion = extractNeo4jServerVersion( metadata );
             setServerVersion( channel, serverVersion );
-            updatePipelineIfNeeded( serverVersion, channel.pipeline() );
             connectionInitializedPromise.setSuccess();
         }
         catch ( Throwable error )
@@ -71,16 +70,4 @@ public void onRecord( Value[] fields )
     {
         throw new UnsupportedOperationException();
     }
-
-    private static void updatePipelineIfNeeded( ServerVersion serverVersion, ChannelPipeline pipeline )
-    {
-        if ( serverVersion.lessThan( ServerVersion.v3_2_0 ) )
-        {
-            OutboundMessageHandler outboundHandler = pipeline.get( OutboundMessageHandler.class );
-            if ( outboundHandler != null )
-            {
-                pipeline.replace( outboundHandler, OutboundMessageHandler.NAME, outboundHandler.withoutByteArraySupport() );
-            }
-        }
-    }
 }

driver/src/main/java/org/neo4j/driver/internal/messaging/MessageFormat.java

@@ -35,7 +35,7 @@ interface Reader
         void read( ResponseMessageHandler handler ) throws IOException;
     }
 
-    Writer newWriter( PackOutput output, boolean byteArraySupportEnabled );
+    Writer newWriter( PackOutput output );
 
     Reader newReader( PackInput input );
 }

driver/src/main/java/org/neo4j/driver/internal/messaging/v1/MessageFormatV1.java

@@ -32,9 +32,9 @@ public class MessageFormatV1 implements MessageFormat
     public static final int NODE_FIELDS = 3;
 
     @Override
-    public MessageFormat.Writer newWriter( PackOutput output, boolean byteArraySupportEnabled )
+    public MessageFormat.Writer newWriter( PackOutput output )
     {
-        return new MessageWriterV1( output, byteArraySupportEnabled );
+        return new MessageWriterV1( output );
     }
 
     @Override

driver/src/main/java/org/neo4j/driver/internal/messaging/v1/MessageWriterV1.java

@@ -38,9 +38,9 @@
 
 public class MessageWriterV1 extends AbstractMessageWriter
 {
-    public MessageWriterV1( PackOutput output, boolean byteArraySupportEnabled )
+    public MessageWriterV1( PackOutput output )
     {
-        this( new ValuePackerV1( output, byteArraySupportEnabled ) );
+        this( new ValuePackerV1( output ) );
     }
 
     protected MessageWriterV1( ValuePacker packer )

driver/src/main/java/org/neo4j/driver/internal/messaging/v1/ValuePackerV1.java

@@ -31,12 +31,9 @@ public class ValuePackerV1 implements ValuePacker
 {
     protected final PackStream.Packer packer;
 
-    private final boolean byteArraySupportEnabled;
-
-    public ValuePackerV1( PackOutput output, boolean byteArraySupportEnabled )
+    public ValuePackerV1( PackOutput output )
     {
         this.packer = new PackStream.Packer( output );
-        this.byteArraySupportEnabled = byteArraySupportEnabled;
     }
 
     @Override
@@ -89,11 +86,6 @@ protected void packInternalValue( InternalValue value ) throws IOException
             break;
 
         case BYTES:
-            if ( !byteArraySupportEnabled )
-            {
-                throw new PackStream.UnPackable(
-                        "Packing bytes is not supported as the current server this driver connected to does not support unpack bytes." );
-            }
             packer.pack( value.asByteArray() );
             break;
 

driver/src/main/java/org/neo4j/driver/internal/messaging/v2/MessageFormatV2.java

@@ -50,12 +50,8 @@ public class MessageFormatV2 extends MessageFormatV1
     public static final int POINT_3D_STRUCT_SIZE = 4;
 
     @Override
-    public Writer newWriter( PackOutput output, boolean byteArraySupportEnabled )
+    public Writer newWriter( PackOutput output )
     {
-        if ( !byteArraySupportEnabled )
-        {
-            throw new IllegalArgumentException( "Bolt V2 should support byte arrays" );
-        }
         return new MessageWriterV2( output );
     }
 

driver/src/main/java/org/neo4j/driver/internal/messaging/v2/ValuePackerV2.java

@@ -59,7 +59,7 @@ public class ValuePackerV2 extends ValuePackerV1
 {
     public ValuePackerV2( PackOutput output )
     {
-        super( output, true );
+        super( output );
     }
 
     @Override

driver/src/main/java/org/neo4j/driver/internal/messaging/v3/MessageFormatV3.java

@@ -26,7 +26,7 @@
 public class MessageFormatV3 implements MessageFormat
 {
     @Override
-    public Writer newWriter( PackOutput output, boolean byteArraySupportEnabled )
+    public Writer newWriter( PackOutput output )
     {
         return new MessageWriterV3( output );
     }

driver/src/main/java/org/neo4j/driver/internal/messaging/v4/MessageFormatV4.java

@@ -26,7 +26,7 @@
 public class MessageFormatV4 implements MessageFormat
 {
     @Override
-    public Writer newWriter( PackOutput output, boolean byteArraySupportEnabled )
+    public Writer newWriter( PackOutput output )
     {
         return new MessageWriterV4( output );
     }

driver/src/main/java/org/neo4j/driver/internal/security/SecurityPlan.java

@@ -25,7 +25,6 @@
 import java.security.NoSuchAlgorithmException;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 
 import static org.neo4j.driver.internal.util.CertificateTool.loadX509Cert;
@@ -35,14 +34,6 @@
  */
 public class SecurityPlan
 {
-    public static SecurityPlan forAllCertificates( boolean requiresHostnameVerification ) throws GeneralSecurityException
-    {
-        SSLContext sslContext = SSLContext.getInstance( "TLS" );
-        sslContext.init( new KeyManager[0], new TrustManager[]{new TrustAllTrustManager()}, null );
-
-        return new SecurityPlan( true, sslContext, true, requiresHostnameVerification );
-    }
-
     public static SecurityPlan forCustomCASignedCertificates( File certFile, boolean requiresHostnameVerification )
             throws GeneralSecurityException, IOException
     {
@@ -61,29 +52,27 @@ public static SecurityPlan forCustomCASignedCertificates( File certFile, boolean
         SSLContext sslContext = SSLContext.getInstance( "TLS" );
         sslContext.init( new KeyManager[0], trustManagerFactory.getTrustManagers(), null );
 
-        return new SecurityPlan( true, sslContext, true, requiresHostnameVerification );
+        return new SecurityPlan( true, sslContext, requiresHostnameVerification );
     }
 
     public static SecurityPlan forSystemCASignedCertificates( boolean requiresHostnameVerification ) throws NoSuchAlgorithmException
     {
-        return new SecurityPlan( true, SSLContext.getDefault(), true, requiresHostnameVerification );
+        return new SecurityPlan( true, SSLContext.getDefault(), requiresHostnameVerification );
     }
 
     public static SecurityPlan insecure()
     {
-        return new SecurityPlan( false, null, true, false );
+        return new SecurityPlan( false, null, false );
     }
 
     private final boolean requiresEncryption;
     private final SSLContext sslContext;
-    private final boolean routingCompatible;
     private final boolean requiresHostnameVerification;
 
-    private SecurityPlan( boolean requiresEncryption, SSLContext sslContext, boolean routingCompatible, boolean requiresHostnameVerification )
+    private SecurityPlan( boolean requiresEncryption, SSLContext sslContext, boolean requiresHostnameVerification )
     {
         this.requiresEncryption = requiresEncryption;
         this.sslContext = sslContext;
-        this.routingCompatible = routingCompatible;
         this.requiresHostnameVerification = requiresHostnameVerification;
     }
 
@@ -92,11 +81,6 @@ public boolean requiresEncryption()
         return requiresEncryption;
     }
 
-    public boolean isRoutingCompatible()
-    {
-        return routingCompatible;
-    }
-
     public SSLContext sslContext()
     {
         return sslContext;