Merge pull request #620 from zhenlineo/2.0-default-unencrypted

Default to unencrypted connection on the driver.

Author: zhenlineo

driver/src/main/java/org/neo4j/driver/Config.java

@@ -34,7 +34,7 @@
 import org.neo4j.driver.util.Immutable;
 import org.neo4j.driver.util.Resource;
 
-import static org.neo4j.driver.Config.TrustStrategy.trustAllCertificates;
+import static org.neo4j.driver.Config.TrustStrategy.trustSystemCertificates;
 import static org.neo4j.driver.Logging.javaUtilLogging;
 
 /**
@@ -249,8 +249,8 @@ public static class ConfigBuilder
         private long idleTimeBeforeConnectionTest = PoolSettings.DEFAULT_IDLE_TIME_BEFORE_CONNECTION_TEST;
         private long maxConnectionLifetimeMillis = PoolSettings.DEFAULT_MAX_CONNECTION_LIFETIME;
         private long connectionAcquisitionTimeoutMillis = PoolSettings.DEFAULT_CONNECTION_ACQUISITION_TIMEOUT;
-        private boolean encrypted = true;
-        private TrustStrategy trustStrategy = trustAllCertificates();
+        private boolean encrypted = false;
+        private TrustStrategy trustStrategy = trustSystemCertificates();
         private int routingFailureLimit = RoutingSettings.DEFAULT.maxRoutingFailures();
         private long routingRetryDelayMillis = RoutingSettings.DEFAULT.retryTimeoutDelay();
         private long routingTablePurgeDelayMillis = RoutingSettings.DEFAULT.routingTablePurgeDelayMs();
@@ -439,7 +439,7 @@ public ConfigBuilder withoutEncryption()
 
         /**
          * Specify how to determine the authenticity of an encryption certificate provided by the Neo4j instance we are connecting to.
-         * This defaults to {@link TrustStrategy#trustAllCertificates()}.
+         * This defaults to {@link TrustStrategy#trustSystemCertificates()}.
          * See {@link TrustStrategy#trustCustomCertificateSignedBy(File)} for using certificate signatures instead to verify
          * trust.
          * <p>
@@ -689,15 +689,13 @@ public static class TrustStrategy
         public enum Strategy
         {
             TRUST_ALL_CERTIFICATES,
-
             TRUST_CUSTOM_CA_SIGNED_CERTIFICATES,
-
             TRUST_SYSTEM_CA_SIGNED_CERTIFICATES
         }
 
         private final Strategy strategy;
         private final File certFile;
-        private boolean hostnameVerificationEnabled;
+        private boolean hostnameVerificationEnabled = true;
 
         private TrustStrategy( Strategy strategy )
         {
@@ -788,7 +786,7 @@ public static TrustStrategy trustSystemCertificates()
         }
 
         /**
-         * Trust strategy for certificates that can be verified through the local system store.
+         * Trust strategy for certificates that trust all certificates blindly. Suggested to only use this in tests.
          *
          * @return an authentication config
          * @since 1.1

driver/src/main/java/org/neo4j/driver/internal/DriverFactory.java

@@ -186,10 +186,6 @@ protected InternalDriver createDirectDriver( SecurityPlan securityPlan, BoltServ
     protected InternalDriver createRoutingDriver( SecurityPlan securityPlan, BoltServerAddress address, ConnectionPool connectionPool,
             EventExecutorGroup eventExecutorGroup, RoutingSettings routingSettings, RetryLogic retryLogic, MetricsProvider metricsProvider, Config config )
     {
-        if ( !securityPlan.isRoutingCompatible() )
-        {
-            throw new IllegalArgumentException( "The chosen security plan is not compatible with a routing driver" );
-        }
         ConnectionProvider connectionProvider = createLoadBalancer( address, connectionPool, eventExecutorGroup,
                 config, routingSettings );
         SessionFactory sessionFactory = createSessionFactory( connectionProvider, retryLogic, config );
@@ -285,7 +281,7 @@ private static SecurityPlan createSecurityPlan( BoltServerAddress address, Confi
     {
         try
         {
-            return createSecurityPlanImpl( address, config );
+            return createSecurityPlanImpl( config );
         }
         catch ( GeneralSecurityException | IOException ex )
         {
@@ -297,13 +293,11 @@ private static SecurityPlan createSecurityPlan( BoltServerAddress address, Confi
      * Establish a complete SecurityPlan based on the details provided for
      * driver construction.
      */
-    @SuppressWarnings( "deprecation" )
-    private static SecurityPlan createSecurityPlanImpl( BoltServerAddress address, Config config )
+    private static SecurityPlan createSecurityPlanImpl( Config config )
             throws GeneralSecurityException, IOException
     {
         if ( config.encrypted() )
         {
-            Logger logger = config.logging().getLog( "SecurityPlan" );
             Config.TrustStrategy trustStrategy = config.trustStrategy();
             boolean hostnameVerificationEnabled = trustStrategy.isHostnameVerificationEnabled();
             switch ( trustStrategy.strategy() )

driver/src/main/java/org/neo4j/driver/internal/async/outbound/OutboundMessageHandler.java

@@ -37,8 +37,6 @@
 public class OutboundMessageHandler extends MessageToMessageEncoder<Message>
 {
     public static final String NAME = OutboundMessageHandler.class.getSimpleName();
-
-    private final MessageFormat messageFormat;
     private final ChunkAwareByteBufOutput output;
     private final MessageFormat.Writer writer;
     private final Logging logging;
@@ -47,14 +45,8 @@ public class OutboundMessageHandler extends MessageToMessageEncoder<Message>
 
     public OutboundMessageHandler( MessageFormat messageFormat, Logging logging )
     {
-        this( messageFormat, true, logging );
-    }
-
-    private OutboundMessageHandler( MessageFormat messageFormat, boolean byteArraySupportEnabled, Logging logging )
-    {
-        this.messageFormat = messageFormat;
         this.output = new ChunkAwareByteBufOutput();
-        this.writer = messageFormat.newWriter( output, byteArraySupportEnabled );
+        this.writer = messageFormat.newWriter( output );
         this.logging = logging;
     }
 
@@ -98,9 +90,4 @@ protected void encode( ChannelHandlerContext ctx, Message msg, List<Object> out
         BoltProtocolUtil.writeMessageBoundary( messageBuf );
         out.add( messageBuf );
     }
-
-    public OutboundMessageHandler withoutByteArraySupport()
-    {
-        return new OutboundMessageHandler( messageFormat, false, logging );
-    }
 }

driver/src/main/java/org/neo4j/driver/internal/handlers/InitResponseHandler.java

@@ -50,7 +50,6 @@ public void onSuccess( Map<String,Value> metadata )
         {
             ServerVersion serverVersion = extractNeo4jServerVersion( metadata );
             setServerVersion( channel, serverVersion );
-            updatePipelineIfNeeded( serverVersion, channel.pipeline() );
             connectionInitializedPromise.setSuccess();
         }
         catch ( Throwable error )
@@ -71,16 +70,4 @@ public void onRecord( Value[] fields )
     {
         throw new UnsupportedOperationException();
     }
-
-    private static void updatePipelineIfNeeded( ServerVersion serverVersion, ChannelPipeline pipeline )
-    {
-        if ( serverVersion.lessThan( ServerVersion.v3_2_0 ) )
-        {
-            OutboundMessageHandler outboundHandler = pipeline.get( OutboundMessageHandler.class );
-            if ( outboundHandler != null )
-            {
-                pipeline.replace( outboundHandler, OutboundMessageHandler.NAME, outboundHandler.withoutByteArraySupport() );
-            }
-        }
-    }
 }

driver/src/main/java/org/neo4j/driver/internal/messaging/MessageFormat.java

@@ -35,7 +35,7 @@ interface Reader
         void read( ResponseMessageHandler handler ) throws IOException;
     }
 
-    Writer newWriter( PackOutput output, boolean byteArraySupportEnabled );
+    Writer newWriter( PackOutput output );
 
     Reader newReader( PackInput input );
 }

driver/src/main/java/org/neo4j/driver/internal/messaging/v1/MessageFormatV1.java

@@ -32,9 +32,9 @@ public class MessageFormatV1 implements MessageFormat
     public static final int NODE_FIELDS = 3;
 
     @Override
-    public MessageFormat.Writer newWriter( PackOutput output, boolean byteArraySupportEnabled )
+    public MessageFormat.Writer newWriter( PackOutput output )
     {
-        return new MessageWriterV1( output, byteArraySupportEnabled );
+        return new MessageWriterV1( output );
     }
 
     @Override

driver/src/main/java/org/neo4j/driver/internal/messaging/v1/MessageWriterV1.java

@@ -38,9 +38,9 @@
 
 public class MessageWriterV1 extends AbstractMessageWriter
 {
-    public MessageWriterV1( PackOutput output, boolean byteArraySupportEnabled )
+    public MessageWriterV1( PackOutput output )
     {
-        this( new ValuePackerV1( output, byteArraySupportEnabled ) );
+        this( new ValuePackerV1( output ) );
     }
 
     protected MessageWriterV1( ValuePacker packer )

driver/src/main/java/org/neo4j/driver/internal/messaging/v1/ValuePackerV1.java

@@ -31,12 +31,9 @@ public class ValuePackerV1 implements ValuePacker
 {
     protected final PackStream.Packer packer;
 
-    private final boolean byteArraySupportEnabled;
-
-    public ValuePackerV1( PackOutput output, boolean byteArraySupportEnabled )
+    public ValuePackerV1( PackOutput output )
     {
         this.packer = new PackStream.Packer( output );
-        this.byteArraySupportEnabled = byteArraySupportEnabled;
     }
 
     @Override
@@ -89,11 +86,6 @@ protected void packInternalValue( InternalValue value ) throws IOException
             break;
 
         case BYTES:
-            if ( !byteArraySupportEnabled )
-            {
-                throw new PackStream.UnPackable(
-                        "Packing bytes is not supported as the current server this driver connected to does not support unpack bytes." );
-            }
             packer.pack( value.asByteArray() );
             break;
 

driver/src/main/java/org/neo4j/driver/internal/messaging/v2/MessageFormatV2.java

@@ -50,12 +50,8 @@ public class MessageFormatV2 extends MessageFormatV1
     public static final int POINT_3D_STRUCT_SIZE = 4;
 
     @Override
-    public Writer newWriter( PackOutput output, boolean byteArraySupportEnabled )
+    public Writer newWriter( PackOutput output )
     {
-        if ( !byteArraySupportEnabled )
-        {
-            throw new IllegalArgumentException( "Bolt V2 should support byte arrays" );
-        }
         return new MessageWriterV2( output );
     }
 

driver/src/main/java/org/neo4j/driver/internal/messaging/v2/ValuePackerV2.java

@@ -59,7 +59,7 @@ public class ValuePackerV2 extends ValuePackerV1
 {
     public ValuePackerV2( PackOutput output )
     {
-        super( output, true );
+        super( output );
     }
 
     @Override

driver/src/main/java/org/neo4j/driver/internal/messaging/v3/MessageFormatV3.java

@@ -26,7 +26,7 @@
 public class MessageFormatV3 implements MessageFormat
 {
     @Override
-    public Writer newWriter( PackOutput output, boolean byteArraySupportEnabled )
+    public Writer newWriter( PackOutput output )
     {
         return new MessageWriterV3( output );
     }

driver/src/main/java/org/neo4j/driver/internal/messaging/v4/MessageFormatV4.java

@@ -26,7 +26,7 @@
 public class MessageFormatV4 implements MessageFormat
 {
     @Override
-    public Writer newWriter( PackOutput output, boolean byteArraySupportEnabled )
+    public Writer newWriter( PackOutput output )
     {
         return new MessageWriterV4( output );
     }

driver/src/main/java/org/neo4j/driver/internal/security/SecurityPlan.java

@@ -23,10 +23,13 @@
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
 
 import static org.neo4j.driver.internal.util.CertificateTool.loadX509Cert;
 
@@ -40,7 +43,7 @@ public static SecurityPlan forAllCertificates( boolean requiresHostnameVerificat
         SSLContext sslContext = SSLContext.getInstance( "TLS" );
         sslContext.init( new KeyManager[0], new TrustManager[]{new TrustAllTrustManager()}, null );
 
-        return new SecurityPlan( true, sslContext, true, requiresHostnameVerification );
+        return new SecurityPlan( true, sslContext, requiresHostnameVerification );
     }
 
     public static SecurityPlan forCustomCASignedCertificates( File certFile, boolean requiresHostnameVerification )
@@ -61,29 +64,27 @@ public static SecurityPlan forCustomCASignedCertificates( File certFile, boolean
         SSLContext sslContext = SSLContext.getInstance( "TLS" );
         sslContext.init( new KeyManager[0], trustManagerFactory.getTrustManagers(), null );
 
-        return new SecurityPlan( true, sslContext, true, requiresHostnameVerification );
+        return new SecurityPlan( true, sslContext, requiresHostnameVerification );
     }
 
     public static SecurityPlan forSystemCASignedCertificates( boolean requiresHostnameVerification ) throws NoSuchAlgorithmException
     {
-        return new SecurityPlan( true, SSLContext.getDefault(), true, requiresHostnameVerification );
+        return new SecurityPlan( true, SSLContext.getDefault(), requiresHostnameVerification );
     }
 
     public static SecurityPlan insecure()
     {
-        return new SecurityPlan( false, null, true, false );
+        return new SecurityPlan( false, null, false );
     }
 
     private final boolean requiresEncryption;
     private final SSLContext sslContext;
-    private final boolean routingCompatible;
     private final boolean requiresHostnameVerification;
 
-    private SecurityPlan( boolean requiresEncryption, SSLContext sslContext, boolean routingCompatible, boolean requiresHostnameVerification )
+    private SecurityPlan( boolean requiresEncryption, SSLContext sslContext, boolean requiresHostnameVerification )
     {
         this.requiresEncryption = requiresEncryption;
         this.sslContext = sslContext;
-        this.routingCompatible = routingCompatible;
         this.requiresHostnameVerification = requiresHostnameVerification;
     }
 
@@ -92,11 +93,6 @@ public boolean requiresEncryption()
         return requiresEncryption;
     }
 
-    public boolean isRoutingCompatible()
-    {
-        return routingCompatible;
-    }
-
     public SSLContext sslContext()
     {
         return sslContext;
@@ -106,4 +102,22 @@ public boolean requiresHostnameVerification()
     {
         return requiresHostnameVerification;
     }
+
+    private static class TrustAllTrustManager implements X509TrustManager
+    {
+        public void checkClientTrusted( X509Certificate[] chain, String authType ) throws CertificateException
+        {
+            throw new CertificateException( "All client connections to this client are forbidden." );
+        }
+
+        public void checkServerTrusted( X509Certificate[] chain, String authType ) throws CertificateException
+        {
+            // all fine, pass through
+        }
+
+        public X509Certificate[] getAcceptedIssuers()
+        {
+            return new X509Certificate[0];
+        }
+    }
 }