Extended URI Schemes #685
Merged
Extended URI Schemes #685
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gjmwoods
force-pushed
the
4-0-encyption-and-trust-config-in-uri
branch
from
eee2fe3 to
7951281
Compare
gjmwoods
force-pushed
the
4-0-encyption-and-trust-config-in-uri
branch
2 times, most recently
from
440e7c6 to
5fe36c1
Compare
zhenlineo
reviewed
Mar 5, 2020
Comment on lines
143
to
152
| if ( isRoutingScheme( scheme ) ) | ||
| { | ||
| return createRoutingDriver( securityPlan, address, connectionPool, eventExecutorGroup, routingSettings, retryLogic, metricsProvider, config ); | ||
| } | ||
| else if ( !isRoutingScheme( scheme ) ) | ||
| { | ||
| case BOLT_URI_SCHEME: | ||
| assertNoRoutingContext( uri, routingSettings ); | ||
| return createDirectDriver( securityPlan, address, connectionPool, retryLogic, metricsProvider, config ); | ||
| case BOLT_ROUTING_URI_SCHEME: | ||
| return createRoutingDriver( securityPlan, address, connectionPool, eventExecutorGroup, routingSettings, retryLogic, metricsProvider, config ); | ||
| default: | ||
| throw new ClientException( format( "Unsupported URI scheme: %s", scheme ) ); | ||
| } | ||
| throw new ClientException( format( "Unsupported URI scheme: %s", scheme ) ); |
There was a problem hiding this comment.
haha. I am not fooled by these lines :D
If-else should be good enough here as we've validated the scheme Scheme.validateScheme( uri.getScheme() );.
if( isRoutingScheme(scheme) ){...}
else {...}
b93ed99 to
351168a
Compare
zhenlineo
reviewed
Mar 5, 2020
| } | ||
| } | ||
|
|
||
| private SecurityPlan createSecurityPlanFromScheme( String scheme ) throws GeneralSecurityException, IOException |
There was a problem hiding this comment.
Can we simplify this method as:
if ( isHighTrustScheme(scheme) )
{
return SecurityPlanImpl.forSystemCASignedCertificates( trustStrategy.isHostnameVerificationEnabled() );
}
else
{
return SecurityPlanImpl.forAllCertificates( trustStrategy.isHostnameVerificationEnabled() );
}
We've already checked isSecurityScheme and assertSecuritySettingsNotUserConfigured.
There was a problem hiding this comment.
of course! I will update this now
…" and "neo4j+ssc" to allow encryption and trust settings to be configurable using the URI.
gjmwoods
force-pushed
the
4-0-encyption-and-trust-config-in-uri
branch
from
351168a to
5f13b09
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR makes encryption and trust settings configurable using the URI.
We introduce 4 additional schemes:
bolt+sandneo4j+swhich enables encryption and configures the trust settings to use the local system's certificate storebolt+sscandneo4j+sscwhich configures trust to use all certificates