Polishing

Simplify test setup by moving TrustStore assertions into unit tests instead of customizing the actual SQL server instance. Add configuration options to MssqlConnectionFactoryProvider and document these. Add author and since tags.

[#148][#150]

Author: mp911de

README.md

@@ -76,6 +76,10 @@ Mono<Connection> connectionMono = Mono.from(connectionFactory.create());
 | `hostNameInCertificate` | Expected hostname in SSL certificate. Supports wildcards (e.g. `*.database.windows.net`). _(Optional)_
 | `preferCursoredExecution` | Whether to prefer cursors  or direct execution for queries. Uses by default direct. Cursors require more round-trips but are more backpressure-friendly. Defaults to direct execution. Can be `boolean` or a `Predicate<String>` accepting the SQL query. _(Optional)_
 | `sendStringParametersAsUnicode` | Configure whether to send character data as unicode (NVARCHAR, NCHAR, NTEXT) or whether to use the database encoding, defaults to `true`. If disabled, `CharSequence` data is sent using the database-specific collation such as ASCII/MBCS instead of Unicode.
+| `trustStoreType`  | Type of the TrustStore. Defaults to `KeyStore.getDefaultType()`. _(Optional)_
+| `trustStore`      | Path to the certificate TrustStore file. _(Optional)_
+| `trustStorePassword` | Password used to check the integrity of the TrustStore data. _(Optional)_
+
 
 **Programmatic Configuration**
 

pom.xml

@@ -51,7 +51,6 @@
         <slf4j.version>1.7.26</slf4j.version>
         <spring-framework.version>5.2.6.RELEASE</spring-framework.version>
         <testcontainers.version>1.14.2</testcontainers.version>
-        <bouncycastle.version>1.64</bouncycastle.version>
     </properties>
 
     <licenses>
@@ -211,12 +210,6 @@
             <version>${logback.version}</version>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bcpkix-jdk15on</artifactId>
-            <version>${bouncycastle.version}</version>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
 
     <build>

src/main/java/io/r2dbc/mssql/MssqlConnectionConfiguration.java

@@ -31,27 +31,28 @@
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;
-import java.io.ByteArrayInputStream;
 import java.io.File;
+import java.io.FileInputStream;
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.time.Duration;
+import java.util.Arrays;
 import java.util.Optional;
 import java.util.UUID;
 import java.util.function.Function;
 import java.util.function.Predicate;
 
-import static java.nio.file.Files.readAllBytes;
 import static reactor.netty.tcp.SslProvider.DefaultConfigurationType.TCP;
 
 /**
  * Connection configuration information for connecting to a Microsoft SQL database.
  * Allows configuration of the connection endpoint, login credentials, database and trace details such as application name and connection Id.
  *
  * @author Mark Paluch
+ * @author Alex Stockinger
  */
 public final class MssqlConnectionConfiguration {
 
@@ -94,17 +95,17 @@ public final class MssqlConnectionConfiguration {
     private final String username;
 
     @Nullable
-    private final String trustStore;
+    private final File trustStore;
 
     @Nullable
     private final String trustStoreType;
 
     @Nullable
     private final char[] trustStorePassword;
 
-    private MssqlConnectionConfiguration(@Nullable String applicationName, @Nullable UUID connectionId, Duration connectTimeout, @Nullable String database, String host, String hostNameInCertificate
-        , CharSequence password, Predicate<String> preferCursoredExecution, int port, boolean sendStringParametersAsUnicode, boolean ssl,
-                                         Function<SslContextBuilder, SslContextBuilder> sslContextBuilderCustomizer, @Nullable String trustStore, @Nullable String trustStoreType,
+    private MssqlConnectionConfiguration(@Nullable String applicationName, @Nullable UUID connectionId, Duration connectTimeout, @Nullable String database, String host, String hostNameInCertificate,
+                                         CharSequence password, Predicate<String> preferCursoredExecution, int port, boolean sendStringParametersAsUnicode, boolean ssl,
+                                         Function<SslContextBuilder, SslContextBuilder> sslContextBuilderCustomizer, @Nullable File trustStore, @Nullable String trustStoreType,
                                          @Nullable char[] trustStorePassword, String username) {
 
         this.applicationName = applicationName;
@@ -164,7 +165,7 @@ MssqlConnectionConfiguration withRedirect(Redirect redirect) {
     }
 
     ClientConfiguration toClientConfiguration() {
-        return new DefaultClientConfiguration(this.connectTimeout, this.host, this.hostNameInCertificate, this.port, this.ssl, sslContextBuilderCustomizer, this.trustStore, this.trustStoreType,
+        return new DefaultClientConfiguration(this.connectTimeout, this.host, this.hostNameInCertificate, this.port, this.ssl, this.sslContextBuilderCustomizer, this.trustStore, this.trustStoreType,
             this.trustStorePassword);
     }
 
@@ -323,10 +324,13 @@ public static final class Builder {
 
         private String username;
 
-        private String trustStore;
+        @Nullable
+        private File trustStore;
 
+        @Nullable
         private String trustStoreType;
 
+        @Nullable
         private char[] trustStorePassword;
 
         private Builder() {
@@ -505,22 +509,38 @@ public Builder username(String username) {
         /**
          * Configure the trust store type.
          *
-         * @param trustStoreType the type of the trust store to be used for SSL certificate verification. Defaults to 'JKS' if not set.
+         * @param trustStoreType the type of the trust store to be used for SSL certificate verification. Defaults to {@link KeyStore#getDefaultType()} if not set.
          * @return this {@link Builder}
+         * @throws IllegalArgumentException if {@code trustStoreType} is {@code null}
+         * @since 0.8.3
          */
-        public Builder withTrustStoreType(String trustStoreType) {
-            this.trustStoreType = trustStoreType;
+        public Builder trustStoreType(String trustStoreType) {
+            this.trustStoreType = Assert.requireNonNull(trustStoreType, "trustStoreType must not be null");
             return this;
         }
 
         /**
-         * Configure the trust store.
+         * Configure the file path to the trust store.
+         *
+         * @param trustStoreFile the path of the trust store to be used for SSL certificate verification.
+         * @return this {@link Builder}
+         * @throws IllegalArgumentException if {@code trustStore} is {@code null}
+         * @since 0.8.3
+         */
+        public Builder trustStore(String trustStoreFile) {
+            return trustStore(new File(Assert.requireNonNull(trustStoreFile, "trustStore must not be null")));
+        }
+
+        /**
+         * Configure the path to the trust store.
          *
          * @param trustStore the path of the trust store to be used for SSL certificate verification.
          * @return this {@link Builder}
+         * @throws IllegalArgumentException if {@code trustStore} is {@code null}
+         * @since 0.8.3
          */
-        public Builder withTrustStore(String trustStore) {
-            this.trustStore = trustStore;
+        public Builder trustStore(File trustStore) {
+            this.trustStore = Assert.requireNonNull(trustStore, "trustStore must not be null");
             return this;
         }
 
@@ -529,9 +549,10 @@ public Builder withTrustStore(String trustStore) {
          *
          * @param trustStorePassword the password to read the trust store.
          * @return this {@link Builder}
+         * @since 0.8.3
          */
-        public Builder withTrustStorePassword(char[] trustStorePassword) {
-            this.trustStorePassword = trustStorePassword;
+        public Builder trustStorePassword(char[] trustStorePassword) {
+            this.trustStorePassword = Assert.requireNonNull(Arrays.copyOf(trustStorePassword, trustStorePassword.length), "trustStorePassword must not be null");
             return this;
         }
 
@@ -552,7 +573,7 @@ public MssqlConnectionConfiguration build() {
         }
     }
 
-    private static class DefaultClientConfiguration implements ClientConfiguration {
+    static class DefaultClientConfiguration implements ClientConfiguration {
 
         private final Duration connectTimeout;
 
@@ -567,7 +588,7 @@ private static class DefaultClientConfiguration implements ClientConfiguration {
         private final Function<SslContextBuilder, SslContextBuilder> sslContextBuilderCustomizer;
 
         @Nullable
-        private final String trustStore;
+        private final File trustStore;
 
         @Nullable
         private final String trustStoreType;
@@ -576,7 +597,7 @@ private static class DefaultClientConfiguration implements ClientConfiguration {
         private final char[] trustStorePassword;
 
         DefaultClientConfiguration(Duration connectTimeout, String host, String hostNameInCertificate, int port, boolean ssl,
-                                   Function<SslContextBuilder, SslContextBuilder> sslContextBuilderCustomizer, @Nullable String trustStore,
+                                   Function<SslContextBuilder, SslContextBuilder> sslContextBuilderCustomizer, @Nullable File trustStore,
                                    @Nullable String trustStoreType, @Nullable char[] trustStorePassword) {
 
             this.connectTimeout = connectTimeout;
@@ -642,17 +663,19 @@ public SslProvider getSslProvider() throws GeneralSecurityException {
         }
 
         @Nullable
-        private KeyStore loadCustomTrustStore() throws GeneralSecurityException {
+        KeyStore loadCustomTrustStore() throws GeneralSecurityException {
 
-            try {
-                if (trustStore == null) {
-                    return null;
-                }
-                KeyStore trustStoreInstance = KeyStore.getInstance(trustStoreType == null ? "JKS" : trustStoreType);
-                trustStoreInstance.load(new ByteArrayInputStream(readAllBytes(new File(trustStore).toPath())), trustStorePassword);
+            if (this.trustStore == null) {
+                return null;
+            }
+
+            KeyStore trustStoreInstance = KeyStore.getInstance(this.trustStoreType == null ? KeyStore.getDefaultType() : this.trustStoreType);
+
+            try (FileInputStream fis = new FileInputStream(this.trustStore)) {
+                trustStoreInstance.load(fis, this.trustStorePassword);
                 return trustStoreInstance;
             } catch (IOException e) {
-                throw new GeneralSecurityException("Could not load custom trust store", e);
+                throw new GeneralSecurityException(String.format("Could not load custom trust store from %s", this.trustStore), e);
             }
         }
     }

src/main/java/io/r2dbc/mssql/MssqlConnectionFactoryProvider.java

@@ -24,6 +24,7 @@
 import reactor.util.Logger;
 import reactor.util.Loggers;
 
+import java.io.File;
 import java.time.Duration;
 import java.util.UUID;
 import java.util.function.Function;
@@ -82,6 +83,27 @@ public final class MssqlConnectionFactoryProvider implements ConnectionFactoryPr
      */
     public static final Option<Function<SslContextBuilder, SslContextBuilder>> SSL_CONTEXT_BUILDER_CUSTOMIZER = Option.valueOf("sslContextBuilderCustomizer");
 
+    /**
+     * Type of the TrustStore.
+     *
+     * @since 0.8.3
+     */
+    public static final Option<String> TRUST_STORE_TYPE = Option.valueOf("trustStoreType");
+
+    /**
+     * Path to the certificate TrustStore file.
+     *
+     * @since 0.8.3
+     */
+    public static final Option<File> TRUST_STORE = Option.valueOf("trustStore");
+
+    /**
+     * Password used to check the integrity of the TrustStore data.
+     *
+     * @since 0.8.3
+     */
+    public static final Option<char[]> TRUST_STORE_PASSWORD = Option.valueOf("trustStorePassword");
+
     /**
      * Driver option value.
      */
@@ -149,7 +171,7 @@ public MssqlConnectionFactory create(ConnectionFactoryOptions connectionFactoryO
             } else {
 
                 try {
-                    Object predicate = Class.forName(value).getConstructor().newInstance();
+                    Object predicate = Class.forName(value).getDeclaredConstructor().newInstance();
                     if (predicate instanceof Predicate) {
                         builder.preferCursoredExecution((Predicate<String>) predicate);
                     } else {
@@ -176,6 +198,18 @@ public MssqlConnectionFactory create(ConnectionFactoryOptions connectionFactoryO
         builder.username(connectionFactoryOptions.getRequiredValue(USER));
         builder.applicationName(connectionFactoryOptions.getRequiredValue(USER));
 
+        if (connectionFactoryOptions.hasOption(TRUST_STORE)) {
+            builder.trustStore(connectionFactoryOptions.getRequiredValue(TRUST_STORE));
+        }
+
+        if (connectionFactoryOptions.hasOption(TRUST_STORE_PASSWORD)) {
+            builder.trustStorePassword(connectionFactoryOptions.getRequiredValue(TRUST_STORE_PASSWORD));
+        }
+
+        if (connectionFactoryOptions.hasOption(TRUST_STORE_TYPE)) {
+            builder.trustStoreType(connectionFactoryOptions.getRequiredValue(TRUST_STORE_TYPE));
+        }
+
         if (connectionFactoryOptions.hasOption(SSL_CONTEXT_BUILDER_CUSTOMIZER)) {
             builder.sslContextBuilderCustomizer(connectionFactoryOptions.getRequiredValue(SSL_CONTEXT_BUILDER_CUSTOMIZER));
         }

src/test/java/io/r2dbc/mssql/MssqlConnectionConfigurationUnitTests.java

@@ -18,7 +18,25 @@
 
 import io.r2dbc.mssql.message.tds.Redirect;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+import org.testcontainers.shaded.org.bouncycastle.asn1.x500.X500Name;
+import org.testcontainers.shaded.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.testcontainers.shaded.org.bouncycastle.cert.X509CertificateHolder;
+import org.testcontainers.shaded.org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.testcontainers.shaded.org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.testcontainers.shaded.org.bouncycastle.operator.ContentSigner;
+import org.testcontainers.shaded.org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 
+import java.io.File;
+import java.io.FileOutputStream;
+import java.math.BigInteger;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.SecureRandom;
+import java.security.cert.Certificate;
+import java.util.Calendar;
+import java.util.Date;
 import java.util.UUID;
 import java.util.function.Predicate;
 
@@ -212,4 +230,68 @@ void redirectInDomain() {
             .hasFieldOrPropertyWithValue("sendStringParametersAsUnicode", true)
             .hasFieldOrPropertyWithValue("hostNameInCertificate", "*.target.windows.net");
     }
+
+    @Test
+    void configureKeyStore(@TempDir File tempDir) throws Exception {
+
+        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+        keyGen.initialize(1024, new SecureRandom());
+        KeyPair keypair = keyGen.generateKeyPair();
+
+        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        keyStore.load(null, null);
+
+        Certificate selfSignedCertificate = selfSign(keypair, "CN=dummy");
+
+        KeyStore.Entry entry = new KeyStore.PrivateKeyEntry(keypair.getPrivate(),
+            new Certificate[]{selfSignedCertificate});
+
+        keyStore.setEntry("dummy", entry, new KeyStore.PasswordProtection("key-password".toCharArray()));
+
+        File file = new File(tempDir, getClass().getName() + ".jks");
+        keyStore.store(new FileOutputStream(file), "my-password".toCharArray());
+
+
+        MssqlConnectionConfiguration configuration = MssqlConnectionConfiguration.builder()
+            .database("test-database")
+            .host("test-host.windows.net")
+            .password("test-password")
+            .username("test-username")
+            .trustStore(file)
+            .trustStorePassword("my-password".toCharArray())
+            .build();
+
+        MssqlConnectionConfiguration.DefaultClientConfiguration clientConfiguration = (MssqlConnectionConfiguration.DefaultClientConfiguration) configuration.toClientConfiguration();
+
+        KeyStore loaded = clientConfiguration.loadCustomTrustStore();
+
+        KeyStore.Entry loadedEntry = loaded.getEntry("dummy", new KeyStore.PasswordProtection("key-password".toCharArray()));
+        assertThat(loadedEntry).isInstanceOf(KeyStore.PrivateKeyEntry.class);
+    }
+
+    private static Certificate selfSign(KeyPair keyPair, String subjectDN)
+        throws Exception {
+
+        Date startDate = new Date();
+        X500Name dnName = new X500Name(subjectDN);
+
+        Calendar calendar = Calendar.getInstance();
+        calendar.setTime(startDate);
+        calendar.add(Calendar.YEAR, 1);
+        Date endDate = calendar.getTime();
+
+
+        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair
+            .getPublic().getEncoded());
+
+        X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(dnName,
+            BigInteger.valueOf(1), startDate, endDate, dnName, subjectPublicKeyInfo);
+
+        ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
+
+        X509CertificateHolder certificateHolder = certificateBuilder.build(contentSigner);
+
+        return new JcaX509CertificateConverter()
+            .getCertificate(certificateHolder);
+    }
 }