} // for test
public EncryptionManager(EncryptionLevel level, TrustStrategy strategy, TrustManager trustManager, IDriverLogger logger)
{
_encryptionLevel = level;
if (_encryptionLevel == EncryptionLevel.Encrypted)
{
if (trustManager == null)
{
switch (strategy)
{
case V1.TrustStrategy.TrustAllCertificates:
trustManager = TrustManager.CreateInsecure(false);
break;
case V1.TrustStrategy.TrustSystemCaSignedCertificates:
trustManager = TrustManager.CreateChainTrust(true);
break;
default:
throw new InvalidOperationException($"Unknown trust strategy: {strategy}");
}
}
trustManager.Logger = logger;
TrustManager = trustManager;
}
}
public void WithTrustStrategyShouldModifyTheSingleValue()
{
var config = Config.Builder.WithTrustStrategy(TrustStrategy.TrustSystemCaSignedCertificates()).ToConfig();
config.EncryptionLevel.Should().Be(EncryptionLevel.EncryptedNonLocal);
config.TrustStrategy.ServerTrustStrategy().Should().Be(TrustStrategy.Strategy.TrustSystemCaSignedCertificates);
config.TrustStrategy.FileName().Should().BeNull();
config.Logger.Should().BeOfType <DebugLogger>();
config.MaxIdleSessionPoolSize.Should().Be(10);
}
} // for test
public EncryptionManager(EncryptionLevel level, TrustStrategy strategy, ILogger logger)
{
_encryptionLevel = level;
if (_encryptionLevel == EncryptionLevel.Encrypted)
{
switch (strategy)
{
case V1.TrustStrategy.TrustAllCertificates:
TrustStrategy = new TrustAllCertificates(logger);
break;
case V1.TrustStrategy.TrustSystemCaSignedCertificates:
TrustStrategy = new TrustSystemCaSignedCertificates(logger);
break;
default:
throw new InvalidOperationException($"Unknown trust strategy: {strategy}");
}
}
}
public EncryptionManager(EncryptionLevel level, TrustStrategy strategy, ILogger logger)
{
_encryptionLevel = level;
if (_encryptionLevel != EncryptionLevel.None)
{
switch (strategy.ServerTrustStrategy())
{
case V1.TrustStrategy.Strategy.TrustOnFirstUse:
TrustStrategy = new TrustOnFirstUse(logger, strategy.FileName());
break;
case V1.TrustStrategy.Strategy.TrustSystemCaSignedCertificates:
TrustStrategy = new TrustSystemCaSignedCertificates(logger);
break;
default:
throw new InvalidOperationException($"Unknown trust strategy: {strategy}");
}
}
}
public void TlsTrustOnFirstUse()
{
var knownHostsFileName = Path.GetTempPath() + Guid.NewGuid() + ".tmp";
//tag::tls-trust-on-first-use[]
var driver = GraphDatabase.Driver("bolt://localhost", AuthTokens.Basic("neo4j", "neo4j"),
Config.Builder.WithEncryptionLevel(EncryptionLevel.Encrypted).WithTrustStrategy(TrustStrategy.TrustOnFirstUse(knownHostsFileName))
.ToConfig());
//end::tls-trust-on-first-use[]
using (var session = driver.Session())
{
var result = session.Run("RETURN 1 as n");
result.Single()["n"].As <int>().Should().Be(1);
}
driver.Dispose();
File.Delete(knownHostsFileName);
}
public void TlsSigned()
{
//tag::tls-signed[]
var driver = GraphDatabase.Driver("bolt://localhost", AuthTokens.Basic("neo4j", "neo4j"),
Config.Builder.WithEncryptionLevel(EncryptionLevel.Encrypted).WithTrustStrategy(TrustStrategy.TrustSystemCaSignedCertificates()).ToConfig());
//end::tls-signed[]
driver.Dispose();
}
/// <exception cref="Sharpen.NoSuchAlgorithmException"></exception>
/// <exception cref="Sharpen.KeyStoreException"></exception>
public virtual Apache.Http.Conn.Ssl.SSLContextBuilder LoadTrustMaterial(KeyStore
truststore, TrustStrategy trustStrategy)
{
TrustManagerFactory tmfactory = TrustManagerFactory.GetInstance(TrustManagerFactory
.GetDefaultAlgorithm());
tmfactory.Init(truststore);
TrustManager[] tms = tmfactory.GetTrustManagers();
if (tms != null)
{
if (trustStrategy != null)
{
for (int i = 0; i < tms.Length; i++)
{
TrustManager tm = tms[i];
if (tm is X509TrustManager)
{
tms[i] = new SSLContextBuilder.TrustManagerDelegate((X509TrustManager)tm, trustStrategy
);
}
}
}
for (int i_1 = 0; i_1 < tms.Length; i_1++)
{
this.trustmanagers.AddItem(tms[i_1]);
}
}
return(this);
}
internal TrustManagerDelegate(X509TrustManager trustManager, TrustStrategy trustStrategy
) : base()
{
this.trustManager = trustManager;
this.trustStrategy = trustStrategy;
}
