private ISet <string> ExtractValidShortKeys() { ISet <string> validSettingNames = new HashSet <string>(); string policyName = "example"; int prefixLength = GroupPrefix().Length + 1 + policyName.Length + 1; // dbms.ssl.policy.example. SslPolicyConfig examplePolicy = new SslPolicyConfig(policyName); System.Reflection.FieldInfo[] fields = examplePolicy.GetType().GetFields(BindingFlags.DeclaredOnly | BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Static | BindingFlags.Instance); foreach (System.Reflection.FieldInfo field in fields) { if (Modifier.isStatic(field.Modifiers)) { continue; } try { object obj = field.get(examplePolicy); if (obj is Setting) { string longKey = (( Setting )obj).name(); string shortKey = longKey.Substring(prefixLength); validSettingNames.Add(shortKey); } } catch (IllegalAccessException e) { throw new Exception(e); } } return(validSettingNames); }
private void ShouldComplainIfMissingFile(File file) { // given FileUtils.deleteFile(file); IDictionary <string, string> @params = stringMap(); SslPolicyConfig policyConfig = new SslPolicyConfig("default"); @params[neo4j_home.name()] = _home.AbsolutePath; @params[policyConfig.BaseDirectory.name()] = "certificates/default"; Config config = Config.defaults(@params); // when try { SslPolicyLoader.Create(config, NullLogProvider.Instance); fail(); } catch (Exception e) { assertTrue(e.InnerException is FileNotFoundException); } }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldFindPolicyOverrides() public virtual void ShouldFindPolicyOverrides() { // given IDictionary <string, string> @params = stringMap(); string policyName = "XYZ"; SslPolicyConfig policyConfig = new SslPolicyConfig(policyName); File homeDir = TestDirectory.directory("home"); @params[GraphDatabaseSettings.neo4j_home.name()] = homeDir.AbsolutePath; @params[policyConfig.BaseDirectory.name()] = "certificates/XYZ"; File privateKey = TestDirectory.directory("/path/to/my.key"); File publicCertificate = TestDirectory.directory("/path/to/my.crt"); File trustedDir = TestDirectory.directory("/some/other/path/to/trusted"); File revokedDir = TestDirectory.directory("/some/other/path/to/revoked"); @params[policyConfig.PrivateKey.name()] = privateKey.AbsolutePath; @params[policyConfig.PublicCertificate.name()] = publicCertificate.AbsolutePath; @params[policyConfig.TrustedDir.name()] = trustedDir.AbsolutePath; @params[policyConfig.RevokedDir.name()] = revokedDir.AbsolutePath; @params[policyConfig.AllowKeyGeneration.name()] = "true"; @params[policyConfig.TrustAll.name()] = "true"; @params[policyConfig.PrivateKeyPassword.name()] = "setecastronomy"; @params[policyConfig.TlsVersions.name()] = "TLSv1.1,TLSv1.2"; @params[policyConfig.Ciphers.name()] = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"; @params[policyConfig.ClientAuth.name()] = "optional"; Config config = Config.defaults(@params); // when File privateKeyFromConfig = config.Get(policyConfig.PrivateKey); File publicCertificateFromConfig = config.Get(policyConfig.PublicCertificate); File trustedDirFromConfig = config.Get(policyConfig.TrustedDir); File revokedDirFromConfig = config.Get(policyConfig.RevokedDir); string privateKeyPassword = config.Get(policyConfig.PrivateKeyPassword); bool allowKeyGeneration = config.Get(policyConfig.AllowKeyGeneration); bool trustAll = config.Get(policyConfig.TrustAll); IList <string> tlsVersions = config.Get(policyConfig.TlsVersions); IList <string> ciphers = config.Get(policyConfig.Ciphers); ClientAuth clientAuth = config.Get(policyConfig.ClientAuth); // then assertEquals(privateKey, privateKeyFromConfig); assertEquals(publicCertificate, publicCertificateFromConfig); assertEquals(trustedDir, trustedDirFromConfig); assertEquals(revokedDir, revokedDirFromConfig); assertTrue(allowKeyGeneration); assertTrue(trustAll); assertEquals("setecastronomy", privateKeyPassword); assertEquals(asList("TLSv1.1", "TLSv1.2"), tlsVersions); assertEquals(asList("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"), ciphers); assertEquals(ClientAuth.OPTIONAL, clientAuth); }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldFindPolicyDefaults() public virtual void ShouldFindPolicyDefaults() { // given IDictionary <string, string> @params = stringMap(); string policyName = "XYZ"; SslPolicyConfig policyConfig = new SslPolicyConfig(policyName); File homeDir = TestDirectory.directory("home"); @params[GraphDatabaseSettings.neo4j_home.name()] = homeDir.AbsolutePath; @params[policyConfig.BaseDirectory.name()] = "certificates/XYZ"; Config config = Config.defaults(@params); // derived defaults File privateKey = new File(homeDir, "certificates/XYZ/private.key"); File publicCertificate = new File(homeDir, "certificates/XYZ/public.crt"); File trustedDir = new File(homeDir, "certificates/XYZ/trusted"); File revokedDir = new File(homeDir, "certificates/XYZ/revoked"); // when File privateKeyFromConfig = config.Get(policyConfig.PrivateKey); File publicCertificateFromConfig = config.Get(policyConfig.PublicCertificate); File trustedDirFromConfig = config.Get(policyConfig.TrustedDir); File revokedDirFromConfig = config.Get(policyConfig.RevokedDir); string privateKeyPassword = config.Get(policyConfig.PrivateKeyPassword); bool allowKeyGeneration = config.Get(policyConfig.AllowKeyGeneration); bool trustAll = config.Get(policyConfig.TrustAll); IList <string> tlsVersions = config.Get(policyConfig.TlsVersions); IList <string> ciphers = config.Get(policyConfig.Ciphers); ClientAuth clientAuth = config.Get(policyConfig.ClientAuth); // then assertEquals(privateKey, privateKeyFromConfig); assertEquals(publicCertificate, publicCertificateFromConfig); assertEquals(trustedDir, trustedDirFromConfig); assertEquals(revokedDir, revokedDirFromConfig); assertNull(privateKeyPassword); assertFalse(allowKeyGeneration); assertFalse(trustAll); assertEquals(singletonList("TLSv1.2"), tlsVersions); assertNull(ciphers); assertEquals(ClientAuth.REQUIRE, clientAuth); }
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: //ORIGINAL LINE: public java.util.Map<String,String> validate(java.util.Map<String,String> params, System.Action<String> warningConsumer) throws org.neo4j.graphdb.config.InvalidSettingException public override IDictionary <string, string> Validate(IDictionary <string, string> @params, System.Action <string> warningConsumer) { IDictionary <string, string> validatedParams = new Dictionary <string, string>(); ISet <string> validShortKeys = ExtractValidShortKeys(); string groupSettingPrefix = GroupPrefix(); Pattern groupSettingPattern = Pattern.compile(Pattern.quote(groupSettingPrefix) + "\\.([^.]+)\\.?(.+)?"); ISet <string> policyNames = new HashSet <string>(); foreach (KeyValuePair <string, string> paramsEntry in @params.SetOfKeyValuePairs()) { string settingName = paramsEntry.Key; Matcher matcher = groupSettingPattern.matcher(settingName); if (!matcher.matches()) { continue; } policyNames.Add(matcher.group(1)); string shortKey = matcher.group(2); if (!validShortKeys.Contains(shortKey)) { throw new InvalidSettingException("Invalid setting name: " + settingName); } validatedParams[settingName] = paramsEntry.Value; } foreach (string policyName in policyNames) { SslPolicyConfig policy = new SslPolicyConfig(policyName); if ([email protected](policy.BaseDirectory.name())) { throw new InvalidSettingException("Missing mandatory setting: " + policy.BaseDirectory.name()); } } return(validatedParams); }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldNotAllowLegacyPolicyToBeConfigured() public virtual void ShouldNotAllowLegacyPolicyToBeConfigured() { // given IDictionary <string, string> @params = stringMap(); SslPolicyConfig policyConfig = new SslPolicyConfig(LegacySslPolicyConfig.LEGACY_POLICY_NAME); @params[neo4j_home.name()] = _home.AbsolutePath; @params[policyConfig.BaseDirectory.name()] = "certificates/default"; Config config = Config.defaults(@params); try { // when SslPolicyLoader.Create(config, NullLogProvider.Instance); fail(); } catch (System.ArgumentException) { // expected } }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldFailWithIncompletePathOverrides() public virtual void ShouldFailWithIncompletePathOverrides() { // given IDictionary <string, string> @params = stringMap(); string policyName = "XYZ"; SslPolicyConfig policyConfig = new SslPolicyConfig(policyName); File homeDir = TestDirectory.directory("home"); @params[GraphDatabaseSettings.neo4j_home.name()] = homeDir.AbsolutePath; @params[policyConfig.BaseDirectory.name()] = "certificates"; @params[policyConfig.PrivateKey.name()] = "my.key"; @params[policyConfig.PublicCertificate.name()] = "path/to/my.crt"; Config config = Config.defaults(@params); // when/then try { config.Get(policyConfig.PrivateKey); fail(); } catch (System.ArgumentException) { // expected } try { config.Get(policyConfig.PublicCertificate); fail(); } catch (System.ArgumentException) { // expected } }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldLoadBaseCryptographicObjects() throws Exception //JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: public virtual void ShouldLoadBaseCryptographicObjects() { // given IDictionary <string, string> @params = stringMap(); SslPolicyConfig policyConfig = new SslPolicyConfig("default"); @params[neo4j_home.name()] = _home.AbsolutePath; @params[policyConfig.BaseDirectory.name()] = "certificates/default"; Config config = Config.defaults(@params); // when SslPolicyLoader sslPolicyLoader = SslPolicyLoader.Create(config, NullLogProvider.Instance); // then SslPolicy sslPolicy = sslPolicyLoader.GetPolicy("default"); assertNotNull(sslPolicy); assertNotNull(sslPolicy.PrivateKey()); assertNotNull(sslPolicy.CertificateChain()); assertNotNull(sslPolicy.NettyClientContext()); assertNotNull(sslPolicy.NettyServerContext()); }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldThrowIfPolicyNameDoesNotExist() public virtual void ShouldThrowIfPolicyNameDoesNotExist() { // given IDictionary <string, string> @params = stringMap(); SslPolicyConfig policyConfig = new SslPolicyConfig("default"); @params[neo4j_home.name()] = _home.AbsolutePath; @params[policyConfig.BaseDirectory.name()] = "certificates/default"; Config config = Config.defaults(@params); SslPolicyLoader sslPolicyLoader = SslPolicyLoader.Create(config, NullLogProvider.Instance); // when try { sslPolicyLoader.GetPolicy("unknown"); fail(); } catch (System.ArgumentException) { // expected } }
private void Load(Config config, Log log) { ISet <string> policyNames = config.IdentifiersFromGroup(typeof(SslPolicyConfig)); foreach (string policyName in policyNames) { if (policyName.Equals(LEGACY_POLICY_NAME)) { // the legacy policy name is reserved for the legacy policy which derives its configuration from legacy settings throw new System.ArgumentException("Legacy policy cannot be configured. Please migrate to new SSL policy system."); } SslPolicyConfig policyConfig = new SslPolicyConfig(policyName); File baseDirectory = config.Get(policyConfig.BaseDirectory); File trustedCertificatesDir = config.Get(policyConfig.TrustedDir); File revokedCertificatesDir = config.Get(policyConfig.RevokedDir); if (!baseDirectory.exists()) { throw new System.ArgumentException(format("Base directory '%s' for SSL policy with name '%s' does not exist.", baseDirectory, policyName)); } bool allowKeyGeneration = config.Get(policyConfig.AllowKeyGeneration); File privateKeyFile = config.Get(policyConfig.PrivateKey); string privateKeyPassword = config.Get(policyConfig.PrivateKeyPassword); PrivateKey privateKey; X509Certificate[] keyCertChain; File keyCertChainFile = config.Get(policyConfig.PublicCertificate); if (allowKeyGeneration && !privateKeyFile.exists() && !keyCertChainFile.exists()) { GeneratePrivateKeyAndCertificate(log, policyName, keyCertChainFile, privateKeyFile, trustedCertificatesDir, revokedCertificatesDir); } privateKey = LoadPrivateKey(privateKeyFile, privateKeyPassword); keyCertChain = LoadCertificateChain(keyCertChainFile); ClientAuth clientAuth = config.Get(policyConfig.ClientAuth); bool trustAll = config.Get(policyConfig.TrustAll); bool verifyHostname = config.Get(policyConfig.VerifyHostname); TrustManagerFactory trustManagerFactory; ICollection <X509CRL> crls = GetCRLs(revokedCertificatesDir); try { trustManagerFactory = CreateTrustManagerFactory(trustAll, trustedCertificatesDir, crls, clientAuth); } catch (Exception e) { throw new Exception("Failed to create trust manager based on: " + trustedCertificatesDir, e); } IList <string> tlsVersions = config.Get(policyConfig.TlsVersions); IList <string> ciphers = config.Get(policyConfig.Ciphers); SslPolicy sslPolicy = new SslPolicy(privateKey, keyCertChain, tlsVersions, ciphers, clientAuth, trustManagerFactory, _sslProvider, verifyHostname, _logProvider); log.Info(format("Loaded SSL policy '%s' = %s", policyName, sslPolicy)); _policies[policyName] = sslPolicy; } }