diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLEnvironment.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLEnvironment.java index 062142c61..a538ff395 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLEnvironment.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLEnvironment.java @@ -318,22 +318,71 @@ public class MySQLEnvironment extends JDBCEnvironment { * If an error occurs retrieving the property value. */ public MySQLSSLMode getMySQLSSLMode() throws GuacamoleException { - return getProperty(MySQLGuacamoleProperties.MYSQL_SSL_MODE, + return getProperty( + MySQLGuacamoleProperties.MYSQL_SSL_MODE, DEFAULT_SSL_MODE); } + /** + * Returns the File where the trusted certificate store is located as + * configured in guacamole.properties, or null if no value has been + * configured. The trusted certificate store is used to validate server + * certificates when making SSL connections to MySQL servers. + * + * @return + * The File where the trusted certificate store is located, or null + * if the value has not been configured. + * + * @throws GuacamoleException + * If guacamole.properties cannot be parsed. + */ public File getMySQLSSLTrustStore() throws GuacamoleException { return getProperty(MySQLGuacamoleProperties.MYSQL_SSL_TRUST_STORE); } + /** + * Returns the password used to access the trusted certificate store as + * configured in guacamole.properties, or null if no password has been + * specified. + * + * @return + * The password used to access the trusted certificate store. + * + * @throws GuacamoleException + * If guacamole.properties cannot be parsed. + */ public String getMySQLSSLTrustPassword() throws GuacamoleException { return getProperty(MySQLGuacamoleProperties.MYSQL_SSL_TRUST_PASSWORD); } + /** + * Returns the File used to store the client SSL certificate as configured + * in guacamole.properties, or null if no value has been specified. This + * file will be used to load the client certificate used for SSL connections + * to MySQL servers, if the SSL connection is so configured to require + * client certificate authentication. + * + * @return + * The File where the client SSL certificate is stored. + * + * @throws GuacamoleException + * If guacamole.properties cannot be parsed. + */ public File getMySQLSSLClientStore() throws GuacamoleException { return getProperty(MySQLGuacamoleProperties.MYSQL_SSL_TRUST_STORE); } + /** + * Returns the password used to access the client certificate store as + * configured in guacamole.properties, or null if no value has been + * specified. + * + * @return + * The password used to access the client SSL certificate store. + * + * @throws GuacamoleException + * If guacamole.properties cannot be parsed. + */ public String getMYSQLSSLClientPassword() throws GuacamoleException { return getProperty(MySQLGuacamoleProperties.MYSQL_SSL_TRUST_PASSWORD); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java index fbe716191..c87f4cf4b 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java @@ -183,14 +183,19 @@ public class MySQLGuacamoleProperties { * The SSL mode used to connect to the MySQL Server. By default SSL will * not be used. */ - public static final MySQLSSLProperty MYSQL_SSL_MODE = - new MySQLSSLProperty() { + public static final EnumGuacamoleProperty MYSQL_SSL_MODE = + new EnumGuacamoleProperty(MySQLSSLMode.class) { @Override public String getName() { return "mysql-ssl-mode" ; } }; + /** + * The File where trusted SSL certificate authorities and server certificates + * are stored. By default no file is specified, and the default Java + * trusted certificate stores will be used. + */ public static final FileGuacamoleProperty MYSQL_SSL_TRUST_STORE = new FileGuacamoleProperty() { @@ -199,6 +204,10 @@ public class MySQLGuacamoleProperties { }; + /** + * The password to use to access the mysql-ssl-trust-store, if required. By + * default no password will be used to attempt to access the store. + */ public static final StringGuacamoleProperty MYSQL_SSL_TRUST_PASSWORD = new StringGuacamoleProperty() { @@ -207,14 +216,25 @@ public class MySQLGuacamoleProperties { }; - public static final FileGuacamoleProperty MYSQL_SSL_CLIENT_STORE = new FileGuacamoleProperty() { + /** + * The File used to store the client certificate for configurations where + * a client certificate is required for authentication. By default no + * client certificate store will be specified. + */ + public static final FileGuacamoleProperty MYSQL_SSL_CLIENT_STORE = + new FileGuacamoleProperty() { @Override public String getName() { return "mysql-ssl-client-store"; } }; - public static final StringGuacamoleProperty MYSQL_SSL_CLIENT_PASSWORD = new StringGuacamoleProperty() { + /** + * The password to use to access the mysql-ssl-client-store file. By + * default no password will be used to attempt to access the file. + */ + public static final StringGuacamoleProperty MYSQL_SSL_CLIENT_PASSWORD = + new StringGuacamoleProperty() { @Override public String getName() { return "mysql-ssl-client-password"; } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLSSLMode.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLSSLMode.java index ab81cc7e5..a95bb556d 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLSSLMode.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLSSLMode.java @@ -19,24 +19,42 @@ package org.apache.guacamole.auth.mysql.conf; +import org.apache.guacamole.properties.EnumGuacamoleProperty.PropertyValue; + /** * Possible values for enabling SSL within the MySQL Driver. */ public enum MySQLSSLMode { - // Disable SSL altogether. + /** + * Do not use SSL at all. + */ + @PropertyValue("disabled") DISABLED, - // Prefer SSL, but fall-back to non-SSL. + /** + * Prefer SSL, but fall back to unencrypted. + */ + @PropertyValue("preferred") PREFERRED, - // Require SSL, but perform no verification. + /** + * Require SSL, but perform no certificate validation. + */ + @PropertyValue("required") REQUIRED, - // Require SSL and verify a valid authority. + /** + * Require SSL, and validate server certificate issuer. + */ + @PropertyValue("verify-ca") VERIFY_CA, - // Require SSL and verify a valid authority and server certificate. + /** + * Require SSL and validate both server certificate issuer and server + * identity. + */ + @PropertyValue("verify-identity") VERIFY_IDENTITY; } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLSSLProperty.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLSSLProperty.java deleted file mode 100644 index 887602a93..000000000 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLSSLProperty.java +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.guacamole.auth.mysql.conf; - -import org.apache.guacamole.GuacamoleException; -import org.apache.guacamole.GuacamoleServerException; -import org.apache.guacamole.properties.GuacamoleProperty; - -/** - * - * @author nick_couchman - */ -public abstract class MySQLSSLProperty implements GuacamoleProperty { - - @Override - public MySQLSSLMode parseValue(String value) throws GuacamoleException { - - if (value == null) - return null; - - if (value.equals("disabled")) - return MySQLSSLMode.DISABLED; - - if (value.equals("preferred")) - return MySQLSSLMode.PREFERRED; - - if (value.equals("required")) - return MySQLSSLMode.REQUIRED; - - if (value.equals("verify-ca")) - return MySQLSSLMode.VERIFY_CA; - - if (value.equals("verify-identity")) - return MySQLSSLMode.VERIFY_IDENTITY; - - throw new GuacamoleServerException("MySQL SSL mode set to invalid value."); - - } - -} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLGuacamoleProperties.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLGuacamoleProperties.java index afd77140e..8bd1ff4f5 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLGuacamoleProperties.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLGuacamoleProperties.java @@ -20,6 +20,7 @@ package org.apache.guacamole.auth.postgresql.conf; import org.apache.guacamole.properties.BooleanGuacamoleProperty; +import org.apache.guacamole.properties.EnumGuacamoleProperty; import org.apache.guacamole.properties.FileGuacamoleProperty; import org.apache.guacamole.properties.IntegerGuacamoleProperty; import org.apache.guacamole.properties.StringGuacamoleProperty; @@ -176,8 +177,8 @@ public class PostgreSQLGuacamoleProperties { * The SSL mode that should be used by the JDBC driver when making * connections to the remote server. By default SSL will be disabled. */ - public static final PostgreSQLSSLProperty POSTGRESQL_SSL_MODE = - new PostgreSQLSSLProperty() { + public static final EnumGuacamoleProperty POSTGRESQL_SSL_MODE = + new EnumGuacamoleProperty(PostgreSQLSSLMode.class) { @Override public String getName() { return "postgresql-ssl-mode"; } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLSSLMode.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLSSLMode.java index e9c75b9ab..709308ef8 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLSSLMode.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLSSLMode.java @@ -19,31 +19,53 @@ package org.apache.guacamole.auth.postgresql.conf; +import org.apache.guacamole.properties.EnumGuacamoleProperty.PropertyValue; + /** * Possible values for PostgreSQL SSL connectivity. */ public enum PostgreSQLSSLMode { - // Do not use SSL to connect to server. + /** + * Do not use SSL to connect to server. + */ + @PropertyValue("disable") DISABLE("disable"), - // Allow SSL connections, but try non-SSL, first. + /** + * Allow SSL connections, but try non-SSL, first. + */ + @PropertyValue("allow") ALLOW("allow"), - // Prefer SSL connections, falling back to non-SSL if that fails. + /** + * Prefer SSL connections, falling back to non-SSL if that fails. + */ + @PropertyValue("prefer") PREFER("prefer"), - // Require SSL connections, do not connect if SSL fails. + /** + * Require SSL connections, do not connect if SSL fails. + */ + @PropertyValue("require") REQUIRE("require"), - // Require SSL connections and validate the CA certificate. + /** + * Require SSL connections and validate the CA certificate. + */ + @PropertyValue("verify-ca") VERIFY_CA("verify-ca"), - // Require SSL connections and validate both the CA and server certificates. + /** + * Require SSL connections and validate both the CA and server certificates. + */ + @PropertyValue("verify-full") VERIFY_FULL("verify-full"); - // The value actually passed on to the JDBC driver. - private String configValue; + /** + * The value actually passed on to the JDBC driver. + */ + private final String configValue; /** * Create a new instance of this enum with the given configValue as the diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLSSLProperty.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLSSLProperty.java deleted file mode 100644 index b014605ef..000000000 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLSSLProperty.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.guacamole.auth.postgresql.conf; - -import org.apache.guacamole.GuacamoleException; -import org.apache.guacamole.GuacamoleServerException; -import org.apache.guacamole.properties.GuacamoleProperty; - -/** - * - * @author nick_couchman - */ -public abstract class PostgreSQLSSLProperty - implements GuacamoleProperty { - - @Override - public PostgreSQLSSLMode parseValue(String value) throws GuacamoleException { - - if (value == null) - return null; - - PostgreSQLSSLMode mode = PostgreSQLSSLMode.getValue(value); - if (mode != null) - return mode; - - throw new GuacamoleServerException("Invalid PostgreSQL SSL mode configured."); - - } - -}