GUACAMOLE-728: Merge SSL support for MySQL and PostgreSQL.

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java

@@ -22,8 +22,12 @@ package org.apache.guacamole.auth.mysql;
 import com.google.inject.Binder;
 import com.google.inject.Module;
 import com.google.inject.name.Names;
+import java.io.File;
 import java.util.Properties;
 import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.mysql.conf.MySQLDriver;
+import org.apache.guacamole.auth.mysql.conf.MySQLEnvironment;
+import org.apache.guacamole.auth.mysql.conf.MySQLSSLMode;
 import org.mybatis.guice.datasource.helper.JdbcHelper;
 
 /**
@@ -79,6 +83,37 @@ public class MySQLAuthenticationProviderModule implements Module {
         // Allow use of multiple statements within a single query
         driverProperties.setProperty("allowMultiQueries", "true");
         
+        // Set the SSL mode to use when conncting
+        MySQLSSLMode sslMode = environment.getMySQLSSLMode();
+        driverProperties.setProperty("sslMode", sslMode.getDriverValue());
+        
+        // Set legacy properties
+        if (sslMode == MySQLSSLMode.DISABLED)
+            driverProperties.setProperty("useSSL", "false");
+        else
+            driverProperties.setProperty("useSSL", "true");
+        
+        // Check other SSL settings and set as required
+        File trustStore = environment.getMySQLSSLTrustStore();
+        if (trustStore != null)
+            driverProperties.setProperty("trustCertificateKeyStoreUrl",
+                    trustStore.getAbsolutePath());
+        
+        String trustPassword = environment.getMySQLSSLTrustPassword();
+        if (trustPassword != null)
+            driverProperties.setProperty("trustCertificateKeyStorePassword",
+                    trustPassword);
+        
+        File clientStore = environment.getMySQLSSLClientStore();
+        if (clientStore != null)
+            driverProperties.setProperty("clientCertificateKeyStoreUrl",
+                    clientStore.getAbsolutePath());
+        
+        String clientPassword = environment.getMYSQLSSLClientPassword();
+        if (clientPassword != null)
+            driverProperties.setProperty("clientCertificateKeyStorePassword",
+                    clientPassword);
+        
         // Get the MySQL-compatible driver to use.
         mysqlDriver = environment.getMySQLDriver();
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLInjectorProvider.java

@@ -24,6 +24,7 @@ import com.google.inject.Injector;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.jdbc.JDBCAuthenticationProviderModule;
 import org.apache.guacamole.auth.jdbc.JDBCInjectorProvider;
+import org.apache.guacamole.auth.mysql.conf.MySQLEnvironment;
 
 /**
  * JDBCInjectorProvider implementation which configures Guice injections for

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLDriver.java

@@ -17,7 +17,7 @@
  * under the License.
  */
 
-package org.apache.guacamole.auth.mysql;
+package org.apache.guacamole.auth.mysql.conf;
 
 import org.apache.guacamole.properties.EnumGuacamoleProperty.PropertyValue;
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLEnvironment.java

@@ -17,8 +17,9 @@
  * under the License.
  */
 
-package org.apache.guacamole.auth.mysql;
+package org.apache.guacamole.auth.mysql.conf;
 
+import java.io.File;
 import java.sql.Connection;
 import java.sql.DatabaseMetaData;
 import java.sql.SQLException;
@@ -101,6 +102,11 @@ public class MySQLEnvironment extends JDBCEnvironment {
      * allowed to any one connection group.
      */
     private final int DEFAULT_MAX_GROUP_CONNECTIONS = 0;
+    
+    /**
+     * The default SSL mode for connecting to MySQL servers.
+     */
+    private final MySQLSSLMode DEFAULT_SSL_MODE = MySQLSSLMode.DISABLED;
 
     /**
      * Constructs a new MySQLEnvironment, providing access to MySQL-specific
@@ -300,5 +306,85 @@ public class MySQLEnvironment extends JDBCEnvironment {
         }
 
     }
+    
+    /**
+     * Return the MySQL SSL mode as configured in guacamole.properties, or the
+     * default value of DISABLED if not configured.
+     * 
+     * @return
+     *     The SSL mode to use when connecting to the MySQL server.
+     * 
+     * @throws GuacamoleException 
+     *     If an error occurs retrieving the property value.
+     */
+    public MySQLSSLMode getMySQLSSLMode() throws GuacamoleException {
+        return getProperty(
+                MySQLGuacamoleProperties.MYSQL_SSL_MODE,
+                DEFAULT_SSL_MODE);
+    }
+    
+    /**
+     * Returns the File where the trusted certificate store is located as
+     * configured in guacamole.properties, or null if no value has been
+     * configured.  The trusted certificate store is used to validate server
+     * certificates when making SSL connections to MySQL servers.
+     * 
+     * @return
+     *     The File where the trusted certificate store is located, or null
+     *     if the value has not been configured.
+     * 
+     * @throws GuacamoleException
+     *     If guacamole.properties cannot be parsed.
+     */
+    public File getMySQLSSLTrustStore() throws GuacamoleException {
+        return getProperty(MySQLGuacamoleProperties.MYSQL_SSL_TRUST_STORE);
+    }
+    
+    /**
+     * Returns the password used to access the trusted certificate store as
+     * configured in guacamole.properties, or null if no password has been
+     * specified.
+     * 
+     * @return
+     *     The password used to access the trusted certificate store.
+     * 
+     * @throws GuacamoleException 
+     *     If guacamole.properties cannot be parsed.
+     */
+    public String getMySQLSSLTrustPassword() throws GuacamoleException {
+        return getProperty(MySQLGuacamoleProperties.MYSQL_SSL_TRUST_PASSWORD);
+    }
+    
+    /**
+     * Returns the File used to store the client SSL certificate as configured
+     * in guacamole.properties, or null if no value has been specified.  This
+     * file will be used to load the client certificate used for SSL connections
+     * to MySQL servers, if the SSL connection is so configured to require
+     * client certificate authentication.
+     * 
+     * @return
+     *     The File where the client SSL certificate is stored.
+     * 
+     * @throws GuacamoleException 
+     *     If guacamole.properties cannot be parsed.
+     */
+    public File getMySQLSSLClientStore() throws GuacamoleException {
+        return getProperty(MySQLGuacamoleProperties.MYSQL_SSL_TRUST_STORE);
+    }
+    
+    /**
+     * Returns the password used to access the client certificate store as
+     * configured in guacamole.properties, or null if no value has been
+     * specified.
+     * 
+     * @return
+     *     The password used to access the client SSL certificate store.
+     * 
+     * @throws GuacamoleException 
+     *     If guacamole.properties cannot be parsed.
+     */
+    public String getMYSQLSSLClientPassword() throws GuacamoleException {
+        return getProperty(MySQLGuacamoleProperties.MYSQL_SSL_TRUST_PASSWORD);
+    }
 
 }

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java

@@ -17,10 +17,11 @@
  * under the License.
  */
 
-package org.apache.guacamole.auth.mysql;
+package org.apache.guacamole.auth.mysql.conf;
 
 import org.apache.guacamole.properties.BooleanGuacamoleProperty;
 import org.apache.guacamole.properties.EnumGuacamoleProperty;
+import org.apache.guacamole.properties.FileGuacamoleProperty;
 import org.apache.guacamole.properties.IntegerGuacamoleProperty;
 import org.apache.guacamole.properties.StringGuacamoleProperty;
 
@@ -177,5 +178,67 @@ public class MySQLGuacamoleProperties {
         public String getName() { return "mysql-default-max-group-connections-per-user"; }
 
     };
+    
+    /**
+     * The SSL mode used to connect to the MySQL Server.  By default SSL will
+     * not be used.
+     */
+    public static final EnumGuacamoleProperty<MySQLSSLMode> MYSQL_SSL_MODE =
+            new EnumGuacamoleProperty<MySQLSSLMode>(MySQLSSLMode.class) {
+        
+        @Override
+        public String getName() { return "mysql-ssl-mode" ; }
+        
+    };
+    
+    /**
+     * The File where trusted SSL certificate authorities and server certificates
+     * are stored.  By default no file is specified, and the default Java
+     * trusted certificate stores will be used.
+     */
+    public static final FileGuacamoleProperty MYSQL_SSL_TRUST_STORE =
+            new FileGuacamoleProperty() {
+        
+        @Override
+        public String getName() { return "mysql-ssl-trust-store"; }
+        
+    };
+    
+    /**
+     * The password to use to access the mysql-ssl-trust-store, if required.  By
+     * default no password will be used to attempt to access the store.
+     */
+    public static final StringGuacamoleProperty MYSQL_SSL_TRUST_PASSWORD =
+            new StringGuacamoleProperty() {
+        
+        @Override
+        public String getName() { return "mysql-ssl-trust-password"; }
+        
+    };
+    
+    /**
+     * The File used to store the client certificate for configurations where
+     * a client certificate is required for authentication.  By default no
+     * client certificate store will be specified.
+     */
+    public static final FileGuacamoleProperty MYSQL_SSL_CLIENT_STORE =
+            new FileGuacamoleProperty() {
+        
+        @Override
+        public String getName() { return "mysql-ssl-client-store"; }
+        
+    };
+    
+    /**
+     * The password to use to access the mysql-ssl-client-store file.  By
+     * default no password will be used to attempt to access the file.
+     */
+    public static final StringGuacamoleProperty MYSQL_SSL_CLIENT_PASSWORD =
+            new StringGuacamoleProperty() {
+        
+        @Override
+        public String getName() { return "mysql-ssl-client-password"; }
+        
+    };
 
 }

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLPasswordPolicy.java

@@ -17,7 +17,7 @@
  * under the License.
  */
 
-package org.apache.guacamole.auth.mysql;
+package org.apache.guacamole.auth.mysql.conf;
 
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.jdbc.JDBCEnvironment;

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLSSLMode.java

@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.mysql.conf;
+
+import org.apache.guacamole.properties.EnumGuacamoleProperty.PropertyValue;
+
+/**
+ * Possible values for enabling SSL within the MySQL Driver.
+ */
+public enum MySQLSSLMode {
+    
+    /**
+     * Do not use SSL at all.
+     */
+    @PropertyValue("disabled")
+    DISABLED("DISABLED"),
+    
+    /**
+     * Prefer SSL, but fall back to unencrypted.
+     */
+    @PropertyValue("preferred")
+    PREFERRED("PREFERRED"),
+    
+    /**
+     * Require SSL, but perform no certificate validation.
+     */
+    @PropertyValue("required")
+    REQUIRED("REQUIRED"),
+    
+    /**
+     * Require SSL, and validate server certificate issuer.
+     */
+    @PropertyValue("verify-ca")
+    VERIFY_CA("VERIFY_CA"),
+    
+    /**
+     * Require SSL and validate both server certificate issuer and server
+     * identity.
+     */
+    @PropertyValue("verify-identity")
+    VERIFY_IDENTITY("VERIFY_IDENTITY");
+    
+    /**
+     * The value expected by and passed on to the JDBC driver for the given
+     * SSL operation mode.
+     */
+    private final String driverValue;
+
+    /**
+     * Create a new instance of this enum with the given driverValue as the
+     * value that will be used when configuring the JDBC driver.
+     * 
+     * @param driverValue
+     *     The value to use when configuring the JDBC driver.
+     */
+    MySQLSSLMode(String driverValue) {
+        this.driverValue = driverValue;
+    }
+    
+    /**
+     * Returns the String value for a given Enum that properly configures the
+     * JDBC driver for the desired mode of SSL operation.
+     * 
+     * @return 
+     *     The String value for the current Enum that configures the JDBC driver
+     *     for the desired mode of SSL operation.
+     */
+    public String getDriverValue() {
+        return driverValue;
+    }
+    
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLVersion.java

@@ -17,7 +17,7 @@
  * under the License.
  */
 
-package org.apache.guacamole.auth.mysql;
+package org.apache.guacamole.auth.mysql.conf;
 
 import com.google.common.collect.ComparisonChain;
 import java.util.regex.Matcher;

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/PostgreSQLAuthenticationProviderModule.java

@@ -22,8 +22,11 @@ package org.apache.guacamole.auth.postgresql;
 import com.google.inject.Binder;
 import com.google.inject.Module;
 import com.google.inject.name.Names;
+import java.io.File;
 import java.util.Properties;
 import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.postgresql.conf.PostgreSQLEnvironment;
+import org.apache.guacamole.auth.postgresql.conf.PostgreSQLSSLMode;
 import org.mybatis.guice.datasource.helper.JdbcHelper;
 
 /**
@@ -69,6 +72,34 @@ public class PostgreSQLAuthenticationProviderModule implements Module {
 
         // Use UTF-8 in database
         driverProperties.setProperty("characterEncoding", "UTF-8");
+        
+        // Check the SSL mode and set if configured.
+        PostgreSQLSSLMode sslMode = environment.getPostgreSQLSSLMode();
+        driverProperties.setProperty("sslmode", sslMode.getDriverValue());
+        
+        // If SSL is enabled, check for and set other SSL properties.
+        if (sslMode != PostgreSQLSSLMode.DISABLE) {
+            
+            // Sets the legacy SSL configuration mode required by older servers.
+            driverProperties.setProperty("ssl", "true");
+
+            File sslClientCert = environment.getPostgreSQLSSLClientCertFile();
+            if (sslClientCert != null)
+                driverProperties.setProperty("sslcert", sslClientCert.getAbsolutePath());
+            
+            File sslClientKey = environment.getPostgreSQLSSLClientKeyFile();
+            if (sslClientKey != null)
+                driverProperties.setProperty("sslkey", sslClientKey.getAbsolutePath());
+            
+            File sslRootCert = environment.getPostgreSQLSSLClientRootCertFile();
+            if (sslRootCert != null)
+                driverProperties.setProperty("sslrootcert", sslRootCert.getAbsolutePath());
+            
+            String sslClientKeyPassword = environment.getPostgreSQLSSLClientKeyPassword();
+            if (sslClientKeyPassword != null)
+                driverProperties.setProperty("sslpassword", sslClientKeyPassword);
+            
+        }
 
     }
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/PostgreSQLInjectorProvider.java

@@ -24,6 +24,7 @@ import com.google.inject.Injector;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.jdbc.JDBCAuthenticationProviderModule;
 import org.apache.guacamole.auth.jdbc.JDBCInjectorProvider;
+import org.apache.guacamole.auth.postgresql.conf.PostgreSQLEnvironment;
 
 /**
  * JDBCInjectorProvider implementation which configures Guice injections for

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLEnvironment.java

@@ -17,8 +17,9 @@
  * under the License.
  */
 
-package org.apache.guacamole.auth.postgresql;
+package org.apache.guacamole.auth.postgresql.conf;
 
+import java.io.File;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
 import org.slf4j.Logger;
@@ -96,6 +97,11 @@ public class PostgreSQLEnvironment extends JDBCEnvironment {
      * the values that should be used in the absence of the correct properties.
      */
     private final int DEFAULT_MAX_GROUP_CONNECTIONS = 0;
+    
+    /**
+     * The default value to use for SSL mode if none is explicitly configured.
+     */
+    private final PostgreSQLSSLMode DEFAULT_SSL_MODE = PostgreSQLSSLMode.DISABLE;
 
     /**
      * Constructs a new PostgreSQLEnvironment, providing access to PostgreSQL-specific
@@ -249,4 +255,77 @@ public class PostgreSQLEnvironment extends JDBCEnvironment {
         return true; // All versions of PostgreSQL support recursive queries through CTEs
     }
     
+    /**
+     * Get the SSL mode to use to make the JDBC connection to the PostgreSQL
+     * server.  If unspecified this will default to disabling SSL.
+     * 
+     * @return
+     *     The enum value of the SSL mode to use to make the JDBC connection
+     *     to the server.
+     * 
+     * @throws GuacamoleException 
+     *     If an error occurs retrieving the value from guacamole.properties.
+     */
+    public PostgreSQLSSLMode getPostgreSQLSSLMode() throws GuacamoleException {
+        return getProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_SSL_MODE,
+                DEFAULT_SSL_MODE);
+    }
+    
+    /**
+     * Return the SSL client certificate file to use to make the connection
+     * to the PostgreSQL server.
+     * 
+     * @return
+     *     The SSL client certificate file to use for the PostgreSQL connection.
+     * 
+     * @throws GuacamoleException
+     *     If an error occurs retrieving the value from guacamole.properties.
+     */
+    public File getPostgreSQLSSLClientCertFile() throws GuacamoleException {
+        return getProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_SSL_CERT_FILE);
+    }
+    
+    /**
+     * Return the SSL client private key file to use to make the connection to the
+     * PostgreSQL server.
+     * 
+     * @return
+     *     The SSL client private key file to use for the PostgreSQL connection.
+     * @throws GuacamoleException 
+     *     If an error occurs retrieving the value from guacamole.properties.
+     */
+    public File getPostgreSQLSSLClientKeyFile() throws GuacamoleException {
+        return getProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_SSL_KEY_FILE);
+    }
+    
+    /**
+     * Return the SSL client root certificate file to use to make the connection
+     * to the PostgreSQL server.
+     * 
+     * @return
+     *     The SSL client root certificate file to use to make the connection
+     *     to the PostgreSQL server.
+     * 
+     * @throws GuacamoleException 
+     *     If an error occurs retrieving the value from guacamole.properties.
+     */
+    public File getPostgreSQLSSLClientRootCertFile() throws GuacamoleException {
+        return getProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_SSL_ROOT_CERT_FILE);
+    }
+    
+    /**
+     * Return the password to use to decrypt the private SSL key file when making
+     * the connection to the PostgreSQL server.
+     * 
+     * @return
+     *     The password to use to decrypt the private SSL key file when making
+     *     the connection to the PostgreSQL server.
+     * 
+     * @throws GuacamoleException 
+     *     If an error occurs retrieving the value from guacamole.properties.
+     */
+    public String getPostgreSQLSSLClientKeyPassword() throws GuacamoleException {
+        return getProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_SSL_KEY_PASSWORD);
+    }
+    
 }

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLGuacamoleProperties.java

@@ -17,9 +17,11 @@
  * under the License.
  */
 
-package org.apache.guacamole.auth.postgresql;
+package org.apache.guacamole.auth.postgresql.conf;
 
 import org.apache.guacamole.properties.BooleanGuacamoleProperty;
+import org.apache.guacamole.properties.EnumGuacamoleProperty;
+import org.apache.guacamole.properties.FileGuacamoleProperty;
 import org.apache.guacamole.properties.IntegerGuacamoleProperty;
 import org.apache.guacamole.properties.StringGuacamoleProperty;
 
@@ -170,5 +172,65 @@ public class PostgreSQLGuacamoleProperties {
         public String getName() { return "postgresql-default-max-group-connections-per-user"; }
 
     };
-
+    
+    /**
+     * The SSL mode that should be used by the JDBC driver when making
+     * connections to the remote server.  By default SSL will be disabled.
+     */
+    public static final EnumGuacamoleProperty<PostgreSQLSSLMode> POSTGRESQL_SSL_MODE =
+            new EnumGuacamoleProperty<PostgreSQLSSLMode>(PostgreSQLSSLMode.class) {
+        
+        @Override
+        public String getName() { return "postgresql-ssl-mode"; }
+        
+    };
+    
+    /**
+     * The client SSL certificate file used by the JDBC driver to make the
+     * SSL connection.
+     */
+    public static final FileGuacamoleProperty POSTGRESQL_SSL_CERT_FILE =
+            new FileGuacamoleProperty() {
+             
+        @Override
+        public String getName() { return "postgresql-ssl-cert-file"; }
+                
+    };
+    
+    /**
+     * The client SSL private key file used by the JDBC driver to make the
+     * SSL connection.
+     */
+    public static final FileGuacamoleProperty POSTGRESQL_SSL_KEY_FILE =
+            new FileGuacamoleProperty() {
+    
+        @Override
+        public String getName() { return "postgresql-ssl-key-file"; }
+        
+    };
+    
+    /**
+     * The client SSL root certificate file used by the JDBC driver to validate
+     * certificates when making the SSL connection.
+     */
+    public static final FileGuacamoleProperty POSTGRESQL_SSL_ROOT_CERT_FILE =
+            new FileGuacamoleProperty() {
+        
+        @Override
+        public String getName() { return "postgresql-ssl-root-cert-file"; }
+        
+    };
+    
+    /**
+     * The password of the SSL private key used by the JDBC driver to make
+     * the SSL connection to the PostgreSQL server.
+     */
+    public static final StringGuacamoleProperty POSTGRESQL_SSL_KEY_PASSWORD =
+            new StringGuacamoleProperty() {
+        
+        @Override
+        public String getName() { return "postgresql-ssl-key-password"; }
+        
+    };
+    
 }

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLPasswordPolicy.java

@@ -17,7 +17,7 @@
  * under the License.
  */
 
-package org.apache.guacamole.auth.postgresql;
+package org.apache.guacamole.auth.postgresql.conf;
 
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.jdbc.JDBCEnvironment;

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLSSLMode.java

@@ -0,0 +1,94 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.postgresql.conf;
+
+import org.apache.guacamole.properties.EnumGuacamoleProperty.PropertyValue;
+
+/**
+ * Possible values for PostgreSQL SSL connectivity.
+ */
+public enum PostgreSQLSSLMode {
+    
+    /**
+     * Do not use SSL to connect to server.
+     */
+    @PropertyValue("disable")
+    DISABLE("disable"),
+    
+    /**
+     * Allow SSL connections, but try non-SSL, first.
+     */
+    @PropertyValue("allow")
+    ALLOW("allow"),
+    
+    /**
+     * Prefer SSL connections, falling back to non-SSL if that fails.
+     */
+    @PropertyValue("prefer")
+    PREFER("prefer"),
+    
+    /**
+     * Require SSL connections, do not connect if SSL fails.
+     */
+    @PropertyValue("require")
+    REQUIRE("require"),
+    
+    /**
+     * Require SSL connections and validate the CA certificate.
+     */
+    @PropertyValue("verify-ca")
+    VERIFY_CA("verify-ca"),
+    
+    /**
+     * Require SSL connections and validate both the CA and server certificates.
+     */
+    @PropertyValue("verify-full")
+    VERIFY_FULL("verify-full");
+    
+    /**
+     * The value expected by and passed on to the JDBC driver for the given
+     * SSL operation mode.
+     */
+    private final String driverValue;
+    
+    /**
+     * Create a new instance of this enum with the given driverValue as the
+     * value that will be used when configuring the JDBC driver.
+     * 
+     * @param driverValue
+     *     The value to use when configuring the JDBC driver.
+     */
+    PostgreSQLSSLMode(String driverValue) {
+        this.driverValue = driverValue;
+    }
+    
+    /**
+     * Returns the String value for a given Enum that properly configures the
+     * JDBC driver for the desired mode of SSL operation.
+     * 
+     * @return 
+     *     The String value for the current Enum that configures the JDBC driver
+     *     for the desired mode of SSL operation.
+     */
+    public String getDriverValue() {
+        return driverValue;
+    }
+    
+}