safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 05:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-728: Add PostgreSQL SSL mode configuration.

Browse Source
This commit is contained in:
Virtually Nick
2020-04-02 23:45:47 -04:00
parent 721010cc14
commit d5a3f8116e
7 changed files with 303 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/PostgreSQLAuthenticationProviderModule.java
View File

@@ -22,8 +22,11 @@ package org.apache.guacamole.auth.postgresql;
import com.google.inject.Binder;
import com.google.inject.Module;
import com.google.inject.name.Names;
import java.io.File;
import java.util.Properties;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.postgresql.conf.PostgreSQLEnvironment;
import org.apache.guacamole.auth.postgresql.conf.PostgreSQLSSLMode;
import org.mybatis.guice.datasource.helper.JdbcHelper;
/**
@@ -70,6 +73,32 @@ public class PostgreSQLAuthenticationProviderModule implements Module {
// Use UTF-8 in database
driverProperties.setProperty("characterEncoding", "UTF-8");
// Check the SSL mode and set if configured.
PostgreSQLSSLMode sslMode = environment.getPostgreSQLSSLMode();
driverProperties.setProperty("sslmode", sslMode.toString());
// If SSL is enabled, check for and set other SSL properties.
if (sslMode != PostgreSQLSSLMode.DISABLE) {
driverProperties.setProperty("ssl", "true");
File sslClientCert = environment.getPostgreSQLSSLClientCertFile();
if (sslClientCert != null)
driverProperties.setProperty("sslcert", sslClientCert.getAbsolutePath());
File sslClientKey = environment.getPostgreSQLSSLClientKeyFile();
if (sslClientKey != null)
driverProperties.setProperty("sslkey", sslClientKey.getAbsolutePath());
File sslRootCert = environment.getPostgreSQLSSLClientRootCertFile();
if (sslRootCert != null)
driverProperties.setProperty("sslrootcert", sslRootCert.getAbsolutePath());
String sslClientKeyPassword = environment.getPostgreSQLSSLClientKeyPassword();
if (sslClientKeyPassword != null)
driverProperties.setProperty("sslpassword", sslClientKeyPassword);
}
}
@Override

1
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/PostgreSQLInjectorProvider.java
View File

@@ -24,6 +24,7 @@ import com.google.inject.Injector;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCAuthenticationProviderModule;
import org.apache.guacamole.auth.jdbc.JDBCInjectorProvider;
import org.apache.guacamole.auth.postgresql.conf.PostgreSQLEnvironment;
/**
* JDBCInjectorProvider implementation which configures Guice injections for

81
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/PostgreSQLEnvironment.java → extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLEnvironment.java
View File

@@ -17,8 +17,9 @@
* under the License.
*/
package org.apache.guacamole.auth.postgresql;
package org.apache.guacamole.auth.postgresql.conf;
import java.io.File;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.slf4j.Logger;
@@ -97,6 +98,11 @@ public class PostgreSQLEnvironment extends JDBCEnvironment {
*/
private final int DEFAULT_MAX_GROUP_CONNECTIONS = 0;
/**
* The default value to use for SSL mode if none is explicitly configured.
*/
private final PostgreSQLSSLMode DEFAULT_SSL_MODE = PostgreSQLSSLMode.DISABLE;
/**
* Constructs a new PostgreSQLEnvironment, providing access to PostgreSQL-specific
* configuration options.
@@ -249,4 +255,77 @@ public class PostgreSQLEnvironment extends JDBCEnvironment {
return true; // All versions of PostgreSQL support recursive queries through CTEs
}
/**
* Get the SSL mode to use to make the JDBC connection to the PostgreSQL
* server. If unspecified this will default to disabling SSL.
*
* @return
* The enum value of the SSL mode to use to make the JDBC connection
* to the server.
*
* @throws GuacamoleException
* If an error occurs retrieving the value from guacamole.properties.
*/
public PostgreSQLSSLMode getPostgreSQLSSLMode() throws GuacamoleException {
return getProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_SSL_MODE,
DEFAULT_SSL_MODE);
}
/**
* Return the SSL client certificate file to use to make the connection
* to the PostgreSQL server.
*
* @return
* The SSL client certificate file to use for the PostgreSQL connection.
*
* @throws GuacamoleException
* If an error occurs retrieving the value from guacamole.properties.
*/
public File getPostgreSQLSSLClientCertFile() throws GuacamoleException {
return getProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_SSL_CERT_FILE);
}
/**
* Return the SSL client private key file to use to make the connection to the
* PostgreSQL server.
*
* @return
* The SSL client private key file to use for the PostgreSQL connection.
* @throws GuacamoleException
* If an error occurs retrieving the value from guacamole.properties.
*/
public File getPostgreSQLSSLClientKeyFile() throws GuacamoleException {
return getProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_SSL_KEY_FILE);
}
/**
* Return the SSL client root certificate file to use to make the connection
* to the PostgreSQL server.
*
* @return
* The SSL client root certificate file to use to make the connection
* to the PostgreSQL server.
*
* @throws GuacamoleException
* If an error occurs retrieving the value from guacamole.properties.
*/
public File getPostgreSQLSSLClientRootCertFile() throws GuacamoleException {
return getProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_SSL_ROOT_CERT_FILE);
}
/**
* Return the password to use to decrypt the private SSL key file when making
* the connection to the PostgreSQL server.
*
* @return
* The password to use to decrypt the private SSL key file when making
* the connection to the PostgreSQL server.
*
* @throws GuacamoleException
* If an error occurs retrieving the value from guacamole.properties.
*/
public String getPostgreSQLSSLClientKeyPassword() throws GuacamoleException {
return getProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_SSL_KEY_PASSWORD);
}
}

63
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/PostgreSQLGuacamoleProperties.java → extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLGuacamoleProperties.java
View File

@@ -17,9 +17,10 @@
* under the License.
*/
package org.apache.guacamole.auth.postgresql;
package org.apache.guacamole.auth.postgresql.conf;
import org.apache.guacamole.properties.BooleanGuacamoleProperty;
import org.apache.guacamole.properties.FileGuacamoleProperty;
import org.apache.guacamole.properties.IntegerGuacamoleProperty;
import org.apache.guacamole.properties.StringGuacamoleProperty;
@@ -171,4 +172,64 @@ public class PostgreSQLGuacamoleProperties {
};
/**
* The SSL mode that should be used by the JDBC driver when making
* connections to the remote server. By default SSL will be disabled.
*/
public static final PostgreSQLSSLProperty POSTGRESQL_SSL_MODE =
new PostgreSQLSSLProperty() {
@Override
public String getName() { return "postgresql-ssl-mode"; }
};
/**
* The client SSL certificate file used by the JDBC driver to make the
* SSL connection.
*/
public static final FileGuacamoleProperty POSTGRESQL_SSL_CERT_FILE =
new FileGuacamoleProperty() {
@Override
public String getName() { return "postgresql-ssl-cert-file"; }
};
/**
* The client SSL private key file used by the JDBC driver to make the
* SSL connection.
*/
public static final FileGuacamoleProperty POSTGRESQL_SSL_KEY_FILE =
new FileGuacamoleProperty() {
@Override
public String getName() { return "postgresql-ssl-key-file"; }
};
/**
* The client SSL root certificate file used by the JDBC driver to validate
* certificates when making the SSL connection.
*/
public static final FileGuacamoleProperty POSTGRESQL_SSL_ROOT_CERT_FILE =
new FileGuacamoleProperty() {
@Override
public String getName() { return "postgresql-ssl-root-cert-file"; }
};
/**
* The password of the SSL private key used by the JDBC driver to make
* the SSL connection to the PostgreSQL server.
*/
public static final StringGuacamoleProperty POSTGRESQL_SSL_KEY_PASSWORD =
new StringGuacamoleProperty() {
@Override
public String getName() { return "postgresql-ssl-key-password"; }
};
}

2
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/PostgreSQLPasswordPolicy.java → extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLPasswordPolicy.java
View File

@@ -17,7 +17,7 @@
* under the License.
*/
package org.apache.guacamole.auth.postgresql;
package org.apache.guacamole.auth.postgresql.conf;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;

82
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLSSLMode.java Normal file
View File

@@ -0,0 +1,82 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.postgresql.conf;
/**
* Possible values for PostgreSQL SSL connectivity.
*/
public enum PostgreSQLSSLMode {
// Do not use SSL to connect to server.
DISABLE("disable"),
// Allow SSL connections, but try non-SSL, first.
ALLOW("allow"),
// Prefer SSL connections, falling back to non-SSL if that fails.
PREFER("prefer"),
// Require SSL connections, do not connect if SSL fails.
REQUIRE("require"),
// Require SSL connections and validate the CA certificate.
VERIFY_CA("verify-ca"),
// Require SSL connections and validate both the CA and server certificates.
VERIFY_FULL("verify-full");
// The value actually passed on to the JDBC driver.
private String configValue;
/**
* Create a new instance of this enum with the given configValue as the
* value that will be used when configuring the JDBC driver.
*
* @param configValue
* The value to use when configuring the JDBC driver.
*/
PostgreSQLSSLMode(String configValue) {
this.configValue = configValue;
}
@Override
public String toString() {
return configValue;
}
/**
* Given the String value, determine the correct enum value that matches
* the string, or null if there is no match.
*
* @param value
* The String value to test to find a match.
*
* @return
* The enum value matching the given String.
*/
public static PostgreSQLSSLMode getValue(String value) {
for (PostgreSQLSSLMode mode : PostgreSQLSSLMode.values()) {
if (mode.toString().equals(value))
return mode;
}
return null;
}
}

47
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLSSLProperty.java Normal file
View File

@@ -0,0 +1,47 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.postgresql.conf;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleServerException;
import org.apache.guacamole.properties.GuacamoleProperty;
/**
*
* @author nick_couchman
*/
public abstract class PostgreSQLSSLProperty
implements GuacamoleProperty<PostgreSQLSSLMode> {
@Override
public PostgreSQLSSLMode parseValue(String value) throws GuacamoleException {
if (value == null)
return null;
PostgreSQLSSLMode mode = PostgreSQLSSLMode.getValue(value);
if (mode != null)
return mode;
throw new GuacamoleServerException("Invalid PostgreSQL SSL mode configured.");
}
}