From e91d5a99ee8d460152bfdae4607ec62f8bc80370 Mon Sep 17 00:00:00 2001 From: James Muehlner Date: Wed, 10 May 2023 23:26:05 +0000 Subject: [PATCH] GUACAMOLE-926: Add configuration option for enabling self-signed SQL Server certs for local testing. --- .../SQLServerAuthenticationProviderModule.java | 4 ++++ .../sqlserver/conf/SQLServerEnvironment.java | 17 +++++++++++++++++ .../conf/SQLServerGuacamoleProperties.java | 13 +++++++++++++ 3 files changed, 34 insertions(+) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java index 74d3c950f..5a3d4002b 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java @@ -76,6 +76,10 @@ public class SQLServerAuthenticationProviderModule implements Module { // Use UTF-8 in database driverProperties.setProperty("characterEncoding", "UTF-8"); + + // Trust unknown server certificates if configured to do so + if (environment.trustAllServerCertificates()) + driverProperties.setProperty("trustServerCertificate", "true"); // Retrieve instance name and set it String instance = environment.getSQLServerInstance(); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerEnvironment.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerEnvironment.java index 5aedec784..612fa16d8 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerEnvironment.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerEnvironment.java @@ -295,4 +295,21 @@ public class SQLServerEnvironment extends JDBCEnvironment { true); } + /** + * Returns true if all server certificates should be trusted, including + * those signed by an unknown certificate authority, such as self-signed + * certificates, or false otherwise. + * + * @throws GuacamoleException + * If an error occurs while retrieving the property value, or if the + * value was not set, as this property is required. + */ + public boolean trustAllServerCertificates() throws GuacamoleException { + + // Do not trust unknown certificates unless explicitly enabled + return getProperty( + SQLServerGuacamoleProperties.SQLSERVER_TRUST_ALL_SERVER_CERTIFICATES, + false); + } + } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerGuacamoleProperties.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerGuacamoleProperties.java index 721b3345a..c4df81381 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerGuacamoleProperties.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerGuacamoleProperties.java @@ -245,4 +245,17 @@ public class SQLServerGuacamoleProperties { }; + /** + * Whether or not all server certificates should be trusted, including those + * signed by an unknown certificate authority, such as self-signed + * certificates. + */ + public static final BooleanGuacamoleProperty SQLSERVER_TRUST_ALL_SERVER_CERTIFICATES = + new BooleanGuacamoleProperty() { + + @Override + public String getName() { return "sqlserver-trust-all-server-certificates"; } + + }; + }