#182 Added simple SSL for Manage and Admin servers

rjrudin · rjrudin · commit 56d70b40085c · 2017-08-21T15:14:03.000-04:00
diff --git a/src/main/java/com/marklogic/mgmt/DefaultManageConfigFactory.java b/src/main/java/com/marklogic/mgmt/DefaultManageConfigFactory.java
@@ -60,6 +60,12 @@ public ManageConfig newManageConfig() {
 		    c.setScheme(prop);
 	    }
 
+	    prop = getProperty("mlManageSimpleSsl");
+	    if (prop != null) {
+		    logger.info("Use simple SSL for Manage app server: " + prop);
+		    c.setConfigureSimpleSsl(Boolean.parseBoolean(prop));
+	    }
+
 	    prop = getProperty("mlAdminUsername");
         if (prop != null) {
             logger.info("Manage admin username: " + prop);
@@ -80,6 +86,24 @@ public ManageConfig newManageConfig() {
             c.setAdminPassword(c.getPassword());
         }
 
+	    prop = getProperty("mlAdminPort");
+	    if (prop != null) {
+		    logger.info("Admin port: " + prop);
+		    c.setAdminPort(Integer.parseInt(prop));
+	    }
+
+	    prop = getProperty("mlAdminScheme");
+	    if (prop != null) {
+		    logger.info("Admin scheme: " + prop);
+		    c.setAdminScheme(prop);
+	    }
+
+	    prop = getProperty("mlAdminSimpleSsl");
+	    if (prop != null) {
+		    logger.info("Use simple SSL for Admin app server: " + prop);
+		    c.setAdminConfigureSimpleSsl(Boolean.parseBoolean(prop));
+	    }
+
         return c;
     }
 
diff --git a/src/main/java/com/marklogic/mgmt/ManageClient.java b/src/main/java/com/marklogic/mgmt/ManageClient.java
@@ -46,7 +46,7 @@ public void initialize(ManageConfig config) {
                 logger.info("Initializing ManageClient with admin config, admin user: " + config.getAdminUsername());
             }
             this.adminRestTemplate = RestTemplateUtil.newRestTemplate(config.getHost(), config.getPort(),
-                    config.getAdminUsername(), config.getAdminPassword());
+                    config.getAdminUsername(), config.getAdminPassword(), config.isAdminConfigureSimpleSsl());
         } else {
             this.adminRestTemplate = restTemplate;
         }
diff --git a/src/main/java/com/marklogic/mgmt/ManageConfig.java b/src/main/java/com/marklogic/mgmt/ManageConfig.java
@@ -15,9 +15,12 @@ public class ManageConfig extends RestConfig {
      */
     public static final String DEFAULT_USERNAME = "admin";
     public static final String DEFAULT_PASSWORD = "admin";
-    
+
     private String adminUsername;
     private String adminPassword;
+    private boolean adminConfigureSimpleSsl;
+    private String adminScheme = "http";
+    private int adminPort = 8001;
 
     public ManageConfig() {
         this("localhost", DEFAULT_PASSWORD);
@@ -54,4 +57,28 @@ public String getAdminPassword() {
     public void setAdminPassword(String adminPassword) {
         this.adminPassword = adminPassword;
     }
+
+	public boolean isAdminConfigureSimpleSsl() {
+		return adminConfigureSimpleSsl;
+	}
+
+	public void setAdminConfigureSimpleSsl(boolean adminConfigureSimpleSsl) {
+		this.adminConfigureSimpleSsl = adminConfigureSimpleSsl;
+	}
+
+	public int getAdminPort() {
+		return adminPort;
+	}
+
+	public void setAdminPort(int adminPort) {
+		this.adminPort = adminPort;
+	}
+
+	public String getAdminScheme() {
+		return adminScheme;
+	}
+
+	public void setAdminScheme(String adminScheme) {
+		this.adminScheme = adminScheme;
+	}
 }
diff --git a/src/main/java/com/marklogic/mgmt/admin/DefaultAdminConfigFactory.java b/src/main/java/com/marklogic/mgmt/admin/DefaultAdminConfigFactory.java
@@ -60,6 +60,12 @@ public AdminConfig newAdminConfig() {
 		    c.setScheme(prop);
 	    }
 
+	    prop = getProperty("mlAdminSimpleSsl");
+	    if (prop != null) {
+	    	logger.info("Use simple SSL for Admin app server: " + prop);
+	    	c.setConfigureSimpleSsl(Boolean.parseBoolean(prop));
+	    }
+
         return c;
     }
 
diff --git a/src/main/java/com/marklogic/mgmt/api/API.java b/src/main/java/com/marklogic/mgmt/api/API.java
@@ -66,6 +66,7 @@ protected void initializeAdminManager() {
 		    ManageConfig mc = manageClient.getManageConfig();
 		    if (mc.getAdminUsername() != null && mc.getAdminPassword() != null) {
 			    AdminConfig ac = new AdminConfig(mc.getHost(), 8001, mc.getAdminUsername(), mc.getAdminPassword());
+			    ac.setConfigureSimpleSsl(mc.isAdminConfigureSimpleSsl());
 			    this.adminManager = new AdminManager(ac);
 		    }
 	    }
@@ -90,8 +91,29 @@ protected ObjectMapper buildDefaultObjectMapper() {
      * @param host
      */
     public void connect(String host) {
-        ManageConfig mc = this.manageClient.getManageConfig();
-        connect(host, mc.getUsername(), mc.getPassword(), mc.getAdminUsername(), mc.getAdminPassword());
+        connect(host, this.manageClient.getManageConfig());
+    }
+
+	/**
+	 * Connect to a (presumably) different MarkLogic Management API.
+	 *
+	 * @param host
+	 * @param mc
+	 */
+	public void connect(String host, ManageConfig mc) {
+	    if (logger.isInfoEnabled()) {
+		    logger.info("Connecting to host: " + host);
+	    }
+	    SimplePropertySource sps = new SimplePropertySource("mlHost", host, "mlManageUsername", mc.getUsername(),
+		    "mlManagePassword", mc.getPassword(), "mlAdminUsername", mc.getAdminUsername(), "mlAdminPassword", mc.getAdminPassword(),
+		    "mlManageSimpleSsl", mc.isConfigureSimpleSsl() + "", "mlAdminSimpleSsl", mc.isAdminConfigureSimpleSsl() + "",
+		    "mlManageScheme", mc.getScheme(), "mlAdminScheme", mc.getAdminScheme(), "mlAdminPort", mc.getAdminPort() + "",
+		    "mlManagePort", mc.getPort() + "");
+	    this.manageClient = new ManageClient(new DefaultManageConfigFactory(sps).newManageConfig());
+	    initializeAdminManager();
+	    if (logger.isInfoEnabled()) {
+		    logger.info("Connected to host: " + host);
+	    }
     }
 
     /**
@@ -116,16 +138,13 @@ public void connect(String host, String username, String password) {
      * @param adminPassword
      */
     public void connect(String host, String username, String password, String adminUsername, String adminPassword) {
-        if (logger.isInfoEnabled()) {
-            logger.info("Connecting to host: " + host);
-        }
-        SimplePropertySource sps = new SimplePropertySource("mlHost", host, "mlManageUsername", username,
-                "mlManagePassword", password, "mlAdminUsername", adminUsername, "mlAdminPassword", adminPassword);
-        this.manageClient = new ManageClient(new DefaultManageConfigFactory(sps).newManageConfig());
-        initializeAdminManager();
-        if (logger.isInfoEnabled()) {
-            logger.info("Connected to host: " + host);
-        }
+    	ManageConfig mc = new ManageConfig();
+    	mc.setHost(host);
+    	mc.setUsername(username);
+    	mc.setPassword(password);
+    	mc.setAdminUsername(adminUsername);
+    	mc.setAdminPassword(adminPassword);
+    	connect(host, mc);
     }
 
     /**
diff --git a/src/main/java/com/marklogic/rest/util/RestConfig.java b/src/main/java/com/marklogic/rest/util/RestConfig.java
@@ -10,6 +10,7 @@ public class RestConfig {
     private String username;
     private String password;
     private String scheme = "http";
+    private boolean configureSimpleSsl;
 
     public RestConfig() {
     }
@@ -46,7 +47,7 @@ public URI buildUri(String path) {
     public String getBaseUrl() {
         return String.format("%s://%s:%d", scheme, host, port);
     }
-    
+
     public String getHost() {
         return host;
     }
@@ -86,4 +87,12 @@ public String getScheme() {
     public void setScheme(String scheme) {
         this.scheme = scheme;
     }
+
+	public boolean isConfigureSimpleSsl() {
+		return configureSimpleSsl;
+	}
+
+	public void setConfigureSimpleSsl(boolean configureSimpleSsl) {
+		this.configureSimpleSsl = configureSimpleSsl;
+	}
 }
diff --git a/src/main/java/com/marklogic/rest/util/RestTemplateUtil.java b/src/main/java/com/marklogic/rest/util/RestTemplateUtil.java
@@ -3,24 +3,62 @@
 import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.UsernamePasswordCredentials;
 import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.SSLContextBuilder;
+import org.apache.http.conn.ssl.TrustStrategy;
 import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.web.client.RestTemplate;
 
+import javax.net.ssl.SSLContext;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
 public class RestTemplateUtil {
 
-    public static RestTemplate newRestTemplate(RestConfig config) {
-        return newRestTemplate(config.getHost(), config.getPort(), config.getUsername(), config.getPassword());
-    }
-
-    public static RestTemplate newRestTemplate(String host, int port, String username, String password) {
-        BasicCredentialsProvider prov = new BasicCredentialsProvider();
-        prov.setCredentials(new AuthScope(host, port, AuthScope.ANY_REALM), new UsernamePasswordCredentials(username,
-                password));
-        HttpClient client = HttpClientBuilder.create().setDefaultCredentialsProvider(prov).build();
-        RestTemplate rt = new RestTemplate(new HttpComponentsClientHttpRequestFactory(client));
-        rt.setErrorHandler(new MgmtResponseErrorHandler());
-        return rt;
-    }
+	public static RestTemplate newRestTemplate(RestConfig config) {
+		return newRestTemplate(config.getHost(), config.getPort(), config.getUsername(), config.getPassword(), config.isConfigureSimpleSsl());
+	}
+
+	public static RestTemplate newRestTemplate(String host, int port, String username, String password) {
+		return newRestTemplate(host, port, username, password, false);
+	}
+
+	/**
+	 *
+	 * @param host
+	 * @param port
+	 * @param username
+	 * @param password
+	 * @param configureSimpleSsl if true, then a very simple SSLContext that trusts every request will be added to the
+	 *                           HttpClient that RestTemplate uses
+	 * @return
+	 */
+	public static RestTemplate newRestTemplate(String host, int port, String username, String password, boolean configureSimpleSsl) {
+		BasicCredentialsProvider prov = new BasicCredentialsProvider();
+		prov.setCredentials(new AuthScope(host, port, AuthScope.ANY_REALM), new UsernamePasswordCredentials(username,
+			password));
+
+		HttpClientBuilder httpClientBuilder = HttpClientBuilder.create().setDefaultCredentialsProvider(prov);
+
+		if (configureSimpleSsl) {
+			try {
+				SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
+					@Override
+					public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+						return true;
+					}
+				}).build();
+				httpClientBuilder.setSslcontext(sslContext);
+			} catch (Exception ex) {
+				throw new RuntimeException("Unable to configure simple SSL approach: " + ex.getMessage(), ex);
+			}
+		}
+
+		HttpClient client = httpClientBuilder.build();
+
+		RestTemplate rt = new RestTemplate(new HttpComponentsClientHttpRequestFactory(client));
+		rt.setErrorHandler(new MgmtResponseErrorHandler());
+		return rt;
+	}
 }
diff --git a/src/test/java/com/marklogic/mgmt/api/ConnectTest.java b/src/test/java/com/marklogic/mgmt/api/ConnectTest.java
@@ -4,15 +4,18 @@
 
 public class ConnectTest extends AbstractApiTest {
 
-    /**
-     * Just smoke testing that we can use the connect method to connect to the same host as before.
-     */
-    @Test
-    public void test() {
-        api.connect(manageConfig.getHost(), manageConfig.getUsername(), manageConfig.getPassword());
-        api.getDb().list();
+	/**
+	 * Just smoke testing that we can use the connect method to connect to the same host as before.
+	 */
+	@Test
+	public void test() {
+		manageConfig.setScheme("https");
+		manageConfig.setConfigureSimpleSsl(true);
 
-        api.connect(manageConfig.getHost());
-        api.getDb().list();
-    }
+		api.connect(manageConfig.getHost(), manageConfig);
+		api.getDb().list();
+
+		api.connect(manageConfig.getHost());
+		api.getDb().list();
+	}
 }

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ public void initialize(ManageConfig config) {`
`46`	`46`	`logger.info("Initializing ManageClient with admin config, admin user: " + config.getAdminUsername());`
`47`	`47`	`}`
`48`	`48`	`this.adminRestTemplate = RestTemplateUtil.newRestTemplate(config.getHost(), config.getPort(),`
`49`		`- config.getAdminUsername(), config.getAdminPassword());`
	`49`	`+ config.getAdminUsername(), config.getAdminPassword(), config.isAdminConfigureSimpleSsl());`
`50`	`50`	`} else {`
`51`	`51`	`this.adminRestTemplate = restTemplate;`
`52`	`52`	`}`
Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,12 @@ public AdminConfig newAdminConfig() {`
`60`	`60`	`c.setScheme(prop);`
`61`	`61`	`}`
`62`	`62`
	`63`	`+ prop = getProperty("mlAdminSimpleSsl");`
	`64`	`+ if (prop != null) {`
	`65`	`+ logger.info("Use simple SSL for Admin app server: " + prop);`
	`66`	`+ c.setConfigureSimpleSsl(Boolean.parseBoolean(prop));`
	`67`	`+ }`
	`68`	`+`
`63`	`69`	`return c;`
`64`	`70`	`}`
`65`	`71`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ public class RestConfig {`
`10`	`10`	`private String username;`
`11`	`11`	`private String password;`
`12`	`12`	`private String scheme = "http";`
	`13`	`+ private boolean configureSimpleSsl;`
`13`	`14`
`14`	`15`	`public RestConfig() {`
`15`	`16`	`}`
`@@ -46,7 +47,7 @@ public URI buildUri(String path) {`
`46`	`47`	`public String getBaseUrl() {`
`47`	`48`	`return String.format("%s://%s:%d", scheme, host, port);`
`48`	`49`	`}`
`49`		`-`
	`50`	`+`
`50`	`51`	`public String getHost() {`
`51`	`52`	`return host;`
`52`	`53`	`}`
`@@ -86,4 +87,12 @@ public String getScheme() {`
`86`	`87`	`public void setScheme(String scheme) {`
`87`	`88`	`this.scheme = scheme;`
`88`	`89`	`}`
	`90`	`+`
	`91`	`+ public boolean isConfigureSimpleSsl() {`
	`92`	`+ return configureSimpleSsl;`
	`93`	`+ }`
	`94`	`+`
	`95`	`+ public void setConfigureSimpleSsl(boolean configureSimpleSsl) {`
	`96`	`+ this.configureSimpleSsl = configureSimpleSsl;`
	`97`	`+ }`
`89`	`98`	`}`