TEIID-3177 requiring odbc to be secure by default

Teiid-Designer · Oct 20, 2014 · f422a5b · f422a5b
1 parent 8817b3f
commit f422a5b
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 10 deletions.
diff --git a/runtime/src/main/java/org/teiid/runtime/RuntimePlugin.java b/runtime/src/main/java/org/teiid/runtime/RuntimePlugin.java
@@ -136,5 +136,6 @@ public static enum Event implements BundleUtil.Event{
     	TEIID40122, //error creating SSLEngine
     	TEIID40123, 
     	TEIID40124, 
+    	TEIID40125, 
     }
 }
diff --git a/runtime/src/main/java/org/teiid/transport/ODBCSocketListener.java b/runtime/src/main/java/org/teiid/transport/ODBCSocketListener.java
@@ -32,7 +32,7 @@
 
 public class ODBCSocketListener extends SocketListener {
 	private int maxBufferSize = PropertiesUtils.getIntProperty(System.getProperties(), "org.teiid.ODBCPacketSize", 307200); //$NON-NLS-1$
-	private boolean requireSSL = PropertiesUtils.getBooleanProperty(System.getProperties(), "org.teiid.ODBCRequireSecure", true); //$NON-NLS-1$
+	private boolean requireSecure = PropertiesUtils.getBooleanProperty(System.getProperties(), "org.teiid.ODBCRequireSecure", true); //$NON-NLS-1$
 	private int maxLobSize;
 	private TeiidDriver driver;
 	private LogonImpl logonService;
@@ -59,7 +59,7 @@ protected SSLAwareChannelHandler createChannelPipelineFactory(final SSLConfigura
 			@Override
 			public ChannelPipeline getPipeline() throws Exception {
 				ChannelPipeline pipeline = new DefaultChannelPipeline();
-				PgBackendProtocol pgBackendProtocol = new PgBackendProtocol(maxLobSize, maxBufferSize, config, requireSSL);
+				PgBackendProtocol pgBackendProtocol = new PgBackendProtocol(maxLobSize, maxBufferSize, config, requireSecure);
 			    pipeline.addLast("odbcFrontendProtocol", new PgFrontendProtocol(pgBackendProtocol, 1 << 20)); //$NON-NLS-1$
 			    pipeline.addLast("odbcBackendProtocol", pgBackendProtocol); //$NON-NLS-1$
 			    pipeline.addLast("handler", this); //$NON-NLS-1$
@@ -73,7 +73,7 @@ public ChannelListener createChannelListener(ObjectChannel channel) {
 		return new ODBCClientInstance(channel, driver, logonService);
 	}
 
-	public void setRequireSSL(boolean requireSSL) {
-		this.requireSSL = requireSSL;
+	public void setRequireSecure(boolean requireSecure) {
+		this.requireSecure = requireSecure;
 	}
 }
diff --git a/runtime/src/main/java/org/teiid/transport/PgBackendProtocol.java b/runtime/src/main/java/org/teiid/transport/PgBackendProtocol.java
@@ -246,7 +246,7 @@ public void initialized(Properties props) {
 	@Override
 	public void useClearTextAuthentication() {
 		if (requireSecure && config != null && config.isClientEncryptionEnabled()) {
-			sendErrorResponse("Secure authentication is required");
+			sendErrorResponse(RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40125));
 		} else {
 			sendAuthenticationCleartextPassword();
 		}

diff --git a/runtime/src/main/resources/org/teiid/runtime/i18n.properties b/runtime/src/main/resources/org/teiid/runtime/i18n.properties
@@ -126,3 +126,4 @@ TEIID40121=In VDB {1}.{2} model "{0}" has an invalid name.  Model names must be
 TEIID40122=Could not initialize ODBC SSL.  No connections will be allowed since SSL is required.
 TEIID40123=SSL is required.
 TEIID40124=SSL is required, but not configured properly on the server.
+TEIID40125=A secure authentication is required - either a SSL connection or GSS authentication.  Alternatively org.teiid.ODBCRequireSecure can be set to false.
diff --git a/test-integration/common/src/test/java/org/teiid/transport/TestODBCSocketTransport.java b/test-integration/common/src/test/java/org/teiid/transport/TestODBCSocketTransport.java
@@ -133,17 +133,28 @@ public String[] getSupportedCipherSuites() {
 
 	private static final MockTransactionManager TRANSACTION_MANAGER = new TestEmbeddedServer.MockTransactionManager();
 
+	enum Mode {
+		LEGACY,//how the test was originally written
+		ENABLED,
+		LOGIN,
+		DISABLED
+	}
+
 	static class FakeOdbcServer {
 		InetSocketAddress addr;
 		ODBCSocketListener odbcTransport;
 		FakeServer server;
 
-		public void start(Boolean ssl) throws Exception {
+		public void start(Mode mode) throws Exception {
 			SocketConfiguration config = new SocketConfiguration();
 			SSLConfiguration sslConfig = new SSLConfiguration();
-			if (ssl == null || ssl) {
+			if (mode == Mode.LOGIN) {
+				sslConfig.setMode(SSLConfiguration.LOGIN);
+			} else if (mode == Mode.ENABLED || mode == Mode.LEGACY) {
 				sslConfig.setMode(SSLConfiguration.ENABLED);
 				sslConfig.setAuthenticationMode(SSLConfiguration.ANONYMOUS);
+			} else {
+				sslConfig.setMode(SSLConfiguration.DISABLED);
 			}
 			config.setSSLConfiguration(sslConfig);
 			addr = new InetSocketAddress(0);
@@ -156,8 +167,8 @@ public void start(Boolean ssl) throws Exception {
 			LogonImpl logon = Mockito.mock(LogonImpl.class);
 			odbcTransport = new ODBCSocketListener(addr, config, Mockito.mock(ClientServiceRegistryImpl.class), BufferManagerFactory.getStandaloneBufferManager(), 100000, logon, server.getDriver());
 			odbcTransport.setMaxBufferSize(1000); //set to a small size to ensure buffering over the limit works
-			if (ssl == null) {
-				odbcTransport.setRequireSSL(false);
+			if (mode == Mode.LEGACY) {
+				odbcTransport.setRequireSecure(false);
 			}
 			server.deployVDB("parts", UnitTestUtil.getTestDataPath() + "/PartsSupplier.vdb");
 		}
@@ -172,7 +183,7 @@ public void stop() {
 	private static FakeOdbcServer odbcServer = new FakeOdbcServer();
 
 	@BeforeClass public static void oneTimeSetup() throws Exception {
-		odbcServer.start(null);
+		odbcServer.start(Mode.LEGACY);
 	}
 
 	@AfterClass public static void oneTimeTearDown() throws Exception {