diff --git a/runtime/src/main/java/org/teiid/runtime/RuntimePlugin.java b/runtime/src/main/java/org/teiid/runtime/RuntimePlugin.java index 2b200c9444..71c2110f56 100644 --- a/runtime/src/main/java/org/teiid/runtime/RuntimePlugin.java +++ b/runtime/src/main/java/org/teiid/runtime/RuntimePlugin.java @@ -136,5 +136,6 @@ public static enum Event implements BundleUtil.Event{ TEIID40122, //error creating SSLEngine TEIID40123, TEIID40124, + TEIID40125, } } diff --git a/runtime/src/main/java/org/teiid/transport/ODBCSocketListener.java b/runtime/src/main/java/org/teiid/transport/ODBCSocketListener.java index f9965f5fec..9dbbfa047a 100644 --- a/runtime/src/main/java/org/teiid/transport/ODBCSocketListener.java +++ b/runtime/src/main/java/org/teiid/transport/ODBCSocketListener.java @@ -32,7 +32,7 @@ public class ODBCSocketListener extends SocketListener { private int maxBufferSize = PropertiesUtils.getIntProperty(System.getProperties(), "org.teiid.ODBCPacketSize", 307200); //$NON-NLS-1$ - private boolean requireSSL = PropertiesUtils.getBooleanProperty(System.getProperties(), "org.teiid.ODBCRequireSecure", true); //$NON-NLS-1$ + private boolean requireSecure = PropertiesUtils.getBooleanProperty(System.getProperties(), "org.teiid.ODBCRequireSecure", true); //$NON-NLS-1$ private int maxLobSize; private TeiidDriver driver; private LogonImpl logonService; @@ -59,7 +59,7 @@ protected SSLAwareChannelHandler createChannelPipelineFactory(final SSLConfigura @Override public ChannelPipeline getPipeline() throws Exception { ChannelPipeline pipeline = new DefaultChannelPipeline(); - PgBackendProtocol pgBackendProtocol = new PgBackendProtocol(maxLobSize, maxBufferSize, config, requireSSL); + PgBackendProtocol pgBackendProtocol = new PgBackendProtocol(maxLobSize, maxBufferSize, config, requireSecure); pipeline.addLast("odbcFrontendProtocol", new PgFrontendProtocol(pgBackendProtocol, 1 << 20)); //$NON-NLS-1$ pipeline.addLast("odbcBackendProtocol", pgBackendProtocol); //$NON-NLS-1$ pipeline.addLast("handler", this); //$NON-NLS-1$ @@ -73,7 +73,7 @@ public ChannelListener createChannelListener(ObjectChannel channel) { return new ODBCClientInstance(channel, driver, logonService); } - public void setRequireSSL(boolean requireSSL) { - this.requireSSL = requireSSL; + public void setRequireSecure(boolean requireSecure) { + this.requireSecure = requireSecure; } } diff --git a/runtime/src/main/java/org/teiid/transport/PgBackendProtocol.java b/runtime/src/main/java/org/teiid/transport/PgBackendProtocol.java index 8f443ac057..9d14696ff4 100644 --- a/runtime/src/main/java/org/teiid/transport/PgBackendProtocol.java +++ b/runtime/src/main/java/org/teiid/transport/PgBackendProtocol.java @@ -246,7 +246,7 @@ public void initialized(Properties props) { @Override public void useClearTextAuthentication() { if (requireSecure && config != null && config.isClientEncryptionEnabled()) { - sendErrorResponse("Secure authentication is required"); + sendErrorResponse(RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40125)); } else { sendAuthenticationCleartextPassword(); } diff --git a/runtime/src/main/resources/org/teiid/runtime/i18n.properties b/runtime/src/main/resources/org/teiid/runtime/i18n.properties index f0fd83e780..d9449e58e0 100644 --- a/runtime/src/main/resources/org/teiid/runtime/i18n.properties +++ b/runtime/src/main/resources/org/teiid/runtime/i18n.properties @@ -126,3 +126,4 @@ TEIID40121=In VDB {1}.{2} model "{0}" has an invalid name. Model names must be TEIID40122=Could not initialize ODBC SSL. No connections will be allowed since SSL is required. TEIID40123=SSL is required. TEIID40124=SSL is required, but not configured properly on the server. +TEIID40125=A secure authentication is required - either a SSL connection or GSS authentication. Alternatively org.teiid.ODBCRequireSecure can be set to false. diff --git a/test-integration/common/src/test/java/org/teiid/transport/TestODBCSocketTransport.java b/test-integration/common/src/test/java/org/teiid/transport/TestODBCSocketTransport.java index 9313499202..7c8896eefa 100644 --- a/test-integration/common/src/test/java/org/teiid/transport/TestODBCSocketTransport.java +++ b/test-integration/common/src/test/java/org/teiid/transport/TestODBCSocketTransport.java @@ -133,17 +133,28 @@ public String[] getSupportedCipherSuites() { private static final MockTransactionManager TRANSACTION_MANAGER = new TestEmbeddedServer.MockTransactionManager(); + enum Mode { + LEGACY,//how the test was originally written + ENABLED, + LOGIN, + DISABLED + } + static class FakeOdbcServer { InetSocketAddress addr; ODBCSocketListener odbcTransport; FakeServer server; - public void start(Boolean ssl) throws Exception { + public void start(Mode mode) throws Exception { SocketConfiguration config = new SocketConfiguration(); SSLConfiguration sslConfig = new SSLConfiguration(); - if (ssl == null || ssl) { + if (mode == Mode.LOGIN) { + sslConfig.setMode(SSLConfiguration.LOGIN); + } else if (mode == Mode.ENABLED || mode == Mode.LEGACY) { sslConfig.setMode(SSLConfiguration.ENABLED); sslConfig.setAuthenticationMode(SSLConfiguration.ANONYMOUS); + } else { + sslConfig.setMode(SSLConfiguration.DISABLED); } config.setSSLConfiguration(sslConfig); addr = new InetSocketAddress(0); @@ -156,8 +167,8 @@ public void start(Boolean ssl) throws Exception { LogonImpl logon = Mockito.mock(LogonImpl.class); odbcTransport = new ODBCSocketListener(addr, config, Mockito.mock(ClientServiceRegistryImpl.class), BufferManagerFactory.getStandaloneBufferManager(), 100000, logon, server.getDriver()); odbcTransport.setMaxBufferSize(1000); //set to a small size to ensure buffering over the limit works - if (ssl == null) { - odbcTransport.setRequireSSL(false); + if (mode == Mode.LEGACY) { + odbcTransport.setRequireSecure(false); } server.deployVDB("parts", UnitTestUtil.getTestDataPath() + "/PartsSupplier.vdb"); } @@ -172,7 +183,7 @@ public void stop() { private static FakeOdbcServer odbcServer = new FakeOdbcServer(); @BeforeClass public static void oneTimeSetup() throws Exception { - odbcServer.start(null); + odbcServer.start(Mode.LEGACY); } @AfterClass public static void oneTimeTearDown() throws Exception {