Fixed failing tests in the code

Author: Zhen Li

driver/src/main/java/org/neo4j/driver/internal/connector/socket/TrustOnFirstUseTrustManager.java

@@ -39,7 +39,7 @@
  * References:
  * http://stackoverflow.com/questions/6802421/how-to-compare-distinct-implementations-of-java-security-cert-x509certificate?answertab=votes#tab-top
  */
-class TrustOnFirstUseTrustManager implements X509TrustManager
+public class TrustOnFirstUseTrustManager implements X509TrustManager
 {
     /**
      * A list of pairs (known_server certificate) are stored in this file.

driver/src/test/java/org/neo4j/driver/internal/ConfigTest.java

@@ -83,7 +83,7 @@ public void shouldConfigureMinIdleTime() throws Throwable
         Config config = Config.build().withSessionLivenessCheckTimeout( 1337 ).toConfig();
 
         // then
-        assertThat( config.idleTimeBeforeConnectionTest(), equalTo( 1337l ));
+        assertThat( config.idleTimeBeforeConnectionTest(), equalTo( 1337l ) );
     }
 
     public static void deleteDefaultKnownCertFileIfExists()

driver/src/test/java/org/neo4j/driver/v1/integration/TLSSocketChannelIT.java

@@ -18,32 +18,32 @@
  */
 package org.neo4j.driver.v1.integration;
 
+import org.junit.BeforeClass;
+import org.junit.Rule;
+import org.junit.Test;
+
 import java.io.BufferedWriter;
 import java.io.File;
 import java.io.FileWriter;
 import java.io.IOException;
-import java.io.InputStream;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.URI;
 import java.nio.channels.SocketChannel;
 import java.security.cert.X509Certificate;
-import java.util.Scanner;
-import javax.net.ssl.SSLHandshakeException;
-import javax.xml.bind.DatatypeConverter;
 
-import org.junit.Rule;
-import org.junit.Test;
+import javax.net.ssl.SSLHandshakeException;
 
-import org.neo4j.driver.internal.ConfigTest;
 import org.neo4j.driver.internal.connector.socket.TLSSocketChannel;
+import org.neo4j.driver.internal.connector.socket.TrustOnFirstUseTrustManager;
 import org.neo4j.driver.internal.spi.Logger;
 import org.neo4j.driver.internal.util.CertificateTool;
 import org.neo4j.driver.v1.Config;
 import org.neo4j.driver.v1.Driver;
 import org.neo4j.driver.v1.GraphDatabase;
 import org.neo4j.driver.v1.ResultCursor;
 import org.neo4j.driver.v1.util.CertificateToolTest;
+import org.neo4j.driver.v1.util.Neo4jInstaller;
 import org.neo4j.driver.v1.util.Neo4jRunner;
 import org.neo4j.driver.v1.util.TestNeo4j;
 
@@ -53,12 +53,20 @@
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
+import static org.neo4j.driver.internal.connector.socket.TrustOnFirstUseTrustManager.fingerprint;
 
 public class TLSSocketChannelIT
 {
     @Rule
     public TestNeo4j neo4j = new TestNeo4j();
 
+    @BeforeClass
+    public static void setup() throws IOException, InterruptedException
+    {
+        /* uncomment for JSSE debugging info */
+//         System.setProperty( "javax.net.debug", "all" );
+    }
+
     @Test
     public void shouldPerformTLSHandshakeWithEmptyKnownCertsFile() throws Throwable
     {
@@ -129,7 +137,7 @@ private void createFakeServerCertPairInKnownCerts( String host, int port, File k
         String serverId = ip + ":" + port;
 
         X509Certificate cert = CertificateToolTest.generateSelfSignedCertificate();
-        String certStr = DatatypeConverter.printBase64Binary( cert.getEncoded() );
+        String certStr = fingerprint(cert);
 
         BufferedWriter writer = new BufferedWriter( new FileWriter( knownCerts, true ) );
         writer.write( serverId + "," + certStr );
@@ -174,17 +182,15 @@ public void shouldFailTLSHandshakeDueToServerCertNotSignedByKnownCA() throws Thr
     @Test
     public void shouldPerformTLSHandshakeWithTrustedServerCert() throws Throwable
     {
-        // Given
-        TestKeys keys = testKeys();
-        neo4j.restartServerOnEmptyDatabase( Neo4jSettings.DEFAULT.usingEncryptionKeyAndCert( keys.serverKey, keys.serverCert ) );
 
         Logger logger = mock( Logger.class );
         SocketChannel channel = SocketChannel.open();
         channel.connect( new InetSocketAddress( "localhost", 7687 ) );
 
         // When
         TLSSocketChannel sslChannel = new TLSSocketChannel( "localhost", 7687, channel, logger,
-                Config.TrustStrategy.trustSignedBy( keys.signingCert ) );
+                Config.TrustStrategy.trustSignedBy(
+                        new File( Neo4jInstaller.neo4jHomeDir, "conf/ssl/snakeoil.cert") ) );
         sslChannel.close();
 
         // Then
@@ -196,7 +202,7 @@ public void shouldPerformTLSHandshakeWithTrustedServerCert() throws Throwable
     @Test
     public void shouldEstablishTLSConnection() throws Throwable
     {
-        ConfigTest.deleteDefaultKnownCertFileIfExists();
+
         Config config = Config.build().withEncryptionLevel( Config.EncryptionLevel.REQUIRED ).toConfig();
 
         Driver driver = GraphDatabase.driver(
@@ -210,33 +216,4 @@ public void shouldEstablishTLSConnection() throws Throwable
 
         driver.close();
     }
-
-    class TestKeys
-    {
-        final File serverKey;
-        final File serverCert;
-        final File signingCert;
-
-        TestKeys( File serverKey, File serverCert, File signingCert )
-        {
-            this.serverKey = serverKey;
-            this.serverCert = serverCert;
-            this.signingCert = signingCert;
-        }
-    }
-
-    TestKeys testKeys() throws IOException
-    {
-        return new TestKeys( fileFromCertResource( "server.key" ), fileFromCertResource( "server.crt" ), fileFromCertResource( "ca.crt" ) );
-    }
-
-    private File fileFromCertResource( String fileName ) throws IOException
-    {
-        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream( "certificates/" + fileName );
-        try ( Scanner scanner = new Scanner( resourceAsStream ).useDelimiter( "\\A" ) )
-        {
-            String contents = scanner.next();
-            return new File( neo4j.putTmpFile( fileName, "", contents ).getFile() );
-        }
-    }
 }

driver/src/test/java/org/neo4j/driver/v1/util/CertificateToolTest.java

@@ -18,19 +18,19 @@
  */
 package org.neo4j.driver.v1.util;
 
-import java.io.File;
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.GeneralSecurityException;
-import java.security.KeyPair;
 import java.security.KeyPairGenerator;
-import java.security.KeyStore;
-import java.security.SecureRandom;
 import java.security.Security;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.Date;
 import java.util.Enumeration;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.SecureRandom;
+import java.io.File;
 
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;

driver/src/test/java/org/neo4j/driver/v1/util/Neo4jRunner.java

@@ -52,7 +52,7 @@ private enum ServerStatus
 
     private Neo4jSettings currentSettings = Neo4jSettings.DEFAULT;
     private Driver currentDriver;
-    private boolean staleDriver;
+    private Config testConfig = Config.build().withEncryptionLevel( Config.EncryptionLevel.REJECTED ).toConfig();
 
     private Neo4jInstaller installer = Neo4jInstaller.Neo4jInstallerFactory.create();
 
@@ -78,9 +78,6 @@ private Neo4jRunner() throws Exception
         // Install default settings
         updateServerSettingsFile();
 
-        // Reset driver to match default settings
-        resetDriver();
-
         // Make sure we stop on JVM exit
         installShutdownHook();
     }
@@ -154,11 +151,7 @@ private void clear( Neo4jSettings config ) throws Exception
             throw new IllegalStateException( "Failed to start server" );
         }
         awaitServerStatusOrFail( ServerStatus.ONLINE );
-
-        if ( staleDriver )
-        {
-            resetDriver();
-        }
+        currentDriver = new Driver( serverURI(), testConfig );
     }
 
     private boolean updateServerSettings( Neo4jSettings settingsUpdate )
@@ -173,7 +166,6 @@ private boolean updateServerSettings( Neo4jSettings settingsUpdate )
             currentSettings = updatedSettings;
         }
         updateServerSettingsFile();
-        staleDriver = true;
         return true;
     }
 
@@ -236,8 +228,7 @@ private ServerStatus serverStatus() throws IOException, InterruptedException
         try
         {
             URI uri = serverURI();
-            Config config = serverConfig();
-            SocketClient client = new SocketClient( uri.getHost(), uri.getPort(), config, new DevNullLogger() );
+            SocketClient client = new SocketClient( uri.getHost(), uri.getPort(), testConfig, new DevNullLogger() );
             client.start();
             client.stop();
             return ServerStatus.ONLINE;
@@ -248,26 +239,6 @@ private ServerStatus serverStatus() throws IOException, InterruptedException
         }
     }
 
-    private void resetDriver() throws Exception
-    {
-        if( currentDriver != null )
-        {
-            currentDriver.close();
-        }
-        currentDriver = new Driver( serverURI(), serverConfig() );
-        staleDriver = false;
-    }
-
-    private Config serverConfig()
-    {
-        Config config = Config.defaultConfig();
-        if( currentSettings.isUsingTLS() )
-        {
-            config = Config.build().withEncryptionLevel( Config.EncryptionLevel.REQUIRED ).toConfig();
-        }
-        return config;
-    }
-
     private URI serverURI()
     {
         return URI.create( DEFAULT_URL );

driver/src/test/java/org/neo4j/driver/v1/util/Neo4jSettings.java

@@ -18,45 +18,26 @@
  */
 package org.neo4j.driver.v1.util;
 
-import java.io.File;
 import java.util.HashMap;
 import java.util.Map;
 
 import static org.neo4j.driver.internal.util.Iterables.map;
 
 public class Neo4jSettings
 {
-    private static final String TLS_ENABLED_KEY = "dbms.bolt.tls.enabled";
     private static final String TLS_CERT_KEY = "dbms.security.tls_certificate_file";
     private static final String TLS_KEY_KEY = "dbms.security.tls_key_file";
 
+
     private final Map<String, String> settings;
 
-    public static Neo4jSettings DEFAULT = new Neo4jSettings(new HashMap<String, String>()).usingTLS( false );
+    public static Neo4jSettings DEFAULT = new Neo4jSettings(new HashMap<String, String>());
 
     private Neo4jSettings( Map<String, String> settings )
     {
         this.settings = settings;
     }
 
-    public Neo4jSettings usingTLS( boolean usingTLS )
-    {
-        return updateWith( map( TLS_ENABLED_KEY, Boolean.toString( usingTLS ) ) );
-    }
-
-    public boolean isUsingTLS()
-    {
-        return "true".equals( settings.get( TLS_ENABLED_KEY ) );
-    }
-
-    public Neo4jSettings usingEncryptionKeyAndCert( File key, File cert )
-    {
-        return updateWith( map(
-                TLS_CERT_KEY, cert.getAbsolutePath(),
-                TLS_KEY_KEY, key.getAbsolutePath()
-        ));
-    }
-
     public Map<String, String> propertiesMap()
     {
         return settings;

examples/src/main/java/org/neo4j/docs/driver/Examples.java

@@ -34,8 +34,6 @@
 import org.neo4j.driver.v1.Value;
 import org.neo4j.driver.v1.Values;
 
-import org.neo4j.driver.v1.Config.TlsAuthenticationConfig;
-
 public class Examples
 {
 
@@ -182,7 +180,8 @@ public static void notifications( Session session ) throws Exception
     public static Driver requireEncryption() throws Exception
     {
         // tag::tls-require-encryption[]
-        Driver driver = GraphDatabase.driver( "bolt://localhost", Config.build().withTlsEnabled( true ).toConfig() );
+        Driver driver = GraphDatabase.driver( "bolt://localhost",
+                Config.build().withEncryptionLevel( Config.EncryptionLevel.REQUIRED ).toConfig() );
         // end::tls-require-encryption[]
 
         return driver;
@@ -191,9 +190,10 @@ public static Driver requireEncryption() throws Exception
     public static Driver trustOnFirstUse() throws Exception
     {
         // tag::tls-trust-on-first-use[]
-        Driver driver = GraphDatabase.driver( "bolt://localhost", Config.build().withTlsEnabled( true )
-                .withTlsAuthConfig( TlsAuthenticationConfig.usingKnownCerts( new File( "/path/to/neo4j_known_hosts" )
-                ) ).toConfig() );
+        Driver driver = GraphDatabase.driver( "bolt://localhost", Config.build()
+                .withEncryptionLevel( Config.EncryptionLevel.REJECTED )
+                .withTrustStrategy( Config.TrustStrategy.trustOnFirstUse( new File( "/path/to/neo4j_known_hosts" ) ) )
+                .toConfig() );
         // end::tls-trust-on-first-use[]
 
         return driver;
@@ -202,9 +202,10 @@ public static Driver trustOnFirstUse() throws Exception
     public static Driver trustSignedCertificates() throws Exception
     {
         // tag::tls-signed[]
-        Driver driver = GraphDatabase.driver( "bolt://localhost", Config.build().withTlsEnabled( true )
-                .withTlsAuthConfig( TlsAuthenticationConfig.usingTrustedCert( new File( "/path/to/ca-certificate.pem"
-                ) ) ).toConfig() );
+        Driver driver = GraphDatabase.driver( "bolt://localhost", Config.build()
+                .withEncryptionLevel( Config.EncryptionLevel.REJECTED )
+                .withTrustStrategy( Config.TrustStrategy.trustSignedBy( new File( "/path/to/ca-certificate.pem") ) )
+                .toConfig() );
         // end::tls-signed[]
 
         return driver;