refactor ssl behavior and add tests

Author: furkansenharputlu

code_samples/ssl_authentication.js

@@ -17,22 +17,11 @@
 var Config = require('hazelcast-client').Config;
 var HazelcastClient = require('hazelcast-client').Client;
 
-if (process.argv.length < 5) {
-    console.log('Usage: \n' +
-        'node ssl_authentication.js [servername] [trusted-ca] [private-key] [certificate-file] ');
-    return
-}
 
 var cfg = new Config.ClientConfig();
-cfg.networkConfig.sslOptions = {
-    servername: process.argv[2],
-    ca: process.argv[3],
-    key: process.argv[4],
-    cert: process.argv[5],
-
-};
+cfg.networkConfig.sslConfig.enabled = true;
 
 HazelcastClient.newHazelcastClient(cfg).then(function (client) {
-    console.log('This client is authenticated using ssl.');
+    console.log('This client is authenticated using SSL.');
     client.shutdown();
 });

src/config/ClientNetworkConfig.ts

@@ -14,13 +14,11 @@
  * limitations under the License.
  */
 
-import {ImportConfig} from './ImportConfig';
-import {Properties} from './Properties';
-import {SSLOptions} from './SSLOptions';
 import {ClientCloudConfig} from './ClientCloudConfig';
+import {SSLConfig} from './SSLConfig';
 
 /**
- * Network configuration
+ * Network configuration.
  */
 export class ClientNetworkConfig {
     /**
@@ -59,12 +57,7 @@ export class ClientNetworkConfig {
     smartRouting: boolean = true;
 
     /**
-     * sslOptions is by default null which disables Ssl. A none null {@link SSLOptions} value enables Ssl.
-     * @type {SSLOptions}
+     * SSL configuration.
      */
-    sslOptions: SSLOptions = null;
-
-    sslOptionsFactoryConfig: ImportConfig = null;
-
-    sslOptionsFactoryProperties: Properties = null;
+    sslConfig: SSLConfig = new SSLConfig();
 }

src/config/ConfigBuilder.ts

@@ -49,7 +49,7 @@ export class ConfigBuilder {
             this.handleConfig(this.loadedJson);
             return this.clientConfig;
         } catch (e) {
-            throw new HazelcastError('Error parsing config.', e);
+            throw new HazelcastError('Error parsing config: ' + e.message, e);
         }
     }
 
@@ -99,7 +99,7 @@ export class ConfigBuilder {
             } else if (key === 'connectionAttemptLimit') {
                 this.clientConfig.networkConfig.connectionAttemptLimit = tryGetNumber(jsonObject[key]);
             } else if (key === 'ssl') {
-                this.handleSsl(jsonObject[key]);
+                this.handleSSL(jsonObject[key]);
             } else if (key === 'hazelcastCloud') {
                 this.handleHazelcastCloud(jsonObject[key]);
             }
@@ -133,19 +133,25 @@ export class ConfigBuilder {
         return importConfig;
     }
 
-    private handleSsl(jsonObject: any): void {
+    private handleSSL(jsonObject: any): void {
         const sslEnabled = tryGetBoolean(jsonObject.enabled);
-        if (sslEnabled) {
+        this.clientConfig.networkConfig.sslConfig.enabled = sslEnabled;
+
+        if (jsonObject.sslOptions) {
             if (jsonObject.factory) {
-                const factory = jsonObject.factory;
-                const importConfig = this.parseImportConfig(factory);
-                if (importConfig.path == null && importConfig.exportedName !== BasicSSLOptionsFactory.name) {
-                    throw new RangeError('Invalid configuration. Either ssl factory path should be set or exportedName ' +
-                        ' should be ' + BasicSSLOptionsFactory.name);
-                } else {
-                    this.clientConfig.networkConfig.sslOptionsFactoryConfig = this.parseImportConfig(factory);
-                    this.clientConfig.networkConfig.sslOptionsFactoryProperties = this.parseProperties(factory.properties);
-                }
+                throw new RangeError('Invalid configuration. Either SSL options should be set manually or SSL factory' +
+                    ' should be used.');
+            }
+            this.clientConfig.networkConfig.sslConfig.sslOptions = jsonObject.sslOptions;
+        } else if (jsonObject.factory) {
+            const factory = jsonObject.factory;
+            const importConfig = this.parseImportConfig(factory);
+            if (importConfig.path == null && importConfig.exportedName !== BasicSSLOptionsFactory.name) {
+                throw new RangeError('Invalid configuration. Either SSL factory path should be set or exportedName' +
+                    ' should be ' + BasicSSLOptionsFactory.name + '.');
+            } else {
+                this.clientConfig.networkConfig.sslConfig.sslOptionsFactoryConfig = this.parseImportConfig(factory);
+                this.clientConfig.networkConfig.sslConfig.sslOptionsFactoryProperties = this.parseProperties(factory.properties);
             }
         }
     }

src/config/SSLConfig.ts

@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2008-2018, Hazelcast, Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import {ConnectionOptions} from 'tls';
+import {Properties} from './Properties';
+import {ImportConfig} from './ImportConfig';
+
+/**
+ * SSL configuration.
+ */
+export class SSLConfig {
+
+    /**
+     * If it is true, SSL is enabled.
+     */
+    enabled: boolean = false;
+
+    /**
+     * sslOptions is by default null which means the following default configuration
+     * is used while connecting to the server.
+     *
+     * {
+     *   checkServerIdentity: (): any => null,
+     *   rejectUnauthorized: true,
+     * };
+     *
+     * If you want to override the default behavior, you can write your own connection sslOptions.
+     */
+    sslOptions: ConnectionOptions = null;
+
+    /**
+     * sslOptionsFactoryConfig is config for ssl options factory. If you don't specify the path, BasicSSLOptionsFactory is used
+     * by default.
+     */
+    sslOptionsFactoryConfig: ImportConfig = null;
+
+    /**
+     * sslOptionsFactoryProperties is the properties to be set for ssl options.
+     */
+    sslOptionsFactoryProperties: Properties = null;
+}

src/config/SSLOptions.ts

@@ -28,6 +28,7 @@ import {BasicSSLOptionsFactory} from '../connection/BasicSSLOptionsFactory';
 import {AddressTranslator} from '../connection/AddressTranslator';
 import {AddressProvider} from '../connection/AddressProvider';
 import Address = require('../Address');
+import {SSLOptionsFactory} from '../connection/SSLOptionsFactory';
 
 const EMIT_CONNECTION_CLOSED = 'connectionClosed';
 const EMIT_CONNECTION_OPENED = 'connectionOpened';
@@ -149,21 +150,31 @@ export class ClientConnectionManager extends EventEmitter {
                 return Promise.reject(error);
             }
         }
-        if (this.client.getConfig().networkConfig.sslOptions) {
-            const opts = this.client.getConfig().networkConfig.sslOptions;
-            return this.connectTLSSocket(address, opts);
-        } else if (this.client.getConfig().networkConfig.sslOptionsFactoryConfig) {
-            const factoryConfig = this.client.getConfig().networkConfig.sslOptionsFactoryConfig;
-            const factoryProperties = this.client.getConfig().networkConfig.sslOptionsFactoryProperties;
-            let factory: any;
-            if (factoryConfig.path) {
-                factory = new (loadNameFromPath(factoryConfig.path, factoryConfig.exportedName))();
+
+        if (this.client.getConfig().networkConfig.sslConfig.enabled) {
+            if (this.client.getConfig().networkConfig.sslConfig.sslOptions) {
+                const opts = this.client.getConfig().networkConfig.sslConfig.sslOptions;
+                return this.connectTLSSocket(address, opts);
+            } else if (this.client.getConfig().networkConfig.sslConfig.sslOptionsFactoryConfig) {
+                const factoryConfig = this.client.getConfig().networkConfig.sslConfig.sslOptionsFactoryConfig;
+                const factoryProperties = this.client.getConfig().networkConfig.sslConfig.sslOptionsFactoryProperties;
+                let factory: SSLOptionsFactory;
+                if (factoryConfig.path) {
+                    factory = new (loadNameFromPath(factoryConfig.path, factoryConfig.exportedName))();
+                } else {
+                    factory = new BasicSSLOptionsFactory();
+                }
+                return factory.init(factoryProperties).then(() => {
+                    return this.connectTLSSocket(address, factory.getSSLOptions());
+                });
             } else {
-                factory = new BasicSSLOptionsFactory();
+                // the default behavior when ssl is enabled
+                const opts = this.client.getConfig().networkConfig.sslConfig.sslOptions = {
+                    checkServerIdentity: (): any => null,
+                    rejectUnauthorized: true,
+                };
+                return this.connectTLSSocket(address, opts);
             }
-            return factory.init(factoryProperties).then(() => {
-                return this.connectTLSSocket(address, factory.getSSLOptions());
-            });
         } else {
             return this.connectNetSocket(address);
         }

src/invocation/ClientConnectionManager.ts

@@ -37,15 +37,15 @@ describe('ConfigBuilderHazelcastCloud Test', function () {
     }
 
     it('cloudConfig', function () {
-        return loadJson('hazelcast-client-full.json').then(function () {
+        return loadJson('configurations/full.json').then(function () {
             var networkConfig = configFull.networkConfig;
             expect(networkConfig.cloudConfig.enabled).to.be.false;
             expect(networkConfig.cloudConfig.discoveryToken).to.be.equal('EXAMPLE_TOKEN');
         });
     });
 
     it('cloudConfig_enabled_nullToken', function () {
-        return expect(loadJson('hazelcast-client-invalid-cloud-config.json')).to.be.rejectedWith(Error);
+        return expect(loadJson('configurations/invalid-cloud.json')).to.be.rejectedWith(Error);
     });
 
     it('cloudConfig_defaults', function () {
@@ -56,7 +56,7 @@ describe('ConfigBuilderHazelcastCloud Test', function () {
     });
 
     it('cloudConfig_enabled', function () {
-        return loadJson('hazelcast-client-cloud-config-enabled.json').then(function () {
+        return loadJson('configurations/cloud-enabled.json').then(function () {
             var networkConfig = configFull.networkConfig;
             expect(networkConfig.cloudConfig.enabled).to.be.true;
             expect(networkConfig.cloudConfig.discoveryToken).to.be.equal('EXAMPLE_TOKEN');