Merge pull request #9913 from dbeaver/sqlserver-ssl#9573

#9573 Bring back support for keystore files for now

Merge pull request #9913 from dbeaver/sqlserver-ssl#9573
#9573 Bring back support for keystore files for now
87fb1a70 · Serge Rider · GitHub · ecd8f3ab · 5dcf10a5 · 87fb1a70
7 changed file
--- a/plugins/org.jkiss.dbeaver.ext.mssql.ui/src/org/jkiss/dbeaver/ext/mssql/ui/SQLServerConnectionPage.java
+++ b/plugins/org.jkiss.dbeaver.ext.mssql.ui/src/org/jkiss/dbeaver/ext/mssql/ui/SQLServerConnectionPage.java
@@ -57,7 +57,6 @@ public class SQLServerConnectionPage extends ConnectionPageAbstract implements I
    private Combo authCombo;
 //    private Button windowsAuthenticationButton;
 //    private Button adpAuthenticationButton;
-    private Button trustServerCertificate;
    private Button showAllSchemas;

    private boolean activated;
@@ -194,7 +193,6 @@ public class SQLServerConnectionPage extends ConnectionPageAbstract implements I
            secureGroup.setLayout(new GridLayout(1, false));

            createPasswordControls(secureGroup);
-            trustServerCertificate = UIUtils.createCheckbox(secureGroup, SQLServerUIMessages.dialog_setting_trust_server_certificate, SQLServerUIMessages.dialog_setting_trust_server_certificate_tip, true, 2);
            showAllSchemas = UIUtils.createCheckbox(secureGroup, SQLServerUIMessages.dialog_setting_show_all_schemas, SQLServerUIMessages.dialog_setting_show_all_schemas_tip, true, 2);
        }

@@ -272,7 +270,6 @@ public class SQLServerConnectionPage extends ConnectionPageAbstract implements I
            adpAuthenticationButton.setSelection(SQLServerUtils.isActiveDirectoryAuth(connectionInfo));
        }
 */
-        trustServerCertificate.setSelection(CommonUtils.getBoolean(connectionInfo.getProperty(SQLServerConstants.PROP_TRUST_SERVER_CERTIFICATE), true));
        showAllSchemas.setSelection(CommonUtils.toBoolean(connectionInfo.getProviderProperty(SQLServerConstants.PROP_SHOW_ALL_SCHEMAS)));

        activated = true;
@@ -337,10 +334,6 @@ public class SQLServerConnectionPage extends ConnectionPageAbstract implements I
            }
        }
 */
-        if (trustServerCertificate != null) {
-            connectionInfo.setProperty(SQLServerConstants.PROP_TRUST_SERVER_CERTIFICATE,
-                String.valueOf(trustServerCertificate.getSelection()));
-        }
        if (showAllSchemas != null) {
            connectionInfo.setProviderProperty(SQLServerConstants.PROP_SHOW_ALL_SCHEMAS,
                String.valueOf(showAllSchemas.getSelection()));

--- a/plugins/org.jkiss.dbeaver.ext.mssql.ui/src/org/jkiss/dbeaver/ext/mssql/ui/SQLServerUIMessages.java
+++ b/plugins/org.jkiss.dbeaver.ext.mssql.ui/src/org/jkiss/dbeaver/ext/mssql/ui/SQLServerUIMessages.java
@@ -37,6 +37,9 @@ public class SQLServerUIMessages extends NLS {
    public static String dialog_setting_trust_server_certificate;
    public static String dialog_setting_trust_server_certificate_tip;
    public static String dialog_setting_ssl_advanced_title;
+    public static String dialog_setting_ssl_advanced_keystore_title;
+    public static String dialog_setting_ssl_advanced_keystore_label;
+    public static String dialog_setting_ssl_advanced_keystore_password_label;
    public static String dialog_setting_ssl_advanced_hostname_label;
    public static String dialog_setting_ssl_advanced_hostname_tip;


--- a/plugins/org.jkiss.dbeaver.ext.mssql.ui/src/org/jkiss/dbeaver/ext/mssql/ui/SQLServerUIMessages.properties
+++ b/plugins/org.jkiss.dbeaver.ext.mssql.ui/src/org/jkiss/dbeaver/ext/mssql/ui/SQLServerUIMessages.properties
@@ -13,6 +13,9 @@ dialog_setting_show_all_schemas_tip=Shows all database schemas. If disabled show
 dialog_setting_trust_server_certificate=Trust Server Certificate
 dialog_setting_trust_server_certificate_tip=If "true", the SQL Server SSL certificate is automatically trusted when the communication layer is encrypted using SSL.\nIf "false", the Microsoft JDBC Driver for SQL Server validates the server SSL certificate.\nIf the server certificate validation fails, the driver raises an error and terminate the connection. 
 dialog_setting_ssl_advanced_title=Advanced
+dialog_setting_ssl_advanced_keystore_title=Select keystore file
+dialog_setting_ssl_advanced_keystore_label=Keystore
+dialog_setting_ssl_advanced_keystore_password_label=Keystore password
 dialog_setting_ssl_advanced_hostname_label=Certificate hostname
 dialog_setting_ssl_advanced_hostname_tip=The host name to be used in validating the SQL Server TLS/SSL certificate.
 dialog_create_db_group_general=General

--- a/plugins/org.jkiss.dbeaver.ext.mssql.ui/src/org/jkiss/dbeaver/ext/mssql/ui/SQLServerUIMessages_ru.properties
+++ b/plugins/org.jkiss.dbeaver.ext.mssql.ui/src/org/jkiss/dbeaver/ext/mssql/ui/SQLServerUIMessages_ru.properties
@@ -13,6 +13,9 @@ dialog_setting_show_all_schemas_tip=\u041F\u043E\u043A\u0430\u0437\u044B\u0432\u
 dialog_setting_trust_server_certificate=\u0412\u0441\u0435\u0433\u0434\u0430 \u0434\u043E\u0432\u0435\u0440\u044F\u0442\u044C \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043A\u0430\u0442\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0430
 dialog_setting_trust_server_certificate_tip=\u0415\u0441\u043B\u0438 \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435 "true", \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043A\u0430\u0442 SSL SQL Server \u0430\u0432\u0442\u043E\u043C\u0430\u0442\u0438\u0447\u0435\u0441\u043A\u0438 \u0441\u0442\u0430\u043D\u043E\u0432\u0438\u0442\u0441\u044F \u0434\u043E\u0432\u0435\u0440\u0435\u043D\u043D\u044B\u043C, \u043A\u043E\u0433\u0434\u0430 \u0443\u0440\u043E\u0432\u0435\u043D\u044C \u0441\u0432\u044F\u0437\u0438 \u0448\u0438\u0444\u0440\u0443\u0435\u0442\u0441\u044F \u0441 \u043F\u043E\u043C\u043E\u0449\u044C\u044E SSL.\n\u0415\u0441\u043B\u0438 "false", \u0434\u0440\u0430\u0439\u0432\u0435\u0440 Microsoft JDBC \u0434\u043B\u044F SQL Server \u043F\u0440\u043E\u0432\u0435\u0440\u044F\u0435\u0442 SSL-\u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043A\u0430\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u0430.\n\u0415\u0441\u043B\u0438 \u043F\u0440\u043E\u0432\u0435\u0440\u043A\u0430 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043A\u0430\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0437\u0430\u0432\u0435\u0440\u0448\u0430\u0435\u0442\u0441\u044F \u043D\u0435\u0443\u0434\u0430\u0447\u043D\u043E, \u0434\u0440\u0430\u0439\u0432\u0435\u0440 \u0432\u044B\u0437\u044B\u0432\u0430\u0435\u0442 \u043E\u0448\u0438\u0431\u043A\u0443 \u0438 \u0440\u0430\u0437\u0440\u044B\u0432\u0430\u0435\u0442 \u0441\u043E\u0435\u0434\u0438\u043D\u0435\u043D\u0438\u0435.
 dialog_setting_ssl_advanced_title=\u0414\u043E\u043F\u043E\u043B\u043D\u0438\u0442\u0435\u043B\u044C\u043D\u043E
+dialog_setting_ssl_advanced_keystore_title=\u0412\u044B\u0431\u0440\u0430\u0442\u044C \u0444\u0430\u0439\u043B \u0445\u0440\u0430\u043D\u0438\u043B\u0438\u0449\u0430
+dialog_setting_ssl_advanced_keystore_label=\u0425\u0440\u0430\u043D\u0438\u043B\u0438\u0449\u0435
+dialog_setting_ssl_advanced_keystore_password_label=\u041F\u0430\u0440\u043E\u043B\u044C \u0445\u0440\u0430\u043D\u0438\u043B\u0438\u0449\u0430
 dialog_setting_ssl_advanced_hostname_label=\u0418\u043C\u044F \u0445\u043E\u0441\u0442\u0430 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043A\u0430\u0442\u0430
 dialog_setting_ssl_advanced_hostname_tip=\u0418\u043C\u044F \u0445\u043E\u0441\u0442\u0430, \u043A\u043E\u0442\u043E\u0440\u043E\u0435 \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C\u0441\u044F \u0434\u043B\u044F \u043F\u0440\u043E\u0432\u0435\u0440\u043A\u0438 TLS/SSL \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043A\u0430\u0442\u0430.
 dialog_create_db_title=\u0421\u043E\u0437\u0434\u0430\u0442\u044C \u0431\u0430\u0437\u0443 \u0434\u0430\u043D\u043D\u044B\u0445

--- a/plugins/org.jkiss.dbeaver.ext.mssql.ui/src/org/jkiss/dbeaver/ext/mssql/ui/views/SQLServerSSLConfigurator.java
+++ b/plugins/org.jkiss.dbeaver.ext.mssql.ui/src/org/jkiss/dbeaver/ext/mssql/ui/views/SQLServerSSLConfigurator.java
@@ -19,6 +19,7 @@ package org.jkiss.dbeaver.ext.mssql.ui.views;
 import org.eclipse.swt.SWT;
 import org.eclipse.swt.layout.GridData;
 import org.eclipse.swt.layout.GridLayout;
+import org.eclipse.swt.widgets.Button;
 import org.eclipse.swt.widgets.Composite;
 import org.eclipse.swt.widgets.Group;
 import org.eclipse.swt.widgets.Text;
@@ -26,11 +27,16 @@ import org.jkiss.dbeaver.ext.mssql.SQLServerConstants;
 import org.jkiss.dbeaver.ext.mssql.ui.SQLServerUIMessages;
 import org.jkiss.dbeaver.model.net.DBWHandlerConfiguration;
 import org.jkiss.dbeaver.ui.UIUtils;
-import org.jkiss.dbeaver.ui.dialogs.net.SSLConfiguratorTrustStoreUI;
+import org.jkiss.dbeaver.ui.controls.TextWithOpen;
+import org.jkiss.dbeaver.ui.controls.TextWithOpenFile;
+import org.jkiss.dbeaver.ui.dialogs.net.SSLConfiguratorAbstractUI;
 import org.jkiss.utils.CommonUtils;

-public class SQLServerSSLConfigurator extends SSLConfiguratorTrustStoreUI {
+public class SQLServerSSLConfigurator extends SSLConfiguratorAbstractUI {
+    private TextWithOpen keystoreFile;
+    private Text keystorePassword;
    private Text keystoreHostname;
+    private Button trustServerCertificate;

    @Override
    public void createControl(Composite parent, Runnable propertyChangeListener) {
@@ -41,29 +47,54 @@ public class SQLServerSSLConfigurator extends SSLConfiguratorTrustStoreUI {
        composite.setLayoutData(gd);

        createSSLConfigHint(composite, true, 1);
-        createTrustStoreConfigGroup(composite);
+
+        /*
+         * We should adopt this code and make it part of the
+         * SSLConfiguratorTrustStoreUI, allowing user to
+         * choose between using keystore file along with its
+         * password, or use CA certificate and Client
+         * certificate & password separately. (#9912)
+         */

        {
            Group advancedGroup = UIUtils.createControlGroup(composite, SQLServerUIMessages.dialog_setting_ssl_advanced_title, 2, GridData.FILL_HORIZONTAL, -1);

+            UIUtils.createControlLabel(advancedGroup, SQLServerUIMessages.dialog_setting_ssl_advanced_keystore_label);
+            gd = new GridData(GridData.FILL_HORIZONTAL);
+            gd.minimumWidth = 130;
+            keystoreFile = new TextWithOpenFile(advancedGroup, SQLServerUIMessages.dialog_setting_ssl_advanced_keystore_title, new String[]{"*.jks;*.pfx"});
+            keystoreFile.setLayoutData(new GridData(GridData.FILL_HORIZONTAL));
+
+            UIUtils.createControlLabel(advancedGroup, SQLServerUIMessages.dialog_setting_ssl_advanced_keystore_password_label);
+            gd = new GridData(GridData.FILL_HORIZONTAL);
+            gd.minimumWidth = 130;
+            keystorePassword = new Text(advancedGroup, SWT.BORDER | SWT.PASSWORD);
+            keystorePassword.setLayoutData(new GridData(GridData.FILL_HORIZONTAL));
+
            UIUtils.createControlLabel(advancedGroup, SQLServerUIMessages.dialog_setting_ssl_advanced_hostname_label);
            gd = new GridData(GridData.FILL_HORIZONTAL);
            gd.minimumWidth = 130;
            keystoreHostname = new Text(advancedGroup, SWT.BORDER);
            keystoreHostname.setLayoutData(new GridData(GridData.FILL_HORIZONTAL));
            keystoreHostname.setToolTipText(SQLServerUIMessages.dialog_setting_ssl_advanced_hostname_tip);
+
+            trustServerCertificate = UIUtils.createCheckbox(advancedGroup, SQLServerUIMessages.dialog_setting_trust_server_certificate, SQLServerUIMessages.dialog_setting_trust_server_certificate_tip, true, 2);
        }
    }

    @Override
    public void loadSettings(DBWHandlerConfiguration configuration) {
-        super.loadSettings(configuration);
+        keystoreFile.setText(CommonUtils.notEmpty(configuration.getStringProperty(SQLServerConstants.PROP_SSL_KEYSTORE)));
+        keystorePassword.setText(CommonUtils.notEmpty(configuration.getStringProperty(SQLServerConstants.PROP_SSL_KEYSTORE_PASSWORD)));
        keystoreHostname.setText(CommonUtils.notEmpty(configuration.getStringProperty(SQLServerConstants.PROP_SSL_KEYSTORE_HOSTNAME)));
+        trustServerCertificate.setSelection(configuration.getBooleanProperty(SQLServerConstants.PROP_SSL_TRUST_SERVER_CERTIFICATE));
    }

    @Override
    public void saveSettings(DBWHandlerConfiguration configuration) {
-        super.saveSettings(configuration);
+        configuration.setProperty(SQLServerConstants.PROP_SSL_KEYSTORE, keystoreFile.getText().trim());
+        configuration.setProperty(SQLServerConstants.PROP_SSL_KEYSTORE_PASSWORD, keystorePassword.getText().trim());
        configuration.setProperty(SQLServerConstants.PROP_SSL_KEYSTORE_HOSTNAME, keystoreHostname.getText().trim());
+        configuration.setProperty(SQLServerConstants.PROP_SSL_TRUST_SERVER_CERTIFICATE, trustServerCertificate.getSelection());
    }
 }
--- a/plugins/org.jkiss.dbeaver.ext.mssql/src/org/jkiss/dbeaver/ext/mssql/SQLServerConstants.java
+++ b/plugins/org.jkiss.dbeaver.ext.mssql/src/org/jkiss/dbeaver/ext/mssql/SQLServerConstants.java
@@ -35,7 +35,10 @@ public class SQLServerConstants {

    public static final String HANDLER_SSL = "mssql_ssl";

+    public static final String PROP_SSL_KEYSTORE = "sslKeyStore";
+    public static final String PROP_SSL_KEYSTORE_PASSWORD = "sslKeyStorePassword";
    public static final String PROP_SSL_KEYSTORE_HOSTNAME = "sslKeyStoreHostname";
+    public static final String PROP_SSL_TRUST_SERVER_CERTIFICATE = "sslTrustServerCertificate";

    public static final boolean USE_GSS = false;

@@ -82,7 +85,6 @@ public class SQLServerConstants {
    public static final String PROP_CONNECTION_AUTHENTICATION = "authentication";
    public static final String PROP_CONNECTION_AUTHENTICATION_SCHEME = "authenticationScheme";

-    public static final String PROP_TRUST_SERVER_CERTIFICATE = "trustServerCertificate";
    public static final String PROP_DOMAIN = "domain";

    public static final String AUTH_SQL_SERVER_PASSWORD = "SqlPassword";

--- a/plugins/org.jkiss.dbeaver.ext.mssql/src/org/jkiss/dbeaver/ext/mssql/model/SQLServerDataSource.java
+++ b/plugins/org.jkiss.dbeaver.ext.mssql/src/org/jkiss/dbeaver/ext/mssql/model/SQLServerDataSource.java
@@ -50,6 +50,7 @@ import org.jkiss.utils.CommonUtils;
 import java.sql.SQLException;
 import java.util.Collection;
 import java.util.List;
+import java.util.Map;
 import java.util.Properties;

 public class SQLServerDataSource extends JDBCDataSource implements DBSInstanceContainer, DBPObjectStatisticsCollector, IAdaptable {
@@ -134,25 +135,39 @@ public class SQLServerDataSource extends JDBCDataSource implements DBSInstanceCo

        final DBWHandlerConfiguration sslConfig = getContainer().getActualConnectionConfiguration().getHandler(SQLServerConstants.HANDLER_SSL);
        if (sslConfig != null && sslConfig.isEnabled()) {
-            try {
-                SSLHandlerTrustStoreImpl.initializeTrustStore(monitor, this, sslConfig);
-                DBACertificateStorage certificateStorage = getContainer().getPlatform().getCertificateStorage();
-                String keyStorePath = certificateStorage.getKeyStorePath(getContainer(), "ssl").getAbsolutePath();
+            initSSL(monitor, properties, sslConfig);
+        }
+
+        return properties;
+    }

-                properties.setProperty("encrypt", "true");
-                properties.setProperty("trustStore", keyStorePath);
-                properties.setProperty("trustStoreType", "JKS");
+    private void initSSL(DBRProgressMonitor monitor, Properties properties, DBWHandlerConfiguration sslConfig) throws DBCException {
+        monitor.subTask("Install SSL certificates");

-                final String keystoreHostnameProp = sslConfig.getStringProperty(SQLServerConstants.PROP_SSL_KEYSTORE_HOSTNAME);
-                if (!CommonUtils.isEmpty(keystoreHostnameProp)) {
-                    properties.put("hostNameInCertificate", keystoreHostnameProp);
-                }
-            } catch (Exception e) {
-                throw new DBCException("Error initializing SSL trust store", e);
+        try {
+//            SSLHandlerTrustStoreImpl.initializeTrustStore(monitor, this, sslConfig);
+//            DBACertificateStorage certificateStorage = getContainer().getPlatform().getCertificateStorage();
+//            String keyStorePath = certificateStorage.getKeyStorePath(getContainer(), "ssl").getAbsolutePath();
+
+            properties.setProperty("encrypt", "true");
+
+            final String keystoreFileProp = sslConfig.getStringProperty(SQLServerConstants.PROP_SSL_KEYSTORE);
+            if (!CommonUtils.isEmpty(keystoreFileProp)) {
+                properties.put("trustStore", keystoreFileProp);
            }
-        }

-        return properties;
+            final String keystorePasswordProp = sslConfig.getStringProperty(SQLServerConstants.PROP_SSL_KEYSTORE_PASSWORD);
+            if (!CommonUtils.isEmpty(keystorePasswordProp)) {
+                properties.put("trustStorePassword", keystorePasswordProp);
+            }
+
+            final String keystoreHostnameProp = sslConfig.getStringProperty(SQLServerConstants.PROP_SSL_KEYSTORE_HOSTNAME);
+            if (!CommonUtils.isEmpty(keystoreHostnameProp)) {
+                properties.put("hostNameInCertificate", keystoreHostnameProp);
+            }
+        } catch (Exception e) {
+            throw new DBCException("Error initializing SSL trust store", e);
+        }
    }

    @Override