Please wait. This can take some minutes ...
Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $
You can buy this project and download/modify it how often you want.
org.mariadb.jdbc.client.impl.ConnectionHelper Maven / Gradle / Ivy
// SPDX-License-Identifier: LGPL-2.1-or-later
// Copyright (c) 2012-2014 Monty Program Ab
// Copyright (c) 2015-2023 MariaDB Corporation Ab
package org.mariadb.jdbc.client.impl;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.sql.SQLException;
import java.sql.SQLNonTransientConnectionException;
import java.util.Arrays;
import java.util.List;
import javax.net.SocketFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.mariadb.jdbc.Configuration;
import org.mariadb.jdbc.HostAddress;
import org.mariadb.jdbc.client.Context;
import org.mariadb.jdbc.client.ReadableByteBuf;
import org.mariadb.jdbc.client.SocketHelper;
import org.mariadb.jdbc.client.socket.Reader;
import org.mariadb.jdbc.client.socket.Writer;
import org.mariadb.jdbc.client.socket.impl.SocketHandlerFunction;
import org.mariadb.jdbc.client.socket.impl.SocketUtility;
import org.mariadb.jdbc.export.SslMode;
import org.mariadb.jdbc.message.client.SslRequestPacket;
import org.mariadb.jdbc.message.server.AuthSwitchPacket;
import org.mariadb.jdbc.message.server.ErrorPacket;
import org.mariadb.jdbc.message.server.OkPacket;
import org.mariadb.jdbc.plugin.AuthenticationPlugin;
import org.mariadb.jdbc.plugin.Credential;
import org.mariadb.jdbc.plugin.CredentialPlugin;
import org.mariadb.jdbc.plugin.TlsSocketPlugin;
import org.mariadb.jdbc.plugin.authentication.AuthenticationPluginLoader;
import org.mariadb.jdbc.plugin.tls.TlsSocketPluginLoader;
import org.mariadb.jdbc.util.ConfigurableSocketFactory;
import org.mariadb.jdbc.util.constants.Capabilities;
/** Connection creation helper class */
public final class ConnectionHelper {
private static final SocketHandlerFunction socketHandler;
static {
SocketHandlerFunction init;
try {
init = SocketUtility.getSocketHandler();
} catch (Throwable t) {
init = ConnectionHelper::standardSocket;
}
socketHandler = init;
}
/**
* Create socket accordingly to options.
*
* @param conf Url options
* @param hostAddress host ( mandatory but for named pipe / unix socket)
* @return a nex socket
* @throws IOException if connection error occur
* @throws SQLException in case of configuration error
*/
public static Socket createSocket(Configuration conf, HostAddress hostAddress)
throws IOException, SQLException {
return socketHandler.apply(conf, hostAddress);
}
/**
* Use standard socket implementation.
*
* @param conf url options
* @param hostAddress host to connect
* @return socket
* @throws IOException in case of error establishing socket.
* @throws SQLException in case host is null
*/
public static Socket standardSocket(Configuration conf, HostAddress hostAddress)
throws IOException, SQLException {
SocketFactory socketFactory;
String socketFactoryName = conf.socketFactory();
if (socketFactoryName != null) {
if (hostAddress == null) throw new SQLException("hostname must be set to connect socket");
try {
@SuppressWarnings("unchecked")
Class extends SocketFactory> socketFactoryClass =
(Class extends SocketFactory>) Class.forName(socketFactoryName);
Constructor extends SocketFactory> constructor = socketFactoryClass.getConstructor();
socketFactory = constructor.newInstance();
if (socketFactory instanceof ConfigurableSocketFactory) {
((ConfigurableSocketFactory) socketFactory).setConfiguration(conf, hostAddress.host);
}
return socketFactory.createSocket();
} catch (Exception exp) {
throw new IOException(
"Socket factory failed to initialized with option \"socketFactory\" set to \""
+ conf.socketFactory()
+ "\"",
exp);
}
}
socketFactory = SocketFactory.getDefault();
return socketFactory.createSocket();
}
/**
* Connect socket
*
* @param conf configuration
* @param hostAddress host to connect
* @return socket
* @throws SQLException if hostname is required and not provided, or socket cannot be created
*/
public static Socket connectSocket(final Configuration conf, final HostAddress hostAddress)
throws SQLException {
Socket socket;
try {
if (conf.pipe() == null && conf.localSocket() == null && hostAddress == null)
throw new SQLException(
"hostname must be set to connect socket if not using local socket or pipe");
socket = createSocket(conf, hostAddress);
SocketHelper.setSocketOption(conf, socket);
if (!socket.isConnected()) {
InetSocketAddress sockAddr =
conf.pipe() == null && conf.localSocket() == null
? new InetSocketAddress(hostAddress.host, hostAddress.port)
: null;
socket.connect(sockAddr, conf.connectTimeout());
}
return socket;
} catch (IOException ioe) {
throw new SQLNonTransientConnectionException(
String.format(
"Socket fail to connect to host:%s. %s",
hostAddress == null ? conf.localSocket() : hostAddress, ioe.getMessage()),
"08000",
ioe);
}
}
/**
* Initialize client capability according to configuration and server capabilities.
*
* @param configuration configuration
* @param serverCapabilities server capabilities
* @param hostAddress host address server
* @return client capabilities
*/
public static long initializeClientCapabilities(
final Configuration configuration,
final long serverCapabilities,
final HostAddress hostAddress) {
long capabilities =
Capabilities.IGNORE_SPACE
| Capabilities.CLIENT_PROTOCOL_41
| Capabilities.TRANSACTIONS
| Capabilities.SECURE_CONNECTION
| Capabilities.MULTI_RESULTS
| Capabilities.PS_MULTI_RESULTS
| Capabilities.PLUGIN_AUTH
| Capabilities.CONNECT_ATTRS
| Capabilities.PLUGIN_AUTH_LENENC_CLIENT_DATA
| Capabilities.CLIENT_SESSION_TRACK
| Capabilities.EXTENDED_TYPE_INFO;
// since skipping metadata is only available when using binary protocol,
// only set it when server permit it and using binary protocol
if (configuration.useServerPrepStmts()
&& Boolean.parseBoolean(
configuration.nonMappedOptions().getProperty("enableSkipMeta", "true"))) {
capabilities |= Capabilities.CACHE_METADATA;
}
// remains for compatibility
if (Boolean.parseBoolean(
configuration.nonMappedOptions().getProperty("interactiveClient", "false"))) {
capabilities |= Capabilities.CLIENT_INTERACTIVE;
}
if (configuration.useBulkStmts() || configuration.useBulkStmtsForInserts()) {
capabilities |= Capabilities.STMT_BULK_OPERATIONS;
}
if (!configuration.useAffectedRows()) {
capabilities |= Capabilities.FOUND_ROWS;
}
if (configuration.allowMultiQueries()) {
capabilities |= Capabilities.MULTI_STATEMENTS;
}
if (configuration.allowLocalInfile()) {
capabilities |= Capabilities.LOCAL_FILES;
}
// useEof is a technical option
boolean deprecateEof =
Boolean.parseBoolean(configuration.nonMappedOptions().getProperty("deprecateEof", "true"));
if (deprecateEof) {
capabilities |= Capabilities.CLIENT_DEPRECATE_EOF;
}
if (configuration.useCompression()) {
capabilities |= Capabilities.COMPRESS;
}
// connect to database directly if not needed to be created, or if slave, since cannot be
// created
if (configuration.database() != null
&& (!configuration.createDatabaseIfNotExist()
|| (configuration.createDatabaseIfNotExist()
&& (hostAddress != null && !hostAddress.primary)))) {
capabilities |= Capabilities.CONNECT_WITH_DB;
}
if (configuration.sslMode() != SslMode.DISABLE) {
capabilities |= Capabilities.SSL;
}
return capabilities & serverCapabilities;
}
/**
* Authentication swtich handler
*
* @param credential credential
* @param writer socket writer
* @param reader socket reader
* @param context connection context
* @throws IOException if any socket error occurs
* @throws SQLException if any other kind of issue occurs
*/
public static void authenticationHandler(
Credential credential, Writer writer, Reader reader, Context context)
throws IOException, SQLException {
writer.permitTrace(true);
Configuration conf = context.getConf();
ReadableByteBuf buf = reader.readReusablePacket();
authentication_loop:
while (true) {
switch (buf.getByte() & 0xFF) {
case 0xFE:
// *************************************************************************************
// Authentication Switch Request see
// https://mariadb.com/kb/en/library/connection/#authentication-switch-request
// *************************************************************************************
AuthSwitchPacket authSwitchPacket = AuthSwitchPacket.decode(buf);
AuthenticationPlugin authenticationPlugin =
AuthenticationPluginLoader.get(authSwitchPacket.getPlugin(), conf);
authenticationPlugin.initialize(
credential.getPassword(), authSwitchPacket.getSeed(), conf);
buf = authenticationPlugin.process(writer, reader, context);
break;
case 0xFF:
// *************************************************************************************
// ERR_Packet
// see https://mariadb.com/kb/en/library/err_packet/
// *************************************************************************************
ErrorPacket errorPacket = new ErrorPacket(buf, context);
throw context
.getExceptionFactory()
.create(
errorPacket.getMessage(), errorPacket.getSqlState(), errorPacket.getErrorCode());
case 0x00:
// *************************************************************************************
// OK_Packet -> Authenticated !
// see https://mariadb.com/kb/en/library/ok_packet/
// *************************************************************************************
new OkPacket(buf, context);
break authentication_loop;
default:
throw context
.getExceptionFactory()
.create(
"unexpected data during authentication (header=" + (buf.getUnsignedByte()),
"08000");
}
}
writer.permitTrace(true);
}
/**
* Load user/password plugin if configured to.
*
* @param credentialPlugin configuration credential plugin
* @param configuration configuration
* @param hostAddress current connection host address
* @return credentials
* @throws SQLException if configured credential plugin fail
*/
public static Credential loadCredential(
CredentialPlugin credentialPlugin, Configuration configuration, HostAddress hostAddress)
throws SQLException {
if (credentialPlugin != null) {
return credentialPlugin.initialize(configuration, configuration.user(), hostAddress).get();
}
return new Credential(configuration.user(), configuration.password());
}
/**
* Create SSL wrapper
*
* @param hostAddress host
* @param socket socket
* @param clientCapabilities client capabilities
* @param exchangeCharset connection charset
* @param context connection context
* @param writer socket writer
* @return SSLsocket
* @throws IOException if any socket error occurs
* @throws SQLException for any other kind of error
*/
public static SSLSocket sslWrapper(
final HostAddress hostAddress,
final Socket socket,
long clientCapabilities,
final byte exchangeCharset,
Context context,
Writer writer)
throws IOException, SQLException {
Configuration conf = context.getConf();
if (conf.sslMode() != SslMode.DISABLE) {
if (!context.hasServerCapability(Capabilities.SSL)) {
throw context
.getExceptionFactory()
.create("Trying to connect with ssl, but ssl not enabled in the server", "08000");
}
clientCapabilities |= Capabilities.SSL;
SslRequestPacket.create(clientCapabilities, exchangeCharset).encode(writer, context);
TlsSocketPlugin socketPlugin = TlsSocketPluginLoader.get(conf.tlsSocketType());
SSLSocketFactory sslSocketFactory =
socketPlugin.getSocketFactory(conf, context.getExceptionFactory());
SSLSocket sslSocket = socketPlugin.createSocket(socket, sslSocketFactory);
enabledSslProtocolSuites(sslSocket, conf);
enabledSslCipherSuites(sslSocket, conf);
sslSocket.setUseClientMode(true);
sslSocket.startHandshake();
// perform hostname verification
// (rfc2818 indicate that if "client has external information as to the expected identity of
// the server, the hostname check MAY be omitted")
if (conf.sslMode() == SslMode.VERIFY_FULL && hostAddress != null) {
SSLSession session = sslSocket.getSession();
try {
socketPlugin.verify(hostAddress.host, session, context.getThreadId());
} catch (SSLException ex) {
throw context
.getExceptionFactory()
.create(
"SSL hostname verification failed : "
+ ex.getMessage()
+ "\nThis verification can be disabled using the sslMode to VERIFY_CA "
+ "but won't prevent man-in-the-middle attacks anymore",
"08006");
}
}
return sslSocket;
}
return null;
}
/**
* Return possible protocols : values of option enabledSslProtocolSuites is set, or default to
* "TLSv1,TLSv1.1". MariaDB versions ≥ 10.0.15 and ≥ 5.5.41 supports TLSv1.2 if compiled
* with openSSL (default). MySQL's community versions ≥ 5.7.10 is compiled with yaSSL, so max
* TLS is TLSv1.1.
*
* @param sslSocket current sslSocket
* @throws SQLException if protocol isn't a supported protocol
*/
static void enabledSslProtocolSuites(SSLSocket sslSocket, Configuration conf)
throws SQLException {
if (conf.enabledSslProtocolSuites() != null) {
List possibleProtocols = Arrays.asList(sslSocket.getSupportedProtocols());
String[] protocols = conf.enabledSslProtocolSuites().split("[,;\\s]+");
for (String protocol : protocols) {
if (!possibleProtocols.contains(protocol)) {
throw new SQLException(
"Unsupported SSL protocol '"
+ protocol
+ "'. Supported protocols : "
+ possibleProtocols.toString().replace("[", "").replace("]", ""));
}
}
sslSocket.setEnabledProtocols(protocols);
}
}
/**
* Set ssl socket cipher according to options.
*
* @param sslSocket current ssl socket
* @param conf configuration
* @throws SQLException if a cipher isn't known
*/
static void enabledSslCipherSuites(SSLSocket sslSocket, Configuration conf) throws SQLException {
if (conf.enabledSslCipherSuites() != null) {
List possibleCiphers = Arrays.asList(sslSocket.getSupportedCipherSuites());
String[] ciphers = conf.enabledSslCipherSuites().split("[,;\\s]+");
for (String cipher : ciphers) {
if (!possibleCiphers.contains(cipher)) {
throw new SQLException(
"Unsupported SSL cipher '"
+ cipher
+ "'. Supported ciphers : "
+ possibleCiphers.toString().replace("[", "").replace("]", ""));
}
}
sslSocket.setEnabledCipherSuites(ciphers);
}
}
}