neo4j · zhenlineo · Mar 12, 2020 · Mar 5, 2020
diff --git a/Neo4j.Driver/Neo4j.Driver.Tests.Integration/Direct/CertificateTrustIT.cs b/Neo4j.Driver/Neo4j.Driver.Tests.Integration/Direct/CertificateTrustIT.cs
@@ -148,7 +148,7 @@ private async Task TestConnectivity(Uri target, Config config)
 
         private IDriver SetupWithCustomResolver(Uri overridenUri, Config config)
         {
-            var connectionSettings = new ConnectionSettings(Server.AuthToken, config);
+            var connectionSettings = new ConnectionSettings(overridenUri, Server.AuthToken, config);
             connectionSettings.SocketSettings.HostResolver =
                 new CustomHostResolver(Server.BoltUri, connectionSettings.SocketSettings.HostResolver);
             var bufferSettings = new BufferSettings(config);

diff --git a/Neo4j.Driver/Neo4j.Driver.Tests.Integration/Direct/EncryptionIT.cs b/Neo4j.Driver/Neo4j.Driver.Tests.Integration/Direct/EncryptionIT.cs
@@ -0,0 +1,74 @@
+// Copyright (c) 2002-2020 "Neo4j,"
+// Neo4j Sweden AB [http://neo4j.com]
+// 
+// This file is part of Neo4j.
+// 
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// 
+//     http://www.apache.org/licenses/LICENSE-2.0
+// 
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using FluentAssertions;
+using Neo4j.Driver.Internal;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace Neo4j.Driver.IntegrationTests.Direct
+{
+    public class EncryptionIT : DirectDriverTestBase
+    {
+        public EncryptionIT(ITestOutputHelper output, StandAloneIntegrationTestFixture fixture)
+            : base(output, fixture)
+        {
+        }
+
+        [RequireServerFact]
+        public async Task ShouldBeAbleToConnectWithInsecureConfig()
+        {
+            using (var driver = GraphDatabase.Driver(ServerEndPoint, AuthToken,
+                o => o
+                    .WithEncryptionLevel(EncryptionLevel.Encrypted)
+                    .WithTrustManager(TrustManager.CreateInsecure())))
+            {
+                await VerifyConnectivity(driver);
+            }
+        }
+
+        [RequireServerFact]
+        public async Task ShouldBeAbleToConnectUsingInsecureUri()
+        {
+            var builder = new UriBuilder("bolt+ssc", ServerEndPoint.Host, ServerEndPoint.Port);
+            using (var driver = GraphDatabase.Driver(builder.Uri, AuthToken))
+            {
+                await VerifyConnectivity(driver);
+            }
+        }
+
+        private static async Task VerifyConnectivity(IDriver driver)
+        {
+            var session = driver.AsyncSession();
+
+            try
+            {
+                var cursor = await session.RunAsync("RETURN 2 as Number");
+                var records = await cursor.ToListAsync(r => r["Number"].As<int>());
+
+                records.Should().BeEquivalentTo(2);
+            }
+            finally
+            {
+                await session.CloseAsync();
+            }
+        }
+    }
+}
diff --git a/Neo4j.Driver/Neo4j.Driver.Tests.Integration/Stress/StressTest.cs b/Neo4j.Driver/Neo4j.Driver.Tests.Integration/Stress/StressTest.cs
@@ -593,7 +593,7 @@ private static Task[] LaunchPoolWorkers(IDriver driver, CancellationToken token,
                 Logger = new StressTestLogger(_output, LoggingEnabled)
             };
 
-            var connectionSettings = new ConnectionSettings(_authToken, config);
+            var connectionSettings = new ConnectionSettings(_databaseUri, _authToken, config);
             var bufferSettings = new BufferSettings(config);
             var connectionFactory = new MonitoredPooledConnectionFactory(
                 new PooledConnectionFactory(connectionSettings, bufferSettings, config.Logger));

diff --git a/Neo4j.Driver/Neo4j.Driver.Tests/ConfigTests.cs b/Neo4j.Driver/Neo4j.Driver.Tests/ConfigTests.cs
@@ -55,6 +55,28 @@ public void ShouldSetMaxIdleValueWhenSetSeparately()
                 config.MaxConnectionPoolSize.Should().Be(50);
                 config.MaxIdleConnectionPoolSize.Should().Be(20);
             }
+
+            [Fact]
+            public void ShouldDefaultToNoEncryptionAndNoTrust()
+            {
+                var config = Config.Default;
+                config.NullableEncryptionLevel.Should().BeNull();
+                config.EncryptionLevel.Should().Be(EncryptionLevel.None);
+                config.TrustManager.Should().BeNull();
+            }
+
+            [Fact]
+            public void ShouldSetEncryptionAndTrust()
+            {
+                var config = new Config
+                {
+                    EncryptionLevel = EncryptionLevel.None,
+                    TrustManager = null
+                };
+                config.NullableEncryptionLevel.Should().Be(EncryptionLevel.None);
+                config.EncryptionLevel.Should().Be(EncryptionLevel.None);
+                config.TrustManager.Should().BeNull();
+            }
         }
 
         public class ConfigBuilderTests
@@ -107,10 +129,11 @@ public void WithPoolSizeShouldModifyTheSingleValue()
             }
 
             [Fact]
-            public void WithEncryptionLevelShouldModifyTheSingleValue()
+            public void WithEncryptionLevelShouldModifyTheNullableValue()
             {
                 var config = Config.Builder.WithEncryptionLevel(EncryptionLevel.None).Build();
                 config.EncryptionLevel.Should().Be(EncryptionLevel.None);
+                config.NullableEncryptionLevel.Should().Be(EncryptionLevel.None);
                 config.TrustManager.Should().BeNull();
                 config.Logger.Should().BeOfType<NullLogger>();
                 config.MaxIdleConnectionPoolSize.Should().Be(500);

diff --git a/Neo4j.Driver/Neo4j.Driver.Tests/Connector/EncryptionManagerTests.cs b/Neo4j.Driver/Neo4j.Driver.Tests/Connector/EncryptionManagerTests.cs
@@ -30,31 +30,135 @@ namespace Neo4j.Driver.Tests.Connector
 {
     public class EncryptionManagerTests
     {
-        [Fact]
-        public void ShouldNotCreateTrustManagerIfEncryptionDisabled()
+        public class CreateFromConfigMethod
         {
-            var encryption =
-                new EncryptionManager(EncryptionLevel.None, null, null);
+            [Fact]
+            public void ShouldNotCreateTrustManagerIfNotEncrypted()
+            {
+                var encryption =
+                    EncryptionManager.CreateFromConfig(EncryptionLevel.None, null, null);
 
-            encryption.TrustManager.Should().BeNull();
-        }
+                encryption.UseTls.Should().BeFalse();
+                encryption.TrustManager.Should().BeNull();
+            }
 
-        [Fact]
-        public void ShouldCreateDefaulTrustManagerIfEncrypted()
-        {
-            var encryption =
-                new EncryptionManager(EncryptionLevel.Encrypted, null, null);
+            [Fact]
+            public void ShouldNotCreateTrustManagerIfEncryptedIsNull()
+            {
+                var encryption =
+                    EncryptionManager.CreateFromConfig(null, null, null);
+
+                encryption.UseTls.Should().BeFalse();
+                encryption.TrustManager.Should().BeNull();
+            }
+
+            [Fact]
+            public void ShouldCreateDefaultTrustManagerIfEncrypted()
+            {
+                var encryption =
+                    EncryptionManager.CreateFromConfig(EncryptionLevel.Encrypted, null, null);
+
+                encryption.UseTls.Should().BeTrue();
+                encryption.TrustManager.Should().NotBeNull().And.BeOfType<ChainTrustManager>();
+            }
+
+            [Fact]
+            public void ShouldUseProvidedTrustManager()
+            {
+                var encryption =
+                    EncryptionManager.CreateFromConfig(null, new CustomTrustManager(), null);
+
+                encryption.UseTls.Should().BeFalse();
+                encryption.TrustManager.Should().NotBeNull().And.BeOfType<CustomTrustManager>();
+            }
 
-            encryption.TrustManager.Should().NotBeNull().And.BeOfType<ChainTrustManager>();
         }
 
-        [Fact]
-        public void ShouldUseProvidedTrustManager()
+        public class CreateMethod
         {
-            var encryption =
-                new EncryptionManager(EncryptionLevel.Encrypted, new CustomTrustManager(), null);
+            [Theory]
+            [InlineData("bolt")]
+            [InlineData("neo4j")]
+            public void ShouldCreateDefaultWithoutConfig(string scheme)
+            {
+                var uri = new Uri($"{scheme}://localhost/?");
+                var encryption =
+                    EncryptionManager.Create(uri, null, null, null);
+
+                encryption.UseTls.Should().BeFalse();
+                encryption.TrustManager.Should().BeNull();
+            }
 
-            encryption.TrustManager.Should().NotBeNull().And.BeOfType<CustomTrustManager>();
+            [Theory]
+            [InlineData("bolt")]
+            [InlineData("neo4j")]
+            public void ShouldCreateFromConfig(string scheme)
+            {
+                var uri = new Uri($"{scheme}://localhost/?");
+                var encryption =
+                    EncryptionManager.Create(uri, EncryptionLevel.Encrypted, null, null);
+
+                encryption.UseTls.Should().BeTrue();
+                encryption.TrustManager.Should().BeOfType<ChainTrustManager>();
+            }
+
+            [Theory]
+            [InlineData("bolt+s")]
+            [InlineData("neo4j+s")]
+            public void ShouldCreateChainTrustFromUri(string scheme)
+            {
+                var uri = new Uri($"{scheme}://localhost/?");
+                var encryption =
+                    EncryptionManager.Create(uri, null, null, null);
+
+                encryption.UseTls.Should().BeTrue();
+                encryption.TrustManager.Should().BeOfType<ChainTrustManager>();
+            }
+
+            [Theory]
+            [InlineData("bolt+ssc")]
+            [InlineData("neo4j+ssc")]
+            public void ShouldCreateInsecureTrustFromUri(string scheme)
+            {
+                var uri = new Uri($"{scheme}://localhost/?");
+                var encryption =
+                    EncryptionManager.Create(uri, null, null, null);
+
+                encryption.UseTls.Should().BeTrue();
+                encryption.TrustManager.Should().BeOfType<InsecureTrustManager>();
+            }
+
+            [Theory]
+            [InlineData("bolt+s", EncryptionLevel.None)]
+            [InlineData("neo4j+s", EncryptionLevel.None)]
+            [InlineData("bolt+ssc", EncryptionLevel.None)]
+            [InlineData("neo4j+ssc", EncryptionLevel.None)]
+            [InlineData("bolt+s", EncryptionLevel.Encrypted)]
+            [InlineData("neo4j+s", EncryptionLevel.Encrypted)]
+            [InlineData("bolt+ssc", EncryptionLevel.Encrypted)]
+            [InlineData("neo4j+ssc", EncryptionLevel.Encrypted)]
+            public void ShouldErrorIfEncryptionLevelNotNull(string scheme, EncryptionLevel level)
+            {
+                var uri = new Uri($"{scheme}://localhost/?");
+                var ex = Record.Exception(() => EncryptionManager.Create(uri, level, null, null));
+
+                ex.Should().BeOfType<ArgumentException>();
+                ex.Message.Should().Contain("cannot both be set via uri scheme and driver configuration");
+            }
+
+            [Theory]
+            [InlineData("bolt+s")]
+            [InlineData("neo4j+s")]
+            [InlineData("bolt+ssc")]
+            [InlineData("neo4j+ssc")]
+            public void ShouldErrorIfTrustManagerNotNull(string scheme)
+            {
+                var uri = new Uri($"{scheme}://localhost/?");
+                var ex = Record.Exception(() => EncryptionManager.Create(uri, null, new CustomTrustManager(), null));
+
+                ex.Should().BeOfType<ArgumentException>();
+                ex.Message.Should().Contain("cannot both be set via uri scheme and driver configuration");
+            }
         }
 
         private class CustomTrustManager : TrustManager

diff --git a/Neo4j.Driver/Neo4j.Driver.Tests/Connector/TcpSocketClientTests.cs b/Neo4j.Driver/Neo4j.Driver.Tests/Connector/TcpSocketClientTests.cs
@@ -57,7 +57,7 @@ public async Task ShouldThrowExceptionIfConnectionTimedOut()
                         ConnectionTimeout = TimeSpan.FromSeconds(1),
                         HostResolver = new SystemHostResolver(),
                         EncryptionManager =
-                            new EncryptionManager(EncryptionLevel.None, null, null)
+                            new EncryptionManager(false, null)
                     });
 
                 // ReSharper disable once PossibleNullReferenceException
@@ -79,7 +79,7 @@ public async Task ShouldBeAbleToConnectAgainIfFirstFailed()
                     ConnectionTimeout = TimeSpan.FromSeconds(10),
                     HostResolver = new SystemHostResolver(),
                     EncryptionManager =
-                        new EncryptionManager(EncryptionLevel.None, null, null)
+                        new EncryptionManager(false, null)
                 };
                 var client = new TcpSocketClient(socketSettings);
 
@@ -113,7 +113,7 @@ public async Task ShouldThrowExceptionIfConnectionTimedOut()
                 {
                     ConnectionTimeout = TimeSpan.FromSeconds(1),
                     HostResolver = new SystemHostResolver(),
-                    EncryptionManager = new EncryptionManager(EncryptionLevel.None, null, null)
+                    EncryptionManager = new EncryptionManager(false, null)
                 });
 
                 // ReSharper disable once PossibleNullReferenceException