neo4j · ali-ince · May 23, 2018 · May 13, 2018 · May 17, 2018 · ali-ince
diff --git a/src/v1/internal/ch-config.js b/src/v1/internal/ch-config.js
@@ -42,9 +42,12 @@ export default class ChannelConfig {
 
 function extractEncrypted(driverConfig) {
   // check if encryption was configured by the user, use explicit null check because we permit boolean value
-  const encryptionConfigured = driverConfig.encrypted == null;
+  const encryptionNotConfigured = driverConfig.encrypted == null;
   // default to using encryption if trust-all-certificates is available
-  return encryptionConfigured ? hasFeature('trust_all_certificates') : driverConfig.encrypted;
+  if (encryptionNotConfigured && hasFeature('trust_all_certificates')) {
+    return true;
+  }
+  return driverConfig.encrypted;
 }
 
 function extractTrust(driverConfig) {

diff --git a/src/v1/internal/ch-node.js b/src/v1/internal/ch-node.js
@@ -297,7 +297,6 @@ class NodeChannel {
     this._handleConnectionTerminated = this._handleConnectionTerminated.bind(this);
     this._connectionErrorCode = config.connectionErrorCode;
 
-    this._encrypted = config.encrypted;
     this._conn = connect(config, () => {
       if(!self._open) {
         return;
@@ -362,10 +361,6 @@ class NodeChannel {
     }
   }
 
-  isEncrypted() {
-    return this._encrypted;
-  }
-
   /**
    * Write the passed in buffer to connection
    * @param {NodeBuffer} buffer - Buffer to write

diff --git a/src/v1/internal/ch-websocket.js b/src/v1/internal/ch-websocket.js
@@ -29,27 +29,20 @@ class WebSocketChannel {
   /**
    * Create new instance
    * @param {ChannelConfig} config - configuration for this channel.
+   * @param {function(): string} protocolSupplier - function that detects protocol of the web page. Should only be used in tests.
    */
-  constructor(config) {
+  constructor(config, protocolSupplier = detectWebPageProtocol) {
 
     this._open = true;
     this._pending = [];
     this._error = null;
     this._handleConnectionError = this._handleConnectionError.bind(this);
     this._config = config;
 
-    let scheme = "ws";
-    //Allow boolean for backwards compatibility
-    if (config.encrypted === true || config.encrypted === ENCRYPTION_ON) {
-      if ((!config.trust) || config.trust === 'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES') {
-        scheme = "wss";
-      } else {
-        this._error = newError("The browser version of this driver only supports one trust " +
-          'strategy, \'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES\'. ' + config.trust + ' is not supported. Please ' +
-          "either use TRUST_CUSTOM_CA_SIGNED_CERTIFICATES or disable encryption by setting " +
-          "`encrypted:\"" + ENCRYPTION_OFF + "\"` in the driver configuration.");
-        return;
-      }
+    const {scheme, error} = determineWebSocketScheme(config, protocolSupplier);
+    if (error) {
+      this._error = error;
+      return;
     }
 
     this._ws = createWebSocket(scheme, config.url);
@@ -114,10 +107,6 @@ class WebSocketChannel {
     }
   }
 
-  isEncrypted() {
-    return this._config.encrypted;
-  }
-
   /**
    * Write the passed in buffer to connection
    * @param {HeapBuffer} buffer - Buffer to write
@@ -233,4 +222,46 @@ function asWindowsFriendlyIPv6Address(scheme, parsedUrl) {
   return `${scheme}://${ipv6Host}:${parsedUrl.port}`;
 }
 
+/**
+ * @param {ChannelConfig} config - configuration for the channel.
+ * @param {function(): string} protocolSupplier - function that detects protocol of the web page.
+ * @return {{scheme: string|null, error: Neo4jError|null}} object containing either scheme or error.
+ */
+function determineWebSocketScheme(config, protocolSupplier) {
+  const encrypted = config.encrypted;
+  const trust = config.trust;
+
+  if (encrypted === false || encrypted === ENCRYPTION_OFF) {
+    // encryption explicitly turned off in the config
+    return {scheme: 'ws', error: null};
+  }
+
+  const protocol = typeof protocolSupplier === 'function' ? protocolSupplier() : '';
+  if (protocol && protocol.toLowerCase().indexOf('https') >= 0) {
+    // driver is used in a secure https web page, use 'wss'
+    return {scheme: 'wss', error: null};
+  }
+
+  if (encrypted === true || encrypted === ENCRYPTION_ON) {
+    // encryption explicitly requested in the config
+    if (!trust || trust === 'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES') {
+      // trust strategy not specified or the only supported strategy is specified
+      return {scheme: 'wss', error: null};
+    } else {
+      const error = newError('The browser version of this driver only supports one trust ' +
+        'strategy, \'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES\'. ' + trust + ' is not supported. Please ' +
+        'either use TRUST_CUSTOM_CA_SIGNED_CERTIFICATES or disable encryption by setting ' +
+        '`encrypted:"' + ENCRYPTION_OFF + '"` in the driver configuration.');
+      return {scheme: null, error: error};
+    }
+  }
+
+  // default to unencrypted web socket
+  return {scheme: 'ws', error: null};
+}
+
+function detectWebPageProtocol() {
+  return window && window.location ? window.location.protocol : null;
+}
+
 export default _websocketChannelModule
diff --git a/src/v1/internal/connector.js b/src/v1/internal/connector.js
@@ -397,10 +397,6 @@ class Connection {
     return !this._isBroken && this._ch._open;
   }
 
-  isEncrypted() {
-    return this._ch.isEncrypted();
-  }
-
   /**
    * Call close on the channel.
    * @param {function} cb - Function to call on close.

diff --git a/test/internal/ch-config.test.js b/test/internal/ch-config.test.js
@@ -76,7 +76,11 @@ describe('ChannelConfig', () => {
   it('should use encryption if available but not configured', () => {
     const config = new ChannelConfig(null, {}, '');
 
-    expect(config.encrypted).toEqual(hasFeature('trust_all_certificates'));
+    if (hasFeature('trust_all_certificates')) {
+      expect(config.encrypted).toBeTruthy();
+    } else {
+      expect(config.encrypted).toBeFalsy();
+    }
   });
 
   it('should use available trust conf when nothing configured', () => {

diff --git a/test/internal/ch-websocket.test.js b/test/internal/ch-websocket.test.js
@@ -19,8 +19,9 @@
 import wsChannel from '../../src/v1/internal/ch-websocket';
 import ChannelConfig from '../../src/v1/internal/ch-config';
 import urlUtil from '../../src/v1/internal/url-util';
-import {SERVICE_UNAVAILABLE} from '../../src/v1/error';
+import {Neo4jError, SERVICE_UNAVAILABLE} from '../../src/v1/error';
 import {setTimeoutMock} from './timers-util';
+import {ENCRYPTION_OFF, ENCRYPTION_ON} from '../../src/v1/internal/util';
 
 describe('WebSocketChannel', () => {
 
@@ -94,6 +95,54 @@ describe('WebSocketChannel', () => {
     }
   });
 
+  it('should select wss when running on https page', () => {
+    testWebSocketScheme('https:', {}, 'wss');
+  });
+
+  it('should select ws when running on http page', () => {
+    testWebSocketScheme('http:', {}, 'ws');
+  });
+
+  it('should select ws when running on https page but encryption turned off with boolean', () => {
+    testWebSocketScheme('https:', {encrypted: false}, 'ws');
+  });
+
+  it('should select ws when running on https page but encryption turned off with string', () => {
+    testWebSocketScheme('https:', {encrypted: ENCRYPTION_OFF}, 'ws');
+  });
+
+  it('should select wss when running on http page but encryption configured with boolean', () => {
+    testWebSocketScheme('http:', {encrypted: true}, 'wss');
+  });
+
+  it('should select wss when running on http page but encryption configured with string', () => {
+    testWebSocketScheme('http:', {encrypted: ENCRYPTION_ON}, 'wss');
+  });
+
+  it('should fail when encryption configured with unsupported trust strategy', () => {
+    if (!webSocketChannelAvailable) {
+      return;
+    }
+
+    const protocolSupplier = () => 'http:';
+
+    WebSocket = () => {
+      return {
+        close: () => {
+        }
+      };
+    };
+
+    const url = urlUtil.parseDatabaseUrl('bolt://localhost:8989');
+    const driverConfig = {encrypted: true, trust: 'TRUST_ON_FIRST_USE'};
+    const channelConfig = new ChannelConfig(url, driverConfig, SERVICE_UNAVAILABLE);
+
+    const channel = new WebSocketChannel(channelConfig, protocolSupplier);
+
+    expect(channel._error).toBeDefined();
+    expect(channel._error.name).toEqual('Neo4jError');
+  });
+
   function testFallbackToLiteralIPv6(boltAddress, expectedWsAddress) {
     if (!webSocketChannelAvailable) {
       return;
@@ -121,4 +170,27 @@ describe('WebSocketChannel', () => {
     expect(webSocketChannel._ws.url).toEqual(expectedWsAddress);
   }
 
+  function testWebSocketScheme(windowLocationProtocol, driverConfig, expectedScheme) {
+    if (!webSocketChannelAvailable) {
+      return;
+    }
+
+    const protocolSupplier = () => windowLocationProtocol;
+
+    // replace real WebSocket with a function that memorizes the url
+    WebSocket = url => {
+      return {
+        url: url,
+        close: () => {
+        }
+      };
+    };
+
+    const url = urlUtil.parseDatabaseUrl('bolt://localhost:8989');
+    const channelConfig = new ChannelConfig(url, driverConfig, SERVICE_UNAVAILABLE);
+    const channel = new WebSocketChannel(channelConfig, protocolSupplier);
+
+    expect(channel._ws.url).toEqual(expectedScheme + '://localhost:8989');
+  }
+
 });