From 3320bd9bfca7f3e1e672e3ece4460b80d552acab Mon Sep 17 00:00:00 2001
From: "eugene.livis" <elivis@basistech.com>
Date: Thu, 2 Nov 2023 11:03:02 -0400
Subject: [PATCH] Code cleanup

---
 .../datamodel/CaseDatabaseFactory.java        | 20 +++++++++++------
 .../sleuthkit/datamodel/SleuthkitCase.java    | 22 +++++--------------
 2 files changed, 18 insertions(+), 24 deletions(-)

diff --git a/bindings/java/src/org/sleuthkit/datamodel/CaseDatabaseFactory.java b/bindings/java/src/org/sleuthkit/datamodel/CaseDatabaseFactory.java
index a81349108..2f3af2c5b 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/CaseDatabaseFactory.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/CaseDatabaseFactory.java
@@ -39,6 +39,17 @@ class CaseDatabaseFactory {
 	private static final Logger logger = Logger.getLogger(CaseDatabaseFactory.class.getName());
 	private final SQLHelper dbQueryHelper;
 	private final DbCreationHelper dbCreationHelper;
+	
+	// ssl=true: enables SSL encryption. 
+	// DefaultJavaSSLFactory: uses Java's default truststore to validate server certificate.
+	// sslmode=verify-ca: verifies that the server we are connecting to is trusted by CA. 
+	final static String SSL_VERIFY_URL = "?ssl=true&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory&sslmode=verify-ca";
+	
+	// ssl=true: enables SSL encryption. 
+	// NonValidatingFactory avoids hostname verification.
+	// sslmode=require: This mode makes the encryption mandatory and also requires the connection to fail if it can't be encrypted. 
+	// In this mode, the JDBC driver accepts all server certificates, including self-signed ones.
+	final static String SSL_NONVERIFY_URL = "?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory&sslmode=require";
 		
 	/**
 	 * Create a new SQLite case
@@ -716,14 +727,9 @@ Connection getConnection(String databaseName) throws TskCoreException {
 			if (info.isSslEnabled()) {
 				// ssl=true: enables SSL encryption. 				
 				if (info.isSslVerify()) {
-					// DefaultJavaSSLFactory: uses Java's default truststore to validate server certificate.
-					// sslmode=verify-ca: verifies that the server we are connecting to is trusted by CA. 
-					url.append("?ssl=true&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory&sslmode=verify-ca");
+					url.append(SSL_VERIFY_URL);
 				} else {
-					// NonValidatingFactory avoids hostname verification.
-					// sslmode=require: This mode makes the encryption mandatory and also requires the connection to fail if it can't be encrypted. 
-					// In this mode, the JDBC driver accepts all server certificates, including self-signed ones.
-					url.append("?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory&sslmode=require");
+					url.append(SSL_NONVERIFY_URL);
 				}
 			}
 			
diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
index 95257a63f..e2047be0a 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
@@ -294,17 +294,11 @@ public static void tryConnect(CaseDbConnectionInfo info) throws TskCoreException
 		try {
 			Class.forName("org.postgresql.Driver"); //NON-NLS
 			String connectionURL = "jdbc:postgresql://" + info.getHost() + ":" + info.getPort() + "/postgres";
-			if (info.isSslEnabled()) {
-				// ssl=true: enables SSL encryption. 				
+			if (info.isSslEnabled()) {				
 				if (info.isSslVerify()) {
-					// DefaultJavaSSLFactory: uses Java's default truststore to validate server certificate.
-					// sslmode=verify-ca: verifies that the server we are connecting to is trusted by CA. 
-					connectionURL += "?ssl=true&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory&sslmode=verify-ca";
+					connectionURL += CaseDatabaseFactory.SSL_VERIFY_URL;
 				} else {
-					// NonValidatingFactory avoids hostname verification.
-					// sslmode=require: This mode makes the encryption mandatory and also requires the connection to fail if it can't be encrypted. 
-					// In this mode, the JDBC driver accepts all server certificates, including self-signed ones.
-					connectionURL += "?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory&sslmode=require";
+					connectionURL += CaseDatabaseFactory.SSL_NONVERIFY_URL;
 				}
 			}
 			Connection conn = DriverManager.getConnection(connectionURL, info.getUserName(), info.getPassword()); //NON-NLS
@@ -13412,16 +13406,10 @@ private final class PostgreSQLConnections extends ConnectionPool {
 			String connectionURL = "jdbc:postgresql://" + info.getHost() + ":" + Integer.valueOf(info.getPort()) + "/"
 					+ URLEncoder.encode(dbName, StandardCharsets.UTF_8.toString());
 			if (info.isSslEnabled()) {
-				// ssl=true: enables SSL encryption. 				
 				if (info.isSslVerify()) {
-					// DefaultJavaSSLFactory: uses Java's default truststore to validate server certificate.
-					// sslmode=verify-ca: verifies that the server we are connecting to is trusted by CA. 
-					connectionURL += "?ssl=true&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory&sslmode=verify-ca";
+					connectionURL += CaseDatabaseFactory.SSL_VERIFY_URL;
 				} else {
-					// NonValidatingFactory avoids hostname verification.
-					// sslmode=require: This mode makes the encryption mandatory and also requires the connection to fail if it can't be encrypted. 
-					// In this mode, the JDBC driver accepts all server certificates, including self-signed ones.
-					connectionURL += "?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory&sslmode=require";
+					connectionURL += CaseDatabaseFactory.SSL_NONVERIFY_URL;
 				}
 			}
 			comboPooledDataSource.setJdbcUrl(connectionURL);
-- 
GitLab