Add back the removed deprecated methods in SslContext

Motivation:

Previous backport removed the old methods and constructors. They should
not be removed in 4.x but just deprecated in favor of the new methods
and constructors.

Modifications:

Add back the removed methods and constructors in SslContext and its
subtypes for backward compatibility.

Result:

Backward compatibility issues fixed.
This commit is contained in:
Trustin Lee 2014-10-31 13:21:02 +09:00
parent 16fb44cf97
commit 06217aefb7
4 changed files with 262 additions and 21 deletions

View File

@ -17,8 +17,6 @@
package io.netty.handler.ssl; package io.netty.handler.ssl;
import java.io.File;
import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
@ -26,6 +24,7 @@ import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSessionContext; import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.TrustManagerFactory;
import java.io.File;
/** /**
* A client-side {@link SslContext} which uses JDK's SSL/TLS implementation. * A client-side {@link SslContext} which uses JDK's SSL/TLS implementation.
@ -76,6 +75,35 @@ public final class JdkSslClientContext extends JdkSslContext {
JdkDefaultApplicationProtocolNegotiator.INSTANCE, 0, 0); JdkDefaultApplicationProtocolNegotiator.INSTANCE, 0, 0);
} }
/**
* @deprecated Use the constructors that accept {@link ApplicationProtocolConfig} or
* {@link ApplicationProtocolNegotiator} instead.
*
* Creates a new instance.
*
* @param certChainFile an X.509 certificate chain file in PEM format.
* {@code null} to use the system default
* @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
* that verifies the certificates sent from servers.
* {@code null} to use the default.
* @param ciphers the cipher suites to enable, in the order of preference.
* {@code null} to use the default cipher suites.
* @param nextProtocols the application layer protocols to accept, in the order of preference.
* {@code null} to disable TLS NPN/ALPN extension.
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
* {@code 0} to use the default value.
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
* {@code 0} to use the default value.
*/
@Deprecated
public JdkSslClientContext(
File certChainFile, TrustManagerFactory trustManagerFactory,
Iterable<String> ciphers, Iterable<String> nextProtocols,
long sessionCacheSize, long sessionTimeout) throws SSLException {
this(certChainFile, trustManagerFactory, ciphers, IdentityCipherSuiteFilter.INSTANCE,
toNegotiator(toApplicationProtocolConfig(nextProtocols), false), sessionCacheSize, sessionTimeout);
}
/** /**
* Creates a new instance. * Creates a new instance.
* *

View File

@ -16,8 +16,6 @@
package io.netty.handler.ssl; package io.netty.handler.ssl;
import java.io.File;
import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
@ -25,6 +23,7 @@ import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSessionContext; import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.TrustManagerFactory;
import java.io.File;
/** /**
* A server-side {@link SslContext} which uses JDK's SSL/TLS implementation. * A server-side {@link SslContext} which uses JDK's SSL/TLS implementation.
@ -56,6 +55,30 @@ public final class JdkSslServerContext extends JdkSslContext {
JdkDefaultApplicationProtocolNegotiator.INSTANCE, 0, 0); JdkDefaultApplicationProtocolNegotiator.INSTANCE, 0, 0);
} }
/**
* Creates a new instance.
*
* @param certChainFile an X.509 certificate chain file in PEM format
* @param keyFile a PKCS#8 private key file in PEM format
* @param keyPassword the password of the {@code keyFile}.
* {@code null} if it's not password-protected.
* @param ciphers the cipher suites to enable, in the order of preference.
* {@code null} to use the default cipher suites.
* @param nextProtocols the application layer protocols to accept, in the order of preference.
* {@code null} to disable TLS NPN/ALPN extension.
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
* {@code 0} to use the default value.
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
* {@code 0} to use the default value.
*/
public JdkSslServerContext(
File certChainFile, File keyFile, String keyPassword,
Iterable<String> ciphers, Iterable<String> nextProtocols,
long sessionCacheSize, long sessionTimeout) throws SSLException {
this(certChainFile, keyFile, keyPassword, ciphers, IdentityCipherSuiteFilter.INSTANCE,
toNegotiator(toApplicationProtocolConfig(nextProtocols), true), sessionCacheSize, sessionTimeout);
}
/** /**
* Creates a new instance. * Creates a new instance.
* *

View File

@ -117,6 +117,34 @@ public final class OpenSslServerContext extends SslContext {
this(certChainFile, keyFile, keyPassword, ciphers, toNegotiator(apn, false), sessionCacheSize, sessionTimeout); this(certChainFile, keyFile, keyPassword, ciphers, toNegotiator(apn, false), sessionCacheSize, sessionTimeout);
} }
/**
* @deprecated Use the constructors that accepts {@link ApplicationProtocolConfig} or
* {@link ApplicationProtocolNegotiator} instead.
*
* Creates a new instance.
*
* @param certChainFile an X.509 certificate chain file in PEM format
* @param keyFile a PKCS#8 private key file in PEM format
* @param keyPassword the password of the {@code keyFile}.
* {@code null} if it's not password-protected.
* @param ciphers the cipher suites to enable, in the order of preference.
* {@code null} to use the default cipher suites.
* @param nextProtocols the application layer protocols to accept, in the order of preference.
* {@code null} to disable TLS NPN/ALPN extension.
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
* {@code 0} to use the default value.
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
* {@code 0} to use the default value.
*/
@Deprecated
public OpenSslServerContext(
File certChainFile, File keyFile, String keyPassword,
Iterable<String> ciphers, Iterable<String> nextProtocols,
long sessionCacheSize, long sessionTimeout) throws SSLException {
this(certChainFile, keyFile, keyPassword, ciphers,
toApplicationProtocolConfig(nextProtocols), sessionCacheSize, sessionTimeout);
}
/** /**
* Creates a new instance. * Creates a new instance.
* *

View File

@ -19,6 +19,9 @@ package io.netty.handler.ssl;
import io.netty.buffer.ByteBufAllocator; import io.netty.buffer.ByteBufAllocator;
import io.netty.channel.ChannelInitializer; import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline; import io.netty.channel.ChannelPipeline;
import io.netty.handler.ssl.ApplicationProtocolConfig.Protocol;
import io.netty.handler.ssl.ApplicationProtocolConfig.SelectedListenerFailureBehavior;
import io.netty.handler.ssl.ApplicationProtocolConfig.SelectorFailureBehavior;
import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.KeyManagerFactory;
@ -28,6 +31,7 @@ import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.TrustManagerFactory;
import java.io.File; import java.io.File;
import java.util.Collections;
import java.util.List; import java.util.List;
/** /**
@ -100,6 +104,36 @@ public abstract class SslContext {
return newServerContext(null, certChainFile, keyFile, keyPassword); return newServerContext(null, certChainFile, keyFile, keyPassword);
} }
/**
* @deprecated Use the factory methods that accept {@link ApplicationProtocolConfig} instead.
*
* Creates a new server-side {@link SslContext}.
*
* @param certChainFile an X.509 certificate chain file in PEM format
* @param keyFile a PKCS#8 private key file in PEM format
* @param keyPassword the password of the {@code keyFile}.
* {@code null} if it's not password-protected.
* @param ciphers the cipher suites to enable, in the order of preference.
* {@code null} to use the default cipher suites.
* @param nextProtocols the application layer protocols to accept, in the order of preference.
* {@code null} to disable TLS NPN/ALPN extension.
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
* {@code 0} to use the default value.
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
* {@code 0} to use the default value.
* @return a new server-side {@link SslContext}
*/
@Deprecated
public static SslContext newServerContext(
File certChainFile, File keyFile, String keyPassword,
Iterable<String> ciphers, Iterable<String> nextProtocols,
long sessionCacheSize, long sessionTimeout) throws SSLException {
return newServerContext(
null, certChainFile, keyFile, keyPassword,
ciphers, nextProtocols, sessionCacheSize, sessionTimeout);
}
/** /**
* Creates a new server-side {@link SslContext}. * Creates a new server-side {@link SslContext}.
* *
@ -157,6 +191,40 @@ public abstract class SslContext {
null, 0, 0); null, 0, 0);
} }
/**
* @deprecated Use the factory methods that accept {@link ApplicationProtocolConfig} instead.
*
* Creates a new server-side {@link SslContext}.
*
* @param provider the {@link SslContext} implementation to use.
* {@code null} to use the current default one.
* @param certChainFile an X.509 certificate chain file in PEM format
* @param keyFile a PKCS#8 private key file in PEM format
* @param keyPassword the password of the {@code keyFile}.
* {@code null} if it's not password-protected.
* @param ciphers the cipher suites to enable, in the order of preference.
* {@code null} to use the default cipher suites.
* @param nextProtocols the application layer protocols to accept, in the order of preference.
* {@code null} to disable TLS NPN/ALPN extension.
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
* {@code 0} to use the default value.
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
* {@code 0} to use the default value.
* @return a new server-side {@link SslContext}
*/
@Deprecated
public static SslContext newServerContext(
SslProvider provider,
File certChainFile, File keyFile, String keyPassword,
Iterable<String> ciphers, Iterable<String> nextProtocols,
long sessionCacheSize, long sessionTimeout) throws SSLException {
return newServerContext(
provider, certChainFile, keyFile, keyPassword,
ciphers, IdentityCipherSuiteFilter.INSTANCE,
toApplicationProtocolConfig(nextProtocols), sessionCacheSize, sessionTimeout);
}
/** /**
* Creates a new server-side {@link SslContext}. * Creates a new server-side {@link SslContext}.
* *
@ -216,7 +284,8 @@ public abstract class SslContext {
* {@code 0} to use the default value. * {@code 0} to use the default value.
* @return a new server-side {@link SslContext} * @return a new server-side {@link SslContext}
*/ */
public static SslContext newServerContext(SslProvider provider, public static SslContext newServerContext(
SslProvider provider,
File trustCertChainFile, TrustManagerFactory trustManagerFactory, File trustCertChainFile, TrustManagerFactory trustManagerFactory,
File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
@ -227,19 +296,19 @@ public abstract class SslContext {
} }
switch (provider) { switch (provider) {
case JDK: case JDK:
return new JdkSslServerContext( return new JdkSslServerContext(
trustCertChainFile, trustManagerFactory, keyCertChainFile, keyFile, keyPassword, trustCertChainFile, trustManagerFactory, keyCertChainFile, keyFile, keyPassword,
keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout); keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout);
case OPENSSL: case OPENSSL:
if (trustCertChainFile != null) { if (trustCertChainFile != null) {
throw new UnsupportedOperationException("OpenSSL provider does not support mutual authentication"); throw new UnsupportedOperationException("OpenSSL provider does not support mutual authentication");
} }
return new OpenSslServerContext( return new OpenSslServerContext(
keyCertChainFile, keyFile, keyPassword, keyCertChainFile, keyFile, keyPassword,
ciphers, apn, sessionCacheSize, sessionTimeout); ciphers, apn, sessionCacheSize, sessionTimeout);
default: default:
throw new Error(provider.toString()); throw new Error(provider.toString());
} }
} }
@ -292,6 +361,37 @@ public abstract class SslContext {
return newClientContext(null, certChainFile, trustManagerFactory); return newClientContext(null, certChainFile, trustManagerFactory);
} }
/**
* @deprecated Use the factory methods that accept {@link ApplicationProtocolConfig} instead.
*
* Creates a new client-side {@link SslContext}.
*
* @param certChainFile an X.509 certificate chain file in PEM format.
* {@code null} to use the system default
* @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
* that verifies the certificates sent from servers.
* {@code null} to use the default.
* @param ciphers the cipher suites to enable, in the order of preference.
* {@code null} to use the default cipher suites.
* @param nextProtocols the application layer protocols to accept, in the order of preference.
* {@code null} to disable TLS NPN/ALPN extension.
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
* {@code 0} to use the default value.
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
* {@code 0} to use the default value.
*
* @return a new client-side {@link SslContext}
*/
@Deprecated
public static SslContext newClientContext(
File certChainFile, TrustManagerFactory trustManagerFactory,
Iterable<String> ciphers, Iterable<String> nextProtocols,
long sessionCacheSize, long sessionTimeout) throws SSLException {
return newClientContext(
null, certChainFile, trustManagerFactory,
ciphers, nextProtocols, sessionCacheSize, sessionTimeout);
}
/** /**
* Creates a new client-side {@link SslContext}. * Creates a new client-side {@link SslContext}.
* *
@ -381,6 +481,42 @@ public abstract class SslContext {
null, 0, 0); null, 0, 0);
} }
/**
* @deprecated Use the factory methods that accept {@link ApplicationProtocolConfig}.
*
* Creates a new client-side {@link SslContext}.
*
* @param provider the {@link SslContext} implementation to use.
* {@code null} to use the current default one.
* @param certChainFile an X.509 certificate chain file in PEM format.
* {@code null} to use the system default
* @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
* that verifies the certificates sent from servers.
* {@code null} to use the default.
* @param ciphers the cipher suites to enable, in the order of preference.
* {@code null} to use the default cipher suites.
* @param nextProtocols the application layer protocols to accept, in the order of preference.
* {@code null} to disable TLS NPN/ALPN extension.
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
* {@code 0} to use the default value.
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
* {@code 0} to use the default value.
*
* @return a new client-side {@link SslContext}
*/
@Deprecated
public static SslContext newClientContext(
SslProvider provider,
File certChainFile, TrustManagerFactory trustManagerFactory,
Iterable<String> ciphers, Iterable<String> nextProtocols,
long sessionCacheSize, long sessionTimeout) throws SSLException {
return newClientContext(
provider, certChainFile, trustManagerFactory, null, null, null, null,
ciphers, IdentityCipherSuiteFilter.INSTANCE,
toApplicationProtocolConfig(nextProtocols), sessionCacheSize, sessionTimeout);
}
/** /**
* Creates a new client-side {@link SslContext}. * Creates a new client-side {@link SslContext}.
* *
@ -402,11 +538,14 @@ public abstract class SslContext {
* *
* @return a new client-side {@link SslContext} * @return a new client-side {@link SslContext}
*/ */
public static SslContext newClientContext(SslProvider provider, public static SslContext newClientContext(
SslProvider provider,
File certChainFile, TrustManagerFactory trustManagerFactory, File certChainFile, TrustManagerFactory trustManagerFactory,
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
long sessionCacheSize, long sessionTimeout) throws SSLException { long sessionCacheSize, long sessionTimeout) throws SSLException {
return newClientContext(provider, certChainFile, trustManagerFactory, null, null, null, null,
return newClientContext(
provider, certChainFile, trustManagerFactory, null, null, null, null,
ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout); ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout);
} }
@ -445,7 +584,8 @@ public abstract class SslContext {
* *
* @return a new client-side {@link SslContext} * @return a new client-side {@link SslContext}
*/ */
public static SslContext newClientContext(SslProvider provider, public static SslContext newClientContext(
SslProvider provider,
File trustCertChainFile, TrustManagerFactory trustManagerFactory, File trustCertChainFile, TrustManagerFactory trustManagerFactory,
File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
@ -459,6 +599,20 @@ public abstract class SslContext {
keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout); keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout);
} }
static ApplicationProtocolConfig toApplicationProtocolConfig(Iterable<String> nextProtocols) {
ApplicationProtocolConfig apn;
if (nextProtocols == null) {
apn = new ApplicationProtocolConfig(
Protocol.NONE, SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL,
SelectedListenerFailureBehavior.ACCEPT, Collections.<String>emptyList());
} else {
apn = new ApplicationProtocolConfig(
Protocol.NPN_AND_ALPN, SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL,
SelectedListenerFailureBehavior.ACCEPT, nextProtocols);
}
return apn;
}
SslContext() { } SslContext() { }
/** /**
@ -488,6 +642,14 @@ public abstract class SslContext {
*/ */
public abstract long sessionTimeout(); public abstract long sessionTimeout();
/**
* @deprecated Use {@link #applicationProtocolNegotiator()} instead.
*/
@Deprecated
public final List<String> nextProtocols() {
return applicationProtocolNegotiator().protocols();
}
/** /**
* Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions. * Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.
*/ */