Remove usage of io.netty.handler.ssl.openssl.useKeyManagerFactory system property

Motivation:

Usafe of io.netty.handler.ssl.openssl.useKeyManagerFactory system property was deprecated in 4.1 so let us remove it.

Modifications:

Remove io.netty.handler.ssl.openssl.useKeyManagerFactory usage.

Result:

Remove support of deprecated system property
This commit is contained in:
Norman Maurer 2019-05-22 09:09:32 +02:00
parent e4ef8f6ff3
commit bbb397ac5c
6 changed files with 5 additions and 21 deletions

View File

@ -33,8 +33,6 @@ import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.io.ByteArrayInputStream;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@ -59,7 +57,6 @@ public final class OpenSsl {
private static final Set<String> AVAILABLE_OPENSSL_CIPHER_SUITES;
private static final Set<String> AVAILABLE_JAVA_CIPHER_SUITES;
private static final boolean SUPPORTS_KEYMANAGER_FACTORY;
private static final boolean USE_KEYMANAGER_FACTORY;
private static final boolean SUPPORTS_OCSP;
private static final boolean TLSV13_SUPPORTED;
private static final boolean IS_BORINGSSL;
@ -245,13 +242,6 @@ public final class OpenSsl {
SSL.setKeyMaterial(ssl, cert, key);
supportsKeyManagerFactory = true;
try {
useKeyManagerFactory = AccessController.doPrivileged((PrivilegedAction<Boolean>) () ->
SystemPropertyUtil.getBoolean(
"io.netty.handler.ssl.openssl.useKeyManagerFactory", true));
} catch (Throwable ignore) {
logger.debug("Failed to get useKeyManagerFactory system property.");
}
} catch (Throwable ignore) {
logger.debug("KeyManagerFactory not supported.");
} finally {
@ -307,7 +297,6 @@ public final class OpenSsl {
AVAILABLE_CIPHER_SUITES = availableCipherSuites;
SUPPORTS_KEYMANAGER_FACTORY = supportsKeyManagerFactory;
USE_KEYMANAGER_FACTORY = useKeyManagerFactory;
Set<String> protocols = new LinkedHashSet<>(6);
// Seems like there is no way to explicitly disable SSLv2Hello in openssl so it is always enabled
@ -349,7 +338,6 @@ public final class OpenSsl {
AVAILABLE_JAVA_CIPHER_SUITES = Collections.emptySet();
AVAILABLE_CIPHER_SUITES = Collections.emptySet();
SUPPORTS_KEYMANAGER_FACTORY = false;
USE_KEYMANAGER_FACTORY = false;
SUPPORTED_PROTOCOLS_SET = Collections.emptySet();
SUPPORTS_OCSP = false;
TLSV13_SUPPORTED = false;
@ -519,10 +507,6 @@ public final class OpenSsl {
return isAvailable();
}
static boolean useKeyManagerFactory() {
return USE_KEYMANAGER_FACTORY;
}
static long memoryAddress(ByteBuf buf) {
assert buf.isDirect();
return buf.hasMemoryAddress() ? buf.memoryAddress() : Buffer.address(buf.nioBuffer());

View File

@ -96,7 +96,7 @@ public final class ReferenceCountedOpenSslClientContext extends ReferenceCounted
OpenSslKeyMaterialProvider keyMaterialProvider = null;
try {
try {
if (!OpenSsl.useKeyManagerFactory()) {
if (!OpenSsl.supportsKeyManagerFactory()) {
if (keyManagerFactory != null) {
throw new IllegalArgumentException(
"KeyManagerFactory not supported");

View File

@ -98,7 +98,7 @@ public final class ReferenceCountedOpenSslServerContext extends ReferenceCounted
try {
try {
SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_NONE, VERIFY_DEPTH);
if (!OpenSsl.useKeyManagerFactory()) {
if (!OpenSsl.supportsKeyManagerFactory()) {
if (keyManagerFactory != null) {
throw new IllegalArgumentException(
"KeyManagerFactory not supported");

View File

@ -22,6 +22,6 @@ final class OpenSslTestUtils {
}
static void checkShouldUseKeyManagerFactory() {
assumeTrue(OpenSsl.supportsKeyManagerFactory() && OpenSsl.useKeyManagerFactory());
assumeTrue(OpenSsl.supportsKeyManagerFactory());
}
}

View File

@ -46,7 +46,7 @@ public class PemEncodedTest {
private static void testPemEncoded(SslProvider provider) throws Exception {
assumeTrue(OpenSsl.isAvailable());
assumeFalse(OpenSsl.useKeyManagerFactory());
assumeFalse(OpenSsl.supportsKeyManagerFactory());
PemPrivateKey pemKey;
PemX509Certificate pemCert;
SelfSignedCertificate ssc = new SelfSignedCertificate();

View File

@ -100,7 +100,7 @@ public class SniClientTest {
Channel cc = null;
try {
if ((sslServerProvider == SslProvider.OPENSSL || sslServerProvider == SslProvider.OPENSSL_REFCNT)
&& !OpenSsl.useKeyManagerFactory()) {
&& !OpenSsl.supportsKeyManagerFactory()) {
sslServerContext = SslContextBuilder.forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider)
.build();