andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove usage of io.netty.handler.ssl.openssl.useKeyManagerFactory system property

Browse Source 
Motivation:

Usafe of io.netty.handler.ssl.openssl.useKeyManagerFactory system property was deprecated in 4.1 so let us remove it.

Modifications:

Remove io.netty.handler.ssl.openssl.useKeyManagerFactory usage.

Result:

Remove support of deprecated system property
This commit is contained in:
Norman Maurer 2019-05-22 09:09:32 +02:00
parent e4ef8f6ff3
commit bbb397ac5c
6 changed files with 5 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
View File

@ -33,8 +33,6 @@ import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory; import io.netty.util.internal.logging.InternalLoggerFactory;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.ArrayList; import java.util.ArrayList;
@ -59,7 +57,6 @@ public final class OpenSsl {
private static final Set<String> AVAILABLE_OPENSSL_CIPHER_SUITES; private static final Set<String> AVAILABLE_OPENSSL_CIPHER_SUITES;
private static final Set<String> AVAILABLE_JAVA_CIPHER_SUITES; private static final Set<String> AVAILABLE_JAVA_CIPHER_SUITES;
private static final boolean SUPPORTS_KEYMANAGER_FACTORY; private static final boolean SUPPORTS_KEYMANAGER_FACTORY;
private static final boolean USE_KEYMANAGER_FACTORY;
private static final boolean SUPPORTS_OCSP; private static final boolean SUPPORTS_OCSP;
private static final boolean TLSV13_SUPPORTED; private static final boolean TLSV13_SUPPORTED;
private static final boolean IS_BORINGSSL; private static final boolean IS_BORINGSSL;
@ -245,13 +242,6 @@ public final class OpenSsl {
SSL.setKeyMaterial(ssl, cert, key); SSL.setKeyMaterial(ssl, cert, key);
supportsKeyManagerFactory = true; supportsKeyManagerFactory = true;
try {
useKeyManagerFactory = AccessController.doPrivileged((PrivilegedAction<Boolean>) () ->
SystemPropertyUtil.getBoolean(
"io.netty.handler.ssl.openssl.useKeyManagerFactory", true));
} catch (Throwable ignore) {
logger.debug("Failed to get useKeyManagerFactory system property.");
}
} catch (Throwable ignore) { } catch (Throwable ignore) {
logger.debug("KeyManagerFactory not supported."); logger.debug("KeyManagerFactory not supported.");
} finally { } finally {
@ -307,7 +297,6 @@ public final class OpenSsl {
AVAILABLE_CIPHER_SUITES = availableCipherSuites; AVAILABLE_CIPHER_SUITES = availableCipherSuites;
SUPPORTS_KEYMANAGER_FACTORY = supportsKeyManagerFactory; SUPPORTS_KEYMANAGER_FACTORY = supportsKeyManagerFactory;
USE_KEYMANAGER_FACTORY = useKeyManagerFactory;
Set<String> protocols = new LinkedHashSet<>(6); Set<String> protocols = new LinkedHashSet<>(6);
// Seems like there is no way to explicitly disable SSLv2Hello in openssl so it is always enabled // Seems like there is no way to explicitly disable SSLv2Hello in openssl so it is always enabled
@ -349,7 +338,6 @@ public final class OpenSsl {
AVAILABLE_JAVA_CIPHER_SUITES = Collections.emptySet(); AVAILABLE_JAVA_CIPHER_SUITES = Collections.emptySet();
AVAILABLE_CIPHER_SUITES = Collections.emptySet(); AVAILABLE_CIPHER_SUITES = Collections.emptySet();
SUPPORTS_KEYMANAGER_FACTORY = false; SUPPORTS_KEYMANAGER_FACTORY = false;
USE_KEYMANAGER_FACTORY = false;
SUPPORTED_PROTOCOLS_SET = Collections.emptySet(); SUPPORTED_PROTOCOLS_SET = Collections.emptySet();
SUPPORTS_OCSP = false; SUPPORTS_OCSP = false;
TLSV13_SUPPORTED = false; TLSV13_SUPPORTED = false;
@ -519,10 +507,6 @@ public final class OpenSsl {
return isAvailable(); return isAvailable();
} }
static boolean useKeyManagerFactory() {
return USE_KEYMANAGER_FACTORY;
}
static long memoryAddress(ByteBuf buf) { static long memoryAddress(ByteBuf buf) {
assert buf.isDirect(); assert buf.isDirect();
return buf.hasMemoryAddress() ? buf.memoryAddress() : Buffer.address(buf.nioBuffer()); return buf.hasMemoryAddress() ? buf.memoryAddress() : Buffer.address(buf.nioBuffer());

2
handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java
View File

@ -96,7 +96,7 @@ public final class ReferenceCountedOpenSslClientContext extends ReferenceCounted
OpenSslKeyMaterialProvider keyMaterialProvider = null; OpenSslKeyMaterialProvider keyMaterialProvider = null;
try { try {
try { try {
if (!OpenSsl.useKeyManagerFactory()) { if (!OpenSsl.supportsKeyManagerFactory()) {
if (keyManagerFactory != null) { if (keyManagerFactory != null) {
throw new IllegalArgumentException( throw new IllegalArgumentException(
"KeyManagerFactory not supported"); "KeyManagerFactory not supported");

2
handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslServerContext.java
View File

@ -98,7 +98,7 @@ public final class ReferenceCountedOpenSslServerContext extends ReferenceCounted
try { try {
try { try {
SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_NONE, VERIFY_DEPTH); SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_NONE, VERIFY_DEPTH);
if (!OpenSsl.useKeyManagerFactory()) { if (!OpenSsl.supportsKeyManagerFactory()) {
if (keyManagerFactory != null) { if (keyManagerFactory != null) {
throw new IllegalArgumentException( throw new IllegalArgumentException(
"KeyManagerFactory not supported"); "KeyManagerFactory not supported");

2
handler/src/test/java/io/netty/handler/ssl/OpenSslTestUtils.java
View File

@ -22,6 +22,6 @@ final class OpenSslTestUtils {
} }
static void checkShouldUseKeyManagerFactory() { static void checkShouldUseKeyManagerFactory() {
assumeTrue(OpenSsl.supportsKeyManagerFactory() && OpenSsl.useKeyManagerFactory()); assumeTrue(OpenSsl.supportsKeyManagerFactory());
} }
} }

2
handler/src/test/java/io/netty/handler/ssl/PemEncodedTest.java
View File

@ -46,7 +46,7 @@ public class PemEncodedTest {
private static void testPemEncoded(SslProvider provider) throws Exception { private static void testPemEncoded(SslProvider provider) throws Exception {
assumeTrue(OpenSsl.isAvailable()); assumeTrue(OpenSsl.isAvailable());
assumeFalse(OpenSsl.useKeyManagerFactory()); assumeFalse(OpenSsl.supportsKeyManagerFactory());
PemPrivateKey pemKey; PemPrivateKey pemKey;
PemX509Certificate pemCert; PemX509Certificate pemCert;
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();

2
handler/src/test/java/io/netty/handler/ssl/SniClientTest.java
View File

@ -100,7 +100,7 @@ public class SniClientTest {
Channel cc = null; Channel cc = null;
try { try {
if ((sslServerProvider == SslProvider.OPENSSL || sslServerProvider == SslProvider.OPENSSL_REFCNT) if ((sslServerProvider == SslProvider.OPENSSL || sslServerProvider == SslProvider.OPENSSL_REFCNT)
&& !OpenSsl.useKeyManagerFactory()) { && !OpenSsl.supportsKeyManagerFactory()) {
sslServerContext = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()) sslServerContext = SslContextBuilder.forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider) .sslProvider(sslServerProvider)
.build(); .build();