diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkSslClientContext.java b/handler/src/main/java/io/netty/handler/ssl/JdkSslClientContext.java index 6ed131e7c7..c4cb8e5886 100644 --- a/handler/src/main/java/io/netty/handler/ssl/JdkSslClientContext.java +++ b/handler/src/main/java/io/netty/handler/ssl/JdkSslClientContext.java @@ -16,260 +16,55 @@ package io.netty.handler.ssl; +import java.io.File; +import java.security.PrivateKey; import java.security.Provider; -import javax.net.ssl.KeyManager; +import java.security.cert.X509Certificate; + import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; import javax.net.ssl.SSLSessionContext; -import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; -import java.io.File; -import java.security.PrivateKey; -import java.security.cert.X509Certificate; /** * A client-side {@link SslContext} which uses JDK's SSL/TLS implementation. - * - * @deprecated Use {@link SslContextBuilder} to create {@link JdkSslContext} instances and only - * use {@link JdkSslContext} in your code. */ -@Deprecated -public final class JdkSslClientContext extends JdkSslContext { - - /** - * Creates a new instance. - * - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public JdkSslClientContext() throws SSLException { - this(null, null); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format. - * {@code null} to use the system default - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public JdkSslClientContext(File certChainFile) throws SSLException { - this(certChainFile, null); - } - - /** - * Creates a new instance. - * - * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s - * that verifies the certificates sent from servers. - * {@code null} to use the default. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public JdkSslClientContext(TrustManagerFactory trustManagerFactory) throws SSLException { - this(null, trustManagerFactory); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format. - * {@code null} to use the system default - * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s - * that verifies the certificates sent from servers. - * {@code null} to use the default. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public JdkSslClientContext(File certChainFile, TrustManagerFactory trustManagerFactory) throws SSLException { - this(certChainFile, trustManagerFactory, null, IdentityCipherSuiteFilter.INSTANCE, - JdkDefaultApplicationProtocolNegotiator.INSTANCE, 0, 0); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format. - * {@code null} to use the system default - * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s - * that verifies the certificates sent from servers. - * {@code null} to use the default. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param nextProtocols the application layer protocols to accept, in the order of preference. - * {@code null} to disable TLS NPN/ALPN extension. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public JdkSslClientContext( - File certChainFile, TrustManagerFactory trustManagerFactory, - Iterable ciphers, Iterable nextProtocols, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(certChainFile, trustManagerFactory, ciphers, IdentityCipherSuiteFilter.INSTANCE, - toNegotiator(toApplicationProtocolConfig(nextProtocols), false), sessionCacheSize, sessionTimeout); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format. - * {@code null} to use the system default - * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s - * that verifies the certificates sent from servers. - * {@code null} to use the default. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param cipherFilter a filter to apply over the supplied list of ciphers - * @param apn Provides a means to configure parameters related to application protocol negotiation. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public JdkSslClientContext( - File certChainFile, TrustManagerFactory trustManagerFactory, - Iterable ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(certChainFile, trustManagerFactory, ciphers, cipherFilter, - toNegotiator(apn, false), sessionCacheSize, sessionTimeout); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format. - * {@code null} to use the system default - * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s - * that verifies the certificates sent from servers. - * {@code null} to use the default. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param cipherFilter a filter to apply over the supplied list of ciphers - * @param apn Application Protocol Negotiator object. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public JdkSslClientContext( - File certChainFile, TrustManagerFactory trustManagerFactory, - Iterable ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(null, certChainFile, trustManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout); - } +final class JdkSslClientContext extends JdkSslContext { + // FIXME test only JdkSslClientContext(Provider provider, - File trustCertCollectionFile, TrustManagerFactory trustManagerFactory, - Iterable ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn, - long sessionCacheSize, long sessionTimeout) throws SSLException { + File trustCertCollectionFile, + TrustManagerFactory trustManagerFactory, + Iterable ciphers, + CipherSuiteFilter cipherFilter, + JdkApplicationProtocolNegotiator apn, + long sessionCacheSize, + long sessionTimeout) + throws SSLException { super(newSSLContext(provider, toX509CertificatesInternal(trustCertCollectionFile), - trustManagerFactory, null, null, - null, null, sessionCacheSize, sessionTimeout), true, - ciphers, cipherFilter, apn, ClientAuth.NONE, null, false); - } - - /** - * Creates a new instance. - * @param trustCertCollectionFile an X.509 certificate collection file in PEM format. - * {@code null} to use the system default - * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s - * that verifies the certificates sent from servers. - * {@code null} to use the default or the results of parsing - * {@code trustCertCollectionFile} - * @param keyCertChainFile an X.509 certificate chain file in PEM format. - * This provides the public key for mutual authentication. - * {@code null} to use the system default - * @param keyFile a PKCS#8 private key file in PEM format. - * This provides the private key for mutual authentication. - * {@code null} for no mutual authentication. - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * Ignored if {@code keyFile} is {@code null}. - * @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s - * that is used to encrypt data being sent to servers. - * {@code null} to use the default or the results of parsing - * {@code keyCertChainFile} and {@code keyFile}. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param cipherFilter a filter to apply over the supplied list of ciphers - * @param apn Provides a means to configure parameters related to application protocol negotiation. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public JdkSslClientContext(File trustCertCollectionFile, TrustManagerFactory trustManagerFactory, - File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, - Iterable ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(trustCertCollectionFile, trustManagerFactory, keyCertChainFile, keyFile, keyPassword, keyManagerFactory, - ciphers, cipherFilter, toNegotiator(apn, false), sessionCacheSize, sessionTimeout); - } - - /** - * Creates a new instance. - * @param trustCertCollectionFile an X.509 certificate collection file in PEM format. - * {@code null} to use the system default - * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s - * that verifies the certificates sent from servers. - * {@code null} to use the default or the results of parsing - * {@code trustCertCollectionFile} - * @param keyCertChainFile an X.509 certificate chain file in PEM format. - * This provides the public key for mutual authentication. - * {@code null} to use the system default - * @param keyFile a PKCS#8 private key file in PEM format. - * This provides the private key for mutual authentication. - * {@code null} for no mutual authentication. - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * Ignored if {@code keyFile} is {@code null}. - * @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s - * that is used to encrypt data being sent to servers. - * {@code null} to use the default or the results of parsing - * {@code keyCertChainFile} and {@code keyFile}. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param cipherFilter a filter to apply over the supplied list of ciphers - * @param apn Application Protocol Negotiator object. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public JdkSslClientContext(File trustCertCollectionFile, TrustManagerFactory trustManagerFactory, - File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, - Iterable ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn, - long sessionCacheSize, long sessionTimeout) throws SSLException { - super(newSSLContext(null, toX509CertificatesInternal( - trustCertCollectionFile), trustManagerFactory, - toX509CertificatesInternal(keyCertChainFile), toPrivateKeyInternal(keyFile, keyPassword), - keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout), true, - ciphers, cipherFilter, apn, ClientAuth.NONE, null, false); + trustManagerFactory, null, null, + null, null, sessionCacheSize, sessionTimeout), true, + ciphers, cipherFilter, apn, ClientAuth.NONE, null, false); } JdkSslClientContext(Provider sslContextProvider, - X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory, - X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, - KeyManagerFactory keyManagerFactory, Iterable ciphers, CipherSuiteFilter cipherFilter, - ApplicationProtocolConfig apn, String[] protocols, long sessionCacheSize, long sessionTimeout) - throws SSLException { + X509Certificate[] trustCertCollection, + TrustManagerFactory trustManagerFactory, + X509Certificate[] keyCertChain, + PrivateKey key, + String keyPassword, + KeyManagerFactory keyManagerFactory, + Iterable ciphers, + CipherSuiteFilter cipherFilter, + ApplicationProtocolConfig apn, + String[] protocols, + long sessionCacheSize, + long sessionTimeout) + throws SSLException { super(newSSLContext(sslContextProvider, trustCertCollection, trustManagerFactory, - keyCertChain, key, keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout), - true, ciphers, cipherFilter, toNegotiator(apn, false), ClientAuth.NONE, protocols, false); + keyCertChain, key, keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout), + true, ciphers, cipherFilter, toNegotiator(apn, false), ClientAuth.NONE, protocols, false); } private static SSLContext newSSLContext(Provider sslContextProvider, diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkSslServerContext.java b/handler/src/main/java/io/netty/handler/ssl/JdkSslServerContext.java index 2dcbbc0b66..aaa452f2be 100644 --- a/handler/src/main/java/io/netty/handler/ssl/JdkSslServerContext.java +++ b/handler/src/main/java/io/netty/handler/ssl/JdkSslServerContext.java @@ -16,227 +16,58 @@ package io.netty.handler.ssl; +import java.io.File; +import java.security.PrivateKey; import java.security.Provider; -import javax.net.ssl.KeyManager; +import java.security.cert.X509Certificate; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; import javax.net.ssl.SSLSessionContext; -import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; -import java.io.File; -import java.security.PrivateKey; -import java.security.cert.X509Certificate; /** * A server-side {@link SslContext} which uses JDK's SSL/TLS implementation. - * - * @deprecated Use {@link SslContextBuilder} to create {@link JdkSslContext} instances and only - * use {@link JdkSslContext} in your code. */ -@Deprecated -public final class JdkSslServerContext extends JdkSslContext { - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public JdkSslServerContext(File certChainFile, File keyFile) throws SSLException { - this(certChainFile, keyFile, null); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public JdkSslServerContext(File certChainFile, File keyFile, String keyPassword) throws SSLException { - this(certChainFile, keyFile, keyPassword, null, IdentityCipherSuiteFilter.INSTANCE, - JdkDefaultApplicationProtocolNegotiator.INSTANCE, 0, 0); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param nextProtocols the application layer protocols to accept, in the order of preference. - * {@code null} to disable TLS NPN/ALPN extension. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public JdkSslServerContext( - File certChainFile, File keyFile, String keyPassword, - Iterable ciphers, Iterable nextProtocols, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(certChainFile, keyFile, keyPassword, ciphers, IdentityCipherSuiteFilter.INSTANCE, - toNegotiator(toApplicationProtocolConfig(nextProtocols), true), sessionCacheSize, sessionTimeout); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param cipherFilter a filter to apply over the supplied list of ciphers - * @param apn Provides a means to configure parameters related to application protocol negotiation. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public JdkSslServerContext( - File certChainFile, File keyFile, String keyPassword, - Iterable ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(certChainFile, keyFile, keyPassword, ciphers, cipherFilter, - toNegotiator(apn, true), sessionCacheSize, sessionTimeout); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param cipherFilter a filter to apply over the supplied list of ciphers - * @param apn Application Protocol Negotiator object. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public JdkSslServerContext( - File certChainFile, File keyFile, String keyPassword, - Iterable ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(null, certChainFile, keyFile, keyPassword, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout); - } +final class JdkSslServerContext extends JdkSslContext { + // FIXME test only JdkSslServerContext(Provider provider, - File certChainFile, File keyFile, String keyPassword, - Iterable ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn, - long sessionCacheSize, long sessionTimeout) throws SSLException { + File certChainFile, + File keyFile, + String keyPassword, + Iterable ciphers, + CipherSuiteFilter cipherFilter, + JdkApplicationProtocolNegotiator apn, + long sessionCacheSize, + long sessionTimeout) + throws SSLException { super(newSSLContext(provider, null, null, - toX509CertificatesInternal(certChainFile), toPrivateKeyInternal(keyFile, keyPassword), - keyPassword, null, sessionCacheSize, sessionTimeout), false, - ciphers, cipherFilter, apn, ClientAuth.NONE, null, false); - } - - /** - * Creates a new instance. - * @param trustCertCollectionFile an X.509 certificate collection file in PEM format. - * This provides the certificate collection used for mutual authentication. - * {@code null} to use the system default - * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s - * that verifies the certificates sent from clients. - * {@code null} to use the default or the results of parsing - * {@code trustCertCollectionFile}. - * @param keyCertChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s - * that is used to encrypt data being sent to clients. - * {@code null} to use the default or the results of parsing - * {@code keyCertChainFile} and {@code keyFile}. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param cipherFilter a filter to apply over the supplied list of ciphers - * Only required if {@code provider} is {@link SslProvider#JDK} - * @param apn Provides a means to configure parameters related to application protocol negotiation. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public JdkSslServerContext(File trustCertCollectionFile, TrustManagerFactory trustManagerFactory, - File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, - Iterable ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(trustCertCollectionFile, trustManagerFactory, keyCertChainFile, keyFile, keyPassword, keyManagerFactory, - ciphers, cipherFilter, toNegotiator(apn, true), sessionCacheSize, sessionTimeout); - } - - /** - * Creates a new instance. - * @param trustCertCollectionFile an X.509 certificate collection file in PEM format. - * This provides the certificate collection used for mutual authentication. - * {@code null} to use the system default - * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s - * that verifies the certificates sent from clients. - * {@code null} to use the default or the results of parsing - * {@code trustCertCollectionFile} - * @param keyCertChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s - * that is used to encrypt data being sent to clients. - * {@code null} to use the default or the results of parsing - * {@code keyCertChainFile} and {@code keyFile}. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param cipherFilter a filter to apply over the supplied list of ciphers - * Only required if {@code provider} is {@link SslProvider#JDK} - * @param apn Application Protocol Negotiator object. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public JdkSslServerContext(File trustCertCollectionFile, TrustManagerFactory trustManagerFactory, - File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, - Iterable ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn, - long sessionCacheSize, long sessionTimeout) throws SSLException { - super(newSSLContext(null, toX509CertificatesInternal(trustCertCollectionFile), trustManagerFactory, - toX509CertificatesInternal(keyCertChainFile), toPrivateKeyInternal(keyFile, keyPassword), - keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout), false, - ciphers, cipherFilter, apn, ClientAuth.NONE, null, false); + toX509CertificatesInternal(certChainFile), toPrivateKeyInternal(keyFile, keyPassword), + keyPassword, null, sessionCacheSize, sessionTimeout), false, + ciphers, cipherFilter, apn, ClientAuth.NONE, null, false); } JdkSslServerContext(Provider provider, - X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory, - X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, - KeyManagerFactory keyManagerFactory, Iterable ciphers, CipherSuiteFilter cipherFilter, - ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout, - ClientAuth clientAuth, String[] protocols, boolean startTls) throws SSLException { + X509Certificate[] trustCertCollection, + TrustManagerFactory trustManagerFactory, + X509Certificate[] keyCertChain, + PrivateKey key, + String keyPassword, + KeyManagerFactory keyManagerFactory, + Iterable ciphers, + CipherSuiteFilter cipherFilter, + ApplicationProtocolConfig apn, + long sessionCacheSize, + long sessionTimeout, + ClientAuth clientAuth, + String[] protocols, + boolean startTls) + throws SSLException { super(newSSLContext(provider, trustCertCollection, trustManagerFactory, keyCertChain, key, - keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout), false, - ciphers, cipherFilter, toNegotiator(apn, true), clientAuth, protocols, startTls); + keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout), false, + ciphers, cipherFilter, toNegotiator(apn, true), clientAuth, protocols, startTls); } private static SSLContext newSSLContext(Provider sslContextProvider, X509Certificate[] trustCertCollection, diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java index 6856c7f274..df00d26479 100644 --- a/handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java +++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java @@ -17,13 +17,11 @@ package io.netty.handler.ssl; import io.netty.internal.tcnative.SSL; -import java.io.File; import java.security.PrivateKey; import java.security.cert.X509Certificate; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLException; -import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import static io.netty.handler.ssl.ReferenceCountedOpenSslClientContext.newSessionContext; @@ -33,164 +31,29 @@ import static io.netty.handler.ssl.ReferenceCountedOpenSslClientContext.newSessi *

This class will use a finalizer to ensure native resources are automatically cleaned up. To avoid finalizers * and manually release the native memory see {@link ReferenceCountedOpenSslClientContext}. */ -public final class OpenSslClientContext extends OpenSslContext { +final class OpenSslClientContext extends OpenSslContext { private final OpenSslSessionContext sessionContext; - /** - * Creates a new instance. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslClientContext() throws SSLException { - this((File) null, null, null, null, null, null, null, IdentityCipherSuiteFilter.INSTANCE, null, 0, 0); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format. - * {@code null} to use the system default - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslClientContext(File certChainFile) throws SSLException { - this(certChainFile, null); - } - - /** - * Creates a new instance. - * - * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s - * that verifies the certificates sent from servers. - * {@code null} to use the default. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslClientContext(TrustManagerFactory trustManagerFactory) throws SSLException { - this(null, trustManagerFactory); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format. - * {@code null} to use the system default - * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s - * that verifies the certificates sent from servers. - * {@code null} to use the default. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslClientContext(File certChainFile, TrustManagerFactory trustManagerFactory) throws SSLException { - this(certChainFile, trustManagerFactory, null, null, null, null, null, - IdentityCipherSuiteFilter.INSTANCE, null, 0, 0); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format - * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s - * that verifies the certificates sent from servers. - * {@code null} to use the default.. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param apn Provides a means to configure parameters related to application protocol negotiation. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslClientContext(File certChainFile, TrustManagerFactory trustManagerFactory, Iterable ciphers, - ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) - throws SSLException { - this(certChainFile, trustManagerFactory, null, null, null, null, ciphers, IdentityCipherSuiteFilter.INSTANCE, - apn, sessionCacheSize, sessionTimeout); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format - * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s - * that verifies the certificates sent from servers. - * {@code null} to use the default.. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param cipherFilter a filter to apply over the supplied list of ciphers - * @param apn Provides a means to configure parameters related to application protocol negotiation. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslClientContext(File certChainFile, TrustManagerFactory trustManagerFactory, Iterable ciphers, - CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(certChainFile, trustManagerFactory, null, null, null, null, - ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout); - } - - /** - * Creates a new instance. - * @param trustCertCollectionFile an X.509 certificate collection file in PEM format. - * {@code null} to use the system default - * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s - * that verifies the certificates sent from servers. - * {@code null} to use the default or the results of parsing - * {@code trustCertCollectionFile} - * @param keyCertChainFile an X.509 certificate chain file in PEM format. - * This provides the public key for mutual authentication. - * {@code null} to use the system default - * @param keyFile a PKCS#8 private key file in PEM format. - * This provides the private key for mutual authentication. - * {@code null} for no mutual authentication. - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * Ignored if {@code keyFile} is {@code null}. - * @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link javax.net.ssl.KeyManager}s - * that is used to encrypt data being sent to servers. - * {@code null} to use the default or the results of parsing - * {@code keyCertChainFile} and {@code keyFile}. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param cipherFilter a filter to apply over the supplied list of ciphers - * @param apn Application Protocol Negotiator object. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslClientContext(File trustCertCollectionFile, TrustManagerFactory trustManagerFactory, - File keyCertChainFile, File keyFile, String keyPassword, - KeyManagerFactory keyManagerFactory, Iterable ciphers, - CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, - long sessionCacheSize, long sessionTimeout) - throws SSLException { - this(toX509CertificatesInternal(trustCertCollectionFile), trustManagerFactory, - toX509CertificatesInternal(keyCertChainFile), toPrivateKeyInternal(keyFile, keyPassword), - keyPassword, keyManagerFactory, ciphers, cipherFilter, apn, null, sessionCacheSize, - sessionTimeout, false); - } - - OpenSslClientContext(X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory, - X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, - KeyManagerFactory keyManagerFactory, Iterable ciphers, - CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, String[] protocols, - long sessionCacheSize, long sessionTimeout, boolean enableOcsp) - throws SSLException { + OpenSslClientContext(X509Certificate[] trustCertCollection, + TrustManagerFactory trustManagerFactory, + X509Certificate[] keyCertChain, + PrivateKey key, + String keyPassword, + KeyManagerFactory keyManagerFactory, + Iterable ciphers, + CipherSuiteFilter cipherFilter, + ApplicationProtocolConfig apn, + String[] protocols, + long sessionCacheSize, + long sessionTimeout, + boolean enableOcsp) + throws SSLException { super(ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout, SSL.SSL_MODE_CLIENT, keyCertChain, - ClientAuth.NONE, protocols, false, enableOcsp); + ClientAuth.NONE, protocols, false, enableOcsp); boolean success = false; try { sessionContext = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory, - keyCertChain, key, keyPassword, keyManagerFactory); + keyCertChain, key, keyPassword, keyManagerFactory); success = true; } finally { if (!success) { diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java index e27b05ae8b..dfd331cbf6 100644 --- a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java +++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java @@ -17,14 +17,11 @@ package io.netty.handler.ssl; import io.netty.internal.tcnative.SSL; -import java.io.File; import java.security.PrivateKey; import java.security.cert.X509Certificate; -import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLException; -import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import static io.netty.handler.ssl.ReferenceCountedOpenSslServerContext.newSessionContext; @@ -34,321 +31,32 @@ import static io.netty.handler.ssl.ReferenceCountedOpenSslServerContext.newSessi *

This class will use a finalizer to ensure native resources are automatically cleaned up. To avoid finalizers * and manually release the native memory see {@link ReferenceCountedOpenSslServerContext}. */ -public final class OpenSslServerContext extends OpenSslContext { +final class OpenSslServerContext extends OpenSslContext { private final OpenSslServerSessionContext sessionContext; - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslServerContext(File certChainFile, File keyFile) throws SSLException { - this(certChainFile, keyFile, null); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslServerContext(File certChainFile, File keyFile, String keyPassword) throws SSLException { - this(certChainFile, keyFile, keyPassword, null, IdentityCipherSuiteFilter.INSTANCE, - ApplicationProtocolConfig.DISABLED, 0, 0); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param apn Provides a means to configure parameters related to application protocol negotiation. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslServerContext( - File certChainFile, File keyFile, String keyPassword, - Iterable ciphers, ApplicationProtocolConfig apn, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(certChainFile, keyFile, keyPassword, ciphers, IdentityCipherSuiteFilter.INSTANCE, - apn, sessionCacheSize, sessionTimeout); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param nextProtocols the application layer protocols to accept, in the order of preference. - * {@code null} to disable TLS NPN/ALPN extension. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslServerContext( - File certChainFile, File keyFile, String keyPassword, - Iterable ciphers, Iterable nextProtocols, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(certChainFile, keyFile, keyPassword, ciphers, - toApplicationProtocolConfig(nextProtocols), sessionCacheSize, sessionTimeout); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param config Application protocol config. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslServerContext( - File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory, - Iterable ciphers, ApplicationProtocolConfig config, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(certChainFile, keyFile, keyPassword, trustManagerFactory, ciphers, - toNegotiator(config), sessionCacheSize, sessionTimeout); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param apn Application protocol negotiator. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslServerContext( - File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory, - Iterable ciphers, OpenSslApplicationProtocolNegotiator apn, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(null, trustManagerFactory, certChainFile, keyFile, keyPassword, null, - ciphers, null, apn, sessionCacheSize, sessionTimeout); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param cipherFilter a filter to apply over the supplied list of ciphers - * @param apn Provides a means to configure parameters related to application protocol negotiation. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslServerContext( - File certChainFile, File keyFile, String keyPassword, - Iterable ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(null, null, certChainFile, keyFile, keyPassword, null, - ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout); - } - - /** - * Creates a new instance. - * - * @param trustCertCollectionFile an X.509 certificate collection file in PEM format. - * This provides the certificate collection used for mutual authentication. - * {@code null} to use the system default - * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s - * that verifies the certificates sent from clients. - * {@code null} to use the default or the results of parsing - * {@code trustCertCollectionFile}. - * @param keyCertChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s - * that is used to encrypt data being sent to clients. - * {@code null} to use the default or the results of parsing - * {@code keyCertChainFile} and {@code keyFile}. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param cipherFilter a filter to apply over the supplied list of ciphers - * Only required if {@code provider} is {@link SslProvider#JDK} - * @param config Provides a means to configure parameters related to application protocol negotiation. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslServerContext( - File trustCertCollectionFile, TrustManagerFactory trustManagerFactory, - File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, - Iterable ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig config, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(trustCertCollectionFile, trustManagerFactory, keyCertChainFile, keyFile, keyPassword, keyManagerFactory, - ciphers, cipherFilter, toNegotiator(config), sessionCacheSize, sessionTimeout); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param cipherFilter a filter to apply over the supplied list of ciphers - * @param config Application protocol config. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslServerContext(File certChainFile, File keyFile, String keyPassword, - TrustManagerFactory trustManagerFactory, Iterable ciphers, - CipherSuiteFilter cipherFilter, ApplicationProtocolConfig config, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(null, trustManagerFactory, certChainFile, keyFile, keyPassword, null, ciphers, cipherFilter, - toNegotiator(config), sessionCacheSize, sessionTimeout); - } - - /** - * Creates a new instance. - * - * @param certChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param cipherFilter a filter to apply over the supplied list of ciphers - * @param apn Application protocol negotiator. - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder}} - */ - @Deprecated - public OpenSslServerContext( - File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory, - Iterable ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(null, trustManagerFactory, certChainFile, keyFile, keyPassword, null, ciphers, cipherFilter, - apn, sessionCacheSize, sessionTimeout); - } - - /** - * Creates a new instance. - * - * - * @param trustCertCollectionFile an X.509 certificate collection file in PEM format. - * This provides the certificate collection used for mutual authentication. - * {@code null} to use the system default - * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s - * that verifies the certificates sent from clients. - * {@code null} to use the default or the results of parsing - * {@code trustCertCollectionFile}. - * @param keyCertChainFile an X.509 certificate chain file in PEM format - * @param keyFile a PKCS#8 private key file in PEM format - * @param keyPassword the password of the {@code keyFile}. - * {@code null} if it's not password-protected. - * @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s - * that is used to encrypt data being sent to clients. - * {@code null} to use the default or the results of parsing - * {@code keyCertChainFile} and {@code keyFile}. - * @param ciphers the cipher suites to enable, in the order of preference. - * {@code null} to use the default cipher suites. - * @param cipherFilter a filter to apply over the supplied list of ciphers - * Only required if {@code provider} is {@link SslProvider#JDK} - * @param apn Application Protocol Negotiator object - * @param sessionCacheSize the size of the cache used for storing SSL session objects. - * {@code 0} to use the default value. - * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. - * {@code 0} to use the default value. - * @deprecated use {@link SslContextBuilder} - */ - @Deprecated - public OpenSslServerContext( - File trustCertCollectionFile, TrustManagerFactory trustManagerFactory, - File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, - Iterable ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn, - long sessionCacheSize, long sessionTimeout) throws SSLException { - this(toX509CertificatesInternal(trustCertCollectionFile), trustManagerFactory, - toX509CertificatesInternal(keyCertChainFile), toPrivateKeyInternal(keyFile, keyPassword), - keyPassword, keyManagerFactory, ciphers, cipherFilter, - apn, sessionCacheSize, sessionTimeout, ClientAuth.NONE, null, false, false); - } - - OpenSslServerContext( - X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory, - X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory, - Iterable ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, - long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls, - boolean enableOcsp) throws SSLException { - this(trustCertCollection, trustManagerFactory, keyCertChain, key, keyPassword, keyManagerFactory, ciphers, - cipherFilter, toNegotiator(apn), sessionCacheSize, sessionTimeout, clientAuth, protocols, startTls, - enableOcsp); - } - - @SuppressWarnings("deprecation") - private OpenSslServerContext( - X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory, - X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory, - Iterable ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn, - long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls, - boolean enableOcsp) throws SSLException { - super(ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout, SSL.SSL_MODE_SERVER, keyCertChain, - clientAuth, protocols, startTls, enableOcsp); + OpenSslServerContext(X509Certificate[] trustCertCollection, + TrustManagerFactory trustManagerFactory, + X509Certificate[] keyCertChain, + PrivateKey key, + String keyPassword, + KeyManagerFactory keyManagerFactory, + Iterable ciphers, + CipherSuiteFilter cipherFilter, + ApplicationProtocolConfig apn, + long sessionCacheSize, + long sessionTimeout, + ClientAuth clientAuth, + String[] protocols, + boolean startTls, + boolean enableOcsp) + throws SSLException { + super(ciphers, cipherFilter, toNegotiator(apn), sessionCacheSize, sessionTimeout, SSL.SSL_MODE_SERVER, + keyCertChain, clientAuth, protocols, startTls, enableOcsp); // Create a new SSL_CTX and configure it. boolean success = false; try { sessionContext = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory, - keyCertChain, key, keyPassword, keyManagerFactory); + keyCertChain, key, keyPassword, keyManagerFactory); success = true; } finally { if (!success) { diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkSslClientContextTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkSslClientContextTest.java index 22f3e05194..0da513e456 100644 --- a/handler/src/test/java/io/netty/handler/ssl/JdkSslClientContextTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/JdkSslClientContextTest.java @@ -15,15 +15,15 @@ */ package io.netty.handler.ssl; -import io.netty.handler.ssl.util.InsecureTrustManagerFactory; - import javax.net.ssl.SSLException; import java.io.File; public class JdkSslClientContextTest extends SslContextTest { @Override protected SslContext newServerContext(File crtFile, File keyFile, String pass) throws SSLException { - return new JdkSslClientContext(crtFile, InsecureTrustManagerFactory.INSTANCE, crtFile, keyFile, pass, - null, null, IdentityCipherSuiteFilter.INSTANCE, ApplicationProtocolConfig.DISABLED, 0, 0); + return SslContextBuilder.forClient() + .sslProvider(SslProvider.JDK) + .keyManager(crtFile, keyFile, pass) + .build(); } } diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkSslServerContextTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkSslServerContextTest.java index 73dc730b3c..f01b07ddbd 100644 --- a/handler/src/test/java/io/netty/handler/ssl/JdkSslServerContextTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/JdkSslServerContextTest.java @@ -22,6 +22,6 @@ public class JdkSslServerContextTest extends SslContextTest { @Override protected SslContext newServerContext(File crtFile, File keyFile, String pass) throws SSLException { - return new JdkSslServerContext(crtFile, keyFile, pass); + return SslContextBuilder.forServer(crtFile, keyFile, pass).sslProvider(SslProvider.JDK).build(); } } diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java index 6011cf71c8..b1cc756863 100644 --- a/handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java @@ -32,7 +32,11 @@ public class OpenSslClientContextTest extends SslContextTest { @Override protected SslContext newServerContext(File crtFile, File keyFile, String pass) throws SSLException { - return new OpenSslClientContext(crtFile, InsecureTrustManagerFactory.INSTANCE, crtFile, keyFile, pass, - null, null, IdentityCipherSuiteFilter.INSTANCE, ApplicationProtocolConfig.DISABLED, 0, 0); + return SslContextBuilder.forClient() + .sslProvider(SslProvider.OPENSSL) + .trustManager(InsecureTrustManagerFactory.INSTANCE) + .keyManager(crtFile, keyFile, pass) + .applicationProtocolConfig(ApplicationProtocolConfig.DISABLED) + .build(); } } diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java index f22d0452a8..058d35177f 100644 --- a/handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java @@ -34,6 +34,6 @@ public class OpenSslServerContextTest extends SslContextTest { @Override protected SslContext newServerContext(File crtFile, File keyFile, String pass) throws SSLException { Assume.assumeTrue(OpenSsl.isAvailable()); - return new OpenSslServerContext(crtFile, keyFile, pass); + return SslContextBuilder.forServer(crtFile, keyFile, pass).sslProvider(SslProvider.OPENSSL).build(); } } diff --git a/handler/src/test/java/io/netty/handler/ssl/SslContextTest.java b/handler/src/test/java/io/netty/handler/ssl/SslContextTest.java index 247575b2df..125ce44c48 100644 --- a/handler/src/test/java/io/netty/handler/ssl/SslContextTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/SslContextTest.java @@ -87,7 +87,7 @@ public abstract class SslContextTest { newServerContext(crtFile, keyFile, null); } - @Test(expected = SSLException.class) + @Test(expected = IllegalArgumentException.class) public void testSslServerWithUnencryptedPrivateKeyEmptyPass() throws SSLException { File keyFile = ResourcesUtil.getFile(getClass(), "test_unencrypted.pem"); File crtFile = ResourcesUtil.getFile(getClass(), "test.crt"); diff --git a/testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketSslClientRenegotiateTest.java b/testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketSslClientRenegotiateTest.java index 9ba7a85609..6e07fc3c43 100644 --- a/testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketSslClientRenegotiateTest.java +++ b/testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketSslClientRenegotiateTest.java @@ -24,12 +24,12 @@ import io.netty.channel.ChannelHandlerContext; import io.netty.channel.ChannelInitializer; import io.netty.channel.SimpleChannelInboundHandler; import io.netty.handler.codec.DecoderException; -import io.netty.handler.ssl.JdkSslClientContext; import io.netty.handler.ssl.OpenSsl; -import io.netty.handler.ssl.OpenSslServerContext; import io.netty.handler.ssl.SslContext; +import io.netty.handler.ssl.SslContextBuilder; import io.netty.handler.ssl.SslHandler; import io.netty.handler.ssl.SslHandshakeCompletionEvent; +import io.netty.handler.ssl.SslProvider; import io.netty.handler.ssl.util.SelfSignedCertificate; import io.netty.util.concurrent.Future; import io.netty.util.internal.logging.InternalLogger; @@ -77,12 +77,20 @@ public class SocketSslClientRenegotiateTest extends AbstractSocketTest { public static Collection data() throws Exception { List serverContexts = new ArrayList<>(); List clientContexts = new ArrayList<>(); - clientContexts.add(new JdkSslClientContext(CERT_FILE)); + clientContexts.add( + SslContextBuilder.forClient() + .trustManager(CERT_FILE) + .sslProvider(SslProvider.JDK) + .build() + ); boolean hasOpenSsl = OpenSsl.isAvailable(); if (hasOpenSsl) { - OpenSslServerContext context = new OpenSslServerContext(CERT_FILE, KEY_FILE); - serverContexts.add(context); + serverContexts.add( + SslContextBuilder.forServer(CERT_FILE, KEY_FILE) + .sslProvider(SslProvider.OPENSSL) + .build() + ); } else { logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause()); } diff --git a/testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketSslSessionReuseTest.java b/testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketSslSessionReuseTest.java index 4907fab0e1..e16d23613a 100644 --- a/testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketSslSessionReuseTest.java +++ b/testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketSslSessionReuseTest.java @@ -26,10 +26,10 @@ import io.netty.channel.ChannelHandler.Sharable; import io.netty.channel.ChannelInitializer; import io.netty.channel.SimpleChannelInboundHandler; import io.netty.channel.socket.SocketChannel; -import io.netty.handler.ssl.JdkSslClientContext; -import io.netty.handler.ssl.JdkSslServerContext; import io.netty.handler.ssl.SslContext; +import io.netty.handler.ssl.SslContextBuilder; import io.netty.handler.ssl.SslHandler; +import io.netty.handler.ssl.SslProvider; import io.netty.handler.ssl.util.SelfSignedCertificate; import io.netty.util.internal.logging.InternalLogger; import io.netty.util.internal.logging.InternalLoggerFactory; @@ -77,8 +77,8 @@ public class SocketSslSessionReuseTest extends AbstractSocketTest { @Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}") public static Collection data() throws Exception { return Collections.singletonList(new Object[] { - new JdkSslServerContext(CERT_FILE, KEY_FILE), - new JdkSslClientContext(CERT_FILE) + SslContextBuilder.forServer(CERT_FILE, KEY_FILE).sslProvider(SslProvider.JDK).build(), + SslContextBuilder.forClient().trustManager(CERT_FILE).sslProvider(SslProvider.JDK).build() }); }