Polishing.
Remove verifyMode setters on LettuceConnectionFactory to not expose additional properties already exposed via ClientConfiguration. Deprecate LettuceClientConfiguration.isVerifyPeer in favor of getVerifyMode. See #2899 Original pull request: #2934
This commit is contained in:
@@ -48,13 +48,13 @@ class DefaultLettuceClientConfiguration implements LettuceClientConfiguration {
|
||||
private final Duration shutdownTimeout;
|
||||
private final Duration shutdownQuietPeriod;
|
||||
|
||||
DefaultLettuceClientConfiguration(boolean useSsl, boolean verifyPeer, boolean startTls,
|
||||
DefaultLettuceClientConfiguration(boolean useSsl, SslVerifyMode verifyMode, boolean startTls,
|
||||
@Nullable ClientResources clientResources, @Nullable ClientOptions clientOptions, @Nullable String clientName,
|
||||
@Nullable ReadFrom readFrom, @Nullable RedisCredentialsProviderFactory redisCredentialsProviderFactory,
|
||||
Duration timeout, Duration shutdownTimeout, @Nullable Duration shutdownQuietPeriod) {
|
||||
|
||||
this.useSsl = useSsl;
|
||||
this.verifyMode = verifyPeer ? SslVerifyMode.FULL : SslVerifyMode.NONE;
|
||||
this.verifyMode = verifyMode;
|
||||
this.startTls = startTls;
|
||||
this.clientResources = Optional.ofNullable(clientResources);
|
||||
this.clientOptions = Optional.ofNullable(clientOptions);
|
||||
|
||||
@@ -52,6 +52,7 @@ class DefaultLettucePoolingClientConfiguration implements LettucePoolingClientCo
|
||||
}
|
||||
|
||||
@Override
|
||||
@Deprecated
|
||||
public boolean isVerifyPeer() {
|
||||
return clientConfiguration.isVerifyPeer();
|
||||
}
|
||||
|
||||
@@ -66,11 +66,14 @@ public interface LettuceClientConfiguration {
|
||||
|
||||
/**
|
||||
* @return {@literal true} to verify peers when using {@link #isUseSsl() SSL}.
|
||||
* @deprecated since 3.4, use {@link #getVerifyMode()} for how peer verification is configured.
|
||||
*/
|
||||
@Deprecated(since = "3.4")
|
||||
boolean isVerifyPeer();
|
||||
|
||||
/**
|
||||
* @return the {@link io.lettuce.core.SslVerifyMode}.
|
||||
* @since 3.4
|
||||
*/
|
||||
SslVerifyMode getVerifyMode();
|
||||
|
||||
@@ -354,7 +357,7 @@ public interface LettuceClientConfiguration {
|
||||
*/
|
||||
public LettuceClientConfiguration build() {
|
||||
|
||||
return new DefaultLettuceClientConfiguration(useSsl, verifyMode != SslVerifyMode.NONE, startTls, clientResources, clientOptions,
|
||||
return new DefaultLettuceClientConfiguration(useSsl, verifyMode, startTls, clientResources, clientOptions,
|
||||
clientName, readFrom, redisCredentialsProviderFactory, timeout, shutdownTimeout, shutdownQuietPeriod);
|
||||
}
|
||||
}
|
||||
@@ -364,7 +367,7 @@ public interface LettuceClientConfiguration {
|
||||
*/
|
||||
class LettuceSslClientConfigurationBuilder {
|
||||
|
||||
private LettuceClientConfigurationBuilder delegate;
|
||||
private final LettuceClientConfigurationBuilder delegate;
|
||||
|
||||
LettuceSslClientConfigurationBuilder(LettuceClientConfigurationBuilder delegate) {
|
||||
|
||||
@@ -372,15 +375,27 @@ public interface LettuceClientConfiguration {
|
||||
this.delegate = delegate;
|
||||
}
|
||||
|
||||
/**
|
||||
* Configure peer verification.
|
||||
*
|
||||
* @return {@literal this} builder.
|
||||
* @since 3.4
|
||||
*/
|
||||
public LettuceSslClientConfigurationBuilder verifyPeer(SslVerifyMode verifyMode) {
|
||||
|
||||
Assert.notNull(verifyMode, "SslVerifyMode must not be null");
|
||||
|
||||
delegate.verifyMode = verifyMode;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Disable peer verification.
|
||||
*
|
||||
* @return {@literal this} builder.
|
||||
*/
|
||||
public LettuceSslClientConfigurationBuilder disablePeerVerification() {
|
||||
|
||||
delegate.verifyMode = SslVerifyMode.NONE;
|
||||
return this;
|
||||
return verifyPeer(SslVerifyMode.NONE);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -64,7 +64,6 @@ import org.springframework.data.redis.connection.*;
|
||||
import org.springframework.data.redis.connection.RedisConfiguration.ClusterConfiguration;
|
||||
import org.springframework.data.redis.connection.RedisConfiguration.WithDatabaseIndex;
|
||||
import org.springframework.data.redis.connection.RedisConfiguration.WithPassword;
|
||||
import org.springframework.data.redis.connection.lettuce.LettuceConnection.PipeliningFlushPolicy;
|
||||
import org.springframework.data.redis.util.RedisAssertions;
|
||||
import org.springframework.data.util.Optionals;
|
||||
import org.springframework.lang.Nullable;
|
||||
@@ -476,7 +475,9 @@ public class LettuceConnectionFactory implements RedisConnectionFactory, Reactiv
|
||||
* Returns whether to verify certificate validity/hostname check when SSL is used.
|
||||
*
|
||||
* @return whether to verify peers when using SSL.
|
||||
* @deprecated since 3.4, use {@link LettuceClientConfiguration#getVerifyMode()} instead.
|
||||
*/
|
||||
@Deprecated(since = "3.4")
|
||||
public boolean isVerifyPeer() {
|
||||
return clientConfiguration.isVerifyPeer();
|
||||
}
|
||||
@@ -493,19 +494,6 @@ public class LettuceConnectionFactory implements RedisConnectionFactory, Reactiv
|
||||
getMutableConfiguration().setVerifyPeer(verifyPeer);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the mode to verify peers when using SSL.
|
||||
* <p>
|
||||
* FULL will enable a full certificate verification.
|
||||
* CA means Lettuces only verify the certificate and skip verifying th hostname matches. NONE will disable
|
||||
* verification and {@link #isVerifyPeer() isVerifyPeer} will return false with this mode.
|
||||
*
|
||||
* @return the verify mode of {@link io.lettuce.core.SslVerifyMode}.
|
||||
*/
|
||||
public SslVerifyMode getVerifyMode() {
|
||||
return getMutableConfiguration().getVerifyMode();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns whether to issue a StartTLS.
|
||||
*
|
||||
@@ -1479,7 +1467,7 @@ public class LettuceConnectionFactory implements RedisConnectionFactory, Reactiv
|
||||
|
||||
builder.withDatabase(getDatabase());
|
||||
builder.withSsl(clientConfiguration.isUseSsl());
|
||||
builder.withVerifyPeer(clientConfiguration.isVerifyPeer());
|
||||
builder.withVerifyPeer(clientConfiguration.getVerifyMode());
|
||||
builder.withStartTls(clientConfiguration.isStartTls());
|
||||
builder.withTimeout(clientConfiguration.getCommandTimeout());
|
||||
|
||||
@@ -1705,11 +1693,7 @@ public class LettuceConnectionFactory implements RedisConnectionFactory, Reactiv
|
||||
}
|
||||
|
||||
void setVerifyPeer(boolean verifyPeer) {
|
||||
this.verifyMode = verifyPeer? SslVerifyMode.FULL: SslVerifyMode.NONE;
|
||||
}
|
||||
|
||||
void setVerifyPeer(SslVerifyMode verifyMode) {
|
||||
this.verifyMode = verifyMode;
|
||||
this.verifyMode = verifyPeer ? SslVerifyMode.FULL : SslVerifyMode.NONE;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -378,7 +378,7 @@ class LettuceConnectionFactoryUnitTests {
|
||||
assertThat(redisUri.isVerifyPeer()).isTrue();
|
||||
assertThat(redisUri.getVerifyMode().equals(SslVerifyMode.FULL));
|
||||
assertThat(connectionFactory.isVerifyPeer()).isTrue();
|
||||
assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.FULL));
|
||||
assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.FULL));
|
||||
}
|
||||
|
||||
@Test // DATAREDIS-476
|
||||
@@ -399,7 +399,7 @@ class LettuceConnectionFactoryUnitTests {
|
||||
assertThat(redisUri.isVerifyPeer()).isTrue();
|
||||
assertThat(redisUri.getVerifyMode().equals(SslVerifyMode.FULL));
|
||||
assertThat(connectionFactory.isVerifyPeer()).isTrue();
|
||||
assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.FULL));
|
||||
assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.FULL));
|
||||
}
|
||||
|
||||
@Test // DATAREDIS-480
|
||||
@@ -419,7 +419,7 @@ class LettuceConnectionFactoryUnitTests {
|
||||
assertThat(redisUri.isVerifyPeer()).isFalse();
|
||||
assertThat(redisUri.getVerifyMode().equals(SslVerifyMode.NONE));
|
||||
assertThat(connectionFactory.isVerifyPeer()).isFalse();
|
||||
assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.NONE));
|
||||
assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.NONE));
|
||||
}
|
||||
|
||||
@Test // DATAREDIS-480
|
||||
@@ -460,7 +460,7 @@ class LettuceConnectionFactoryUnitTests {
|
||||
assertThat(redisUri.isVerifyPeer()).isTrue();
|
||||
assertThat(redisUri.getVerifyMode().equals(SslVerifyMode.FULL));
|
||||
assertThat(connectionFactory.isVerifyPeer()).isTrue();
|
||||
assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.FULL));
|
||||
assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.FULL));
|
||||
}
|
||||
|
||||
@Test // DATAREDIS-990
|
||||
@@ -480,7 +480,7 @@ class LettuceConnectionFactoryUnitTests {
|
||||
|
||||
assertThat(redisUri.isVerifyPeer()).isFalse();
|
||||
assertThat(connectionFactory.isVerifyPeer()).isFalse();
|
||||
assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.NONE));
|
||||
assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.NONE));
|
||||
}
|
||||
|
||||
@Test // DATAREDIS-990
|
||||
@@ -757,7 +757,7 @@ class LettuceConnectionFactoryUnitTests {
|
||||
|
||||
assertThat(connectionFactory.isUseSsl()).isTrue();
|
||||
assertThat(connectionFactory.isVerifyPeer()).isFalse();
|
||||
assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.NONE));
|
||||
assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.NONE));
|
||||
assertThat(connectionFactory.isStartTls()).isTrue();
|
||||
assertThat(connectionFactory.getClientResources()).isEqualTo(sharedClientResources);
|
||||
assertThat(connectionFactory.getTimeout()).isEqualTo(Duration.ofMinutes(5).toMillis());
|
||||
|
||||
Reference in New Issue
Block a user