Polishing.

Remove verifyMode setters on LettuceConnectionFactory to not expose additional properties already exposed via ClientConfiguration.

Deprecate LettuceClientConfiguration.isVerifyPeer in favor of getVerifyMode.

See #2899
Original pull request: #2934
This commit is contained in:
Mark Paluch
2024-08-08 15:29:42 +02:00
parent b41547e825
commit ba2c9bae90
5 changed files with 33 additions and 33 deletions

View File

@@ -48,13 +48,13 @@ class DefaultLettuceClientConfiguration implements LettuceClientConfiguration {
private final Duration shutdownTimeout;
private final Duration shutdownQuietPeriod;
DefaultLettuceClientConfiguration(boolean useSsl, boolean verifyPeer, boolean startTls,
DefaultLettuceClientConfiguration(boolean useSsl, SslVerifyMode verifyMode, boolean startTls,
@Nullable ClientResources clientResources, @Nullable ClientOptions clientOptions, @Nullable String clientName,
@Nullable ReadFrom readFrom, @Nullable RedisCredentialsProviderFactory redisCredentialsProviderFactory,
Duration timeout, Duration shutdownTimeout, @Nullable Duration shutdownQuietPeriod) {
this.useSsl = useSsl;
this.verifyMode = verifyPeer ? SslVerifyMode.FULL : SslVerifyMode.NONE;
this.verifyMode = verifyMode;
this.startTls = startTls;
this.clientResources = Optional.ofNullable(clientResources);
this.clientOptions = Optional.ofNullable(clientOptions);

View File

@@ -52,6 +52,7 @@ class DefaultLettucePoolingClientConfiguration implements LettucePoolingClientCo
}
@Override
@Deprecated
public boolean isVerifyPeer() {
return clientConfiguration.isVerifyPeer();
}

View File

@@ -66,11 +66,14 @@ public interface LettuceClientConfiguration {
/**
* @return {@literal true} to verify peers when using {@link #isUseSsl() SSL}.
* @deprecated since 3.4, use {@link #getVerifyMode()} for how peer verification is configured.
*/
@Deprecated(since = "3.4")
boolean isVerifyPeer();
/**
* @return the {@link io.lettuce.core.SslVerifyMode}.
* @since 3.4
*/
SslVerifyMode getVerifyMode();
@@ -354,7 +357,7 @@ public interface LettuceClientConfiguration {
*/
public LettuceClientConfiguration build() {
return new DefaultLettuceClientConfiguration(useSsl, verifyMode != SslVerifyMode.NONE, startTls, clientResources, clientOptions,
return new DefaultLettuceClientConfiguration(useSsl, verifyMode, startTls, clientResources, clientOptions,
clientName, readFrom, redisCredentialsProviderFactory, timeout, shutdownTimeout, shutdownQuietPeriod);
}
}
@@ -364,7 +367,7 @@ public interface LettuceClientConfiguration {
*/
class LettuceSslClientConfigurationBuilder {
private LettuceClientConfigurationBuilder delegate;
private final LettuceClientConfigurationBuilder delegate;
LettuceSslClientConfigurationBuilder(LettuceClientConfigurationBuilder delegate) {
@@ -372,15 +375,27 @@ public interface LettuceClientConfiguration {
this.delegate = delegate;
}
/**
* Configure peer verification.
*
* @return {@literal this} builder.
* @since 3.4
*/
public LettuceSslClientConfigurationBuilder verifyPeer(SslVerifyMode verifyMode) {
Assert.notNull(verifyMode, "SslVerifyMode must not be null");
delegate.verifyMode = verifyMode;
return this;
}
/**
* Disable peer verification.
*
* @return {@literal this} builder.
*/
public LettuceSslClientConfigurationBuilder disablePeerVerification() {
delegate.verifyMode = SslVerifyMode.NONE;
return this;
return verifyPeer(SslVerifyMode.NONE);
}
/**

View File

@@ -64,7 +64,6 @@ import org.springframework.data.redis.connection.*;
import org.springframework.data.redis.connection.RedisConfiguration.ClusterConfiguration;
import org.springframework.data.redis.connection.RedisConfiguration.WithDatabaseIndex;
import org.springframework.data.redis.connection.RedisConfiguration.WithPassword;
import org.springframework.data.redis.connection.lettuce.LettuceConnection.PipeliningFlushPolicy;
import org.springframework.data.redis.util.RedisAssertions;
import org.springframework.data.util.Optionals;
import org.springframework.lang.Nullable;
@@ -476,7 +475,9 @@ public class LettuceConnectionFactory implements RedisConnectionFactory, Reactiv
* Returns whether to verify certificate validity/hostname check when SSL is used.
*
* @return whether to verify peers when using SSL.
* @deprecated since 3.4, use {@link LettuceClientConfiguration#getVerifyMode()} instead.
*/
@Deprecated(since = "3.4")
public boolean isVerifyPeer() {
return clientConfiguration.isVerifyPeer();
}
@@ -493,19 +494,6 @@ public class LettuceConnectionFactory implements RedisConnectionFactory, Reactiv
getMutableConfiguration().setVerifyPeer(verifyPeer);
}
/**
* Returns the mode to verify peers when using SSL.
* <p>
* FULL will enable a full certificate verification.
* CA means Lettuces only verify the certificate and skip verifying th hostname matches. NONE will disable
* verification and {@link #isVerifyPeer() isVerifyPeer} will return false with this mode.
*
* @return the verify mode of {@link io.lettuce.core.SslVerifyMode}.
*/
public SslVerifyMode getVerifyMode() {
return getMutableConfiguration().getVerifyMode();
}
/**
* Returns whether to issue a StartTLS.
*
@@ -1479,7 +1467,7 @@ public class LettuceConnectionFactory implements RedisConnectionFactory, Reactiv
builder.withDatabase(getDatabase());
builder.withSsl(clientConfiguration.isUseSsl());
builder.withVerifyPeer(clientConfiguration.isVerifyPeer());
builder.withVerifyPeer(clientConfiguration.getVerifyMode());
builder.withStartTls(clientConfiguration.isStartTls());
builder.withTimeout(clientConfiguration.getCommandTimeout());
@@ -1705,11 +1693,7 @@ public class LettuceConnectionFactory implements RedisConnectionFactory, Reactiv
}
void setVerifyPeer(boolean verifyPeer) {
this.verifyMode = verifyPeer? SslVerifyMode.FULL: SslVerifyMode.NONE;
}
void setVerifyPeer(SslVerifyMode verifyMode) {
this.verifyMode = verifyMode;
this.verifyMode = verifyPeer ? SslVerifyMode.FULL : SslVerifyMode.NONE;
}
@Override

View File

@@ -378,7 +378,7 @@ class LettuceConnectionFactoryUnitTests {
assertThat(redisUri.isVerifyPeer()).isTrue();
assertThat(redisUri.getVerifyMode().equals(SslVerifyMode.FULL));
assertThat(connectionFactory.isVerifyPeer()).isTrue();
assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.FULL));
assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.FULL));
}
@Test // DATAREDIS-476
@@ -399,7 +399,7 @@ class LettuceConnectionFactoryUnitTests {
assertThat(redisUri.isVerifyPeer()).isTrue();
assertThat(redisUri.getVerifyMode().equals(SslVerifyMode.FULL));
assertThat(connectionFactory.isVerifyPeer()).isTrue();
assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.FULL));
assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.FULL));
}
@Test // DATAREDIS-480
@@ -419,7 +419,7 @@ class LettuceConnectionFactoryUnitTests {
assertThat(redisUri.isVerifyPeer()).isFalse();
assertThat(redisUri.getVerifyMode().equals(SslVerifyMode.NONE));
assertThat(connectionFactory.isVerifyPeer()).isFalse();
assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.NONE));
assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.NONE));
}
@Test // DATAREDIS-480
@@ -460,7 +460,7 @@ class LettuceConnectionFactoryUnitTests {
assertThat(redisUri.isVerifyPeer()).isTrue();
assertThat(redisUri.getVerifyMode().equals(SslVerifyMode.FULL));
assertThat(connectionFactory.isVerifyPeer()).isTrue();
assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.FULL));
assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.FULL));
}
@Test // DATAREDIS-990
@@ -480,7 +480,7 @@ class LettuceConnectionFactoryUnitTests {
assertThat(redisUri.isVerifyPeer()).isFalse();
assertThat(connectionFactory.isVerifyPeer()).isFalse();
assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.NONE));
assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.NONE));
}
@Test // DATAREDIS-990
@@ -757,7 +757,7 @@ class LettuceConnectionFactoryUnitTests {
assertThat(connectionFactory.isUseSsl()).isTrue();
assertThat(connectionFactory.isVerifyPeer()).isFalse();
assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.NONE));
assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.NONE));
assertThat(connectionFactory.isStartTls()).isTrue();
assertThat(connectionFactory.getClientResources()).isEqualTo(sharedClientResources);
assertThat(connectionFactory.getTimeout()).isEqualTo(Duration.ofMinutes(5).toMillis());