diff --git a/src/main/java/org/springframework/data/redis/connection/lettuce/DefaultLettuceClientConfiguration.java b/src/main/java/org/springframework/data/redis/connection/lettuce/DefaultLettuceClientConfiguration.java index 976037e1a..c771163f9 100644 --- a/src/main/java/org/springframework/data/redis/connection/lettuce/DefaultLettuceClientConfiguration.java +++ b/src/main/java/org/springframework/data/redis/connection/lettuce/DefaultLettuceClientConfiguration.java @@ -48,13 +48,13 @@ class DefaultLettuceClientConfiguration implements LettuceClientConfiguration { private final Duration shutdownTimeout; private final Duration shutdownQuietPeriod; - DefaultLettuceClientConfiguration(boolean useSsl, boolean verifyPeer, boolean startTls, + DefaultLettuceClientConfiguration(boolean useSsl, SslVerifyMode verifyMode, boolean startTls, @Nullable ClientResources clientResources, @Nullable ClientOptions clientOptions, @Nullable String clientName, @Nullable ReadFrom readFrom, @Nullable RedisCredentialsProviderFactory redisCredentialsProviderFactory, Duration timeout, Duration shutdownTimeout, @Nullable Duration shutdownQuietPeriod) { this.useSsl = useSsl; - this.verifyMode = verifyPeer ? SslVerifyMode.FULL : SslVerifyMode.NONE; + this.verifyMode = verifyMode; this.startTls = startTls; this.clientResources = Optional.ofNullable(clientResources); this.clientOptions = Optional.ofNullable(clientOptions); diff --git a/src/main/java/org/springframework/data/redis/connection/lettuce/DefaultLettucePoolingClientConfiguration.java b/src/main/java/org/springframework/data/redis/connection/lettuce/DefaultLettucePoolingClientConfiguration.java index 70043b16a..6a89a2bd3 100644 --- a/src/main/java/org/springframework/data/redis/connection/lettuce/DefaultLettucePoolingClientConfiguration.java +++ b/src/main/java/org/springframework/data/redis/connection/lettuce/DefaultLettucePoolingClientConfiguration.java @@ -52,6 +52,7 @@ class DefaultLettucePoolingClientConfiguration implements LettucePoolingClientCo } @Override + @Deprecated public boolean isVerifyPeer() { return clientConfiguration.isVerifyPeer(); } diff --git a/src/main/java/org/springframework/data/redis/connection/lettuce/LettuceClientConfiguration.java b/src/main/java/org/springframework/data/redis/connection/lettuce/LettuceClientConfiguration.java index 77ac8c5d4..eea4e340c 100644 --- a/src/main/java/org/springframework/data/redis/connection/lettuce/LettuceClientConfiguration.java +++ b/src/main/java/org/springframework/data/redis/connection/lettuce/LettuceClientConfiguration.java @@ -66,11 +66,14 @@ public interface LettuceClientConfiguration { /** * @return {@literal true} to verify peers when using {@link #isUseSsl() SSL}. + * @deprecated since 3.4, use {@link #getVerifyMode()} for how peer verification is configured. */ + @Deprecated(since = "3.4") boolean isVerifyPeer(); /** * @return the {@link io.lettuce.core.SslVerifyMode}. + * @since 3.4 */ SslVerifyMode getVerifyMode(); @@ -354,7 +357,7 @@ public interface LettuceClientConfiguration { */ public LettuceClientConfiguration build() { - return new DefaultLettuceClientConfiguration(useSsl, verifyMode != SslVerifyMode.NONE, startTls, clientResources, clientOptions, + return new DefaultLettuceClientConfiguration(useSsl, verifyMode, startTls, clientResources, clientOptions, clientName, readFrom, redisCredentialsProviderFactory, timeout, shutdownTimeout, shutdownQuietPeriod); } } @@ -364,7 +367,7 @@ public interface LettuceClientConfiguration { */ class LettuceSslClientConfigurationBuilder { - private LettuceClientConfigurationBuilder delegate; + private final LettuceClientConfigurationBuilder delegate; LettuceSslClientConfigurationBuilder(LettuceClientConfigurationBuilder delegate) { @@ -372,15 +375,27 @@ public interface LettuceClientConfiguration { this.delegate = delegate; } + /** + * Configure peer verification. + * + * @return {@literal this} builder. + * @since 3.4 + */ + public LettuceSslClientConfigurationBuilder verifyPeer(SslVerifyMode verifyMode) { + + Assert.notNull(verifyMode, "SslVerifyMode must not be null"); + + delegate.verifyMode = verifyMode; + return this; + } + /** * Disable peer verification. * * @return {@literal this} builder. */ public LettuceSslClientConfigurationBuilder disablePeerVerification() { - - delegate.verifyMode = SslVerifyMode.NONE; - return this; + return verifyPeer(SslVerifyMode.NONE); } /** diff --git a/src/main/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactory.java b/src/main/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactory.java index f37035f76..e673c8257 100644 --- a/src/main/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactory.java +++ b/src/main/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactory.java @@ -64,7 +64,6 @@ import org.springframework.data.redis.connection.*; import org.springframework.data.redis.connection.RedisConfiguration.ClusterConfiguration; import org.springframework.data.redis.connection.RedisConfiguration.WithDatabaseIndex; import org.springframework.data.redis.connection.RedisConfiguration.WithPassword; -import org.springframework.data.redis.connection.lettuce.LettuceConnection.PipeliningFlushPolicy; import org.springframework.data.redis.util.RedisAssertions; import org.springframework.data.util.Optionals; import org.springframework.lang.Nullable; @@ -476,7 +475,9 @@ public class LettuceConnectionFactory implements RedisConnectionFactory, Reactiv * Returns whether to verify certificate validity/hostname check when SSL is used. * * @return whether to verify peers when using SSL. + * @deprecated since 3.4, use {@link LettuceClientConfiguration#getVerifyMode()} instead. */ + @Deprecated(since = "3.4") public boolean isVerifyPeer() { return clientConfiguration.isVerifyPeer(); } @@ -493,19 +494,6 @@ public class LettuceConnectionFactory implements RedisConnectionFactory, Reactiv getMutableConfiguration().setVerifyPeer(verifyPeer); } - /** - * Returns the mode to verify peers when using SSL. - *
- * FULL will enable a full certificate verification. - * CA means Lettuces only verify the certificate and skip verifying th hostname matches. NONE will disable - * verification and {@link #isVerifyPeer() isVerifyPeer} will return false with this mode. - * - * @return the verify mode of {@link io.lettuce.core.SslVerifyMode}. - */ - public SslVerifyMode getVerifyMode() { - return getMutableConfiguration().getVerifyMode(); - } - /** * Returns whether to issue a StartTLS. * @@ -1479,7 +1467,7 @@ public class LettuceConnectionFactory implements RedisConnectionFactory, Reactiv builder.withDatabase(getDatabase()); builder.withSsl(clientConfiguration.isUseSsl()); - builder.withVerifyPeer(clientConfiguration.isVerifyPeer()); + builder.withVerifyPeer(clientConfiguration.getVerifyMode()); builder.withStartTls(clientConfiguration.isStartTls()); builder.withTimeout(clientConfiguration.getCommandTimeout()); @@ -1705,11 +1693,7 @@ public class LettuceConnectionFactory implements RedisConnectionFactory, Reactiv } void setVerifyPeer(boolean verifyPeer) { - this.verifyMode = verifyPeer? SslVerifyMode.FULL: SslVerifyMode.NONE; - } - - void setVerifyPeer(SslVerifyMode verifyMode) { - this.verifyMode = verifyMode; + this.verifyMode = verifyPeer ? SslVerifyMode.FULL : SslVerifyMode.NONE; } @Override diff --git a/src/test/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactoryUnitTests.java b/src/test/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactoryUnitTests.java index 952114585..548fce0f4 100644 --- a/src/test/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactoryUnitTests.java +++ b/src/test/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactoryUnitTests.java @@ -378,7 +378,7 @@ class LettuceConnectionFactoryUnitTests { assertThat(redisUri.isVerifyPeer()).isTrue(); assertThat(redisUri.getVerifyMode().equals(SslVerifyMode.FULL)); assertThat(connectionFactory.isVerifyPeer()).isTrue(); - assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.FULL)); + assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.FULL)); } @Test // DATAREDIS-476 @@ -399,7 +399,7 @@ class LettuceConnectionFactoryUnitTests { assertThat(redisUri.isVerifyPeer()).isTrue(); assertThat(redisUri.getVerifyMode().equals(SslVerifyMode.FULL)); assertThat(connectionFactory.isVerifyPeer()).isTrue(); - assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.FULL)); + assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.FULL)); } @Test // DATAREDIS-480 @@ -419,7 +419,7 @@ class LettuceConnectionFactoryUnitTests { assertThat(redisUri.isVerifyPeer()).isFalse(); assertThat(redisUri.getVerifyMode().equals(SslVerifyMode.NONE)); assertThat(connectionFactory.isVerifyPeer()).isFalse(); - assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.NONE)); + assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.NONE)); } @Test // DATAREDIS-480 @@ -460,7 +460,7 @@ class LettuceConnectionFactoryUnitTests { assertThat(redisUri.isVerifyPeer()).isTrue(); assertThat(redisUri.getVerifyMode().equals(SslVerifyMode.FULL)); assertThat(connectionFactory.isVerifyPeer()).isTrue(); - assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.FULL)); + assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.FULL)); } @Test // DATAREDIS-990 @@ -480,7 +480,7 @@ class LettuceConnectionFactoryUnitTests { assertThat(redisUri.isVerifyPeer()).isFalse(); assertThat(connectionFactory.isVerifyPeer()).isFalse(); - assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.NONE)); + assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.NONE)); } @Test // DATAREDIS-990 @@ -757,7 +757,7 @@ class LettuceConnectionFactoryUnitTests { assertThat(connectionFactory.isUseSsl()).isTrue(); assertThat(connectionFactory.isVerifyPeer()).isFalse(); - assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.NONE)); + assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.NONE)); assertThat(connectionFactory.isStartTls()).isTrue(); assertThat(connectionFactory.getClientResources()).isEqualTo(sharedClientResources); assertThat(connectionFactory.getTimeout()).isEqualTo(Duration.ofMinutes(5).toMillis());