Merge pull request #160 from dwijnand/bincompat

Update references to 0.4.0 & restore bincompat

Author: dwijnand

build.sbt

@@ -42,48 +42,6 @@ lazy val sslConfigCore = project.in(file("ssl-config-core"))
     OsgiKeys.exportPackage := Seq(s"com.typesafe.sslconfig.*;version=${version.value}"),
     OsgiKeys.importPackage := Seq("!sun.misc", "!sun.security.*", configImport(), "*"),
     OsgiKeys.requireCapability := """osgi.ee;filter:="(&(osgi.ee=JavaSE)(version>=1.8))"""",
-
-    mimaBinaryIssueFilters ++= Seq(
-      ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.package.foldVersion"),
-      ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.package.foldRuntime"),
-      ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.Ciphers.java16RecommendedCiphers"),
-      ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.Ciphers.java17RecommendedCiphers"),
-      ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.Base64"),
-
-      // Merge Lagom changes to KeyStore generation
-      // https://github.com/lightbend/ssl-config/pull/114
-      ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.FakeKeyStore.DnName"),
-      ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.FakeKeyStore.createSelfSignedCertificate"),
-
-      // Should've always been final
-      ProblemFilters.exclude[FinalClassProblem]("com.typesafe.sslconfig.ssl.FakeKeyStore"),
-
-      // Moved to FakeKeyStore-the-object
-      ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.FakeKeyStore.GeneratedKeyStore"),
-      ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.FakeKeyStore.SignatureAlgorithmOID"),
-      ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.FakeKeyStore.SignatureAlgorithmName"),
-
-      // Support trustStore password
-      ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.TrustStoreConfig.this"),
-      ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.TrustStoreConfig.<init>$default$3"),
-      ProblemFilters.exclude[IncompatibleResultTypeProblem]("com.typesafe.sslconfig.ssl.TrustStoreConfig.<init>$default$4"),
-
-      // DefaultHostnameVerifier was decomissioned
-      ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.DefaultHostnameVerifier"),
-
-      // Remove evil monkeypatching debug classes
-      ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.MonkeyPatcher"),
-      ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.debug.FixInternalDebugLogging"),
-      ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.debug.FixInternalDebugLogging$MonkeyPatchInternalSslDebugAction"),
-      ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.debug.FixLoggingAction"),
-      ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.debug.ClassFinder"),
-      ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.debug.FixCertpathDebugLogging$MonkeyPatchSunSecurityUtilDebugAction"),
-      ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.debug.FixCertpathDebugLogging"),
-      ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.debug.FixCertpathDebugLogging$SunSecurityUtilDebugLogger"),
-
-      // Warn on deprecated settings, using LoggerFactory.
-      ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.SSLConfigParser.this")
-    )
 ).enablePlugins(SbtOsgi)
 
 lazy val documentation = project.in(file("documentation"))

documentation/src/paradox/DebuggingSSL.md

@@ -4,7 +4,7 @@ In the event that an HTTPS connection does not go through, debugging JSSE can be
 
 @@@ note
 
-Prior to 0.3.8, the debug system relied on undocumented modification of internal JSSE debug settings that were normally set using
+Prior to 0.4.0, the debug system relied on undocumented modification of internal JSSE debug settings that were normally set using
 `javax.net.debug` and `java.security.debug` system properties on startup.  
 
 This system has been removed, and the debug flags that do not have a direct correlation in the new system are deprecated.

ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/Config.scala

@@ -182,26 +182,26 @@ final class SSLDebugConfig private[sslconfig] (
     /** enables tracing of sslcontext, sslengine, sslsocketfactory, key and trust managers. */
     val all: Boolean = false,
 
-    @deprecated("not operative", "0.3.8") val certpath: Boolean = false,
+    @deprecated("not operative", "0.4.0") val certpath: Boolean = false,
 
-    @deprecated("not operative", "0.3.8") val defaultctx: Boolean = false,
+    @deprecated("not operative", "0.4.0") val defaultctx: Boolean = false,
 
-    @deprecated("not operative", "0.3.8") val handshake: Option[com.typesafe.sslconfig.ssl.SSLDebugHandshakeOptions] = None,
+    @deprecated("not operative", "0.4.0") val handshake: Option[com.typesafe.sslconfig.ssl.SSLDebugHandshakeOptions] = None,
 
-    @deprecated("not operative", "0.3.8") val keygen: Boolean = false,
+    @deprecated("not operative", "0.4.0") val keygen: Boolean = false,
 
     /** enables tracing of keymanager */
     val keymanager: Boolean = false,
 
-    @deprecated("not operative", "0.3.8") val ocsp: Boolean = false,
+    @deprecated("not operative", "0.4.0") val ocsp: Boolean = false,
 
-    @deprecated("not operative", "0.3.8") val pluggability: Boolean = false,
+    @deprecated("not operative", "0.4.0") val pluggability: Boolean = false,
 
-    @deprecated("not operative", "0.3.8") val record: Option[com.typesafe.sslconfig.ssl.SSLDebugRecordOptions] = None,
+    @deprecated("not operative", "0.4.0") val record: Option[com.typesafe.sslconfig.ssl.SSLDebugRecordOptions] = None,
 
-    @deprecated("not operative", "0.3.8") val session: Boolean = false,
+    @deprecated("not operative", "0.4.0") val session: Boolean = false,
 
-    @deprecated("not operative", "0.3.8") val sessioncache: Boolean = false,
+    @deprecated("not operative", "0.4.0") val sessioncache: Boolean = false,
 
     /** enables tracing of sslengine, sslsocketfactory. */
     val ssl: Boolean = false,
@@ -219,33 +219,33 @@ final class SSLDebugConfig private[sslconfig] (
 
   def withAll(value: Boolean): SSLDebugConfig = copy(all = value)
 
-  @deprecated("not operative", "0.3.8")
+  @deprecated("not operative", "0.4.0")
   def withCertPath(value: Boolean): SSLDebugConfig = copy(certpath = value)
 
-  @deprecated("not operative", "0.3.8")
+  @deprecated("not operative", "0.4.0")
   def withDefaultContext(value: Boolean): SSLDebugConfig = copy(defaultctx = value)
 
-  @deprecated("not operative", "0.3.8")
+  @deprecated("not operative", "0.4.0")
   def withHandshake(value: Option[com.typesafe.sslconfig.ssl.SSLDebugHandshakeOptions]): SSLDebugConfig = copy(handshake = value)
 
-  @deprecated("not operative", "0.3.8")
+  @deprecated("not operative", "0.4.0")
   def withKeygen(value: Boolean): SSLDebugConfig = copy(keygen = value)
 
   def withKeymanager(value: Boolean): SSLDebugConfig = copy(keymanager = value)
 
-  @deprecated("not operative", "0.3.8")
+  @deprecated("not operative", "0.4.0")
   def withOcsp(value: Boolean): SSLDebugConfig = copy(ocsp = value)
 
-  @deprecated("not operative", "0.3.8")
+  @deprecated("not operative", "0.4.0")
   def withPluggability(value: Boolean): SSLDebugConfig = copy(pluggability = value)
 
-  @deprecated("not operative", "0.3.8")
+  @deprecated("not operative", "0.4.0")
   def withRecord(value: Option[com.typesafe.sslconfig.ssl.SSLDebugRecordOptions]): SSLDebugConfig = copy(record = value)
 
-  @deprecated("not operative", "0.3.8")
+  @deprecated("not operative", "0.4.0")
   def withSession(value: Boolean): SSLDebugConfig = copy(session = value)
 
-  @deprecated("not operative", "0.3.8")
+  @deprecated("not operative", "0.4.0")
   def withSessioncache(value: Boolean): SSLDebugConfig = copy(sessioncache = value)
 
   def withSsl(value: Boolean): SSLDebugConfig = copy(ssl = value)
@@ -296,7 +296,7 @@ object SSLDebugConfig {
 /**
  * SSL handshake debugging options.
  */
-@deprecated("not operative", "0.3.8")
+@deprecated("not operative", "0.4.0")
 final class SSLDebugHandshakeOptions private[sslconfig] (
     val data: Boolean = false,
     val verbose: Boolean = false) {
@@ -314,7 +314,7 @@ final class SSLDebugHandshakeOptions private[sslconfig] (
     s"""SSLDebugHandshakeOptions(${data},${verbose})"""
 }
 
-@deprecated("not operative", "0.3.8")
+@deprecated("not operative", "0.4.0")
 object SSLDebugHandshakeOptions {
   def apply() = new SSLDebugHandshakeOptions()
   /** Java API */
@@ -324,7 +324,7 @@ object SSLDebugHandshakeOptions {
 /**
  * SSL record debugging options.
  */
-@deprecated("not operative", "0.3.8")
+@deprecated("not operative", "0.4.0")
 final class SSLDebugRecordOptions private[sslconfig] (
     val packet: Boolean = false,
     val plaintext: Boolean = false) {
@@ -342,7 +342,7 @@ final class SSLDebugRecordOptions private[sslconfig] (
     s"""SSLDebugRecordOptions(${packet},${plaintext})"""
 }
 
-@deprecated("not operative", "0.3.8")
+@deprecated("not operative", "0.4.0")
 object SSLDebugRecordOptions {
   def apply() = new SSLDebugRecordOptions()
   /** Java API */
@@ -544,6 +544,8 @@ object SSLConfigFactory {
 
 class SSLConfigParser(c: EnrichedConfig, classLoader: ClassLoader, loggerFactory: Option[LoggerFactory]) {
 
+  def this(c: EnrichedConfig, classLoader: ClassLoader) = this(c, classLoader, None)
+
   def parse(): SSLConfigSettings = {
 
     val default = c.get[Boolean]("default")

ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/Debug.scala

@@ -7,7 +7,7 @@ package com.typesafe.sslconfig.ssl
 /**
  * @see http://docs.oracle.com/javase/8/docs/technotes/guides/security/certpath/CertPathProgGuide.html
  */
-@deprecated("Setting system properties in JSSE after JVM initialization is unreliable.  Please set the java.security.debug system property at startup.", "0.3.8")
+@deprecated("Setting system properties in JSSE after JVM initialization is unreliable.  Please set the java.security.debug system property at startup.", "0.4.0")
 class JavaSecurityDebugBuilder(c: SSLDebugConfig) {
 
   def build(): String = {
@@ -33,7 +33,7 @@ class JavaSecurityDebugBuilder(c: SSLDebugConfig) {
  * @see http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug
  * @see http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/ReadDebug.html
  */
-@deprecated("Setting system properties in JSSE after JVM initialization is unreliable.  Please set the javax.net.debug system property  at startup.", "0.3.8")
+@deprecated("Setting system properties in JSSE after JVM initialization is unreliable.  Please set the javax.net.debug system property  at startup.", "0.4.0")
 class JavaxNetDebugBuilder(c: SSLDebugConfig) {
 
   def build(): String = {

ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/DefaultHostnameVerifier.scala

@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2015 - 2019 Lightbend Inc. <https://www.lightbend.com>
+ */
+
+package com.typesafe.sslconfig.ssl
+
+import java.security.Principal
+import java.security.cert.{ Certificate, CertificateException, X509Certificate }
+
+import com.typesafe.sslconfig.util.LoggerFactory
+import javax.net.ssl.{ HostnameVerifier, SSLPeerUnverifiedException, SSLSession }
+import javax.security.auth.kerberos.KerberosPrincipal
+import sun.security.util.HostnameChecker
+
+@deprecated("DefaultHostnameVerifier has been deprecated and does nothing.  Please use the javax.net.debug system property.", "0.4.0")
+class DefaultHostnameVerifier(mkLogger: LoggerFactory) extends HostnameVerifier {
+  private val logger = mkLogger(getClass)
+
+  def hostnameChecker: HostnameChecker = {
+    logger.warn("DefaultHostnameVerifier has been deprecated and does nothing.  Please use the javax.net.debug system property.")
+    HostnameChecker.getInstance(HostnameChecker.TYPE_TLS)
+  }
+
+  def matchKerberos(hostname: String, principal: Principal) = {
+    logger.warn("DefaultHostnameVerifier has been deprecated and does nothing.  Please use the javax.net.debug system property.")
+    true
+  }
+
+  def isKerberos(principal: Principal): Boolean = {
+    logger.warn("DefaultHostnameVerifier has been deprecated and does nothing.  Please use the javax.net.debug system property.")
+    true
+  }
+
+  def verify(hostname: String, session: SSLSession): Boolean = {
+    logger.warn("DefaultHostnameVerifier has been deprecated and does nothing.  Please use the javax.net.debug system property.")
+    true
+  }
+
+  /** INTERNAL API */
+  def matchCertificates(hostname: String, peerCertificates: Array[Certificate]): Boolean = {
+    logger.warn("DefaultHostnameVerifier has been deprecated and does nothing.  Please use the javax.net.debug system property.")
+    true
+  }
+}

ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/MonkeyPatcher.scala

@@ -0,0 +1,12 @@
+/*
+ * Copyright (C) 2015 - 2019 Lightbend Inc. <https://www.lightbend.com>
+ */
+
+package com.typesafe.sslconfig.ssl
+
+import java.lang.reflect.Field
+
+@deprecated("MonkeyPatcher has been deprecated and does nothing.  Please use the javax.net.debug system property.", "0.4.0")
+trait MonkeyPatcher {
+  def monkeyPatchField(field: Field, newObject: AnyRef): Unit = ()
+}

ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/SSLContextBuilder.scala

@@ -134,7 +134,7 @@ class ConfigSSLContextBuilder(
     builder.build()
   }
 
-  @deprecated("Use newer buildCompositeKeyManager with debug parameter", "0.3.8")
+  @deprecated("Use newer buildCompositeKeyManager with debug parameter", "0.4.0")
   def buildCompositeKeyManager(keyManagerConfig: KeyManagerConfig, algorithmChecker: AlgorithmChecker): CompositeX509KeyManager = {
     logger.warn("Use newer buildCompositeKeyManager with debug parameter")
     buildCompositeKeyManager(keyManagerConfig, algorithmChecker, debug = SSLDebugConfig())
@@ -148,7 +148,7 @@ class ConfigSSLContextBuilder(
     new CompositeX509KeyManager(mkLogger, keyManagers)
   }
 
-  @deprecated("Use newer version of buildCompositeTrustManager with debug parameter", "0.3.8")
+  @deprecated("Use newer version of buildCompositeTrustManager with debug parameter", "0.4.0")
   def buildCompositeTrustManager(
     trustManagerInfo: TrustManagerConfig,
     revocationEnabled: Boolean,
@@ -217,7 +217,7 @@ class ConfigSSLContextBuilder(
   def warnOnPKCS12EmptyPasswordBug(ksc: KeyStoreConfig): Boolean =
     ksc.storeType.equalsIgnoreCase("pkcs12") && !ksc.password.exists(!_.isEmpty)
 
-  @deprecated("Use newer version of buildKeyManager with debug parameter", "0.3.8")
+  @deprecated("Use newer version of buildKeyManager with debug parameter", "0.4.0")
   def buildKeyManager(ksc: KeyStoreConfig, algorithmChecker: AlgorithmChecker): X509KeyManager = {
     logger.warn("Use newer version of buildKeyManager with debug parameter")
     buildKeyManager(ksc, algorithmChecker, SSLDebugConfig())
@@ -329,7 +329,7 @@ class ConfigSSLContextBuilder(
     new CertPathTrustManagerParameters(pkixParameters)
   }
 
-  @deprecated("Use newer version of method with debug parameter", "0.3.8")
+  @deprecated("Use newer version of method with debug parameter", "0.4.0")
   def buildTrustManager(
     tsc: TrustStoreConfig,
     revocationEnabled: Boolean,

ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/debug/ClassFinder.scala

@@ -0,0 +1,15 @@
+/*
+ * Copyright (C) 2015 - 2019 Lightbend Inc. <https://www.lightbend.com>
+ */
+
+package com.typesafe.sslconfig.ssl.debug
+
+import com.typesafe.sslconfig.util.NoDepsLogger
+
+@deprecated("ClassFinder has been deprecated and does nothing.  Please use the javax.net.debug system property.", "0.4.0")
+trait ClassFinder {
+  def logger: NoDepsLogger
+  def initialResource: String
+  def isValidClass(className: String): Boolean
+  def findClasses: Set[Class[_]] = Set.empty
+}

ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/debug/DebugConfiguration.scala

@@ -7,7 +7,7 @@ package com.typesafe.sslconfig.ssl.debug
 import com.typesafe.sslconfig.ssl.SSLDebugConfig
 import com.typesafe.sslconfig.util.LoggerFactory
 
-@deprecated("DebugConfiguration has been deprecated and does nothing.  Please use the javax.net.debug system property.", "0.3.8")
+@deprecated("DebugConfiguration has been deprecated and does nothing.  Please use the javax.net.debug system property.", "0.4.0")
 class DebugConfiguration(mkLogger: LoggerFactory) {
 
   private val logger = mkLogger(getClass)

ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/debug/FixCertpathDebugLogging.scala

@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2015 - 2019 Lightbend Inc. <https://www.lightbend.com>
+ */
+
+package com.typesafe.sslconfig.ssl.debug
+
+import java.security.AccessController
+import com.typesafe.sslconfig.util.{ LoggerFactory, NoDepsLogger }
+
+import scala.util.control.NonFatal
+import sun.security.util.Debug
+
+@deprecated("FixCertpathDebugLogging has been deprecated and does nothing.  Please use the javax.net.debug system property.", "0.4.0")
+class FixCertpathDebugLogging(mkLogger: LoggerFactory) {
+  val logger = mkLogger("com.typesafe.sslconfig.ssl.debug.FixCertpathDebugLogging")
+
+  @deprecated("MonkeyPatchSunSecurityUtilDebugAction has been deprecated and does nothing.  Please use the javax.net.debug system property.", "0.4.0")
+  class MonkeyPatchSunSecurityUtilDebugAction(val newDebug: Debug, val newOptions: String) extends FixLoggingAction {
+    val logger = mkLogger("com.typesafe.sslconfig.ssl.debug.FixCertpathDebugLogging.MonkeyPatchSunSecurityUtilDebugAction")
+
+    val initialResource = "/sun/security/provider/certpath/Builder.class"
+
+    val debugType = classOf[Debug]
+
+    def isValidClass(className: String): Boolean = {
+      logger.warn("MonkeyPatchSunSecurityUtilDebugAction has been deprecated and does nothing.  Please use the javax.net.debug system property.")
+      if (className.startsWith("java.security.cert")) return true
+      if (className.startsWith("sun.security.provider.certpath")) return true
+      if (className.equals("sun.security.x509.InhibitAnyPolicyExtension")) return true
+      false
+    }
+
+    def isUsingDebug: Boolean = {
+      logger.warn("MonkeyPatchSunSecurityUtilDebugAction has been deprecated and does nothing.  Please use the javax.net.debug system property.")
+      (newOptions != null) && newOptions.contains("certpath")
+    }
+
+    def run(): Unit = {
+      logger.warn("MonkeyPatchSunSecurityUtilDebugAction has been deprecated and does nothing.  Please use the javax.net.debug system property.")
+    }
+  }
+
+  @deprecated("SunSecurityUtilDebugLogger has been deprecated and does nothing.  Please use the javax.net.debug system property.", "0.4.0")
+  class SunSecurityUtilDebugLogger(logger: NoDepsLogger) extends sun.security.util.Debug {
+    override def println(message: String): Unit = ()
+    override def println(): Unit = ()
+  }
+
+  def apply(newOptions: String, debugOption: Option[Debug] = None): Unit = {
+    logger.warn("FixCertpathDebugLogging has been deprecated and does nothing.  Please use the javax.net.debug system property.")
+  }
+}