Skip to content

Commit 28122b2

Browse files
authored
Merge pull request #160 from dwijnand/bincompat
Update references to 0.4.0 & restore bincompat
2 parents d64392b + 06379ce commit 28122b2

File tree

12 files changed

+218
-72
lines changed

12 files changed

+218
-72
lines changed

build.sbt

Lines changed: 0 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -42,48 +42,6 @@ lazy val sslConfigCore = project.in(file("ssl-config-core"))
4242
OsgiKeys.exportPackage := Seq(s"com.typesafe.sslconfig.*;version=${version.value}"),
4343
OsgiKeys.importPackage := Seq("!sun.misc", "!sun.security.*", configImport(), "*"),
4444
OsgiKeys.requireCapability := """osgi.ee;filter:="(&(osgi.ee=JavaSE)(version>=1.8))"""",
45-
46-
mimaBinaryIssueFilters ++= Seq(
47-
ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.package.foldVersion"),
48-
ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.package.foldRuntime"),
49-
ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.Ciphers.java16RecommendedCiphers"),
50-
ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.Ciphers.java17RecommendedCiphers"),
51-
ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.Base64"),
52-
53-
// Merge Lagom changes to KeyStore generation
54-
// https://github.com/lightbend/ssl-config/pull/114
55-
ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.FakeKeyStore.DnName"),
56-
ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.FakeKeyStore.createSelfSignedCertificate"),
57-
58-
// Should've always been final
59-
ProblemFilters.exclude[FinalClassProblem]("com.typesafe.sslconfig.ssl.FakeKeyStore"),
60-
61-
// Moved to FakeKeyStore-the-object
62-
ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.FakeKeyStore.GeneratedKeyStore"),
63-
ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.FakeKeyStore.SignatureAlgorithmOID"),
64-
ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.FakeKeyStore.SignatureAlgorithmName"),
65-
66-
// Support trustStore password
67-
ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.TrustStoreConfig.this"),
68-
ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.TrustStoreConfig.<init>$default$3"),
69-
ProblemFilters.exclude[IncompatibleResultTypeProblem]("com.typesafe.sslconfig.ssl.TrustStoreConfig.<init>$default$4"),
70-
71-
// DefaultHostnameVerifier was decomissioned
72-
ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.DefaultHostnameVerifier"),
73-
74-
// Remove evil monkeypatching debug classes
75-
ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.MonkeyPatcher"),
76-
ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.debug.FixInternalDebugLogging"),
77-
ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.debug.FixInternalDebugLogging$MonkeyPatchInternalSslDebugAction"),
78-
ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.debug.FixLoggingAction"),
79-
ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.debug.ClassFinder"),
80-
ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.debug.FixCertpathDebugLogging$MonkeyPatchSunSecurityUtilDebugAction"),
81-
ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.debug.FixCertpathDebugLogging"),
82-
ProblemFilters.exclude[MissingClassProblem]("com.typesafe.sslconfig.ssl.debug.FixCertpathDebugLogging$SunSecurityUtilDebugLogger"),
83-
84-
// Warn on deprecated settings, using LoggerFactory.
85-
ProblemFilters.exclude[DirectMissingMethodProblem]("com.typesafe.sslconfig.ssl.SSLConfigParser.this")
86-
)
8745
).enablePlugins(SbtOsgi)
8846

8947
lazy val documentation = project.in(file("documentation"))

documentation/src/paradox/DebuggingSSL.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ In the event that an HTTPS connection does not go through, debugging JSSE can be
44

55
@@@ note
66

7-
Prior to 0.3.8, the debug system relied on undocumented modification of internal JSSE debug settings that were normally set using
7+
Prior to 0.4.0, the debug system relied on undocumented modification of internal JSSE debug settings that were normally set using
88
`javax.net.debug` and `java.security.debug` system properties on startup.
99

1010
This system has been removed, and the debug flags that do not have a direct correlation in the new system are deprecated.

ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/Config.scala

Lines changed: 24 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -182,26 +182,26 @@ final class SSLDebugConfig private[sslconfig] (
182182
/** enables tracing of sslcontext, sslengine, sslsocketfactory, key and trust managers. */
183183
val all: Boolean = false,
184184

185-
@deprecated("not operative", "0.3.8") val certpath: Boolean = false,
185+
@deprecated("not operative", "0.4.0") val certpath: Boolean = false,
186186

187-
@deprecated("not operative", "0.3.8") val defaultctx: Boolean = false,
187+
@deprecated("not operative", "0.4.0") val defaultctx: Boolean = false,
188188

189-
@deprecated("not operative", "0.3.8") val handshake: Option[com.typesafe.sslconfig.ssl.SSLDebugHandshakeOptions] = None,
189+
@deprecated("not operative", "0.4.0") val handshake: Option[com.typesafe.sslconfig.ssl.SSLDebugHandshakeOptions] = None,
190190

191-
@deprecated("not operative", "0.3.8") val keygen: Boolean = false,
191+
@deprecated("not operative", "0.4.0") val keygen: Boolean = false,
192192

193193
/** enables tracing of keymanager */
194194
val keymanager: Boolean = false,
195195

196-
@deprecated("not operative", "0.3.8") val ocsp: Boolean = false,
196+
@deprecated("not operative", "0.4.0") val ocsp: Boolean = false,
197197

198-
@deprecated("not operative", "0.3.8") val pluggability: Boolean = false,
198+
@deprecated("not operative", "0.4.0") val pluggability: Boolean = false,
199199

200-
@deprecated("not operative", "0.3.8") val record: Option[com.typesafe.sslconfig.ssl.SSLDebugRecordOptions] = None,
200+
@deprecated("not operative", "0.4.0") val record: Option[com.typesafe.sslconfig.ssl.SSLDebugRecordOptions] = None,
201201

202-
@deprecated("not operative", "0.3.8") val session: Boolean = false,
202+
@deprecated("not operative", "0.4.0") val session: Boolean = false,
203203

204-
@deprecated("not operative", "0.3.8") val sessioncache: Boolean = false,
204+
@deprecated("not operative", "0.4.0") val sessioncache: Boolean = false,
205205

206206
/** enables tracing of sslengine, sslsocketfactory. */
207207
val ssl: Boolean = false,
@@ -219,33 +219,33 @@ final class SSLDebugConfig private[sslconfig] (
219219

220220
def withAll(value: Boolean): SSLDebugConfig = copy(all = value)
221221

222-
@deprecated("not operative", "0.3.8")
222+
@deprecated("not operative", "0.4.0")
223223
def withCertPath(value: Boolean): SSLDebugConfig = copy(certpath = value)
224224

225-
@deprecated("not operative", "0.3.8")
225+
@deprecated("not operative", "0.4.0")
226226
def withDefaultContext(value: Boolean): SSLDebugConfig = copy(defaultctx = value)
227227

228-
@deprecated("not operative", "0.3.8")
228+
@deprecated("not operative", "0.4.0")
229229
def withHandshake(value: Option[com.typesafe.sslconfig.ssl.SSLDebugHandshakeOptions]): SSLDebugConfig = copy(handshake = value)
230230

231-
@deprecated("not operative", "0.3.8")
231+
@deprecated("not operative", "0.4.0")
232232
def withKeygen(value: Boolean): SSLDebugConfig = copy(keygen = value)
233233

234234
def withKeymanager(value: Boolean): SSLDebugConfig = copy(keymanager = value)
235235

236-
@deprecated("not operative", "0.3.8")
236+
@deprecated("not operative", "0.4.0")
237237
def withOcsp(value: Boolean): SSLDebugConfig = copy(ocsp = value)
238238

239-
@deprecated("not operative", "0.3.8")
239+
@deprecated("not operative", "0.4.0")
240240
def withPluggability(value: Boolean): SSLDebugConfig = copy(pluggability = value)
241241

242-
@deprecated("not operative", "0.3.8")
242+
@deprecated("not operative", "0.4.0")
243243
def withRecord(value: Option[com.typesafe.sslconfig.ssl.SSLDebugRecordOptions]): SSLDebugConfig = copy(record = value)
244244

245-
@deprecated("not operative", "0.3.8")
245+
@deprecated("not operative", "0.4.0")
246246
def withSession(value: Boolean): SSLDebugConfig = copy(session = value)
247247

248-
@deprecated("not operative", "0.3.8")
248+
@deprecated("not operative", "0.4.0")
249249
def withSessioncache(value: Boolean): SSLDebugConfig = copy(sessioncache = value)
250250

251251
def withSsl(value: Boolean): SSLDebugConfig = copy(ssl = value)
@@ -296,7 +296,7 @@ object SSLDebugConfig {
296296
/**
297297
* SSL handshake debugging options.
298298
*/
299-
@deprecated("not operative", "0.3.8")
299+
@deprecated("not operative", "0.4.0")
300300
final class SSLDebugHandshakeOptions private[sslconfig] (
301301
val data: Boolean = false,
302302
val verbose: Boolean = false) {
@@ -314,7 +314,7 @@ final class SSLDebugHandshakeOptions private[sslconfig] (
314314
s"""SSLDebugHandshakeOptions(${data},${verbose})"""
315315
}
316316

317-
@deprecated("not operative", "0.3.8")
317+
@deprecated("not operative", "0.4.0")
318318
object SSLDebugHandshakeOptions {
319319
def apply() = new SSLDebugHandshakeOptions()
320320
/** Java API */
@@ -324,7 +324,7 @@ object SSLDebugHandshakeOptions {
324324
/**
325325
* SSL record debugging options.
326326
*/
327-
@deprecated("not operative", "0.3.8")
327+
@deprecated("not operative", "0.4.0")
328328
final class SSLDebugRecordOptions private[sslconfig] (
329329
val packet: Boolean = false,
330330
val plaintext: Boolean = false) {
@@ -342,7 +342,7 @@ final class SSLDebugRecordOptions private[sslconfig] (
342342
s"""SSLDebugRecordOptions(${packet},${plaintext})"""
343343
}
344344

345-
@deprecated("not operative", "0.3.8")
345+
@deprecated("not operative", "0.4.0")
346346
object SSLDebugRecordOptions {
347347
def apply() = new SSLDebugRecordOptions()
348348
/** Java API */
@@ -544,6 +544,8 @@ object SSLConfigFactory {
544544

545545
class SSLConfigParser(c: EnrichedConfig, classLoader: ClassLoader, loggerFactory: Option[LoggerFactory]) {
546546

547+
def this(c: EnrichedConfig, classLoader: ClassLoader) = this(c, classLoader, None)
548+
547549
def parse(): SSLConfigSettings = {
548550

549551
val default = c.get[Boolean]("default")

ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/Debug.scala

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ package com.typesafe.sslconfig.ssl
77
/**
88
* @see http://docs.oracle.com/javase/8/docs/technotes/guides/security/certpath/CertPathProgGuide.html
99
*/
10-
@deprecated("Setting system properties in JSSE after JVM initialization is unreliable. Please set the java.security.debug system property at startup.", "0.3.8")
10+
@deprecated("Setting system properties in JSSE after JVM initialization is unreliable. Please set the java.security.debug system property at startup.", "0.4.0")
1111
class JavaSecurityDebugBuilder(c: SSLDebugConfig) {
1212

1313
def build(): String = {
@@ -33,7 +33,7 @@ class JavaSecurityDebugBuilder(c: SSLDebugConfig) {
3333
* @see http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug
3434
* @see http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/ReadDebug.html
3535
*/
36-
@deprecated("Setting system properties in JSSE after JVM initialization is unreliable. Please set the javax.net.debug system property at startup.", "0.3.8")
36+
@deprecated("Setting system properties in JSSE after JVM initialization is unreliable. Please set the javax.net.debug system property at startup.", "0.4.0")
3737
class JavaxNetDebugBuilder(c: SSLDebugConfig) {
3838

3939
def build(): String = {
Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
/*
2+
* Copyright (C) 2015 - 2019 Lightbend Inc. <https://www.lightbend.com>
3+
*/
4+
5+
package com.typesafe.sslconfig.ssl
6+
7+
import java.security.Principal
8+
import java.security.cert.{ Certificate, CertificateException, X509Certificate }
9+
10+
import com.typesafe.sslconfig.util.LoggerFactory
11+
import javax.net.ssl.{ HostnameVerifier, SSLPeerUnverifiedException, SSLSession }
12+
import javax.security.auth.kerberos.KerberosPrincipal
13+
import sun.security.util.HostnameChecker
14+
15+
@deprecated("DefaultHostnameVerifier has been deprecated and does nothing. Please use the javax.net.debug system property.", "0.4.0")
16+
class DefaultHostnameVerifier(mkLogger: LoggerFactory) extends HostnameVerifier {
17+
private val logger = mkLogger(getClass)
18+
19+
def hostnameChecker: HostnameChecker = {
20+
logger.warn("DefaultHostnameVerifier has been deprecated and does nothing. Please use the javax.net.debug system property.")
21+
HostnameChecker.getInstance(HostnameChecker.TYPE_TLS)
22+
}
23+
24+
def matchKerberos(hostname: String, principal: Principal) = {
25+
logger.warn("DefaultHostnameVerifier has been deprecated and does nothing. Please use the javax.net.debug system property.")
26+
true
27+
}
28+
29+
def isKerberos(principal: Principal): Boolean = {
30+
logger.warn("DefaultHostnameVerifier has been deprecated and does nothing. Please use the javax.net.debug system property.")
31+
true
32+
}
33+
34+
def verify(hostname: String, session: SSLSession): Boolean = {
35+
logger.warn("DefaultHostnameVerifier has been deprecated and does nothing. Please use the javax.net.debug system property.")
36+
true
37+
}
38+
39+
/** INTERNAL API */
40+
def matchCertificates(hostname: String, peerCertificates: Array[Certificate]): Boolean = {
41+
logger.warn("DefaultHostnameVerifier has been deprecated and does nothing. Please use the javax.net.debug system property.")
42+
true
43+
}
44+
}
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
/*
2+
* Copyright (C) 2015 - 2019 Lightbend Inc. <https://www.lightbend.com>
3+
*/
4+
5+
package com.typesafe.sslconfig.ssl
6+
7+
import java.lang.reflect.Field
8+
9+
@deprecated("MonkeyPatcher has been deprecated and does nothing. Please use the javax.net.debug system property.", "0.4.0")
10+
trait MonkeyPatcher {
11+
def monkeyPatchField(field: Field, newObject: AnyRef): Unit = ()
12+
}

ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/SSLContextBuilder.scala

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -134,7 +134,7 @@ class ConfigSSLContextBuilder(
134134
builder.build()
135135
}
136136

137-
@deprecated("Use newer buildCompositeKeyManager with debug parameter", "0.3.8")
137+
@deprecated("Use newer buildCompositeKeyManager with debug parameter", "0.4.0")
138138
def buildCompositeKeyManager(keyManagerConfig: KeyManagerConfig, algorithmChecker: AlgorithmChecker): CompositeX509KeyManager = {
139139
logger.warn("Use newer buildCompositeKeyManager with debug parameter")
140140
buildCompositeKeyManager(keyManagerConfig, algorithmChecker, debug = SSLDebugConfig())
@@ -148,7 +148,7 @@ class ConfigSSLContextBuilder(
148148
new CompositeX509KeyManager(mkLogger, keyManagers)
149149
}
150150

151-
@deprecated("Use newer version of buildCompositeTrustManager with debug parameter", "0.3.8")
151+
@deprecated("Use newer version of buildCompositeTrustManager with debug parameter", "0.4.0")
152152
def buildCompositeTrustManager(
153153
trustManagerInfo: TrustManagerConfig,
154154
revocationEnabled: Boolean,
@@ -217,7 +217,7 @@ class ConfigSSLContextBuilder(
217217
def warnOnPKCS12EmptyPasswordBug(ksc: KeyStoreConfig): Boolean =
218218
ksc.storeType.equalsIgnoreCase("pkcs12") && !ksc.password.exists(!_.isEmpty)
219219

220-
@deprecated("Use newer version of buildKeyManager with debug parameter", "0.3.8")
220+
@deprecated("Use newer version of buildKeyManager with debug parameter", "0.4.0")
221221
def buildKeyManager(ksc: KeyStoreConfig, algorithmChecker: AlgorithmChecker): X509KeyManager = {
222222
logger.warn("Use newer version of buildKeyManager with debug parameter")
223223
buildKeyManager(ksc, algorithmChecker, SSLDebugConfig())
@@ -329,7 +329,7 @@ class ConfigSSLContextBuilder(
329329
new CertPathTrustManagerParameters(pkixParameters)
330330
}
331331

332-
@deprecated("Use newer version of method with debug parameter", "0.3.8")
332+
@deprecated("Use newer version of method with debug parameter", "0.4.0")
333333
def buildTrustManager(
334334
tsc: TrustStoreConfig,
335335
revocationEnabled: Boolean,
Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
/*
2+
* Copyright (C) 2015 - 2019 Lightbend Inc. <https://www.lightbend.com>
3+
*/
4+
5+
package com.typesafe.sslconfig.ssl.debug
6+
7+
import com.typesafe.sslconfig.util.NoDepsLogger
8+
9+
@deprecated("ClassFinder has been deprecated and does nothing. Please use the javax.net.debug system property.", "0.4.0")
10+
trait ClassFinder {
11+
def logger: NoDepsLogger
12+
def initialResource: String
13+
def isValidClass(className: String): Boolean
14+
def findClasses: Set[Class[_]] = Set.empty
15+
}

ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/debug/DebugConfiguration.scala

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ package com.typesafe.sslconfig.ssl.debug
77
import com.typesafe.sslconfig.ssl.SSLDebugConfig
88
import com.typesafe.sslconfig.util.LoggerFactory
99

10-
@deprecated("DebugConfiguration has been deprecated and does nothing. Please use the javax.net.debug system property.", "0.3.8")
10+
@deprecated("DebugConfiguration has been deprecated and does nothing. Please use the javax.net.debug system property.", "0.4.0")
1111
class DebugConfiguration(mkLogger: LoggerFactory) {
1212

1313
private val logger = mkLogger(getClass)
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
/*
2+
* Copyright (C) 2015 - 2019 Lightbend Inc. <https://www.lightbend.com>
3+
*/
4+
5+
package com.typesafe.sslconfig.ssl.debug
6+
7+
import java.security.AccessController
8+
import com.typesafe.sslconfig.util.{ LoggerFactory, NoDepsLogger }
9+
10+
import scala.util.control.NonFatal
11+
import sun.security.util.Debug
12+
13+
@deprecated("FixCertpathDebugLogging has been deprecated and does nothing. Please use the javax.net.debug system property.", "0.4.0")
14+
class FixCertpathDebugLogging(mkLogger: LoggerFactory) {
15+
val logger = mkLogger("com.typesafe.sslconfig.ssl.debug.FixCertpathDebugLogging")
16+
17+
@deprecated("MonkeyPatchSunSecurityUtilDebugAction has been deprecated and does nothing. Please use the javax.net.debug system property.", "0.4.0")
18+
class MonkeyPatchSunSecurityUtilDebugAction(val newDebug: Debug, val newOptions: String) extends FixLoggingAction {
19+
val logger = mkLogger("com.typesafe.sslconfig.ssl.debug.FixCertpathDebugLogging.MonkeyPatchSunSecurityUtilDebugAction")
20+
21+
val initialResource = "/sun/security/provider/certpath/Builder.class"
22+
23+
val debugType = classOf[Debug]
24+
25+
def isValidClass(className: String): Boolean = {
26+
logger.warn("MonkeyPatchSunSecurityUtilDebugAction has been deprecated and does nothing. Please use the javax.net.debug system property.")
27+
if (className.startsWith("java.security.cert")) return true
28+
if (className.startsWith("sun.security.provider.certpath")) return true
29+
if (className.equals("sun.security.x509.InhibitAnyPolicyExtension")) return true
30+
false
31+
}
32+
33+
def isUsingDebug: Boolean = {
34+
logger.warn("MonkeyPatchSunSecurityUtilDebugAction has been deprecated and does nothing. Please use the javax.net.debug system property.")
35+
(newOptions != null) && newOptions.contains("certpath")
36+
}
37+
38+
def run(): Unit = {
39+
logger.warn("MonkeyPatchSunSecurityUtilDebugAction has been deprecated and does nothing. Please use the javax.net.debug system property.")
40+
}
41+
}
42+
43+
@deprecated("SunSecurityUtilDebugLogger has been deprecated and does nothing. Please use the javax.net.debug system property.", "0.4.0")
44+
class SunSecurityUtilDebugLogger(logger: NoDepsLogger) extends sun.security.util.Debug {
45+
override def println(message: String): Unit = ()
46+
override def println(): Unit = ()
47+
}
48+
49+
def apply(newOptions: String, debugOption: Option[Debug] = None): Unit = {
50+
logger.warn("FixCertpathDebugLogging has been deprecated and does nothing. Please use the javax.net.debug system property.")
51+
}
52+
}

0 commit comments

Comments
 (0)