Polishing.

mp911de · mp911de · commit ba2c9bae9001 · 2024-08-08T15:32:54.000+02:00
Remove verifyMode setters on LettuceConnectionFactory to not expose additional properties already exposed via ClientConfiguration. Deprecate LettuceClientConfiguration.isVerifyPeer in favor of getVerifyMode. See #2899 Original pull request: #2934
diff --git a/src/main/java/org/springframework/data/redis/connection/lettuce/DefaultLettuceClientConfiguration.java b/src/main/java/org/springframework/data/redis/connection/lettuce/DefaultLettuceClientConfiguration.java
@@ -48,13 +48,13 @@ class DefaultLettuceClientConfiguration implements LettuceClientConfiguration {
 	private final Duration shutdownTimeout;
 	private final Duration shutdownQuietPeriod;
 
-	DefaultLettuceClientConfiguration(boolean useSsl, boolean verifyPeer, boolean startTls,
+	DefaultLettuceClientConfiguration(boolean useSsl, SslVerifyMode verifyMode, boolean startTls,
 			@Nullable ClientResources clientResources, @Nullable ClientOptions clientOptions, @Nullable String clientName,
 			@Nullable ReadFrom readFrom, @Nullable RedisCredentialsProviderFactory redisCredentialsProviderFactory,
 			Duration timeout, Duration shutdownTimeout, @Nullable Duration shutdownQuietPeriod) {
 
 		this.useSsl = useSsl;
-		this.verifyMode = verifyPeer ? SslVerifyMode.FULL : SslVerifyMode.NONE;
+		this.verifyMode = verifyMode;
 		this.startTls = startTls;
 		this.clientResources = Optional.ofNullable(clientResources);
 		this.clientOptions = Optional.ofNullable(clientOptions);
diff --git a/src/main/java/org/springframework/data/redis/connection/lettuce/DefaultLettucePoolingClientConfiguration.java b/src/main/java/org/springframework/data/redis/connection/lettuce/DefaultLettucePoolingClientConfiguration.java
@@ -52,6 +52,7 @@ public boolean isUseSsl() {
 	}
 
 	@Override
+	@Deprecated
 	public boolean isVerifyPeer() {
 		return clientConfiguration.isVerifyPeer();
 	}
diff --git a/src/main/java/org/springframework/data/redis/connection/lettuce/LettuceClientConfiguration.java b/src/main/java/org/springframework/data/redis/connection/lettuce/LettuceClientConfiguration.java
@@ -66,11 +66,14 @@ public interface LettuceClientConfiguration {
 
 	/**
 	 * @return {@literal true} to verify peers when using {@link #isUseSsl() SSL}.
+	 * @deprecated since 3.4, use {@link #getVerifyMode()} for how peer verification is configured.
 	 */
+	@Deprecated(since = "3.4")
 	boolean isVerifyPeer();
 
 	/**
 	 * @return the {@link io.lettuce.core.SslVerifyMode}.
+	 * @since 3.4
 	 */
 	SslVerifyMode getVerifyMode();
 
@@ -354,7 +357,7 @@ public LettuceClientConfigurationBuilder shutdownQuietPeriod(Duration shutdownQu
 		 */
 		public LettuceClientConfiguration build() {
 
-			return new DefaultLettuceClientConfiguration(useSsl, verifyMode != SslVerifyMode.NONE, startTls, clientResources, clientOptions,
+			return new DefaultLettuceClientConfiguration(useSsl, verifyMode, startTls, clientResources, clientOptions,
 					clientName, readFrom, redisCredentialsProviderFactory, timeout, shutdownTimeout, shutdownQuietPeriod);
 		}
 	}
@@ -364,7 +367,7 @@ public LettuceClientConfiguration build() {
 	 */
 	class LettuceSslClientConfigurationBuilder {
 
-		private LettuceClientConfigurationBuilder delegate;
+		private final LettuceClientConfigurationBuilder delegate;
 
 		LettuceSslClientConfigurationBuilder(LettuceClientConfigurationBuilder delegate) {
 
@@ -373,16 +376,28 @@ class LettuceSslClientConfigurationBuilder {
 		}
 
 		/**
-		 * Disable peer verification.
+		 * Configure peer verification.
 		 *
 		 * @return {@literal this} builder.
+		 * @since 3.4
 		 */
-		public LettuceSslClientConfigurationBuilder disablePeerVerification() {
+		public LettuceSslClientConfigurationBuilder verifyPeer(SslVerifyMode verifyMode) {
+
+			Assert.notNull(verifyMode, "SslVerifyMode must not be null");
 
-			delegate.verifyMode = SslVerifyMode.NONE;
+			delegate.verifyMode = verifyMode;
 			return this;
 		}
 
+		/**
+		 * Disable peer verification.
+		 *
+		 * @return {@literal this} builder.
+		 */
+		public LettuceSslClientConfigurationBuilder disablePeerVerification() {
+			return verifyPeer(SslVerifyMode.NONE);
+		}
+
 		/**
 		 * Enable Start TLS to send the first bytes unencrypted.
 		 *
diff --git a/src/main/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactory.java b/src/main/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactory.java
@@ -64,7 +64,6 @@
 import org.springframework.data.redis.connection.RedisConfiguration.ClusterConfiguration;
 import org.springframework.data.redis.connection.RedisConfiguration.WithDatabaseIndex;
 import org.springframework.data.redis.connection.RedisConfiguration.WithPassword;
-import org.springframework.data.redis.connection.lettuce.LettuceConnection.PipeliningFlushPolicy;
 import org.springframework.data.redis.util.RedisAssertions;
 import org.springframework.data.util.Optionals;
 import org.springframework.lang.Nullable;
@@ -476,7 +475,9 @@ public void setUseSsl(boolean useSsl) {
 	 * Returns whether to verify certificate validity/hostname check when SSL is used.
 	 *
 	 * @return whether to verify peers when using SSL.
+	 * @deprecated since 3.4, use {@link LettuceClientConfiguration#getVerifyMode()} instead.
 	 */
+	@Deprecated(since = "3.4")
 	public boolean isVerifyPeer() {
 		return clientConfiguration.isVerifyPeer();
 	}
@@ -493,19 +494,6 @@ public void setVerifyPeer(boolean verifyPeer) {
 		getMutableConfiguration().setVerifyPeer(verifyPeer);
 	}
 
-	/**
-	 * Returns the mode to verify peers when using SSL.
-	 * <p>
-	 * FULL will enable a full certificate verification.
-	 * CA means Lettuces only verify the certificate and skip verifying th hostname matches. NONE will disable
-	 * verification and {@link #isVerifyPeer() isVerifyPeer} will return false with this mode.
-	 *
-	 * @return the verify mode of {@link io.lettuce.core.SslVerifyMode}.
-	 */
-	public SslVerifyMode getVerifyMode() {
-		return getMutableConfiguration().getVerifyMode();
-	}
-
 	/**
 	 * Returns whether to issue a StartTLS.
 	 *
@@ -1479,7 +1467,7 @@ private RedisURI createRedisURIAndApplySettings(String host, int port) {
 
 		builder.withDatabase(getDatabase());
 		builder.withSsl(clientConfiguration.isUseSsl());
-		builder.withVerifyPeer(clientConfiguration.isVerifyPeer());
+		builder.withVerifyPeer(clientConfiguration.getVerifyMode());
 		builder.withStartTls(clientConfiguration.isStartTls());
 		builder.withTimeout(clientConfiguration.getCommandTimeout());
 
@@ -1705,11 +1693,7 @@ public SslVerifyMode getVerifyMode() {
 		}
 
 		void setVerifyPeer(boolean verifyPeer) {
-			this.verifyMode = verifyPeer? SslVerifyMode.FULL: SslVerifyMode.NONE;
-		}
-
-		void setVerifyPeer(SslVerifyMode verifyMode) {
-			this.verifyMode = verifyMode;
+			this.verifyMode = verifyPeer ? SslVerifyMode.FULL : SslVerifyMode.NONE;
 		}
 
 		@Override
diff --git a/src/test/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactoryUnitTests.java b/src/test/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactoryUnitTests.java
@@ -378,7 +378,7 @@ void sslOptionsShouldBeDisabledByDefaultOnClient() {
 		assertThat(redisUri.isVerifyPeer()).isTrue();
 		assertThat(redisUri.getVerifyMode().equals(SslVerifyMode.FULL));
 		assertThat(connectionFactory.isVerifyPeer()).isTrue();
-		assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.FULL));
+		assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.FULL));
 	}
 
 	@Test // DATAREDIS-476
@@ -399,7 +399,7 @@ void sslShouldBeSetCorrectlyOnClient() {
 		assertThat(redisUri.isVerifyPeer()).isTrue();
 		assertThat(redisUri.getVerifyMode().equals(SslVerifyMode.FULL));
 		assertThat(connectionFactory.isVerifyPeer()).isTrue();
-		assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.FULL));
+		assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.FULL));
 	}
 
 	@Test // DATAREDIS-480
@@ -419,7 +419,7 @@ void verifyPeerOptionShouldBeSetCorrectlyOnClient() {
 		assertThat(redisUri.isVerifyPeer()).isFalse();
 		assertThat(redisUri.getVerifyMode().equals(SslVerifyMode.NONE));
 		assertThat(connectionFactory.isVerifyPeer()).isFalse();
-		assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.NONE));
+		assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.NONE));
 	}
 
 	@Test // DATAREDIS-480
@@ -460,7 +460,7 @@ void sslShouldBeSetCorrectlyOnSentinelClient() {
 		assertThat(redisUri.isVerifyPeer()).isTrue();
 		assertThat(redisUri.getVerifyMode().equals(SslVerifyMode.FULL));
 		assertThat(connectionFactory.isVerifyPeer()).isTrue();
-		assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.FULL));
+		assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.FULL));
 	}
 
 	@Test // DATAREDIS-990
@@ -480,7 +480,7 @@ void verifyPeerOptionShouldBeSetCorrectlyOnSentinelClient() {
 
 		assertThat(redisUri.isVerifyPeer()).isFalse();
 		assertThat(connectionFactory.isVerifyPeer()).isFalse();
-		assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.NONE));
+		assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.NONE));
 	}
 
 	@Test // DATAREDIS-990
@@ -757,7 +757,7 @@ void shouldApplyClientConfiguration() {
 
 		assertThat(connectionFactory.isUseSsl()).isTrue();
 		assertThat(connectionFactory.isVerifyPeer()).isFalse();
-		assertThat(connectionFactory.getVerifyMode().equals(SslVerifyMode.NONE));
+		assertThat(connectionFactory.getClientConfiguration().getVerifyMode().equals(SslVerifyMode.NONE));
 		assertThat(connectionFactory.isStartTls()).isTrue();
 		assertThat(connectionFactory.getClientResources()).isEqualTo(sharedClientResources);
 		assertThat(connectionFactory.getTimeout()).isEqualTo(Duration.ofMinutes(5).toMillis());

Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,7 @@ public boolean isUseSsl() {`
`52`	`52`	`}`
`53`	`53`
`54`	`54`	`@Override`
	`55`	`+ @Deprecated`
`55`	`56`	`public boolean isVerifyPeer() {`
`56`	`57`	`return clientConfiguration.isVerifyPeer();`
`57`	`58`	`}`