From 3cb0696b1fba1b4eece4024a96e5ed88ecbe2517 Mon Sep 17 00:00:00 2001 From: ZhenLian Date: Wed, 25 Aug 2021 16:13:09 -0700 Subject: [PATCH] advancedtls: change enum to use UPPER_SNAKE_CASE (#8446) --- .../util/AdvancedTlsX509TrustManager.java | 12 ++++----- .../java/io/grpc/netty/AdvancedTlsTest.java | 26 +++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/core/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java b/core/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java index ea8e74b1a9..f6e366d321 100644 --- a/core/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java +++ b/core/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java @@ -171,13 +171,13 @@ public final class AdvancedTlsX509TrustManager extends X509ExtendedTrustManager throw new CertificateException( "Not enough information to validate peer. SSLEngine or Socket required."); } - if (this.verification != Verification.InsecurelySkipAllVerification) { + if (this.verification != Verification.INSECURELY_SKIP_ALL_VERIFICATION) { X509ExtendedTrustManager currentDelegateManager = this.delegateManager; if (currentDelegateManager == null) { throw new CertificateException("No trust roots configured"); } if (checkingServer) { - String algorithm = this.verification == Verification.CertificateAndHostNameVerification + String algorithm = this.verification == Verification.CERTIFICATE_AND_HOST_NAME_VERIFICATION ? "HTTPS" : ""; if (sslEngine != null) { SSLParameters sslParams = sslEngine.getSSLParameters(); @@ -288,7 +288,7 @@ public final class AdvancedTlsX509TrustManager extends X509ExtendedTrustManager // This is the DEFAULT and RECOMMENDED mode for most applications. // Setting this on the client side will do the certificate and hostname verification, while // setting this on the server side will only do the certificate verification. - CertificateAndHostNameVerification, + CERTIFICATE_AND_HOST_NAME_VERIFICATION, // This SHOULD be chosen only when you know what the implication this will bring, and have a // basic understanding about TLS. // It SHOULD be accompanied with proper additional peer identity checks set through @@ -298,13 +298,13 @@ public final class AdvancedTlsX509TrustManager extends X509ExtendedTrustManager // checkClientTrusted/checkServerTrusted with the {@code SSLEngine} parameter while doing // verification. // Setting this on either side will only do the certificate verification. - CertificateOnlyVerification, + CERTIFICATE_ONLY_VERIFICATION, // Setting is very DANGEROUS. Please try to avoid this in a real production environment, unless // you are a super advanced user intended to re-implement the whole verification logic on your // own. A secure verification might include: // 1. proper verification on the peer certificate chain // 2. proper checks on the identity of the peer certificate - InsecurelySkipAllVerification, + INSECURELY_SKIP_ALL_VERIFICATION, } // Additional custom peer verification check. @@ -338,7 +338,7 @@ public final class AdvancedTlsX509TrustManager extends X509ExtendedTrustManager public static final class Builder { - private Verification verification = Verification.CertificateAndHostNameVerification; + private Verification verification = Verification.CERTIFICATE_AND_HOST_NAME_VERIFICATION; private SslSocketAndEnginePeerVerifier socketAndEnginePeerVerifier; private Builder() {} diff --git a/netty/src/test/java/io/grpc/netty/AdvancedTlsTest.java b/netty/src/test/java/io/grpc/netty/AdvancedTlsTest.java index df76481a12..7dd5ec75e5 100644 --- a/netty/src/test/java/io/grpc/netty/AdvancedTlsTest.java +++ b/netty/src/test/java/io/grpc/netty/AdvancedTlsTest.java @@ -161,7 +161,7 @@ public class AdvancedTlsTest { AdvancedTlsX509KeyManager serverKeyManager = new AdvancedTlsX509KeyManager(); serverKeyManager.updateIdentityCredentials(serverKey0, serverCert0); AdvancedTlsX509TrustManager serverTrustManager = AdvancedTlsX509TrustManager.newBuilder() - .setVerification(Verification.CertificateOnlyVerification) + .setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION) .build(); serverTrustManager.updateTrustCredentials(caCert); ServerCredentials serverCredentials = TlsServerCredentials.newBuilder() @@ -174,7 +174,7 @@ public class AdvancedTlsTest { AdvancedTlsX509KeyManager clientKeyManager = new AdvancedTlsX509KeyManager(); clientKeyManager.updateIdentityCredentials(clientKey0, clientCert0); AdvancedTlsX509TrustManager clientTrustManager = AdvancedTlsX509TrustManager.newBuilder() - .setVerification(Verification.CertificateAndHostNameVerification) + .setVerification(Verification.CERTIFICATE_AND_HOST_NAME_VERIFICATION) .build(); clientTrustManager.updateTrustCredentials(caCert); ChannelCredentials channelCredentials = TlsChannelCredentials.newBuilder() @@ -198,7 +198,7 @@ public class AdvancedTlsTest { serverKeyManager.updateIdentityCredentials(serverKey0, serverCert0); // Set server's custom verification based on the information of clientCert0. AdvancedTlsX509TrustManager serverTrustManager = AdvancedTlsX509TrustManager.newBuilder() - .setVerification(Verification.CertificateOnlyVerification) + .setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION) .setSslSocketAndEnginePeerVerifier( new SslSocketAndEnginePeerVerifier() { @Override @@ -238,7 +238,7 @@ public class AdvancedTlsTest { clientKeyManager.updateIdentityCredentials(clientKey0, clientCert0); // Set client's custom verification based on the information of serverCert0. AdvancedTlsX509TrustManager clientTrustManager = AdvancedTlsX509TrustManager.newBuilder() - .setVerification(Verification.CertificateOnlyVerification) + .setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION) .setSslSocketAndEnginePeerVerifier( new SslSocketAndEnginePeerVerifier() { @Override @@ -289,7 +289,7 @@ public class AdvancedTlsTest { // will configure the client to skip all checks later. serverKeyManager.updateIdentityCredentials(serverKeyBad, serverCertBad); AdvancedTlsX509TrustManager serverTrustManager = AdvancedTlsX509TrustManager.newBuilder() - .setVerification(Verification.CertificateOnlyVerification) + .setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION) .setSslSocketAndEnginePeerVerifier( new SslSocketAndEnginePeerVerifier() { @Override @@ -315,7 +315,7 @@ public class AdvancedTlsTest { // Note this is very dangerous in production environment - only do so if you are confident on // what you are doing! AdvancedTlsX509TrustManager clientTrustManager = AdvancedTlsX509TrustManager.newBuilder() - .setVerification(Verification.InsecurelySkipAllVerification) + .setVerification(Verification.INSECURELY_SKIP_ALL_VERIFICATION) .setSslSocketAndEnginePeerVerifier( new SslSocketAndEnginePeerVerifier() { @Override @@ -350,7 +350,7 @@ public class AdvancedTlsTest { Closeable serverKeyShutdown = serverKeyManager.updateIdentityCredentialsFromFile(serverKey0File, serverCert0File, 100, TimeUnit.MILLISECONDS, executor); AdvancedTlsX509TrustManager serverTrustManager = AdvancedTlsX509TrustManager.newBuilder() - .setVerification(Verification.CertificateOnlyVerification) + .setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION) .build(); Closeable serverTrustShutdown = serverTrustManager.updateTrustCredentialsFromFile(caCertFile, 100, TimeUnit.MILLISECONDS, executor); @@ -365,7 +365,7 @@ public class AdvancedTlsTest { Closeable clientKeyShutdown = clientKeyManager.updateIdentityCredentialsFromFile(clientKey0File, clientCert0File,100, TimeUnit.MILLISECONDS, executor); AdvancedTlsX509TrustManager clientTrustManager = AdvancedTlsX509TrustManager.newBuilder() - .setVerification(Verification.CertificateAndHostNameVerification) + .setVerification(Verification.CERTIFICATE_AND_HOST_NAME_VERIFICATION) .build(); Closeable clientTrustShutdown = clientTrustManager.updateTrustCredentialsFromFile(caCertFile, 100, TimeUnit.MILLISECONDS, executor); @@ -407,7 +407,7 @@ public class AdvancedTlsTest { @Test public void trustManagerCheckTrustedWithSocketTest() throws Exception { AdvancedTlsX509TrustManager tm = AdvancedTlsX509TrustManager.newBuilder() - .setVerification(Verification.InsecurelySkipAllVerification).build(); + .setVerification(Verification.INSECURELY_SKIP_ALL_VERIFICATION).build(); tm.updateTrustCredentials(caCert); tm.checkClientTrusted(serverCert0, "RSA", new Socket()); tm.useSystemDefaultTrustCerts(); @@ -420,7 +420,7 @@ public class AdvancedTlsTest { exceptionRule.expectMessage( "Not enough information to validate peer. SSLEngine or Socket required."); AdvancedTlsX509TrustManager tm = AdvancedTlsX509TrustManager.newBuilder() - .setVerification(Verification.InsecurelySkipAllVerification).build(); + .setVerification(Verification.INSECURELY_SKIP_ALL_VERIFICATION).build(); tm.checkClientTrusted(serverCert0, "RSA"); } @@ -430,7 +430,7 @@ public class AdvancedTlsTest { exceptionRule.expectMessage( "Not enough information to validate peer. SSLEngine or Socket required."); AdvancedTlsX509TrustManager tm = AdvancedTlsX509TrustManager.newBuilder() - .setVerification(Verification.InsecurelySkipAllVerification).build(); + .setVerification(Verification.INSECURELY_SKIP_ALL_VERIFICATION).build(); tm.checkServerTrusted(serverCert0, "RSA"); } @@ -440,7 +440,7 @@ public class AdvancedTlsTest { exceptionRule.expectMessage( "Want certificate verification but got null or empty certificates"); AdvancedTlsX509TrustManager tm = AdvancedTlsX509TrustManager.newBuilder() - .setVerification(Verification.CertificateOnlyVerification) + .setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION) .build(); tm.updateTrustCredentials(caCert); tm.checkClientTrusted(null, "RSA", (SSLEngine) null); @@ -451,7 +451,7 @@ public class AdvancedTlsTest { exceptionRule.expect(CertificateException.class); exceptionRule.expectMessage("Bad Custom Verification"); AdvancedTlsX509TrustManager tm = AdvancedTlsX509TrustManager.newBuilder() - .setVerification(Verification.CertificateOnlyVerification) + .setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION) .setSslSocketAndEnginePeerVerifier( new SslSocketAndEnginePeerVerifier() { @Override