Add SslOptions with Supplier of SSLParameters

src/main/java/redis/clients/jedis/DefaultJedisClientConfig.java

@@ -20,6 +20,7 @@ public final class DefaultJedisClientConfig implements JedisClientConfig {
   private final boolean ssl;
   private final SSLSocketFactory sslSocketFactory;
   private final SSLParameters sslParameters;
+  private final SslOptions sslOptions;
   private final HostnameVerifier hostnameVerifier;
 
   private final HostAndPortMapper hostAndPortMapper;
@@ -28,25 +29,22 @@ public final class DefaultJedisClientConfig implements JedisClientConfig {
 
   private final boolean readOnlyForRedisClusterReplicas;
 
-  private DefaultJedisClientConfig(RedisProtocol protocol, int connectionTimeoutMillis, int soTimeoutMillis,
-      int blockingSocketTimeoutMillis, Supplier<RedisCredentials> credentialsProvider, int database,
-      String clientName, boolean ssl, SSLSocketFactory sslSocketFactory, SSLParameters sslParameters,
-      HostnameVerifier hostnameVerifier, HostAndPortMapper hostAndPortMapper,
-      ClientSetInfoConfig clientSetInfoConfig, boolean readOnlyForRedisClusterReplicas) {
-    this.redisProtocol = protocol;
-    this.connectionTimeoutMillis = connectionTimeoutMillis;
-    this.socketTimeoutMillis = soTimeoutMillis;
-    this.blockingSocketTimeoutMillis = blockingSocketTimeoutMillis;
-    this.credentialsProvider = credentialsProvider;
-    this.database = database;
-    this.clientName = clientName;
-    this.ssl = ssl;
-    this.sslSocketFactory = sslSocketFactory;
-    this.sslParameters = sslParameters;
-    this.hostnameVerifier = hostnameVerifier;
-    this.hostAndPortMapper = hostAndPortMapper;
-    this.clientSetInfoConfig = clientSetInfoConfig;
-    this.readOnlyForRedisClusterReplicas = readOnlyForRedisClusterReplicas;
+  private DefaultJedisClientConfig(DefaultJedisClientConfig.Builder builder) {
+    this.redisProtocol = builder.redisProtocol;
+    this.connectionTimeoutMillis = builder.connectionTimeoutMillis;
+    this.socketTimeoutMillis = builder.socketTimeoutMillis;
+    this.blockingSocketTimeoutMillis = builder.blockingSocketTimeoutMillis;
+    this.credentialsProvider = builder.credentialsProvider;
+    this.database = builder.database;
+    this.clientName = builder.clientName;
+    this.ssl = builder.ssl;
+    this.sslSocketFactory = builder.sslSocketFactory;
+    this.sslParameters = builder.sslParameters;
+    this.sslOptions = builder.sslOptions;
+    this.hostnameVerifier = builder.hostnameVerifier;
+    this.hostAndPortMapper = builder.hostAndPortMapper;
+    this.clientSetInfoConfig = builder.clientSetInfoConfig;
+    this.readOnlyForRedisClusterReplicas = builder.readOnlyForRedisClusterReplicas;
   }
 
   @Override
@@ -110,6 +108,11 @@ public SSLParameters getSslParameters() {
     return sslParameters;
   }
 
+  @Override
+  public SslOptions getSslOptions() {
+    return sslOptions;
+  }
+
   @Override
   public HostnameVerifier getHostnameVerifier() {
     return hostnameVerifier;
@@ -151,6 +154,7 @@ public static class Builder {
     private boolean ssl = false;
     private SSLSocketFactory sslSocketFactory = null;
     private SSLParameters sslParameters = null;
+    private SslOptions sslOptions = null;
     private HostnameVerifier hostnameVerifier = null;
 
     private HostAndPortMapper hostAndPortMapper = null;
@@ -168,15 +172,13 @@ public DefaultJedisClientConfig build() {
             new DefaultRedisCredentials(user, password));
       }
 
-      return new DefaultJedisClientConfig(redisProtocol, connectionTimeoutMillis, socketTimeoutMillis,
-          blockingSocketTimeoutMillis, credentialsProvider, database, clientName, ssl,
-          sslSocketFactory, sslParameters, hostnameVerifier, hostAndPortMapper, clientSetInfoConfig,
-          readOnlyForRedisClusterReplicas);
+      return new DefaultJedisClientConfig(this);
     }
 
     /**
      * Shortcut to {@link redis.clients.jedis.DefaultJedisClientConfig.Builder#protocol(RedisProtocol)} with
      * {@link RedisProtocol#RESP3}.
+     * @return this
      */
     public Builder resp3() {
       return protocol(RedisProtocol.RESP3);
@@ -253,6 +255,11 @@ public Builder sslParameters(SSLParameters sslParameters) {
       return this;
     }
 
+    public Builder sslOptions(SslOptions sslOptions) {
+      this.sslOptions = sslOptions;
+      return this;
+    }
+
     public Builder hostnameVerifier(HostnameVerifier hostnameVerifier) {
       this.hostnameVerifier = hostnameVerifier;
       return this;
@@ -278,19 +285,49 @@ public static DefaultJedisClientConfig create(int connectionTimeoutMillis, int s
       int blockingSocketTimeoutMillis, String user, String password, int database, String clientName,
       boolean ssl, SSLSocketFactory sslSocketFactory, SSLParameters sslParameters,
       HostnameVerifier hostnameVerifier, HostAndPortMapper hostAndPortMapper) {
-    return new DefaultJedisClientConfig(null,
-        connectionTimeoutMillis, soTimeoutMillis, blockingSocketTimeoutMillis,
-        new DefaultRedisCredentialsProvider(new DefaultRedisCredentials(user, password)), database,
-        clientName, ssl, sslSocketFactory, sslParameters, hostnameVerifier, hostAndPortMapper, null,
-        false);
+    Builder builder = builder();
+    builder.connectionTimeoutMillis(connectionTimeoutMillis).socketTimeoutMillis(soTimeoutMillis)
+        .blockingSocketTimeoutMillis(blockingSocketTimeoutMillis);
+    if (user != null || password != null) {
+      // deliberately not handling 'user != null && password == null' here
+      builder.credentials(new DefaultRedisCredentials(user, password));
+    }
+    builder.database(database).clientName(clientName);
+    builder.ssl(ssl).sslSocketFactory(sslSocketFactory).sslParameters(sslParameters).hostnameVerifier(hostnameVerifier);
+    builder.hostAndPortMapper(hostAndPortMapper);
+    return builder.build();
   }
 
+  @Deprecated
   public static DefaultJedisClientConfig copyConfig(JedisClientConfig copy) {
-    return new DefaultJedisClientConfig(copy.getRedisProtocol(),
-        copy.getConnectionTimeoutMillis(), copy.getSocketTimeoutMillis(),
-        copy.getBlockingSocketTimeoutMillis(), copy.getCredentialsProvider(),
-        copy.getDatabase(), copy.getClientName(), copy.isSsl(), copy.getSslSocketFactory(),
-        copy.getSslParameters(), copy.getHostnameVerifier(), copy.getHostAndPortMapper(),
-        copy.getClientSetInfoConfig(), copy.isReadOnlyForRedisClusterReplicas());
+    Builder builder = builder();
+    builder.protocol(copy.getRedisProtocol());
+    builder.connectionTimeoutMillis(copy.getConnectionTimeoutMillis());
+    builder.socketTimeoutMillis(copy.getSocketTimeoutMillis());
+    builder.blockingSocketTimeoutMillis(copy.getBlockingSocketTimeoutMillis());
+
+    Supplier<RedisCredentials> credentialsProvider = copy.getCredentialsProvider();
+    if (credentialsProvider != null) {
+      builder.credentialsProvider(credentialsProvider);
+    } else {
+      builder.user(copy.getUser());
+      builder.password(copy.getPassword());
+    }
+
+    builder.database(copy.getDatabase());
+    builder.clientName(copy.getClientName());
+
+    builder.ssl(copy.isSsl());
+    builder.sslSocketFactory(copy.getSslSocketFactory());
+    builder.sslParameters(copy.getSslParameters());
+    builder.hostnameVerifier(copy.getHostnameVerifier());
+    builder.sslOptions(copy.getSslOptions());
+    builder.hostAndPortMapper(copy.getHostAndPortMapper());
+
+    builder.clientSetInfoConfig(copy.getClientSetInfoConfig());
+    if (copy.isReadOnlyForRedisClusterReplicas()) {
+      builder.readOnlyForRedisClusterReplicas();
+    }
+    return builder.build();
   }
 }

src/main/java/redis/clients/jedis/DefaultJedisSocketFactory.java

@@ -1,12 +1,15 @@
 package redis.clients.jedis;
 
+import java.io.IOException;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.Socket;
+import java.security.GeneralSecurityException;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
@@ -24,6 +27,7 @@ public class DefaultJedisSocketFactory implements JedisSocketFactory {
   private int socketTimeout = Protocol.DEFAULT_TIMEOUT;
   private boolean ssl = false;
   private SSLSocketFactory sslSocketFactory = null;
+  private SslOptions sslOptions = null;
   private SSLParameters sslParameters = null;
   private HostnameVerifier hostnameVerifier = null;
   private HostAndPortMapper hostAndPortMapper = null;
@@ -49,6 +53,7 @@ public DefaultJedisSocketFactory(HostAndPort hostAndPort, JedisClientConfig conf
       this.ssl = config.isSsl();
       this.sslSocketFactory = config.getSslSocketFactory();
       this.sslParameters = config.getSslParameters();
+      this.sslOptions = config.getSslOptions();
       this.hostnameVerifier = config.getHostnameVerifier();
       this.hostAndPortMapper = config.getHostAndPortMapper();
     }
@@ -89,25 +94,8 @@ public Socket createSocket() throws JedisConnectionException {
       socket = connectToFirstSuccessfulHost(_hostAndPort);
       socket.setSoTimeout(socketTimeout);
 
-      if (ssl) {
-        SSLSocketFactory _sslSocketFactory = this.sslSocketFactory;
-        if (null == _sslSocketFactory) {
-          _sslSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
-        }
-        Socket plainSocket = socket;
-        socket = _sslSocketFactory.createSocket(socket, _hostAndPort.getHost(), _hostAndPort.getPort(), true);
-
-        if (null != sslParameters) {
-          ((SSLSocket) socket).setSSLParameters(sslParameters);
-        }
-        socket = new SSLSocketWrapper((SSLSocket) socket, plainSocket);
-
-        if (null != hostnameVerifier
-            && !hostnameVerifier.verify(_hostAndPort.getHost(), ((SSLSocket) socket).getSession())) {
-          String message = String.format(
-            "The connection to '%s' failed ssl/tls hostname verification.", _hostAndPort.getHost());
-          throw new JedisConnectionException(message);
-        }
+      if (ssl || sslOptions != null) {
+        socket = createSslSocket(_hostAndPort, socket);
       }
 
       return socket;
@@ -122,6 +110,52 @@ public Socket createSocket() throws JedisConnectionException {
     }
   }
 
+  /**
+   * ssl enable check is done before this.
+   */
+  private Socket createSslSocket(HostAndPort _hostAndPort, Socket socket) throws IOException, GeneralSecurityException {
+
+    Socket plainSocket = socket;
+
+    SSLSocketFactory _sslSocketFactory;
+    SSLParameters _sslParameters;
+
+    if (sslOptions != null) {
+
+      SSLContext _sslContext = sslOptions.createSslContext();
+      _sslSocketFactory = _sslContext.getSocketFactory();
+
+      _sslParameters = sslOptions.getSslParameters();
+
+    } else {
+
+      _sslSocketFactory = this.sslSocketFactory;
+      _sslParameters = this.sslParameters;
+    }
+
+    if (_sslSocketFactory == null) {
+      _sslSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
+    }
+
+    SSLSocket sslSocket = (SSLSocket) _sslSocketFactory.createSocket(socket,
+        _hostAndPort.getHost(), _hostAndPort.getPort(), true);
+
+    if (_sslParameters != null) {
+      sslSocket.setSSLParameters(_sslParameters);
+    }
+
+    if (sslOptions == null) {
+      // limiting HostnameVerifier only for legacy ssl config
+      if (hostnameVerifier != null && !hostnameVerifier.verify(_hostAndPort.getHost(), sslSocket.getSession())) {
+        String message = String.format("The connection to '%s' failed ssl/tls hostname verification.",
+            _hostAndPort.getHost());
+        throw new JedisConnectionException(message);
+      }
+    }
+
+    return new SSLSocketWrapper(sslSocket, plainSocket);
+  }
+
   public void updateHostAndPort(HostAndPort hostAndPort) {
     this.hostAndPort = hostAndPort;
   }

src/main/java/redis/clients/jedis/JedisClientConfig.java

@@ -44,6 +44,7 @@ default String getPassword() {
     return null;
   }
 
+  // TODO: return null
   default Supplier<RedisCredentials> getCredentialsProvider() {
     return new DefaultRedisCredentialsProvider(
         new DefaultRedisCredentials(getUser(), getPassword()));
@@ -76,6 +77,16 @@ default HostnameVerifier getHostnameVerifier() {
     return null;
   }
 
+  /**
+   * {@link JedisClientConfig#isSsl()}, {@link JedisClientConfig#getSslSocketFactory()},
+   * {@link JedisClientConfig#getSslParameters()} and {@link JedisClientConfig#getHostnameVerifier()} will be ignored if
+   * {@link JedisClientConfig#getSslOptions() this} is set.
+   * @return ssl options
+   */
+  default SslOptions getSslOptions() {
+    return null;
+  }
+
   default HostAndPortMapper getHostAndPortMapper() {
     return null;
   }