Revert "tls_available support"

This reverts commit f0765be.

Author: scottf

src/main/java/io/nats/client/Options.java

@@ -38,7 +38,6 @@
 import java.util.concurrent.*;
 import java.util.concurrent.atomic.AtomicInteger;
 
-import static io.nats.client.support.ApiConstants.TLS_REQUIRED;
 import static io.nats.client.support.Encoding.uriDecode;
 import static io.nats.client.support.NatsConstants.*;
 import static io.nats.client.support.SSLUtils.DEFAULT_TLS_ALGORITHM;
@@ -493,7 +492,7 @@ public class Options {
      * Protocol key {@value}, see
      * {@link Builder#sslContext(SSLContext) sslContext}.
      */
-    static final String OPTION_TLS_REQUIRED = TLS_REQUIRED;
+    static final String OPTION_TLS_REQUIRED = "tls_required";
 
     /**
      * Protocol key {@value}, see {@link Builder#token(String)
@@ -1711,10 +1710,6 @@ else if (useDefaultTls) {
                 }
             }
 
-            if (tlsFirst && sslContext == null) {
-                throw new IllegalStateException("SSL context required for tls handshake first");
-            }
-
             if (credentialPath != null) {
                 File file = new File(credentialPath).getAbsoluteFile();
                 authHandler = Nats.credentials(file.toString());
@@ -2106,10 +2101,10 @@ public int getMaxControlLine() {
 
     /**
      *
-     * @return true if there is an sslContext for these Options, otherwise false, see {@link Builder#secure() secure()} in the builder doc
+     * @return true if there is an sslContext for this Options, otherwise false, see {@link Builder#secure() secure()} in the builder doc
      */
     public boolean isTLSRequired() {
-        return sslContext != null;
+        return tlsFirst || this.sslContext != null;
     }
 
     /**

src/main/java/io/nats/client/api/ServerInfo.java

@@ -35,7 +35,6 @@ public class ServerInfo {
     private final boolean headersSupported;
     private final boolean authRequired;
     private final boolean tlsRequired;
-    private final boolean tlsAvailable;
     private final long maxPayload;
     private final List<String> connectURLs;
     private final int protocolVersion;
@@ -68,8 +67,7 @@ public ServerInfo(String json) {
         headersSupported = readBoolean(jv, HEADERS);
         authRequired = readBoolean(jv, AUTH_REQUIRED);
         nonce = readBytes(jv, NONCE);
-        tlsRequired = readBoolean(jv, TLS_REQUIRED);
-        tlsAvailable = readBoolean(jv, TLS_AVAILABLE);
+        tlsRequired = readBoolean(jv, TLS);
         lameDuckMode = readBoolean(jv, LAME_DUCK_MODE);
         jetStream = readBoolean(jv, JETSTREAM);
         port = readInteger(jv, PORT, 0);
@@ -86,61 +84,57 @@ public boolean isLameDuckMode() {
     }
 
     public String getServerId() {
-        return serverId;
+        return this.serverId;
     }
 
     public String getServerName() {
         return serverName;
     }
 
     public String getVersion() {
-        return version;
+        return this.version;
     }
 
     public String getGoVersion() {
-        return go;
+        return this.go;
     }
 
     public String getHost() {
-        return host;
+        return this.host;
     }
 
     public int getPort() {
-        return port;
+        return this.port;
     }
 
     public int getProtocolVersion() {
-        return protocolVersion;
+        return this.protocolVersion;
     }
 
-    public boolean isHeadersSupported() { return headersSupported; }
+    public boolean isHeadersSupported() { return this.headersSupported; }
 
     public boolean isAuthRequired() {
-        return authRequired;
+        return this.authRequired;
     }
 
     public boolean isTLSRequired() {
-        return tlsRequired;
-    }
-
-    public boolean isTLSAvailable() {
-        return tlsAvailable;
+        return this.tlsRequired;
     }
 
     public long getMaxPayload() {
-        return maxPayload;
+        return this.maxPayload;
     }
 
     public List<String> getConnectURLs() {
-        return connectURLs;
+        return this.connectURLs;
     }
 
     public byte[] getNonce() {
-        return nonce;
+        return this.nonce;
     }
 
     public boolean isJetStreamAvailable() {
-        return jetStream;
+        return this.jetStream;
     }
 
     public int getClientId() {
@@ -178,25 +172,24 @@ public boolean isSameOrNewerThanVersion(String vTarget) {
     @Override
     public String toString() {
         return "ServerInfo{" +
-            "serverId='" + serverId + '\'' +
-            ", serverName='" + serverName + '\'' +
-            ", version='" + version + '\'' +
-            ", go='" + go + '\'' +
-            ", host='" + host + '\'' +
-            ", port=" + port +
-            ", headersSupported=" + headersSupported +
-            ", authRequired=" + authRequired +
-            ", tlsRequired=" + tlsRequired +
-            ", tlsAvailable=" + tlsAvailable +
-            ", maxPayload=" + maxPayload +
-            ", connectURLs=" + connectURLs +
-            ", protocolVersion=" + protocolVersion +
-            ", nonce=" + Arrays.toString(nonce) +
-            ", lameDuckMode=" + lameDuckMode +
-            ", jetStream=" + jetStream +
-            ", clientId=" + clientId +
-            ", clientIp='" + clientIp + '\'' +
-            ", cluster='" + cluster + '\'' +
-            '}';
+                "serverId='" + serverId + '\'' +
+                ", serverName='" + serverName + '\'' +
+                ", version='" + version + '\'' +
+                ", go='" + go + '\'' +
+                ", host='" + host + '\'' +
+                ", port=" + port +
+                ", headersSupported=" + headersSupported +
+                ", authRequired=" + authRequired +
+                ", tlsRequired=" + tlsRequired +
+                ", maxPayload=" + maxPayload +
+                ", connectURLs=" + connectURLs +
+                ", protocolVersion=" + protocolVersion +
+                ", nonce=" + Arrays.toString(nonce) +
+                ", lameDuckMode=" + lameDuckMode +
+                ", jetStream=" + jetStream +
+                ", clientId=" + clientId +
+                ", clientIp='" + clientIp + '\'' +
+                ", cluster='" + cluster + '\'' +
+                '}';
     }
 }

src/main/java/io/nats/client/impl/NatsConnection.java

@@ -577,29 +577,40 @@ public void run() {
     void checkVersionRequirements() throws IOException {
         Options opts = getOptions();
         ServerInfo info = getInfo();
+
         if (opts.isNoEcho() && info.getProtocolVersion() < 1) {
             throw new IOException("Server does not support no echo.");
         }
     }
 
     void upgradeToSecureIfNeeded(NatsUri nuri) throws IOException {
-        if (options.isTlsFirst()) {
-            dataPort.upgradeToSecure();
+        Options clientOptions = getOptions();
+        if (clientOptions.isTlsFirst()) {
+            this.dataPort.upgradeToSecure();
         }
         else {
             ServerInfo serverInfo = getInfo();
-            if (options.isTLSRequired()) {
-                if (!nuri.isWebsocket()) {
-                    // When already communicating over "https" websocket, do NOT try to upgrade to secure.
-                    if (!serverInfo.isTLSRequired() && !serverInfo.isTLSAvailable()) {
-                        throw new IOException("SSL connection wanted by client.");
-                    }
-                    dataPort.upgradeToSecure();
+            boolean before2_9_19 = serverInfo.isOlderThanVersion("2.9.19");
+
+            boolean isTLSRequired = clientOptions.isTLSRequired();
+            boolean upgradeRequired = isTLSRequired;
+            if (isTLSRequired && nuri.isWebsocket()) {
+                // We are already communicating over "https" websocket, so
+                // do NOT try to upgrade to secure.
+                if (before2_9_19) {
+                    isTLSRequired = false;
                 }
+                upgradeRequired = false;
             }
-            else if (serverInfo.isTLSRequired()) {
+            if (isTLSRequired && !serverInfo.isTLSRequired()) {
+                throw new IOException("SSL connection wanted by client.");
+            }
+            else if (!isTLSRequired && serverInfo.isTLSRequired()) {
                 throw new IOException("SSL required by server.");
             }
+            if (upgradeRequired) {
+                this.dataPort.upgradeToSecure();
+            }
         }
     }
 

src/main/java/io/nats/client/support/ApiConstants.java

@@ -195,8 +195,6 @@ public interface ApiConstants {
     String TIME              = "time";
     String TIMESTAMP         = "ts";
     String TLS               = "tls_required";
-    String TLS_REQUIRED      = TLS;
-    String TLS_AVAILABLE     = "tls_available";
     String TOTAL             = "total";
     String TYPE              = "type";
     String VERSION           = "version";

src/test/java/io/nats/client/api/ServerInfoTests.java

@@ -40,7 +40,6 @@ public void testValidInfoString() {
         assertEquals(7777, info.getPort());
         assertTrue(info.isAuthRequired());
         assertTrue(info.isTLSRequired());
-        assertTrue(info.isTLSAvailable());
         assertTrue(info.isHeadersSupported());
         assertEquals(100_000_000_000L, info.getMaxPayload());
         assertEquals(1, info.getProtocolVersion());

src/test/java/io/nats/client/impl/TLSConnectTests.java

@@ -397,96 +397,4 @@ public void testSSLContextFactoryPropertiesPassOnCorrectly() throws NoSuchAlgori
         assertEquals("tlsAlgorithm", factory.properties.tlsAlgorithm);
         assertEquals("tlsAlgorithm", factory.properties.getTlsAlgorithm());
     }
-
-    private static final int SERVER_INSECURE = 1;
-    private static final int SERVER_TLS_AVAILABLE = 2;
-    private static final int SERVER_TLS_REQUIRED = 3;
-    static class ProxyConnection extends NatsConnection {
-        int serverType;
-
-        public ProxyConnection(String servers, boolean tlsFirst, ErrorListener listener, int serverType) throws Exception {
-            super(makeMiddleman(servers, tlsFirst, listener));
-            this.serverType = serverType;
-        }
-
-        private static Options makeMiddleman(String servers, boolean tlsFirst, ErrorListener listener) throws Exception {
-            Options.Builder builder = new Options.Builder()
-                .server(servers)
-                .maxReconnects(0)
-                .sslContext(SslTestingHelper.createTestSSLContext())
-                .errorListener(listener);
-
-            if (tlsFirst) {
-                builder.tlsFirst();
-            }
-
-            return builder.build();
-        }
-
-        @Override
-        void handleInfo(String infoJson) {
-            switch (serverType) {
-                case SERVER_INSECURE:
-                    super.handleInfo(infoJson.replace(",\"tls_required\":true", "")); break;
-                case SERVER_TLS_AVAILABLE:
-                    super.handleInfo(infoJson.replace("\"tls_required\":true", "\"tls_available\":true")); break;
-                default:
-                    super.handleInfo(infoJson);
-            }
-        }
-    }
-
-    /*
-        1. client tls first      | secure proxy | server insecure      -> connects
-        2. client tls first      | secure proxy | server tls required  -> connects
-        3. client tls first      | secure proxy | server tls available -> connects
-        4. client regular secure | secure proxy | server insecure      -> mismatch exception
-        5. client regular secure | secure proxy | server tls required  -> connects
-        6. client regular secure | secure proxy | server tls available -> connects
-    */
-
-    @Test
-    public void testProxyTlsFirst() throws Exception {
-        if (TestBase.atLeast2_10_3(ensureRunServerInfo())) {
-            try (NatsTestServer ts = new NatsTestServer("src/test/resources/tls_first.conf", false)) {
-                // 1. client tls first | secure proxy | server insecure -> connects
-                ProxyConnection connTI = new ProxyConnection(ts.getURI(), true, null, SERVER_INSECURE);
-                connTI.connect(false);
-                closeConnection(standardConnectionWait(connTI), 1000);
-
-                // 2. client tls first | secure proxy | server tls required -> connects
-                ProxyConnection connTR = new ProxyConnection(ts.getURI(), true, null, SERVER_TLS_REQUIRED);
-                connTR.connect(false);
-                closeConnection(standardConnectionWait(connTR), 1000);
-
-                // 3. client tls first | secure proxy | server tls available -> connects
-                ProxyConnection connTA = new ProxyConnection(ts.getURI(), true, null, SERVER_TLS_AVAILABLE);
-                connTA.connect(false);
-                closeConnection(standardConnectionWait(connTA), 1000);
-            }
-        }
-    }
-
-    @SuppressWarnings({"resource"})
-    @Test
-    public void testProxyNotTlsFirst() throws Exception {
-        try (NatsTestServer ts = new NatsTestServer("src/test/resources/tls.conf", false)) {
-            // 4. client regular secure | secure proxy | server insecure -> mismatch exception
-            ListenerForTesting listener = new ListenerForTesting();
-            ProxyConnection connRI = new ProxyConnection(ts.getURI(), false, listener, SERVER_INSECURE);
-            assertThrows(Exception.class, () -> connRI.connect(false));
-            assertEquals(1, listener.getExceptions().size());
-            assertTrue(listener.getExceptions().get(0).getMessage().contains("SSL connection wanted by client"));
-
-            // 5. client regular secure | secure proxy | server tls required  -> connects
-            ProxyConnection connRR = new ProxyConnection(ts.getURI(), false, null, SERVER_TLS_REQUIRED);
-            connRR.connect(false);
-            closeConnection(standardConnectionWait(connRR), 1000);
-
-            // 6. client regular secure | secure proxy | server tls available -> connects
-            ProxyConnection connRA = new ProxyConnection(ts.getURI(), false, null, SERVER_TLS_AVAILABLE);
-            connRA.connect(false);
-            closeConnection(standardConnectionWait(connRA), 1000);
-        }
-    }
 }

src/test/resources/data/ServerInfoJson.txt

@@ -1 +1 @@
-INFO {"server_id": "serverId","server_name": "serverName","version": "1.2.3","go": "go0.0.0","host": "host","port": 7777,"headersSupported": true,"auth_required": true,"tls_required": true,"tls_available": true,"max_payload": 100000000000,"proto": 1,"ldm": true,"jetstream": true,"client_id": 42,"client_ip": "127.0.0.1","cluster": "cluster","connect_urls":["url0", "url1"],"nonce":"<encoded>","headers": true,}
+INFO {"server_id": "serverId","server_name": "serverName","version": "1.2.3","go": "go0.0.0","host": "host","port": 7777,"headersSupported": true,"auth_required": true,"tls_required": true,"max_payload": 100000000000,"proto": 1,"ldm": true,"jetstream": true,"client_id": 42,"client_ip": "127.0.0.1","cluster": "cluster","connect_urls":["url0", "url1"],"nonce":"<encoded>","headers": true,}