Complete deprecation annotations already started

[emaldona]

Addresses https://pagure.io/jss/issue/19

Replaces the previous pull request
emaldona@5305574
that failed tests.

[emaldona]

Due the size I recommend reviewing this after the other simpler pull requests have been handled.

[cipherboy]

@emaldona Thanks for the other patches! They have been merged. :)

Any chance you'll be around to update this one today?

[emaldona]

Yes, I'll work on it Today. It will take me a while to update as this one is a lot bigger. I'll be online.

[emaldona]

Two lines with "@deprecated" annotation but no reason given. Lines 405 and 413 in the patch, line 399 ponts to org/mozilla/jss/netscape/security/provider/DSA.java. Reason for deprecation given at https://docs.oracle.com/javase/7/docs/api/java/security/SignatureSpi.html where it states
"protected abstract void engineSetParameter(String param, Object value)
Deprecated.  Replaced by engineSetParameter". Need to update the pull request.

[emaldona]

The Oracle site gives a reason for by engineSetParameter(String param, Object value) deprecation but none for the getParameter(Sring key) one. Explanation for engineGetParameter(String param)
not entirely clear to me. Looked at https://docs.oracle.com/javase/7/docs/api/java/security/SignatureSpi.html#engineGetParameter(java.lang.String) and also at the the ones for 8, 9 ,and 10 and they don't help either. I'm holding off on updating the pull request until things are clear.

[emaldona]

Sorry, this latest version was generated incorrectly. It includes the stuff from the one for issue #30. The previous version was fine. @cipherboy I might need some help fixing this.

[cipherboy]

Okay, so I see a few deprecations changed... But tell me what I'm supposed to be looking for?

< shows that the change is in your branch
> shows that the change is in master.

---

So in master, we have this deprecation that is now gone in your branch:

> ./org/mozilla/jss/pkcs11/PK11Cipher.java:102: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
> ./org/mozilla/jss/pkcs11/PK11Cipher.java:105: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
> ./org/mozilla/jss/pkcs11/PK11Cipher.java:127: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
> ./org/mozilla/jss/pkcs11/PK11Cipher.java:130: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
> ./org/mozilla/jss/pkcs11/PK11Cipher.java:165: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
> ./org/mozilla/jss/pkcs11/PK11Cipher.java:192: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated

This calls algorithm.isPadded(); algorithm is of type org.Mozilla.jss.crypto.EncryptionAlgorithm, and it is deprecated by us, so this is good.

However, in your branch you add a @Deprecated warning:

jss/org/mozilla/jss/crypto/EncryptionAlgorithm.java

Lines 276 to 283 in ac7ae24

	/**
	* @return <code>true</code> if this algorithm performs padding.
	* @deprecated Call <tt>getPaddingType()</tt> instead.
	*/
	@Deprecated
	public boolean isPadded() {
	return ! Padding.NONE.equals(padding);
	}

Why? Don't we want to propagate that isPadded() is deprecated? Or perhaps keep the method and not deprecate it? I'm not sure why isPadded() is deprecated, but if it is meant to be, we should move its logic into each of those places where it is called.

Perhaps @jmagne or @edewata has some idea on this. :)

---

Then there's this change in your branch:

< ./org/mozilla/jss/pkcs11/CipherContextProxy.java:16: warning: [deprecation] finalize() in NativeProxy has been deprecated
< ./org/mozilla/jss/pkcs11/CipherContextProxy.java:17: warning: [deprecation] finalize() in NativeProxy has been deprecated
< ./org/mozilla/jss/pkcs11/KeyProxy.java:12: warning: [deprecation] finalize() in NativeProxy has been deprecated
< ./org/mozilla/jss/pkcs11/KeyProxy.java:13: warning: [deprecation] finalize() in NativeProxy has been deprecated
< ./org/mozilla/jss/pkcs11/ModuleProxy.java:16: warning: [deprecation] finalize() in NativeProxy has been deprecated
< ./org/mozilla/jss/pkcs11/ModuleProxy.java:17: warning: [deprecation] finalize() in NativeProxy has been deprecated

It appears that it is using NativeProxy.finalize().

You make the change to add Deprecated here:

jss/org/mozilla/jss/util/NativeProxy.java

Lines 76 to 97 in ac7ae24

	/**
	* Finalize this NativeProxy by releasing its native resources.
	* The finalizer calls releaseNativeResources() so you don't have to.
	* This finalizer should be called from the finalize() method of all
	* subclasses:
	* class MyProxy extends NativeProxy {
	* [...]
	* protected void finalize() throws Throwable {
	* // do any object-specific finalization other than
	* // releasing native resources
	* [...]
	* super.finalize();
	* }
	* }
	*
	* @deprecated finalize() in Object has been deprecated
	*/
	@Deprecated
	protected void finalize() throws Throwable {
	unregister(registryIndex);
	releaseNativeResources();
	}

This looks like Object.finalize() is deprecated:
https://docs.oracle.com/javase/9/docs/api/java/lang/Object.html#finalize--

This looks like we could deprecate our overriding of finalized(), but perhaps we need to move the functionality elsewhere (releaseNativeResources() in particular?) and replace finalized() with a stub deprecated method that we quit using internally as well?

---

The line number changed on this:

< ./org/mozilla/jss/pkcs11/PK11PrivKey.java:45: warning: [deprecation] getUniqueID() in PrivateKey has been deprecated
---
> ./org/mozilla/jss/pkcs11/PK11PrivKey.java:43: warning: [deprecation] getUniqueID() in PrivateKey has been deprecated

You added the deprecations around it:

jss/org/mozilla/jss/pkcs11/PK11PrivKey.java

Lines 36 to 45 in ac7ae24

	/**
	* Returns a new CryptoToken where this key resides.
	*
	* @return The PK11Token that owns this key.
	* @deprecated getUniqueID() in PrivateKey has been deprecated
	*/
	@Deprecated
	public native CryptoToken getOwningToken();
	public native byte[] getUniqueID() throws TokenException;

But I'm not sure they're in the correct place?

---

Anyhow, perhaps that'll be interesting feedback. Any thoughts to aid my understanding?

[emaldona]

Please see my latest two posting to https://pagure.io/jss/issue/19
one is a script to automate the stuff I did and other a comparison of warnings before and after the patch.

[emaldona]

Okay, so I see a few deprecations changed... But tell me what I'm supposed to be looking for?

< shows that the change is in your branch
> shows that the change is in master.

In the attachment https://pagure.io/jss/issue/19#comment-533900
Click and do a "View Raw" on it. It's not much better than what you have

There are 45 warning before and after but there are differences
8 warnings that went away:

./org/mozilla/jss/pkcs11/PK11Cipher.java:102: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
./org/mozilla/jss/pkcs11/PK11Cipher.java:105: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
./org/mozilla/jss/pkcs11/PK11Cipher.java:127: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
./org/mozilla/jss/pkcs11/PK11Cipher.java:130: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
./org/mozilla/jss/pkcs11/PK11Cipher.java:165: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
./org/mozilla/jss/pkcs11/PK11Cipher.java:192: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
./org/mozilla/jss/provider/java/security/JSSKeyStoreSpi.java:264: warning: [deprecation] getUniqueID() in PrivateKey has been deprecated
./org/mozilla/jss/provider/java/security/JSSKeyStoreSpi.java:445: warning: [deprecation] getUniqueID() in PrivateKey has been deprecated

9 warnings that showed up after the patch:

./org/mozilla/jss/pkcs11/CipherContextProxy.java:16: warning: [deprecation] finalize() in NativeProxy has been deprecated
./org/mozilla/jss/pkcs11/CipherContextProxy.java:17: warning: [deprecation] finalize() in NativeProxy has been deprecated
./org/mozilla/jss/pkcs11/KeyProxy.java:12: warning: [deprecation] finalize() in NativeProxy has been deprecated
./org/mozilla/jss/pkcs11/KeyProxy.java:13: warning: [deprecation] finalize() in NativeProxy has been deprecated
./org/mozilla/jss/pkcs11/ModuleProxy.java:16: warning: [deprecation] finalize() in NativeProxy has been deprecated
./org/mozilla/jss/pkcs11/ModuleProxy.java:17: warning: [deprecation] finalize() in NativeProxy has been deprecated
./org/mozilla/jss/pkcs11/PK11PrivKey.java:45: warning: [deprecation] getUniqueID() in PrivateKey has been deprecated
./org/mozilla/jss/ssl/SocketProxy.java:15: warning: [deprecation] finalize() in NativeProxy has been deprecated
./org/mozilla/jss/ssl/SocketProxy.java:16: warning: [deprecation] finalize() in NativeProxy has been deprecated

Notice that they all refer to org.mozilla.jss.util.NativeProxy; which these classes import and that has been annotated there. So I disdn't bother to annotate the other ones.

The rest are identical aside from line numbers changes to be expected.

So in master, we have this deprecation that is now gone in your branch:

> ./org/mozilla/jss/pkcs11/PK11Cipher.java:102: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
> ./org/mozilla/jss/pkcs11/PK11Cipher.java:105: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
> ./org/mozilla/jss/pkcs11/PK11Cipher.java:127: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
> ./org/mozilla/jss/pkcs11/PK11Cipher.java:130: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
> ./org/mozilla/jss/pkcs11/PK11Cipher.java:165: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
> ./org/mozilla/jss/pkcs11/PK11Cipher.java:192: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated

This calls algorithm.isPadded(); algorithm is of type org.Mozilla.jss.crypto.EncryptionAlgorithm, and it is deprecated by us, so this is good.

However, in your branch you add a @Deprecated warning:

Yes, I do in many places. From what I have read '@Deprecates' is a javadoc is for javadoc whereas '@deprecated' is for the compiler.

jss/org/mozilla/jss/crypto/EncryptionAlgorithm.java

Lines 276 to 283 in ac7ae24
/**
* @return true if this algorithm performs padding.
* @deprecated Call getPaddingType() instead.
*/
@deprecated
public boolean isPadded() {
return ! Padding.NONE.equals(padding);
}

Why? Don't we want to propagate that isPadded() is deprecated? Or perhaps keep the method and not deprecate it? I'm not sure why isPadded() is deprecated, but if it is meant to be, we should move its logic into each of those places where it is called.

Yes, we should consider this. This pull request is intended to annotate only and make life easier for the maintainer who will be working on addressing these on https://pagure.io/jss/issue/17 many months from now.

Perhaps @jmagne or @edewata has some idea on this. :)

Then there's this change in your branch:

< ./org/mozilla/jss/pkcs11/CipherContextProxy.java:16: warning: [deprecation] finalize() in NativeProxy has been deprecated
< ./org/mozilla/jss/pkcs11/CipherContextProxy.java:17: warning: [deprecation] finalize() in NativeProxy has been deprecated
< ./org/mozilla/jss/pkcs11/KeyProxy.java:12: warning: [deprecation] finalize() in NativeProxy has been deprecated
< ./org/mozilla/jss/pkcs11/KeyProxy.java:13: warning: [deprecation] finalize() in NativeProxy has been deprecated
< ./org/mozilla/jss/pkcs11/ModuleProxy.java:16: warning: [deprecation] finalize() in NativeProxy has been deprecated
< ./org/mozilla/jss/pkcs11/ModuleProxy.java:17: warning: [deprecation] finalize() in NativeProxy has been deprecated

It appears that it is using NativeProxy.finalize().

You make the change to add Deprecated here:

jss/org/mozilla/jss/util/NativeProxy.java

Lines 76 to 97 in ac7ae24
/**
* Finalize this NativeProxy by releasing its native resources.
* The finalizer calls releaseNativeResources() so you don't have to.
* This finalizer should be called from the finalize() method of all
* subclasses:
* class MyProxy extends NativeProxy {
* [...]
* protected void finalize() throws Throwable {
* // do any object-specific finalization other than
* // releasing native resources
* [...]
* super.finalize();
* }
* }
*
* @deprecated finalize() in Object has been deprecated
*/
@deprecated
protected void finalize() throws Throwable {
unregister(registryIndex);
releaseNativeResources();
}

This looks like Object.finalize() is deprecated:
https://docs.oracle.com/javase/9/docs/api/java/lang/Object.html#finalize--

This looks like we could deprecate our overriding of finalized(), but perhaps we need to move the functionality elsewhere (releaseNativeResources() in particular?) and replace finalized() with a stub deprecated method that we quit using internally as well?

Worth considering for https://pagure.io/jss/issue/17

The line number changed on this:

< ./org/mozilla/jss/pkcs11/PK11PrivKey.java:45: warning: [deprecation] getUniqueID() in PrivateKey has been deprecated
---
> ./org/mozilla/jss/pkcs11/PK11PrivKey.java:43: warning: [deprecation] getUniqueID() in PrivateKey has been deprecated

Applying the patch causes code movement.

You added the deprecations around it:

[jss/org/mozilla/jss/pkcs11/PK11PrivKey.java](https://github.com/dogtagpki/jss/blob/ac7ae244305cbec7dc5c3316616ac135cc1e23b7/org/mozilla/jss/pkcs11/PK11PrivKey.java#L36-L45)

Lines 36 to 45 in [ac7ae24](/dogtagpki/jss/commit/ac7ae244305cbec7dc5c3316616ac135cc1e23b7)
     /** 
      * Returns a new CryptoToken where this key resides. 
      * 
      * @return The PK11Token that owns this key. 
      * @deprecated getUniqueID() in PrivateKey has been deprecated 
      */ 
     @Deprecated 
     public native CryptoToken getOwningToken(); 
  
     public native byte[] getUniqueID() throws TokenException; 

But I'm not sure they're in the correct place?

Anyhow, perhaps that'll be interesting feedback. Any thoughts to aid my understanding?

I hope the latest attachments to issue #19 help a bit. Also, using meld to compare, thought not automation friendly, helped see things better. Will be online so we can discuss this stuff and try out things.

[cipherboy]

Okay, a few suggestions on improving this PR and a question. Thanks!

[cipherboy]

Okay, I'm going to recommend this be un-deprecated. It looks like a useful function and I'm inclined to keep it, especially as it is small and the cost of maintaining it should be minimal.

[cipherboy]

Drop this line as well.

[emaldona]

Drop the 289 line but still keep the other one at 278?

[cipherboy]

Since it is going to be un-deprecated, I'd drop both this line and line 278 (from the first comment).

[cipherboy]

This is in the wrong place. It should be in a new comment and modify getUniqueID(); as it currently is, it modifies getOwningToken().

[cipherboy]

Per conversation with @edewata, I think we should un-deprecate these as well.

[cipherboy]

Same with this, move it down two lines.

[cipherboy]

Actually, don't move it, just remove it. :)

[cipherboy]

Does this need an @Deprecated annotation?

[emaldona]

Many do but I didn't because it was getting messy and thought some are needed for reasons of compatibility so I opted to just list them in a conventional comment.side note: I think I saw somewhere that jss now plays well the system wide crypto policy and will likely prevent usage of insecure cipher suites. These two seem to be the worst. Are you suggesting me to add the @Deprecatedannotation to only those two or all of them?

[cipherboy]

I know nss supports system-wide crypto policy, but I'm not sure about jss. I've been meaning to take a look at that; I think the first step is creating a basic client/server, deploying that to a system, and then automating testing of various cipher suite configurations.

[cipherboy]

Okay, please un-deprecate the getUniqueID() changes as well.

[cipherboy]

Per conversation with @edewata, I think we should un-deprecate these as well.

[cipherboy]

Per conversation with @edewata, I think we should un-deprecate these as well.

[cipherboy]

Per conversation with @edewata, I think we should un-deprecate these as well.

[cipherboy]

Actually, don't move it, just remove it. :)

[cipherboy]

Per conversation with @edewata, I think we should un-deprecate these as well. So, please remove this annotation.

[cipherboy]

Same here.

[cipherboy]

Cool, this looks like a much better list:

diff ./jss_master_build.out.warnings ./jss_branch_build.out.warnings 
2,10c2,7
< ./org/mozilla/jss/pkcs11/PK11Cipher.java:102: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
< ./org/mozilla/jss/pkcs11/PK11Cipher.java:105: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
< ./org/mozilla/jss/pkcs11/PK11Cipher.java:127: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
< ./org/mozilla/jss/pkcs11/PK11Cipher.java:130: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
< ./org/mozilla/jss/pkcs11/PK11Cipher.java:165: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
< ./org/mozilla/jss/pkcs11/PK11Cipher.java:192: warning: [deprecation] isPadded() in EncryptionAlgorithm has been deprecated
< ./org/mozilla/jss/pkcs11/PK11InternalTokenCert.java:16: warning: [deprecation] getUniqueID() in TokenCertificate has been deprecated
< ./org/mozilla/jss/pkcs11/PK11PrivKey.java:43: warning: [deprecation] getUniqueID() in PrivateKey has been deprecated
< ./org/mozilla/jss/pkcs11/PK11TokenCert.java:14: warning: [deprecation] getUniqueID() in TokenCertificate has been deprecated
---
> ./org/mozilla/jss/pkcs11/CipherContextProxy.java:16: warning: [deprecation] finalize() in NativeProxy has been deprecated
> ./org/mozilla/jss/pkcs11/CipherContextProxy.java:17: warning: [deprecation] finalize() in NativeProxy has been deprecated
> ./org/mozilla/jss/pkcs11/KeyProxy.java:12: warning: [deprecation] finalize() in NativeProxy has been deprecated
> ./org/mozilla/jss/pkcs11/KeyProxy.java:13: warning: [deprecation] finalize() in NativeProxy has been deprecated
> ./org/mozilla/jss/pkcs11/ModuleProxy.java:16: warning: [deprecation] finalize() in NativeProxy has been deprecated
> ./org/mozilla/jss/pkcs11/ModuleProxy.java:17: warning: [deprecation] finalize() in NativeProxy has been deprecated
20,22d16
< ./org/mozilla/jss/provider/java/security/JSSKeyStoreSpi.java:189: warning: [deprecation] getUniqueID() in PrivateKey has been deprecated
< ./org/mozilla/jss/provider/java/security/JSSKeyStoreSpi.java:264: warning: [deprecation] getUniqueID() in PrivateKey has been deprecated
< ./org/mozilla/jss/provider/java/security/JSSKeyStoreSpi.java:445: warning: [deprecation] getUniqueID() in PrivateKey has been deprecated
25a20,21
> ./org/mozilla/jss/ssl/SocketProxy.java:15: warning: [deprecation] finalize() in NativeProxy has been deprecated
> ./org/mozilla/jss/ssl/SocketProxy.java:16: warning: [deprecation] finalize() in NativeProxy has been deprecated
34,45c30,39
< ./org/mozilla/jss/tests/Constants.java:108: warning: [deprecation] SSL3_RSA_WITH_NULL_SHA in SSLSocket has been deprecated
< ./org/mozilla/jss/tests/Constants.java:109: warning: [deprecation] SSL3_RSA_WITH_NULL_MD5 in SSLSocket has been deprecated
< ./org/mozilla/jss/tests/Constants.java:85: warning: [deprecation] SSL3_RSA_WITH_RC4_128_MD5 in SSLSocket has been deprecated
< ./org/mozilla/jss/tests/Constants.java:86: warning: [deprecation] SSL3_RSA_WITH_RC4_128_SHA in SSLSocket has been deprecated
< ./org/mozilla/jss/tests/Constants.java:90: warning: [deprecation] SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA in SSLSocket has been deprecated
< ./org/mozilla/jss/tests/Constants.java:91: warning: [deprecation] SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA in SSLSocket has been deprecated
< ./org/mozilla/jss/tests/Constants.java:95: warning: [deprecation] SSL3_RSA_WITH_3DES_EDE_CBC_SHA in SSLSocket has been deprecated
< ./org/mozilla/jss/tests/Constants.java:96: warning: [deprecation] SSL3_DHE_RSA_WITH_DES_CBC_SHA in SSLSocket has been deprecated
< ./org/mozilla/jss/tests/Constants.java:97: warning: [deprecation] SSL3_DHE_DSS_WITH_DES_CBC_SHA in SSLSocket has been deprecated
< ./org/mozilla/jss/tests/Constants.java:99: warning: [deprecation] SSL3_RSA_WITH_DES_CBC_SHA in SSLSocket has been deprecated
< ./org/mozilla/jss/tests/KeyWrapping.java:86: warning: [deprecation] getUniqueID() in PrivateKey has been deprecated
< ./org/mozilla/jss/tests/KeyWrapping.java:95: warning: [deprecation] getUniqueID() in PrivateKey has been deprecated
---
> ./org/mozilla/jss/tests/Constants.java:104: warning: [deprecation] SSL3_RSA_WITH_RC4_128_MD5 in SSLSocket has been deprecated
> ./org/mozilla/jss/tests/Constants.java:105: warning: [deprecation] SSL3_RSA_WITH_RC4_128_SHA in SSLSocket has been deprecated
> ./org/mozilla/jss/tests/Constants.java:109: warning: [deprecation] SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA in SSLSocket has been deprecated
> ./org/mozilla/jss/tests/Constants.java:110: warning: [deprecation] SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA in SSLSocket has been deprecated
> ./org/mozilla/jss/tests/Constants.java:114: warning: [deprecation] SSL3_RSA_WITH_3DES_EDE_CBC_SHA in SSLSocket has been deprecated
> ./org/mozilla/jss/tests/Constants.java:115: warning: [deprecation] SSL3_DHE_RSA_WITH_DES_CBC_SHA in SSLSocket has been deprecated
> ./org/mozilla/jss/tests/Constants.java:116: warning: [deprecation] SSL3_DHE_DSS_WITH_DES_CBC_SHA in SSLSocket has been deprecated
> ./org/mozilla/jss/tests/Constants.java:118: warning: [deprecation] SSL3_RSA_WITH_DES_CBC_SHA in SSLSocket has been deprecated
> ./org/mozilla/jss/tests/Constants.java:127: warning: [deprecation] SSL3_RSA_WITH_NULL_SHA in SSLSocket has been deprecated
> ./org/mozilla/jss/tests/Constants.java:128: warning: [deprecation] SSL3_RSA_WITH_NULL_MD5 in SSLSocket has been deprecated

We've:

• Undeprecated getUniqueID()
• Undeprecated isPadded()
• Clarified that finalized() is deprecated.

So I think we're good for merging.

Thanks @emaldona for all your work and being patient while we worked through git issues! :)