From 18a235e6088a43411bbeca79bae8bcc646f72104 Mon Sep 17 00:00:00 2001
From: Asher Gomez <ashersaupingomez@gmail.com>
Date: Wed, 24 Jan 2024 03:35:23 +1100
Subject: [PATCH] refactor: set removal version for
 `Deno.ListenTlsOptions.certFile`, `Deno.ListenTlsOptions.keyFile` and
 `Deno.ConnectTlsOptions.certFile` (#22026)

This change:
1. Sets the removal version for `Deno.ListenTlsOptions.certFile`,
`Deno.ListenTlsOptions.keyFile` and `Deno.ConnectTlsOptions.certFile`
for Deno v2, in favour of the `cert`, `key` and `caCerts` options,
respectively.
2. Replaces use of the deprecated options with the new recommended
options.

Towards #22021
---
 cli/tests/testdata/cert/listen_tls_alpn.ts    |  4 +--
 .../testdata/cert/listen_tls_alpn_fail.ts     |  4 +--
 cli/tests/testdata/run/tls_connecttls.js      |  4 +--
 cli/tests/testdata/run/tls_starttls.js        |  4 +--
 cli/tests/unit/http_test.ts                   | 12 ++++----
 cli/tests/unit/tls_test.ts                    | 28 +++++++++----------
 ext/net/02_tls.js                             | 23 ++++++++++++++-
 ext/net/lib.deno_net.d.ts                     | 19 +++++++++----
 8 files changed, 64 insertions(+), 34 deletions(-)

diff --git a/cli/tests/testdata/cert/listen_tls_alpn.ts b/cli/tests/testdata/cert/listen_tls_alpn.ts
index b3ade686ed..6b92364ba2 100644
--- a/cli/tests/testdata/cert/listen_tls_alpn.ts
+++ b/cli/tests/testdata/cert/listen_tls_alpn.ts
@@ -1,7 +1,7 @@
 const listener = Deno.listenTls({
   port: Number(Deno.args[0]),
-  certFile: "./tls/localhost.crt",
-  keyFile: "./tls/localhost.key",
+  cert: Deno.readTextFileSync("./tls/localhost.crt"),
+  key: Deno.readTextFileSync("./tls/localhost.key"),
   alpnProtocols: ["h2", "http/1.1", "foobar"],
 });
 
diff --git a/cli/tests/testdata/cert/listen_tls_alpn_fail.ts b/cli/tests/testdata/cert/listen_tls_alpn_fail.ts
index c1aa4b31d0..e321c9bd35 100644
--- a/cli/tests/testdata/cert/listen_tls_alpn_fail.ts
+++ b/cli/tests/testdata/cert/listen_tls_alpn_fail.ts
@@ -2,8 +2,8 @@ import { assertRejects } from "../../../../test_util/std/assert/mod.ts";
 
 const listener = Deno.listenTls({
   port: Number(Deno.args[0]),
-  certFile: "./tls/localhost.crt",
-  keyFile: "./tls/localhost.key",
+  cert: Deno.readTextFileSync("./tls/localhost.crt"),
+  key: Deno.readTextFileSync("./tls/localhost.key"),
   alpnProtocols: ["h2", "http/1.1", "foobar"],
 });
 
diff --git a/cli/tests/testdata/run/tls_connecttls.js b/cli/tests/testdata/run/tls_connecttls.js
index 18a0783fc9..8c6c285f3e 100644
--- a/cli/tests/testdata/run/tls_connecttls.js
+++ b/cli/tests/testdata/run/tls_connecttls.js
@@ -12,8 +12,8 @@ const port = 3505;
 const listener = Deno.listenTls({
   hostname,
   port,
-  certFile: "./tls/localhost.crt",
-  keyFile: "./tls/localhost.key",
+  cert: Deno.readTextFileSync("./tls/localhost.crt"),
+  key: Deno.readTextFileSync("./tls/localhost.key"),
 });
 
 const response = encoder.encode(
diff --git a/cli/tests/testdata/run/tls_starttls.js b/cli/tests/testdata/run/tls_starttls.js
index 3d84ac74a2..3e406ff5f5 100644
--- a/cli/tests/testdata/run/tls_starttls.js
+++ b/cli/tests/testdata/run/tls_starttls.js
@@ -13,8 +13,8 @@ const port = 3504;
 const listener = Deno.listenTls({
   hostname,
   port,
-  certFile: "./tls/localhost.crt",
-  keyFile: "./tls/localhost.key",
+  cert: Deno.readTextFileSync("./tls/localhost.crt"),
+  key: Deno.readTextFileSync("./tls/localhost.key"),
 });
 
 const response = encoder.encode(
diff --git a/cli/tests/unit/http_test.ts b/cli/tests/unit/http_test.ts
index bd4c8da09f..acdaef9035 100644
--- a/cli/tests/unit/http_test.ts
+++ b/cli/tests/unit/http_test.ts
@@ -326,8 +326,8 @@ Deno.test(
       const listener = Deno.listenTls({
         hostname,
         port,
-        certFile: "cli/tests/testdata/tls/localhost.crt",
-        keyFile: "cli/tests/testdata/tls/localhost.key",
+        cert: Deno.readTextFileSync("cli/tests/testdata/tls/localhost.crt"),
+        key: Deno.readTextFileSync("cli/tests/testdata/tls/localhost.key"),
       });
       const conn = await listener.accept();
       const httpConn = Deno.serveHttp(conn);
@@ -2294,8 +2294,8 @@ Deno.test(
     const listener = Deno.listenTls({
       hostname,
       port,
-      certFile: "cli/tests/testdata/tls/localhost.crt",
-      keyFile: "cli/tests/testdata/tls/localhost.key",
+      cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"),
+      key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"),
     });
 
     const caCerts = [
@@ -2600,8 +2600,8 @@ for (const compression of [true, false]) {
       const listener = Deno.listenTls({
         hostname,
         port,
-        certFile: "cli/tests/testdata/tls/localhost.crt",
-        keyFile: "cli/tests/testdata/tls/localhost.key",
+        cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"),
+        key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"),
         alpnProtocols: ["h2"],
       });
       const server = httpServerWithErrorBody(listener, compression);
diff --git a/cli/tests/unit/tls_test.ts b/cli/tests/unit/tls_test.ts
index 8ab41b81a4..2e797b1609 100644
--- a/cli/tests/unit/tls_test.ts
+++ b/cli/tests/unit/tls_test.ts
@@ -183,8 +183,8 @@ Deno.test(
     const listener = Deno.listenTls({
       hostname,
       port,
-      certFile: "cli/tests/testdata/tls/localhost.crt",
-      keyFile: "cli/tests/testdata/tls/localhost.key",
+      cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"),
+      key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"),
     });
 
     const response = encoder.encode(
@@ -296,8 +296,8 @@ async function tlsPair(): Promise<[Deno.Conn, Deno.Conn]> {
   const listener = Deno.listenTls({
     hostname: "localhost",
     port,
-    certFile: "cli/tests/testdata/tls/localhost.crt",
-    keyFile: "cli/tests/testdata/tls/localhost.key",
+    cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"),
+    key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"),
   });
 
   const acceptPromise = listener.accept();
@@ -320,8 +320,8 @@ async function tlsAlpn(
   const listener = Deno.listenTls({
     hostname: "localhost",
     port,
-    certFile: "cli/tests/testdata/tls/localhost.crt",
-    keyFile: "cli/tests/testdata/tls/localhost.key",
+    cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"),
+    key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"),
     alpnProtocols: ["deno", "rocks"],
   });
 
@@ -725,8 +725,8 @@ async function tlsWithTcpFailureTestImpl(
   const tlsListener = Deno.listenTls({
     hostname: "localhost",
     port: tlsPort,
-    certFile: "cli/tests/testdata/tls/localhost.crt",
-    keyFile: "cli/tests/testdata/tls/localhost.key",
+    cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"),
+    key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"),
   });
 
   const tcpPort = getPort();
@@ -1019,8 +1019,8 @@ function createHttpsListener(port: number): Deno.Listener {
   const listener = Deno.listenTls({
     hostname: "localhost",
     port,
-    certFile: "./cli/tests/testdata/tls/localhost.crt",
-    keyFile: "./cli/tests/testdata/tls/localhost.key",
+    cert: Deno.readTextFileSync("./cli/tests/testdata/tls/localhost.crt"),
+    key: Deno.readTextFileSync("./cli/tests/testdata/tls/localhost.key"),
   });
 
   serve(listener);
@@ -1285,8 +1285,8 @@ Deno.test(
     const listener = Deno.listenTls({
       hostname,
       port,
-      certFile: "cli/tests/testdata/tls/localhost.crt",
-      keyFile: "cli/tests/testdata/tls/localhost.key",
+      cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"),
+      key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"),
     });
     const acceptPromise = listener.accept();
     const connectPromise = Deno.connectTls({
@@ -1354,8 +1354,8 @@ Deno.test(
       const listener = Deno.listenTls({
         hostname,
         port,
-        certFile: "cli/tests/testdata/tls/localhost.crt",
-        keyFile: "cli/tests/testdata/tls/localhost.key",
+        cert: Deno.readTextFileSync("cli/tests/testdata/tls/localhost.crt"),
+        key: Deno.readTextFileSync("cli/tests/testdata/tls/localhost.key"),
       });
       for await (const conn of listener) {
         for (let i = 0; i < 10; i++) {
diff --git a/ext/net/02_tls.js b/ext/net/02_tls.js
index 6fa5bff209..e71bd77f5f 100644
--- a/ext/net/02_tls.js
+++ b/ext/net/02_tls.js
@@ -1,6 +1,6 @@
 // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
 
-import { core, primordials } from "ext:core/mod.js";
+import { core, internals, primordials } from "ext:core/mod.js";
 const {
   op_net_accept_tls,
   op_net_connect_tls,
@@ -39,6 +39,13 @@ async function connectTls({
   privateKey = undefined,
   alpnProtocols = undefined,
 }) {
+  if (certFile !== undefined) {
+    internals.warnOnDeprecatedApi(
+      "Deno.ConnectTlsOptions.certFile",
+      new Error().stack,
+      "Pass the cert file contents to the `Deno.ConnectTlsOptions.certChain` option instead.",
+    );
+  }
   if (transport !== "tcp") {
     throw new TypeError(`Unsupported transport: '${transport}'`);
   }
@@ -76,6 +83,20 @@ function listenTls({
   if (transport !== "tcp") {
     throw new TypeError(`Unsupported transport: '${transport}'`);
   }
+  if (keyFile !== undefined) {
+    internals.warnOnDeprecatedApi(
+      "Deno.ListenTlsOptions.keyFile",
+      new Error().stack,
+      "Pass the key file contents to the `Deno.ListenTlsOptions.key` option instead.",
+    );
+  }
+  if (certFile !== undefined) {
+    internals.warnOnDeprecatedApi(
+      "Deno.ListenTlsOptions.certFile",
+      new Error().stack,
+      "Pass the cert file contents to the `Deno.ListenTlsOptions.cert` option instead.",
+    );
+  }
   const { 0: rid, 1: localAddr } = op_net_listen_tls(
     { hostname, port: Number(port) },
     { cert, certFile, key, keyFile, alpnProtocols, reusePort },
diff --git a/ext/net/lib.deno_net.d.ts b/ext/net/lib.deno_net.d.ts
index c019c8d616..e3051d6ad0 100644
--- a/ext/net/lib.deno_net.d.ts
+++ b/ext/net/lib.deno_net.d.ts
@@ -174,13 +174,17 @@ declare namespace Deno {
      * `--allow-read`.
      *
      * @tags allow-read
-     * @deprecated This option is deprecated and will be removed in Deno 2.0.
+     * @deprecated Pass the certificate file contents directly to the
+     * {@linkcode Deno.ListenTlsOptions.cert} option instead. This option will
+     * be removed in Deno 2.0.
      */
     certFile?: string;
     /** Server private key file. Requires `--allow-read`.
      *
      * @tags allow-read
-     * @deprecated This option is deprecated and will be removed in Deno 2.0.
+     * @deprecated Pass the key file contents directly to the
+     * {@linkcode Deno.ListenTlsOptions.key} option instead. This option will
+     * be removed in Deno 2.0.
      */
     keyFile?: string;
 
@@ -197,7 +201,11 @@ declare namespace Deno {
    * security).
    *
    * ```ts
-   * const lstnr = Deno.listenTls({ port: 443, certFile: "./server.crt", keyFile: "./server.key" });
+   * using listener = Deno.listenTls({
+   *   port: 443,
+   *   cert: Deno.readTextFileSync("./server.crt"),
+   *   key: Deno.readTextFileSync("./server.key"),
+   * });
    * ```
    *
    * Requires `allow-net` permission.
@@ -289,8 +297,9 @@ declare namespace Deno {
     /**
      * Server certificate file.
      *
-     * @deprecated This option is deprecated and will be removed in a future
-     * release.
+     * @deprecated Pass the cert file contents directly to the
+     * {@linkcode Deno.ConnectTlsOptions.caCerts} option instead. This option
+     * will be removed in Deno 2.0.
      */
     certFile?: string;
     /** A list of root certificates that will be used in addition to the