refactor: set removal version for Deno.ListenTlsOptions.certFile, `…

…Deno.ListenTlsOptions.keyFile` and `Deno.ConnectTlsOptions.certFile` (denoland#22026)

This change:
1. Sets the removal version for `Deno.ListenTlsOptions.certFile`,
`Deno.ListenTlsOptions.keyFile` and `Deno.ConnectTlsOptions.certFile`
for Deno v2, in favour of the `cert`, `key` and `caCerts` options,
respectively.
2. Replaces use of the deprecated options with the new recommended
options.

Towards denoland#22021

cli/tests/testdata/cert/listen_tls_alpn.ts

@@ -1,7 +1,7 @@
 const listener = Deno.listenTls({
   port: Number(Deno.args[0]),
-  certFile: "./tls/localhost.crt",
-  keyFile: "./tls/localhost.key",
+  cert: Deno.readTextFileSync("./tls/localhost.crt"),
+  key: Deno.readTextFileSync("./tls/localhost.key"),
   alpnProtocols: ["h2", "http/1.1", "foobar"],
 });
 

cli/tests/testdata/cert/listen_tls_alpn_fail.ts

@@ -2,8 +2,8 @@ import { assertRejects } from "../../../../test_util/std/assert/mod.ts";
 
 const listener = Deno.listenTls({
   port: Number(Deno.args[0]),
-  certFile: "./tls/localhost.crt",
-  keyFile: "./tls/localhost.key",
+  cert: Deno.readTextFileSync("./tls/localhost.crt"),
+  key: Deno.readTextFileSync("./tls/localhost.key"),
   alpnProtocols: ["h2", "http/1.1", "foobar"],
 });
 

cli/tests/testdata/run/tls_connecttls.js

@@ -12,8 +12,8 @@ const port = 3505;
 const listener = Deno.listenTls({
   hostname,
   port,
-  certFile: "./tls/localhost.crt",
-  keyFile: "./tls/localhost.key",
+  cert: Deno.readTextFileSync("./tls/localhost.crt"),
+  key: Deno.readTextFileSync("./tls/localhost.key"),
 });
 
 const response = encoder.encode(

cli/tests/testdata/run/tls_starttls.js

@@ -13,8 +13,8 @@ const port = 3504;
 const listener = Deno.listenTls({
   hostname,
   port,
-  certFile: "./tls/localhost.crt",
-  keyFile: "./tls/localhost.key",
+  cert: Deno.readTextFileSync("./tls/localhost.crt"),
+  key: Deno.readTextFileSync("./tls/localhost.key"),
 });
 
 const response = encoder.encode(

cli/tests/unit/http_test.ts

@@ -326,8 +326,8 @@ Deno.test(
       const listener = Deno.listenTls({
         hostname,
         port,
-        certFile: "cli/tests/testdata/tls/localhost.crt",
-        keyFile: "cli/tests/testdata/tls/localhost.key",
+        cert: Deno.readTextFileSync("cli/tests/testdata/tls/localhost.crt"),
+        key: Deno.readTextFileSync("cli/tests/testdata/tls/localhost.key"),
       });
       const conn = await listener.accept();
       const httpConn = Deno.serveHttp(conn);
@@ -2294,8 +2294,8 @@ Deno.test(
     const listener = Deno.listenTls({
       hostname,
       port,
-      certFile: "cli/tests/testdata/tls/localhost.crt",
-      keyFile: "cli/tests/testdata/tls/localhost.key",
+      cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"),
+      key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"),
     });
 
     const caCerts = [
@@ -2600,8 +2600,8 @@ for (const compression of [true, false]) {
       const listener = Deno.listenTls({
         hostname,
         port,
-        certFile: "cli/tests/testdata/tls/localhost.crt",
-        keyFile: "cli/tests/testdata/tls/localhost.key",
+        cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"),
+        key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"),
         alpnProtocols: ["h2"],
       });
       const server = httpServerWithErrorBody(listener, compression);

cli/tests/unit/tls_test.ts

@@ -183,8 +183,8 @@ Deno.test(
     const listener = Deno.listenTls({
       hostname,
       port,
-      certFile: "cli/tests/testdata/tls/localhost.crt",
-      keyFile: "cli/tests/testdata/tls/localhost.key",
+      cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"),
+      key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"),
     });
 
     const response = encoder.encode(
@@ -296,8 +296,8 @@ async function tlsPair(): Promise<[Deno.Conn, Deno.Conn]> {
   const listener = Deno.listenTls({
     hostname: "localhost",
     port,
-    certFile: "cli/tests/testdata/tls/localhost.crt",
-    keyFile: "cli/tests/testdata/tls/localhost.key",
+    cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"),
+    key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"),
   });
 
   const acceptPromise = listener.accept();
@@ -320,8 +320,8 @@ async function tlsAlpn(
   const listener = Deno.listenTls({
     hostname: "localhost",
     port,
-    certFile: "cli/tests/testdata/tls/localhost.crt",
-    keyFile: "cli/tests/testdata/tls/localhost.key",
+    cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"),
+    key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"),
     alpnProtocols: ["deno", "rocks"],
   });
 
@@ -725,8 +725,8 @@ async function tlsWithTcpFailureTestImpl(
   const tlsListener = Deno.listenTls({
     hostname: "localhost",
     port: tlsPort,
-    certFile: "cli/tests/testdata/tls/localhost.crt",
-    keyFile: "cli/tests/testdata/tls/localhost.key",
+    cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"),
+    key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"),
   });
 
   const tcpPort = getPort();
@@ -1019,8 +1019,8 @@ function createHttpsListener(port: number): Deno.Listener {
   const listener = Deno.listenTls({
     hostname: "localhost",
     port,
-    certFile: "./cli/tests/testdata/tls/localhost.crt",
-    keyFile: "./cli/tests/testdata/tls/localhost.key",
+    cert: Deno.readTextFileSync("./cli/tests/testdata/tls/localhost.crt"),
+    key: Deno.readTextFileSync("./cli/tests/testdata/tls/localhost.key"),
   });
 
   serve(listener);
@@ -1285,8 +1285,8 @@ Deno.test(
     const listener = Deno.listenTls({
       hostname,
       port,
-      certFile: "cli/tests/testdata/tls/localhost.crt",
-      keyFile: "cli/tests/testdata/tls/localhost.key",
+      cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"),
+      key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"),
     });
     const acceptPromise = listener.accept();
     const connectPromise = Deno.connectTls({
@@ -1354,8 +1354,8 @@ Deno.test(
       const listener = Deno.listenTls({
         hostname,
         port,
-        certFile: "cli/tests/testdata/tls/localhost.crt",
-        keyFile: "cli/tests/testdata/tls/localhost.key",
+        cert: Deno.readTextFileSync("cli/tests/testdata/tls/localhost.crt"),
+        key: Deno.readTextFileSync("cli/tests/testdata/tls/localhost.key"),
       });
       for await (const conn of listener) {
         for (let i = 0; i < 10; i++) {

ext/net/02_tls.js

@@ -1,6 +1,6 @@
 // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
 
-import { core, primordials } from "ext:core/mod.js";
+import { core, internals, primordials } from "ext:core/mod.js";
 const {
   op_net_accept_tls,
   op_net_connect_tls,
@@ -39,6 +39,13 @@ async function connectTls({
   privateKey = undefined,
   alpnProtocols = undefined,
 }) {
+  if (certFile !== undefined) {
+    internals.warnOnDeprecatedApi(
+      "Deno.ConnectTlsOptions.certFile",
+      new Error().stack,
+      "Pass the cert file contents to the `Deno.ConnectTlsOptions.certChain` option instead.",
+    );
+  }
   if (transport !== "tcp") {
     throw new TypeError(`Unsupported transport: '${transport}'`);
   }
@@ -76,6 +83,20 @@ function listenTls({
   if (transport !== "tcp") {
     throw new TypeError(`Unsupported transport: '${transport}'`);
   }
+  if (keyFile !== undefined) {
+    internals.warnOnDeprecatedApi(
+      "Deno.ListenTlsOptions.keyFile",
+      new Error().stack,
+      "Pass the key file contents to the `Deno.ListenTlsOptions.key` option instead.",
+    );
+  }
+  if (certFile !== undefined) {
+    internals.warnOnDeprecatedApi(
+      "Deno.ListenTlsOptions.certFile",
+      new Error().stack,
+      "Pass the cert file contents to the `Deno.ListenTlsOptions.cert` option instead.",
+    );
+  }
   const { 0: rid, 1: localAddr } = op_net_listen_tls(
     { hostname, port: Number(port) },
     { cert, certFile, key, keyFile, alpnProtocols, reusePort },

ext/net/lib.deno_net.d.ts

@@ -174,13 +174,17 @@ declare namespace Deno {
      * `--allow-read`.
      *
      * @tags allow-read
-     * @deprecated This option is deprecated and will be removed in Deno 2.0.
+     * @deprecated Pass the certificate file contents directly to the
+     * {@linkcode Deno.ListenTlsOptions.cert} option instead. This option will
+     * be removed in Deno 2.0.
      */
     certFile?: string;
     /** Server private key file. Requires `--allow-read`.
      *
      * @tags allow-read
-     * @deprecated This option is deprecated and will be removed in Deno 2.0.
+     * @deprecated Pass the key file contents directly to the
+     * {@linkcode Deno.ListenTlsOptions.key} option instead. This option will
+     * be removed in Deno 2.0.
      */
     keyFile?: string;
 
@@ -197,7 +201,11 @@ declare namespace Deno {
    * security).
    *
    * ```ts
-   * const lstnr = Deno.listenTls({ port: 443, certFile: "./server.crt", keyFile: "./server.key" });
+   * using listener = Deno.listenTls({
+   *   port: 443,
+   *   cert: Deno.readTextFileSync("./server.crt"),
+   *   key: Deno.readTextFileSync("./server.key"),
+   * });
    * ```
    *
    * Requires `allow-net` permission.
@@ -289,8 +297,9 @@ declare namespace Deno {
     /**
      * Server certificate file.
      *
-     * @deprecated This option is deprecated and will be removed in a future
-     * release.
+     * @deprecated Pass the cert file contents directly to the
+     * {@linkcode Deno.ConnectTlsOptions.caCerts} option instead. This option
+     * will be removed in Deno 2.0.
      */
     certFile?: string;
     /** A list of root certificates that will be used in addition to the