Issue #3425 - Upgrade conscrypt version to 2.0.0 and remove usage of reflection.

Small fixes after review.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
This commit is contained in:
Simone Bordet 2019-03-15 09:19:16 +01:00
parent 7404cce052
commit 123918018e
4 changed files with 46 additions and 60 deletions

View File

@ -39,7 +39,7 @@ public class ConscryptClientALPNProcessor implements ALPNProcessor.Client
@Override
public void init()
{
if (Security.getProvider("Conscrypt")==null)
if (Security.getProvider("Conscrypt") == null)
{
Security.addProvider(new OpenSSLProvider());
if (LOG.isDebugEnabled())
@ -90,6 +90,8 @@ public class ConscryptClientALPNProcessor implements ALPNProcessor.Client
{
SSLEngine sslEngine = alpnConnection.getSSLEngine();
String protocol = Conscrypt.getApplicationProtocol(sslEngine);
if (LOG.isDebugEnabled())
LOG.debug("Selected {} for {}", protocol, alpnConnection);
alpnConnection.selected(protocol);
}
catch (Throwable e)

View File

@ -20,7 +20,6 @@ package org.eclipse.jetty.alpn.conscrypt.server;
import java.security.Security;
import java.util.List;
import java.util.function.BiFunction;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocket;
@ -43,7 +42,7 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
@Override
public void init()
{
if (Security.getProvider("Conscrypt")==null)
if (Security.getProvider("Conscrypt") == null)
{
Security.addProvider(new OpenSSLProvider());
if (LOG.isDebugEnabled())
@ -58,11 +57,11 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
}
@Override
public void configure(SSLEngine sslEngine,Connection connection)
public void configure(SSLEngine sslEngine, Connection connection)
{
try
{
Conscrypt.setApplicationProtocolSelector(sslEngine,new ALPNCallback((ALPNServerConnection)connection));
Conscrypt.setApplicationProtocolSelector(sslEngine, new ALPNCallback((ALPNServerConnection)connection));
}
catch (RuntimeException x)
{
@ -74,7 +73,7 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
}
}
private final class ALPNCallback extends ApplicationProtocolSelector implements BiFunction<SSLEngine,List<String>,String>, SslHandshakeListener
private final class ALPNCallback extends ApplicationProtocolSelector implements SslHandshakeListener
{
private final ALPNServerConnection alpnConnection;
@ -88,7 +87,11 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
@Override
public String selectApplicationProtocol(SSLEngine engine, List<String> protocols)
{
return apply(engine, protocols);
alpnConnection.select(protocols);
String protocol = alpnConnection.getProtocol();
if (LOG.isDebugEnabled())
LOG.debug("Selected {} among {} for {}", protocol, protocols, alpnConnection);
return protocol;
}
@Override
@ -97,22 +100,13 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
throw new UnsupportedOperationException();
}
@Override
public String apply(SSLEngine engine, List<String> protocols)
{
if (LOG.isDebugEnabled())
LOG.debug("apply {} {}", alpnConnection, protocols);
alpnConnection.select(protocols);
return alpnConnection.getProtocol();
}
@Override
public void handshakeSucceeded(Event event)
{
String protocol = alpnConnection.getProtocol();
if (LOG.isDebugEnabled())
LOG.debug("TLS handshake succeeded, protocol={} for {}", protocol, alpnConnection);
if (protocol ==null)
if (protocol == null)
alpnConnection.unsupported();
}

View File

@ -18,6 +18,14 @@
package org.eclipse.jetty.alpn.conscrypt.server;
import java.io.File;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Security;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.conscrypt.OpenSSLProvider;
import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
import org.eclipse.jetty.client.HttpClient;
@ -39,15 +47,6 @@ import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.File;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Security;
import static org.junit.jupiter.api.Assertions.assertEquals;
/**
@ -55,14 +54,13 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
*/
public class ConscryptHTTP2ServerTest
{
Server server = new Server();
static
{
Security.addProvider(new OpenSSLProvider());
}
private Server server = new Server();
private SslContextFactory newSslContextFactory()
{
Path path = Paths.get("src", "test", "resources");
@ -75,9 +73,9 @@ public class ConscryptHTTP2ServerTest
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setProvider("Conscrypt");
sslContextFactory.setEndpointIdentificationAlgorithm(null);
if (JavaVersion.VERSION.getPlatform()<9)
if (JavaVersion.VERSION.getPlatform() < 9)
{
// conscrypt enable TLSv1.3 per default but it's not supported in jdk8
// Conscrypt enables TLSv1.3 by default but it's not supported in Java 8.
sslContextFactory.addExcludeProtocols("TLSv1.3");
}
return sslContextFactory;
@ -86,9 +84,8 @@ public class ConscryptHTTP2ServerTest
@BeforeEach
public void startServer() throws Exception
{
HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.setSecureScheme( "https" );
httpsConfig.setSecureScheme("https");
httpsConfig.setSendXPoweredBy(true);
httpsConfig.setSendServerVersion(true);
@ -100,40 +97,35 @@ public class ConscryptHTTP2ServerTest
alpn.setDefaultProtocol(http.getProtocol());
SslConnectionFactory ssl = new SslConnectionFactory(newSslContextFactory(), alpn.getProtocol());
ServerConnector http2Connector = new ServerConnector(server,ssl,alpn,h2,http);
ServerConnector http2Connector = new ServerConnector(server, ssl, alpn, h2, http);
http2Connector.setPort(0);
server.addConnector(http2Connector);
server.setHandler(new AbstractHandler()
{
@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response)
{
response.setStatus(200);
baseRequest.setHandled(true);
}
} );
});
server.start();
}
@AfterEach
public void stopServer() throws Exception
{
if (server != null)
{
server.stop();
}
}
@Test
public void test_simple_query() throws Exception
public void testSimpleRequest() throws Exception
{
HTTP2Client h2Client = new HTTP2Client();
HttpClient client = new HttpClient(new HttpClientTransportOverHTTP2(h2Client),newSslContextFactory());
HttpClient client = new HttpClient(new HttpClientTransportOverHTTP2(h2Client), newSslContextFactory());
client.start();
try
{
@ -145,6 +137,5 @@ public class ConscryptHTTP2ServerTest
{
client.stop();
}
}
}

View File

@ -67,12 +67,12 @@ public class TestJettyOSGiBootHTTP2Conscrypt
{
ArrayList<Option> options = new ArrayList<>();
options.add(CoreOptions.junitBundles());
options.addAll(TestOSGiUtil.configureJettyHomeAndPort(true,"jetty-http2.xml"));
options.addAll(TestOSGiUtil.configureJettyHomeAndPort(true, "jetty-http2.xml"));
options.add(CoreOptions.bootDelegationPackages("org.xml.sax", "org.xml.*", "org.w3c.*", "javax.xml.*", "javax.activation.*"));
options.add(CoreOptions.systemPackages("com.sun.org.apache.xalan.internal.res","com.sun.org.apache.xml.internal.utils",
"com.sun.org.apache.xml.internal.utils", "com.sun.org.apache.xpath.internal",
"com.sun.org.apache.xpath.internal.jaxp", "com.sun.org.apache.xpath.internal.objects",
"sun.security", "sun.security.x509","sun.security.ssl"));
options.add(CoreOptions.systemPackages("com.sun.org.apache.xalan.internal.res", "com.sun.org.apache.xml.internal.utils",
"com.sun.org.apache.xml.internal.utils", "com.sun.org.apache.xpath.internal",
"com.sun.org.apache.xpath.internal.jaxp", "com.sun.org.apache.xpath.internal.objects",
"sun.security", "sun.security.x509", "sun.security.ssl"));
options.addAll(http2JettyDependencies());
options.addAll(TestOSGiUtil.coreJettyDependencies());
@ -95,10 +95,10 @@ public class TestJettyOSGiBootHTTP2Conscrypt
List<Option> res = new ArrayList<>();
res.add(CoreOptions.systemProperty("jetty.alpn.protocols").value("h2,http/1.1"));
res.add(CoreOptions.systemProperty("jetty.sslContext.provider").value("Conscrypt"));
res.add(wrappedBundle(mavenBundle().groupId("org.conscrypt").artifactId("conscrypt-openjdk-uber").versionAsInProject())
.imports("javax.net.ssl,*")
.exports("org.conscrypt;version="+System.getProperty("conscrypt-version"))
.exports("org.conscrypt;version=" + System.getProperty("conscrypt-version"))
.instructions("Bundle-NativeCode=META-INF/native/libconscrypt_openjdk_jni-linux-x86_64.so")
.start());
res.add(mavenBundle().groupId("org.eclipse.jetty.osgi").artifactId("jetty-osgi-alpn").versionAsInProject().noStart());
@ -128,16 +128,16 @@ public class TestJettyOSGiBootHTTP2Conscrypt
{
if (Boolean.getBoolean(TestOSGiUtil.BUNDLE_DEBUG))
assertAllBundlesActiveOrResolved();
HTTP2Client client = new HTTP2Client();
try
try
{
String port = System.getProperty("boot.https.port");
assertNotNull(port);
Path path = Paths.get("src", "test", "config");
Path path = Paths.get("src", "test", "config");
File keys = path.resolve("etc").resolve("keystore").toFile();
HTTP2Client http2Client = new HTTP2Client();
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
@ -146,9 +146,9 @@ public class TestJettyOSGiBootHTTP2Conscrypt
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setProvider("Conscrypt");
sslContextFactory.setEndpointIdentificationAlgorithm(null);
if ( JavaVersion.VERSION.getPlatform()<9)
if (JavaVersion.VERSION.getPlatform() < 9)
{
// conscrypt enable TLSv1.3 per default but it's not supported in jdk8
// Conscrypt enables TLSv1.3 by default but it's not supported in Java 8.
sslContextFactory.addExcludeProtocols("TLSv1.3");
}
HttpClient httpClient = new HttpClient(new HttpClientTransportOverHTTP2(http2Client), sslContextFactory);
@ -157,10 +157,9 @@ public class TestJettyOSGiBootHTTP2Conscrypt
httpClient.start();
ContentResponse response = httpClient.GET("https://localhost:"+port+"/jsp/jstl.jsp");
ContentResponse response = httpClient.GET("https://localhost:" + port + "/jsp/jstl.jsp");
assertEquals(200, response.getStatus());
assertTrue(response.getContentAsString().contains("JSTL Example"));
}
finally
{