From 123918018eecb3a13c02b38e12abe65d6b11c56f Mon Sep 17 00:00:00 2001 From: Simone Bordet Date: Fri, 15 Mar 2019 09:19:16 +0100 Subject: [PATCH] Issue #3425 - Upgrade conscrypt version to 2.0.0 and remove usage of reflection. Small fixes after review. Signed-off-by: Simone Bordet --- .../client/ConscryptClientALPNProcessor.java | 4 +- .../server/ConscryptServerALPNProcessor.java | 26 +++++------ .../server/ConscryptHTTP2ServerTest.java | 45 ++++++++----------- .../test/TestJettyOSGiBootHTTP2Conscrypt.java | 31 +++++++------ 4 files changed, 46 insertions(+), 60 deletions(-) diff --git a/jetty-alpn/jetty-alpn-conscrypt-client/src/main/java/org/eclipse/jetty/alpn/conscrypt/client/ConscryptClientALPNProcessor.java b/jetty-alpn/jetty-alpn-conscrypt-client/src/main/java/org/eclipse/jetty/alpn/conscrypt/client/ConscryptClientALPNProcessor.java index a848d7eb640..b180f7edc6b 100644 --- a/jetty-alpn/jetty-alpn-conscrypt-client/src/main/java/org/eclipse/jetty/alpn/conscrypt/client/ConscryptClientALPNProcessor.java +++ b/jetty-alpn/jetty-alpn-conscrypt-client/src/main/java/org/eclipse/jetty/alpn/conscrypt/client/ConscryptClientALPNProcessor.java @@ -39,7 +39,7 @@ public class ConscryptClientALPNProcessor implements ALPNProcessor.Client @Override public void init() { - if (Security.getProvider("Conscrypt")==null) + if (Security.getProvider("Conscrypt") == null) { Security.addProvider(new OpenSSLProvider()); if (LOG.isDebugEnabled()) @@ -90,6 +90,8 @@ public class ConscryptClientALPNProcessor implements ALPNProcessor.Client { SSLEngine sslEngine = alpnConnection.getSSLEngine(); String protocol = Conscrypt.getApplicationProtocol(sslEngine); + if (LOG.isDebugEnabled()) + LOG.debug("Selected {} for {}", protocol, alpnConnection); alpnConnection.selected(protocol); } catch (Throwable e) diff --git a/jetty-alpn/jetty-alpn-conscrypt-server/src/main/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptServerALPNProcessor.java b/jetty-alpn/jetty-alpn-conscrypt-server/src/main/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptServerALPNProcessor.java index 79d32bad899..7eef4c189b1 100644 --- a/jetty-alpn/jetty-alpn-conscrypt-server/src/main/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptServerALPNProcessor.java +++ b/jetty-alpn/jetty-alpn-conscrypt-server/src/main/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptServerALPNProcessor.java @@ -20,7 +20,6 @@ package org.eclipse.jetty.alpn.conscrypt.server; import java.security.Security; import java.util.List; -import java.util.function.BiFunction; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLSocket; @@ -43,7 +42,7 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server @Override public void init() { - if (Security.getProvider("Conscrypt")==null) + if (Security.getProvider("Conscrypt") == null) { Security.addProvider(new OpenSSLProvider()); if (LOG.isDebugEnabled()) @@ -58,11 +57,11 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server } @Override - public void configure(SSLEngine sslEngine,Connection connection) + public void configure(SSLEngine sslEngine, Connection connection) { try { - Conscrypt.setApplicationProtocolSelector(sslEngine,new ALPNCallback((ALPNServerConnection)connection)); + Conscrypt.setApplicationProtocolSelector(sslEngine, new ALPNCallback((ALPNServerConnection)connection)); } catch (RuntimeException x) { @@ -74,7 +73,7 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server } } - private final class ALPNCallback extends ApplicationProtocolSelector implements BiFunction,String>, SslHandshakeListener + private final class ALPNCallback extends ApplicationProtocolSelector implements SslHandshakeListener { private final ALPNServerConnection alpnConnection; @@ -88,7 +87,11 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server @Override public String selectApplicationProtocol(SSLEngine engine, List protocols) { - return apply(engine, protocols); + alpnConnection.select(protocols); + String protocol = alpnConnection.getProtocol(); + if (LOG.isDebugEnabled()) + LOG.debug("Selected {} among {} for {}", protocol, protocols, alpnConnection); + return protocol; } @Override @@ -97,22 +100,13 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server throw new UnsupportedOperationException(); } - @Override - public String apply(SSLEngine engine, List protocols) - { - if (LOG.isDebugEnabled()) - LOG.debug("apply {} {}", alpnConnection, protocols); - alpnConnection.select(protocols); - return alpnConnection.getProtocol(); - } - @Override public void handshakeSucceeded(Event event) { String protocol = alpnConnection.getProtocol(); if (LOG.isDebugEnabled()) LOG.debug("TLS handshake succeeded, protocol={} for {}", protocol, alpnConnection); - if (protocol ==null) + if (protocol == null) alpnConnection.unsupported(); } diff --git a/jetty-alpn/jetty-alpn-conscrypt-server/src/test/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptHTTP2ServerTest.java b/jetty-alpn/jetty-alpn-conscrypt-server/src/test/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptHTTP2ServerTest.java index ea867b3c226..cb621a020c3 100644 --- a/jetty-alpn/jetty-alpn-conscrypt-server/src/test/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptHTTP2ServerTest.java +++ b/jetty-alpn/jetty-alpn-conscrypt-server/src/test/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptHTTP2ServerTest.java @@ -18,6 +18,14 @@ package org.eclipse.jetty.alpn.conscrypt.server; +import java.io.File; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.security.Security; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import org.conscrypt.OpenSSLProvider; import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory; import org.eclipse.jetty.client.HttpClient; @@ -39,15 +47,6 @@ import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.File; -import java.io.IOException; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.security.Security; - import static org.junit.jupiter.api.Assertions.assertEquals; /** @@ -55,14 +54,13 @@ import static org.junit.jupiter.api.Assertions.assertEquals; */ public class ConscryptHTTP2ServerTest { - - Server server = new Server(); - static { Security.addProvider(new OpenSSLProvider()); } + private Server server = new Server(); + private SslContextFactory newSslContextFactory() { Path path = Paths.get("src", "test", "resources"); @@ -75,9 +73,9 @@ public class ConscryptHTTP2ServerTest sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"); sslContextFactory.setProvider("Conscrypt"); sslContextFactory.setEndpointIdentificationAlgorithm(null); - if (JavaVersion.VERSION.getPlatform()<9) + if (JavaVersion.VERSION.getPlatform() < 9) { - // conscrypt enable TLSv1.3 per default but it's not supported in jdk8 + // Conscrypt enables TLSv1.3 by default but it's not supported in Java 8. sslContextFactory.addExcludeProtocols("TLSv1.3"); } return sslContextFactory; @@ -86,9 +84,8 @@ public class ConscryptHTTP2ServerTest @BeforeEach public void startServer() throws Exception { - HttpConfiguration httpsConfig = new HttpConfiguration(); - httpsConfig.setSecureScheme( "https" ); + httpsConfig.setSecureScheme("https"); httpsConfig.setSendXPoweredBy(true); httpsConfig.setSendServerVersion(true); @@ -100,40 +97,35 @@ public class ConscryptHTTP2ServerTest alpn.setDefaultProtocol(http.getProtocol()); SslConnectionFactory ssl = new SslConnectionFactory(newSslContextFactory(), alpn.getProtocol()); - ServerConnector http2Connector = new ServerConnector(server,ssl,alpn,h2,http); + ServerConnector http2Connector = new ServerConnector(server, ssl, alpn, h2, http); http2Connector.setPort(0); server.addConnector(http2Connector); server.setHandler(new AbstractHandler() { @Override - public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException + public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) { response.setStatus(200); baseRequest.setHandled(true); } - } ); + }); server.start(); - } @AfterEach public void stopServer() throws Exception { if (server != null) - { server.stop(); - } } - @Test - public void test_simple_query() throws Exception + public void testSimpleRequest() throws Exception { - HTTP2Client h2Client = new HTTP2Client(); - HttpClient client = new HttpClient(new HttpClientTransportOverHTTP2(h2Client),newSslContextFactory()); + HttpClient client = new HttpClient(new HttpClientTransportOverHTTP2(h2Client), newSslContextFactory()); client.start(); try { @@ -145,6 +137,5 @@ public class ConscryptHTTP2ServerTest { client.stop(); } - } } diff --git a/jetty-osgi/test-jetty-osgi/src/test/java/org/eclipse/jetty/osgi/test/TestJettyOSGiBootHTTP2Conscrypt.java b/jetty-osgi/test-jetty-osgi/src/test/java/org/eclipse/jetty/osgi/test/TestJettyOSGiBootHTTP2Conscrypt.java index ffaa55ddcc4..8edcaf8604b 100644 --- a/jetty-osgi/test-jetty-osgi/src/test/java/org/eclipse/jetty/osgi/test/TestJettyOSGiBootHTTP2Conscrypt.java +++ b/jetty-osgi/test-jetty-osgi/src/test/java/org/eclipse/jetty/osgi/test/TestJettyOSGiBootHTTP2Conscrypt.java @@ -67,12 +67,12 @@ public class TestJettyOSGiBootHTTP2Conscrypt { ArrayList