Issue #3425 - Upgrade conscrypt version to 2.0.0 and remove usage of reflection.

Small fixes after review.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
This commit is contained in:
Simone Bordet 2019-03-15 09:19:16 +01:00
parent 7404cce052
commit 123918018e
4 changed files with 46 additions and 60 deletions

View File

@ -39,7 +39,7 @@ public class ConscryptClientALPNProcessor implements ALPNProcessor.Client
@Override @Override
public void init() public void init()
{ {
if (Security.getProvider("Conscrypt")==null) if (Security.getProvider("Conscrypt") == null)
{ {
Security.addProvider(new OpenSSLProvider()); Security.addProvider(new OpenSSLProvider());
if (LOG.isDebugEnabled()) if (LOG.isDebugEnabled())
@ -90,6 +90,8 @@ public class ConscryptClientALPNProcessor implements ALPNProcessor.Client
{ {
SSLEngine sslEngine = alpnConnection.getSSLEngine(); SSLEngine sslEngine = alpnConnection.getSSLEngine();
String protocol = Conscrypt.getApplicationProtocol(sslEngine); String protocol = Conscrypt.getApplicationProtocol(sslEngine);
if (LOG.isDebugEnabled())
LOG.debug("Selected {} for {}", protocol, alpnConnection);
alpnConnection.selected(protocol); alpnConnection.selected(protocol);
} }
catch (Throwable e) catch (Throwable e)

View File

@ -20,7 +20,6 @@ package org.eclipse.jetty.alpn.conscrypt.server;
import java.security.Security; import java.security.Security;
import java.util.List; import java.util.List;
import java.util.function.BiFunction;
import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocket;
@ -43,7 +42,7 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
@Override @Override
public void init() public void init()
{ {
if (Security.getProvider("Conscrypt")==null) if (Security.getProvider("Conscrypt") == null)
{ {
Security.addProvider(new OpenSSLProvider()); Security.addProvider(new OpenSSLProvider());
if (LOG.isDebugEnabled()) if (LOG.isDebugEnabled())
@ -58,11 +57,11 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
} }
@Override @Override
public void configure(SSLEngine sslEngine,Connection connection) public void configure(SSLEngine sslEngine, Connection connection)
{ {
try try
{ {
Conscrypt.setApplicationProtocolSelector(sslEngine,new ALPNCallback((ALPNServerConnection)connection)); Conscrypt.setApplicationProtocolSelector(sslEngine, new ALPNCallback((ALPNServerConnection)connection));
} }
catch (RuntimeException x) catch (RuntimeException x)
{ {
@ -74,7 +73,7 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
} }
} }
private final class ALPNCallback extends ApplicationProtocolSelector implements BiFunction<SSLEngine,List<String>,String>, SslHandshakeListener private final class ALPNCallback extends ApplicationProtocolSelector implements SslHandshakeListener
{ {
private final ALPNServerConnection alpnConnection; private final ALPNServerConnection alpnConnection;
@ -88,7 +87,11 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
@Override @Override
public String selectApplicationProtocol(SSLEngine engine, List<String> protocols) public String selectApplicationProtocol(SSLEngine engine, List<String> protocols)
{ {
return apply(engine, protocols); alpnConnection.select(protocols);
String protocol = alpnConnection.getProtocol();
if (LOG.isDebugEnabled())
LOG.debug("Selected {} among {} for {}", protocol, protocols, alpnConnection);
return protocol;
} }
@Override @Override
@ -97,22 +100,13 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
throw new UnsupportedOperationException(); throw new UnsupportedOperationException();
} }
@Override
public String apply(SSLEngine engine, List<String> protocols)
{
if (LOG.isDebugEnabled())
LOG.debug("apply {} {}", alpnConnection, protocols);
alpnConnection.select(protocols);
return alpnConnection.getProtocol();
}
@Override @Override
public void handshakeSucceeded(Event event) public void handshakeSucceeded(Event event)
{ {
String protocol = alpnConnection.getProtocol(); String protocol = alpnConnection.getProtocol();
if (LOG.isDebugEnabled()) if (LOG.isDebugEnabled())
LOG.debug("TLS handshake succeeded, protocol={} for {}", protocol, alpnConnection); LOG.debug("TLS handshake succeeded, protocol={} for {}", protocol, alpnConnection);
if (protocol ==null) if (protocol == null)
alpnConnection.unsupported(); alpnConnection.unsupported();
} }

View File

@ -18,6 +18,14 @@
package org.eclipse.jetty.alpn.conscrypt.server; package org.eclipse.jetty.alpn.conscrypt.server;
import java.io.File;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Security;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.conscrypt.OpenSSLProvider; import org.conscrypt.OpenSSLProvider;
import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory; import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
import org.eclipse.jetty.client.HttpClient; import org.eclipse.jetty.client.HttpClient;
@ -39,15 +47,6 @@ import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.File;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Security;
import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertEquals;
/** /**
@ -55,14 +54,13 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
*/ */
public class ConscryptHTTP2ServerTest public class ConscryptHTTP2ServerTest
{ {
Server server = new Server();
static static
{ {
Security.addProvider(new OpenSSLProvider()); Security.addProvider(new OpenSSLProvider());
} }
private Server server = new Server();
private SslContextFactory newSslContextFactory() private SslContextFactory newSslContextFactory()
{ {
Path path = Paths.get("src", "test", "resources"); Path path = Paths.get("src", "test", "resources");
@ -75,9 +73,9 @@ public class ConscryptHTTP2ServerTest
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"); sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setProvider("Conscrypt"); sslContextFactory.setProvider("Conscrypt");
sslContextFactory.setEndpointIdentificationAlgorithm(null); sslContextFactory.setEndpointIdentificationAlgorithm(null);
if (JavaVersion.VERSION.getPlatform()<9) if (JavaVersion.VERSION.getPlatform() < 9)
{ {
// conscrypt enable TLSv1.3 per default but it's not supported in jdk8 // Conscrypt enables TLSv1.3 by default but it's not supported in Java 8.
sslContextFactory.addExcludeProtocols("TLSv1.3"); sslContextFactory.addExcludeProtocols("TLSv1.3");
} }
return sslContextFactory; return sslContextFactory;
@ -86,9 +84,8 @@ public class ConscryptHTTP2ServerTest
@BeforeEach @BeforeEach
public void startServer() throws Exception public void startServer() throws Exception
{ {
HttpConfiguration httpsConfig = new HttpConfiguration(); HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.setSecureScheme( "https" ); httpsConfig.setSecureScheme("https");
httpsConfig.setSendXPoweredBy(true); httpsConfig.setSendXPoweredBy(true);
httpsConfig.setSendServerVersion(true); httpsConfig.setSendServerVersion(true);
@ -100,40 +97,35 @@ public class ConscryptHTTP2ServerTest
alpn.setDefaultProtocol(http.getProtocol()); alpn.setDefaultProtocol(http.getProtocol());
SslConnectionFactory ssl = new SslConnectionFactory(newSslContextFactory(), alpn.getProtocol()); SslConnectionFactory ssl = new SslConnectionFactory(newSslContextFactory(), alpn.getProtocol());
ServerConnector http2Connector = new ServerConnector(server,ssl,alpn,h2,http); ServerConnector http2Connector = new ServerConnector(server, ssl, alpn, h2, http);
http2Connector.setPort(0); http2Connector.setPort(0);
server.addConnector(http2Connector); server.addConnector(http2Connector);
server.setHandler(new AbstractHandler() server.setHandler(new AbstractHandler()
{ {
@Override @Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response)
{ {
response.setStatus(200); response.setStatus(200);
baseRequest.setHandled(true); baseRequest.setHandled(true);
} }
} ); });
server.start(); server.start();
} }
@AfterEach @AfterEach
public void stopServer() throws Exception public void stopServer() throws Exception
{ {
if (server != null) if (server != null)
{
server.stop(); server.stop();
}
} }
@Test @Test
public void test_simple_query() throws Exception public void testSimpleRequest() throws Exception
{ {
HTTP2Client h2Client = new HTTP2Client(); HTTP2Client h2Client = new HTTP2Client();
HttpClient client = new HttpClient(new HttpClientTransportOverHTTP2(h2Client),newSslContextFactory()); HttpClient client = new HttpClient(new HttpClientTransportOverHTTP2(h2Client), newSslContextFactory());
client.start(); client.start();
try try
{ {
@ -145,6 +137,5 @@ public class ConscryptHTTP2ServerTest
{ {
client.stop(); client.stop();
} }
} }
} }

View File

@ -67,12 +67,12 @@ public class TestJettyOSGiBootHTTP2Conscrypt
{ {
ArrayList<Option> options = new ArrayList<>(); ArrayList<Option> options = new ArrayList<>();
options.add(CoreOptions.junitBundles()); options.add(CoreOptions.junitBundles());
options.addAll(TestOSGiUtil.configureJettyHomeAndPort(true,"jetty-http2.xml")); options.addAll(TestOSGiUtil.configureJettyHomeAndPort(true, "jetty-http2.xml"));
options.add(CoreOptions.bootDelegationPackages("org.xml.sax", "org.xml.*", "org.w3c.*", "javax.xml.*", "javax.activation.*")); options.add(CoreOptions.bootDelegationPackages("org.xml.sax", "org.xml.*", "org.w3c.*", "javax.xml.*", "javax.activation.*"));
options.add(CoreOptions.systemPackages("com.sun.org.apache.xalan.internal.res","com.sun.org.apache.xml.internal.utils", options.add(CoreOptions.systemPackages("com.sun.org.apache.xalan.internal.res", "com.sun.org.apache.xml.internal.utils",
"com.sun.org.apache.xml.internal.utils", "com.sun.org.apache.xpath.internal", "com.sun.org.apache.xml.internal.utils", "com.sun.org.apache.xpath.internal",
"com.sun.org.apache.xpath.internal.jaxp", "com.sun.org.apache.xpath.internal.objects", "com.sun.org.apache.xpath.internal.jaxp", "com.sun.org.apache.xpath.internal.objects",
"sun.security", "sun.security.x509","sun.security.ssl")); "sun.security", "sun.security.x509", "sun.security.ssl"));
options.addAll(http2JettyDependencies()); options.addAll(http2JettyDependencies());
options.addAll(TestOSGiUtil.coreJettyDependencies()); options.addAll(TestOSGiUtil.coreJettyDependencies());
@ -95,10 +95,10 @@ public class TestJettyOSGiBootHTTP2Conscrypt
List<Option> res = new ArrayList<>(); List<Option> res = new ArrayList<>();
res.add(CoreOptions.systemProperty("jetty.alpn.protocols").value("h2,http/1.1")); res.add(CoreOptions.systemProperty("jetty.alpn.protocols").value("h2,http/1.1"));
res.add(CoreOptions.systemProperty("jetty.sslContext.provider").value("Conscrypt")); res.add(CoreOptions.systemProperty("jetty.sslContext.provider").value("Conscrypt"));
res.add(wrappedBundle(mavenBundle().groupId("org.conscrypt").artifactId("conscrypt-openjdk-uber").versionAsInProject()) res.add(wrappedBundle(mavenBundle().groupId("org.conscrypt").artifactId("conscrypt-openjdk-uber").versionAsInProject())
.imports("javax.net.ssl,*") .imports("javax.net.ssl,*")
.exports("org.conscrypt;version="+System.getProperty("conscrypt-version")) .exports("org.conscrypt;version=" + System.getProperty("conscrypt-version"))
.instructions("Bundle-NativeCode=META-INF/native/libconscrypt_openjdk_jni-linux-x86_64.so") .instructions("Bundle-NativeCode=META-INF/native/libconscrypt_openjdk_jni-linux-x86_64.so")
.start()); .start());
res.add(mavenBundle().groupId("org.eclipse.jetty.osgi").artifactId("jetty-osgi-alpn").versionAsInProject().noStart()); res.add(mavenBundle().groupId("org.eclipse.jetty.osgi").artifactId("jetty-osgi-alpn").versionAsInProject().noStart());
@ -128,16 +128,16 @@ public class TestJettyOSGiBootHTTP2Conscrypt
{ {
if (Boolean.getBoolean(TestOSGiUtil.BUNDLE_DEBUG)) if (Boolean.getBoolean(TestOSGiUtil.BUNDLE_DEBUG))
assertAllBundlesActiveOrResolved(); assertAllBundlesActiveOrResolved();
HTTP2Client client = new HTTP2Client(); HTTP2Client client = new HTTP2Client();
try try
{ {
String port = System.getProperty("boot.https.port"); String port = System.getProperty("boot.https.port");
assertNotNull(port); assertNotNull(port);
Path path = Paths.get("src", "test", "config"); Path path = Paths.get("src", "test", "config");
File keys = path.resolve("etc").resolve("keystore").toFile(); File keys = path.resolve("etc").resolve("keystore").toFile();
HTTP2Client http2Client = new HTTP2Client(); HTTP2Client http2Client = new HTTP2Client();
SslContextFactory sslContextFactory = new SslContextFactory(); SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"); sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
@ -146,9 +146,9 @@ public class TestJettyOSGiBootHTTP2Conscrypt
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"); sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setProvider("Conscrypt"); sslContextFactory.setProvider("Conscrypt");
sslContextFactory.setEndpointIdentificationAlgorithm(null); sslContextFactory.setEndpointIdentificationAlgorithm(null);
if ( JavaVersion.VERSION.getPlatform()<9) if (JavaVersion.VERSION.getPlatform() < 9)
{ {
// conscrypt enable TLSv1.3 per default but it's not supported in jdk8 // Conscrypt enables TLSv1.3 by default but it's not supported in Java 8.
sslContextFactory.addExcludeProtocols("TLSv1.3"); sslContextFactory.addExcludeProtocols("TLSv1.3");
} }
HttpClient httpClient = new HttpClient(new HttpClientTransportOverHTTP2(http2Client), sslContextFactory); HttpClient httpClient = new HttpClient(new HttpClientTransportOverHTTP2(http2Client), sslContextFactory);
@ -157,10 +157,9 @@ public class TestJettyOSGiBootHTTP2Conscrypt
httpClient.start(); httpClient.start();
ContentResponse response = httpClient.GET("https://localhost:"+port+"/jsp/jstl.jsp"); ContentResponse response = httpClient.GET("https://localhost:" + port + "/jsp/jstl.jsp");
assertEquals(200, response.getStatus()); assertEquals(200, response.getStatus());
assertTrue(response.getContentAsString().contains("JSTL Example")); assertTrue(response.getContentAsString().contains("JSTL Example"));
} }
finally finally
{ {