Issue #3425 - Upgrade conscrypt version to 2.0.0 and remove usage of reflection.
Small fixes after review. Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
This commit is contained in:
parent
7404cce052
commit
123918018e
|
@ -39,7 +39,7 @@ public class ConscryptClientALPNProcessor implements ALPNProcessor.Client
|
||||||
@Override
|
@Override
|
||||||
public void init()
|
public void init()
|
||||||
{
|
{
|
||||||
if (Security.getProvider("Conscrypt")==null)
|
if (Security.getProvider("Conscrypt") == null)
|
||||||
{
|
{
|
||||||
Security.addProvider(new OpenSSLProvider());
|
Security.addProvider(new OpenSSLProvider());
|
||||||
if (LOG.isDebugEnabled())
|
if (LOG.isDebugEnabled())
|
||||||
|
@ -90,6 +90,8 @@ public class ConscryptClientALPNProcessor implements ALPNProcessor.Client
|
||||||
{
|
{
|
||||||
SSLEngine sslEngine = alpnConnection.getSSLEngine();
|
SSLEngine sslEngine = alpnConnection.getSSLEngine();
|
||||||
String protocol = Conscrypt.getApplicationProtocol(sslEngine);
|
String protocol = Conscrypt.getApplicationProtocol(sslEngine);
|
||||||
|
if (LOG.isDebugEnabled())
|
||||||
|
LOG.debug("Selected {} for {}", protocol, alpnConnection);
|
||||||
alpnConnection.selected(protocol);
|
alpnConnection.selected(protocol);
|
||||||
}
|
}
|
||||||
catch (Throwable e)
|
catch (Throwable e)
|
||||||
|
|
|
@ -20,7 +20,6 @@ package org.eclipse.jetty.alpn.conscrypt.server;
|
||||||
|
|
||||||
import java.security.Security;
|
import java.security.Security;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.function.BiFunction;
|
|
||||||
|
|
||||||
import javax.net.ssl.SSLEngine;
|
import javax.net.ssl.SSLEngine;
|
||||||
import javax.net.ssl.SSLSocket;
|
import javax.net.ssl.SSLSocket;
|
||||||
|
@ -43,7 +42,7 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
|
||||||
@Override
|
@Override
|
||||||
public void init()
|
public void init()
|
||||||
{
|
{
|
||||||
if (Security.getProvider("Conscrypt")==null)
|
if (Security.getProvider("Conscrypt") == null)
|
||||||
{
|
{
|
||||||
Security.addProvider(new OpenSSLProvider());
|
Security.addProvider(new OpenSSLProvider());
|
||||||
if (LOG.isDebugEnabled())
|
if (LOG.isDebugEnabled())
|
||||||
|
@ -58,11 +57,11 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void configure(SSLEngine sslEngine,Connection connection)
|
public void configure(SSLEngine sslEngine, Connection connection)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
Conscrypt.setApplicationProtocolSelector(sslEngine,new ALPNCallback((ALPNServerConnection)connection));
|
Conscrypt.setApplicationProtocolSelector(sslEngine, new ALPNCallback((ALPNServerConnection)connection));
|
||||||
}
|
}
|
||||||
catch (RuntimeException x)
|
catch (RuntimeException x)
|
||||||
{
|
{
|
||||||
|
@ -74,7 +73,7 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private final class ALPNCallback extends ApplicationProtocolSelector implements BiFunction<SSLEngine,List<String>,String>, SslHandshakeListener
|
private final class ALPNCallback extends ApplicationProtocolSelector implements SslHandshakeListener
|
||||||
{
|
{
|
||||||
private final ALPNServerConnection alpnConnection;
|
private final ALPNServerConnection alpnConnection;
|
||||||
|
|
||||||
|
@ -88,7 +87,11 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
|
||||||
@Override
|
@Override
|
||||||
public String selectApplicationProtocol(SSLEngine engine, List<String> protocols)
|
public String selectApplicationProtocol(SSLEngine engine, List<String> protocols)
|
||||||
{
|
{
|
||||||
return apply(engine, protocols);
|
alpnConnection.select(protocols);
|
||||||
|
String protocol = alpnConnection.getProtocol();
|
||||||
|
if (LOG.isDebugEnabled())
|
||||||
|
LOG.debug("Selected {} among {} for {}", protocol, protocols, alpnConnection);
|
||||||
|
return protocol;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -97,22 +100,13 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
|
||||||
throw new UnsupportedOperationException();
|
throw new UnsupportedOperationException();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
public String apply(SSLEngine engine, List<String> protocols)
|
|
||||||
{
|
|
||||||
if (LOG.isDebugEnabled())
|
|
||||||
LOG.debug("apply {} {}", alpnConnection, protocols);
|
|
||||||
alpnConnection.select(protocols);
|
|
||||||
return alpnConnection.getProtocol();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void handshakeSucceeded(Event event)
|
public void handshakeSucceeded(Event event)
|
||||||
{
|
{
|
||||||
String protocol = alpnConnection.getProtocol();
|
String protocol = alpnConnection.getProtocol();
|
||||||
if (LOG.isDebugEnabled())
|
if (LOG.isDebugEnabled())
|
||||||
LOG.debug("TLS handshake succeeded, protocol={} for {}", protocol, alpnConnection);
|
LOG.debug("TLS handshake succeeded, protocol={} for {}", protocol, alpnConnection);
|
||||||
if (protocol ==null)
|
if (protocol == null)
|
||||||
alpnConnection.unsupported();
|
alpnConnection.unsupported();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -18,6 +18,14 @@
|
||||||
|
|
||||||
package org.eclipse.jetty.alpn.conscrypt.server;
|
package org.eclipse.jetty.alpn.conscrypt.server;
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
|
import java.nio.file.Path;
|
||||||
|
import java.nio.file.Paths;
|
||||||
|
import java.security.Security;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
import org.conscrypt.OpenSSLProvider;
|
import org.conscrypt.OpenSSLProvider;
|
||||||
import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
|
import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
|
||||||
import org.eclipse.jetty.client.HttpClient;
|
import org.eclipse.jetty.client.HttpClient;
|
||||||
|
@ -39,15 +47,6 @@ import org.junit.jupiter.api.AfterEach;
|
||||||
import org.junit.jupiter.api.BeforeEach;
|
import org.junit.jupiter.api.BeforeEach;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import javax.servlet.ServletException;
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
import java.io.File;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.nio.file.Path;
|
|
||||||
import java.nio.file.Paths;
|
|
||||||
import java.security.Security;
|
|
||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -55,14 +54,13 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
*/
|
*/
|
||||||
public class ConscryptHTTP2ServerTest
|
public class ConscryptHTTP2ServerTest
|
||||||
{
|
{
|
||||||
|
|
||||||
Server server = new Server();
|
|
||||||
|
|
||||||
static
|
static
|
||||||
{
|
{
|
||||||
Security.addProvider(new OpenSSLProvider());
|
Security.addProvider(new OpenSSLProvider());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private Server server = new Server();
|
||||||
|
|
||||||
private SslContextFactory newSslContextFactory()
|
private SslContextFactory newSslContextFactory()
|
||||||
{
|
{
|
||||||
Path path = Paths.get("src", "test", "resources");
|
Path path = Paths.get("src", "test", "resources");
|
||||||
|
@ -75,9 +73,9 @@ public class ConscryptHTTP2ServerTest
|
||||||
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||||
sslContextFactory.setProvider("Conscrypt");
|
sslContextFactory.setProvider("Conscrypt");
|
||||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||||
if (JavaVersion.VERSION.getPlatform()<9)
|
if (JavaVersion.VERSION.getPlatform() < 9)
|
||||||
{
|
{
|
||||||
// conscrypt enable TLSv1.3 per default but it's not supported in jdk8
|
// Conscrypt enables TLSv1.3 by default but it's not supported in Java 8.
|
||||||
sslContextFactory.addExcludeProtocols("TLSv1.3");
|
sslContextFactory.addExcludeProtocols("TLSv1.3");
|
||||||
}
|
}
|
||||||
return sslContextFactory;
|
return sslContextFactory;
|
||||||
|
@ -86,9 +84,8 @@ public class ConscryptHTTP2ServerTest
|
||||||
@BeforeEach
|
@BeforeEach
|
||||||
public void startServer() throws Exception
|
public void startServer() throws Exception
|
||||||
{
|
{
|
||||||
|
|
||||||
HttpConfiguration httpsConfig = new HttpConfiguration();
|
HttpConfiguration httpsConfig = new HttpConfiguration();
|
||||||
httpsConfig.setSecureScheme( "https" );
|
httpsConfig.setSecureScheme("https");
|
||||||
|
|
||||||
httpsConfig.setSendXPoweredBy(true);
|
httpsConfig.setSendXPoweredBy(true);
|
||||||
httpsConfig.setSendServerVersion(true);
|
httpsConfig.setSendServerVersion(true);
|
||||||
|
@ -100,40 +97,35 @@ public class ConscryptHTTP2ServerTest
|
||||||
alpn.setDefaultProtocol(http.getProtocol());
|
alpn.setDefaultProtocol(http.getProtocol());
|
||||||
SslConnectionFactory ssl = new SslConnectionFactory(newSslContextFactory(), alpn.getProtocol());
|
SslConnectionFactory ssl = new SslConnectionFactory(newSslContextFactory(), alpn.getProtocol());
|
||||||
|
|
||||||
ServerConnector http2Connector = new ServerConnector(server,ssl,alpn,h2,http);
|
ServerConnector http2Connector = new ServerConnector(server, ssl, alpn, h2, http);
|
||||||
http2Connector.setPort(0);
|
http2Connector.setPort(0);
|
||||||
server.addConnector(http2Connector);
|
server.addConnector(http2Connector);
|
||||||
|
|
||||||
server.setHandler(new AbstractHandler()
|
server.setHandler(new AbstractHandler()
|
||||||
{
|
{
|
||||||
@Override
|
@Override
|
||||||
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
|
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response)
|
||||||
{
|
{
|
||||||
response.setStatus(200);
|
response.setStatus(200);
|
||||||
baseRequest.setHandled(true);
|
baseRequest.setHandled(true);
|
||||||
}
|
}
|
||||||
} );
|
});
|
||||||
|
|
||||||
server.start();
|
server.start();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@AfterEach
|
@AfterEach
|
||||||
public void stopServer() throws Exception
|
public void stopServer() throws Exception
|
||||||
{
|
{
|
||||||
if (server != null)
|
if (server != null)
|
||||||
{
|
|
||||||
server.stop();
|
server.stop();
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void test_simple_query() throws Exception
|
public void testSimpleRequest() throws Exception
|
||||||
{
|
{
|
||||||
|
|
||||||
HTTP2Client h2Client = new HTTP2Client();
|
HTTP2Client h2Client = new HTTP2Client();
|
||||||
HttpClient client = new HttpClient(new HttpClientTransportOverHTTP2(h2Client),newSslContextFactory());
|
HttpClient client = new HttpClient(new HttpClientTransportOverHTTP2(h2Client), newSslContextFactory());
|
||||||
client.start();
|
client.start();
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
@ -145,6 +137,5 @@ public class ConscryptHTTP2ServerTest
|
||||||
{
|
{
|
||||||
client.stop();
|
client.stop();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -67,12 +67,12 @@ public class TestJettyOSGiBootHTTP2Conscrypt
|
||||||
{
|
{
|
||||||
ArrayList<Option> options = new ArrayList<>();
|
ArrayList<Option> options = new ArrayList<>();
|
||||||
options.add(CoreOptions.junitBundles());
|
options.add(CoreOptions.junitBundles());
|
||||||
options.addAll(TestOSGiUtil.configureJettyHomeAndPort(true,"jetty-http2.xml"));
|
options.addAll(TestOSGiUtil.configureJettyHomeAndPort(true, "jetty-http2.xml"));
|
||||||
options.add(CoreOptions.bootDelegationPackages("org.xml.sax", "org.xml.*", "org.w3c.*", "javax.xml.*", "javax.activation.*"));
|
options.add(CoreOptions.bootDelegationPackages("org.xml.sax", "org.xml.*", "org.w3c.*", "javax.xml.*", "javax.activation.*"));
|
||||||
options.add(CoreOptions.systemPackages("com.sun.org.apache.xalan.internal.res","com.sun.org.apache.xml.internal.utils",
|
options.add(CoreOptions.systemPackages("com.sun.org.apache.xalan.internal.res", "com.sun.org.apache.xml.internal.utils",
|
||||||
"com.sun.org.apache.xml.internal.utils", "com.sun.org.apache.xpath.internal",
|
"com.sun.org.apache.xml.internal.utils", "com.sun.org.apache.xpath.internal",
|
||||||
"com.sun.org.apache.xpath.internal.jaxp", "com.sun.org.apache.xpath.internal.objects",
|
"com.sun.org.apache.xpath.internal.jaxp", "com.sun.org.apache.xpath.internal.objects",
|
||||||
"sun.security", "sun.security.x509","sun.security.ssl"));
|
"sun.security", "sun.security.x509", "sun.security.ssl"));
|
||||||
options.addAll(http2JettyDependencies());
|
options.addAll(http2JettyDependencies());
|
||||||
|
|
||||||
options.addAll(TestOSGiUtil.coreJettyDependencies());
|
options.addAll(TestOSGiUtil.coreJettyDependencies());
|
||||||
|
@ -95,10 +95,10 @@ public class TestJettyOSGiBootHTTP2Conscrypt
|
||||||
List<Option> res = new ArrayList<>();
|
List<Option> res = new ArrayList<>();
|
||||||
res.add(CoreOptions.systemProperty("jetty.alpn.protocols").value("h2,http/1.1"));
|
res.add(CoreOptions.systemProperty("jetty.alpn.protocols").value("h2,http/1.1"));
|
||||||
res.add(CoreOptions.systemProperty("jetty.sslContext.provider").value("Conscrypt"));
|
res.add(CoreOptions.systemProperty("jetty.sslContext.provider").value("Conscrypt"));
|
||||||
|
|
||||||
res.add(wrappedBundle(mavenBundle().groupId("org.conscrypt").artifactId("conscrypt-openjdk-uber").versionAsInProject())
|
res.add(wrappedBundle(mavenBundle().groupId("org.conscrypt").artifactId("conscrypt-openjdk-uber").versionAsInProject())
|
||||||
.imports("javax.net.ssl,*")
|
.imports("javax.net.ssl,*")
|
||||||
.exports("org.conscrypt;version="+System.getProperty("conscrypt-version"))
|
.exports("org.conscrypt;version=" + System.getProperty("conscrypt-version"))
|
||||||
.instructions("Bundle-NativeCode=META-INF/native/libconscrypt_openjdk_jni-linux-x86_64.so")
|
.instructions("Bundle-NativeCode=META-INF/native/libconscrypt_openjdk_jni-linux-x86_64.so")
|
||||||
.start());
|
.start());
|
||||||
res.add(mavenBundle().groupId("org.eclipse.jetty.osgi").artifactId("jetty-osgi-alpn").versionAsInProject().noStart());
|
res.add(mavenBundle().groupId("org.eclipse.jetty.osgi").artifactId("jetty-osgi-alpn").versionAsInProject().noStart());
|
||||||
|
@ -128,16 +128,16 @@ public class TestJettyOSGiBootHTTP2Conscrypt
|
||||||
{
|
{
|
||||||
if (Boolean.getBoolean(TestOSGiUtil.BUNDLE_DEBUG))
|
if (Boolean.getBoolean(TestOSGiUtil.BUNDLE_DEBUG))
|
||||||
assertAllBundlesActiveOrResolved();
|
assertAllBundlesActiveOrResolved();
|
||||||
|
|
||||||
HTTP2Client client = new HTTP2Client();
|
HTTP2Client client = new HTTP2Client();
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
String port = System.getProperty("boot.https.port");
|
String port = System.getProperty("boot.https.port");
|
||||||
assertNotNull(port);
|
assertNotNull(port);
|
||||||
|
|
||||||
Path path = Paths.get("src", "test", "config");
|
Path path = Paths.get("src", "test", "config");
|
||||||
File keys = path.resolve("etc").resolve("keystore").toFile();
|
File keys = path.resolve("etc").resolve("keystore").toFile();
|
||||||
|
|
||||||
HTTP2Client http2Client = new HTTP2Client();
|
HTTP2Client http2Client = new HTTP2Client();
|
||||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||||
sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||||
|
@ -146,9 +146,9 @@ public class TestJettyOSGiBootHTTP2Conscrypt
|
||||||
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||||
sslContextFactory.setProvider("Conscrypt");
|
sslContextFactory.setProvider("Conscrypt");
|
||||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||||
if ( JavaVersion.VERSION.getPlatform()<9)
|
if (JavaVersion.VERSION.getPlatform() < 9)
|
||||||
{
|
{
|
||||||
// conscrypt enable TLSv1.3 per default but it's not supported in jdk8
|
// Conscrypt enables TLSv1.3 by default but it's not supported in Java 8.
|
||||||
sslContextFactory.addExcludeProtocols("TLSv1.3");
|
sslContextFactory.addExcludeProtocols("TLSv1.3");
|
||||||
}
|
}
|
||||||
HttpClient httpClient = new HttpClient(new HttpClientTransportOverHTTP2(http2Client), sslContextFactory);
|
HttpClient httpClient = new HttpClient(new HttpClientTransportOverHTTP2(http2Client), sslContextFactory);
|
||||||
|
@ -157,10 +157,9 @@ public class TestJettyOSGiBootHTTP2Conscrypt
|
||||||
|
|
||||||
httpClient.start();
|
httpClient.start();
|
||||||
|
|
||||||
ContentResponse response = httpClient.GET("https://localhost:"+port+"/jsp/jstl.jsp");
|
ContentResponse response = httpClient.GET("https://localhost:" + port + "/jsp/jstl.jsp");
|
||||||
assertEquals(200, response.getStatus());
|
assertEquals(200, response.getStatus());
|
||||||
assertTrue(response.getContentAsString().contains("JSTL Example"));
|
assertTrue(response.getContentAsString().contains("JSTL Example"));
|
||||||
|
|
||||||
}
|
}
|
||||||
finally
|
finally
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue