Merged branch 'jetty-9.2.x' into 'jetty-9.3.x'.

jetty-alpn/jetty-alpn-server/src/main/config/modules/alpn-impl/alpn-1.8.0_181.mod

@@ -0,0 +1,8 @@
+[name]
+alpn-boot
+
+[files]
+http://central.maven.org/maven2/org/mortbay/jetty/alpn/alpn-boot/8.1.12.v20180117/alpn-boot-8.1.12.v20180117.jar|lib/alpn/alpn-boot-8.1.12.v20180117.jar
+
+[exec]
+-Xbootclasspath/p:lib/alpn/alpn-boot-8.1.12.v20180117.jar

jetty-documentation/src/main/asciidoc/administration/alpn/alpn.adoc

@@ -255,6 +255,7 @@ The ALPN implementation, relying on modifications of OpenJDK classes, updates ev
 |1.8.0u162 |8.1.12.v20180117
 |1.8.0u171 |8.1.12.v20180117
 |1.8.0u172 |8.1.12.v20180117
+|1.8.0u181 |8.1.12.v20180117
 |=============================
 
 [[alpn-build]]

jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslClientConnectionFactory.java

@@ -42,6 +42,8 @@ public class SslClientConnectionFactory implements ClientConnectionFactory
     private final ByteBufferPool byteBufferPool;
     private final Executor executor;
     private final ClientConnectionFactory connectionFactory;
+    private boolean _directBuffersForEncryption = true;
+    private boolean _directBuffersForDecryption = true;
     private boolean allowMissingCloseMessage = true;
 
     public SslClientConnectionFactory(SslContextFactory sslContextFactory, ByteBufferPool byteBufferPool, Executor executor, ClientConnectionFactory connectionFactory)
@@ -52,6 +54,26 @@ public class SslClientConnectionFactory implements ClientConnectionFactory
         this.connectionFactory = connectionFactory;
     }
 
+    public void setDirectBuffersForEncryption(boolean useDirectBuffers)
+    {
+        this._directBuffersForEncryption = useDirectBuffers;
+    }
+
+    public void setDirectBuffersForDecryption(boolean useDirectBuffers)
+    {
+        this._directBuffersForDecryption = useDirectBuffers;
+    }
+
+    public boolean isDirectBuffersForDecryption()
+    {
+        return _directBuffersForDecryption;
+    }
+
+    public boolean isDirectBuffersForEncryption()
+    {
+        return _directBuffersForEncryption;
+    }
+
     public boolean isAllowMissingCloseMessage()
     {
         return allowMissingCloseMessage;
@@ -84,7 +106,7 @@ public class SslClientConnectionFactory implements ClientConnectionFactory
 
     protected SslConnection newSslConnection(ByteBufferPool byteBufferPool, Executor executor, EndPoint endPoint, SSLEngine engine)
     {
-        return new SslConnection(byteBufferPool, executor, endPoint, engine);
+        return new SslConnection(byteBufferPool, executor, endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption());
     }
 
     @Override

jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java

@@ -87,8 +87,8 @@ public class SslConnection extends AbstractConnection
     private ByteBuffer _decryptedInput;
     private ByteBuffer _encryptedInput;
     private ByteBuffer _encryptedOutput;
-    private final boolean _encryptedDirectBuffers = true;
+    private final boolean _encryptedDirectBuffers;
-    private final boolean _decryptedDirectBuffers = false;
+    private final boolean _decryptedDirectBuffers;
     private boolean _renegotiationAllowed;
     private int _renegotiationLimit = -1;
     private boolean _closedOutbound;
@@ -131,6 +131,12 @@ public class SslConnection extends AbstractConnection
     };
 
     public SslConnection(ByteBufferPool byteBufferPool, Executor executor, EndPoint endPoint, SSLEngine sslEngine)
+    {
+        this(byteBufferPool, executor, endPoint, sslEngine, false, false);
+    }
+
+    public SslConnection(ByteBufferPool byteBufferPool, Executor executor, EndPoint endPoint, SSLEngine sslEngine,
+                         boolean useDirectBuffersForEncryption, boolean useDirectBuffersForDecryption)
     {
         // This connection does not execute calls to onFillable(), so they will be called by the selector thread.
         // onFillable() does not block and will only wakeup another thread to do the actual reading and handling.
@@ -138,6 +144,8 @@ public class SslConnection extends AbstractConnection
         this._bufferPool = byteBufferPool;
         this._sslEngine = sslEngine;
         this._decryptedEndPoint = newDecryptedEndPoint();
+        this._encryptedDirectBuffers = useDirectBuffersForEncryption;
+        this._decryptedDirectBuffers = useDirectBuffersForDecryption;
     }
 
     public void addHandshakeListener(SslHandshakeListener listener)

jetty-io/src/test/java/org/eclipse/jetty/io/SslConnectionTest.java

@@ -45,6 +45,7 @@ import org.eclipse.jetty.util.thread.QueuedThreadPool;
 import org.eclipse.jetty.util.thread.Scheduler;
 import org.eclipse.jetty.util.thread.TimerScheduler;
 import org.junit.After;
+import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.BeforeClass;
@@ -140,6 +141,12 @@ public class SslConnectionTest
         __sslCtxFactory.start();
     }
 
+    @AfterClass
+    public static void stopSsl() throws Exception
+    {
+        __sslCtxFactory.stop();
+    }
+
     @Before
     public void startManager() throws Exception
     {
@@ -262,26 +269,27 @@ public class SslConnectionTest
     @Test
     public void testHelloWorld() throws Exception
     {
-        Socket client = newClient();
+        try (Socket client = newClient())
-        client.setSoTimeout(60000);
+        {
+            client.setSoTimeout(60000);
+            try (SocketChannel server = _connector.accept())
+            {
+                server.configureBlocking(false);
+                _manager.accept(server);
 
-        SocketChannel server = _connector.accept();
+                client.getOutputStream().write("Hello".getBytes(StandardCharsets.UTF_8));
-        server.configureBlocking(false);
+                byte[] buffer = new byte[1024];
-        _manager.accept(server);
+                int len = client.getInputStream().read(buffer);
+                Assert.assertEquals(5, len);
+                Assert.assertEquals("Hello", new String(buffer, 0, len, StandardCharsets.UTF_8));
 
-        client.getOutputStream().write("Hello".getBytes(StandardCharsets.UTF_8));
+                _dispatches.set(0);
-        byte[] buffer = new byte[1024];
+                client.getOutputStream().write("World".getBytes(StandardCharsets.UTF_8));
-        int len=client.getInputStream().read(buffer);
+                len = 5;
-        Assert.assertEquals(5, len);
+                while(len > 0)
-        Assert.assertEquals("Hello",new String(buffer,0,len,StandardCharsets.UTF_8));
+                    len -= client.getInputStream().read(buffer);
-
+            }
-        _dispatches.set(0);
+        }
-        client.getOutputStream().write("World".getBytes(StandardCharsets.UTF_8));
-        len=5;
-        while(len>0)
-            len-=client.getInputStream().read(buffer);
-
-        client.close();
     }
 
     @Test

jetty-server/src/main/java/org/eclipse/jetty/server/SslConnectionFactory.java

@@ -37,6 +37,8 @@ public class SslConnectionFactory extends AbstractConnectionFactory
 {
     private final SslContextFactory _sslContextFactory;
     private final String _nextProtocol;
+    private boolean _directBuffersForEncryption = false;
+    private boolean _directBuffersForDecryption = false;
 
     public SslConnectionFactory()
     {
@@ -61,6 +63,26 @@ public class SslConnectionFactory extends AbstractConnectionFactory
         return _sslContextFactory;
     }
 
+    public void setDirectBuffersForEncryption(boolean useDirectBuffers)
+    {
+        this._directBuffersForEncryption = useDirectBuffers;
+    }
+
+    public void setDirectBuffersForDecryption(boolean useDirectBuffers)
+    {
+        this._directBuffersForDecryption = useDirectBuffers;
+    }
+
+    public boolean isDirectBuffersForDecryption()
+    {
+        return _directBuffersForDecryption;
+    }
+
+    public boolean isDirectBuffersForEncryption()
+    {
+        return _directBuffersForEncryption;
+    }
+
     public String getNextProtocol()
     {
         return _nextProtocol;
@@ -100,7 +122,7 @@ public class SslConnectionFactory extends AbstractConnectionFactory
 
     protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine)
     {
-        return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine);
+        return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption());
     }
 
     @Override

jetty-start/src/test/resources/dist-home/modules/alpn-impl/alpn-1.8.0_181.mod

@@ -0,0 +1,8 @@
+[name]
+alpn-boot
+
+[files]
+http://central.maven.org/maven2/org/mortbay/jetty/alpn/alpn-boot/8.1.12.v20180117/alpn-boot-8.1.12.v20180117.jar|lib/alpn/alpn-boot-8.1.12.v20180117.jar
+
+[exec]
+-Xbootclasspath/p:lib/alpn/alpn-boot-8.1.12.v20180117.jar

jetty-websocket/websocket-client/src/main/java/org/eclipse/jetty/websocket/client/io/WebSocketClientSelectorManager.java

@@ -84,7 +84,7 @@ public class WebSocketClientSelectorManager extends SelectorManager
                 if (sslContextFactory != null)
                 {
                     SSLEngine engine = newSSLEngine(sslContextFactory,channel);
-                    SslConnection sslConnection = new SslConnection(bufferPool,getExecutor(),endPoint,engine);
+                    SslConnection sslConnection = new SslConnection(bufferPool,getExecutor(),endPoint,engine,true,true);
                     sslConnection.setRenegotiationAllowed(sslContextFactory.isRenegotiationAllowed());
                     sslConnection.setRenegotiationLimit(sslContextFactory.getRenegotiationLimit());
                     EndPoint sslEndPoint = sslConnection.getDecryptedEndPoint();

pom.xml

@@ -1425,6 +1425,18 @@
         <alpn.version>8.1.12.v20180117</alpn.version>
       </properties>
     </profile>
+    <profile>
+      <id>8u181</id>
+      <activation>
+        <property>
+          <name>java.version</name>
+          <value>1.8.0_181</value>
+        </property>
+      </activation>
+      <properties>
+        <alpn.version>8.1.12.v20180117</alpn.version>
+      </properties>
+    </profile>
     <profile>
       <id>jdk9</id>
       <activation>