- Issue #3425 upgrade conscrypt to 2.0.0 and get rid of reflection usage

- align conscrypt version in conscrypt.mod file
- add more simple unit test to test conscrypt alpn usage

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

jetty-alpn/jetty-alpn-conscrypt-client/src/main/java/org/eclipse/jetty/alpn/conscrypt/client/ConscryptClientALPNProcessor.java

@@ -18,12 +18,11 @@
 
 package org.eclipse.jetty.alpn.conscrypt.client;
 
-import java.lang.reflect.Method;
-import java.nio.charset.StandardCharsets;
 import java.security.Security;
 
 import javax.net.ssl.SSLEngine;
 
+import org.conscrypt.Conscrypt;
 import org.conscrypt.OpenSSLProvider;
 import org.eclipse.jetty.alpn.client.ALPNClientConnection;
 import org.eclipse.jetty.io.Connection;
@@ -59,11 +58,9 @@ public class ConscryptClientALPNProcessor implements ALPNProcessor.Client
     {
         try
         {
-            Method setAlpnProtocols = sslEngine.getClass().getDeclaredMethod("setApplicationProtocols", String[].class);
-            setAlpnProtocols.setAccessible(true);
             ALPNClientConnection alpn = (ALPNClientConnection)connection;
             String[] protocols = alpn.getProtocols().toArray(new String[0]);
-            setAlpnProtocols.invoke(sslEngine, (Object)protocols);
+            Conscrypt.setApplicationProtocols(sslEngine, protocols);
             ((SslConnection.DecryptedEndPoint)connection.getEndPoint()).getSslConnection()
                     .addHandshakeListener(new ALPNListener(alpn));
         }
@@ -92,9 +89,7 @@ public class ConscryptClientALPNProcessor implements ALPNProcessor.Client
             try
             {
                 SSLEngine sslEngine = alpnConnection.getSSLEngine();
-                Method method = sslEngine.getClass().getDeclaredMethod("getApplicationProtocol");
-                method.setAccessible(true);
-                String protocol = (String)method.invoke(sslEngine);
+                String protocol = Conscrypt.getApplicationProtocol(sslEngine);
                 alpnConnection.selected(protocol);
             }
             catch (Throwable e)

jetty-alpn/jetty-alpn-conscrypt-server/pom.xml

@@ -38,6 +38,31 @@
       <version>${project.version}</version>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-alpn-conscrypt-client</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-client</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty.http2</groupId>
+      <artifactId>http2-client</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty.http2</groupId>
+      <artifactId>http2-http-client-transport</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+
   </dependencies>
   <build>
     <plugins>

jetty-alpn/jetty-alpn-conscrypt-server/src/main/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptServerALPNProcessor.java

@@ -18,13 +18,15 @@
 
 package org.eclipse.jetty.alpn.conscrypt.server;
 
-import java.lang.reflect.Method;
 import java.security.Security;
 import java.util.List;
 import java.util.function.BiFunction;
 
 import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLSocket;
 
+import org.conscrypt.ApplicationProtocolSelector;
+import org.conscrypt.Conscrypt;
 import org.conscrypt.OpenSSLProvider;
 import org.eclipse.jetty.alpn.server.ALPNServerConnection;
 import org.eclipse.jetty.io.Connection;
@@ -60,9 +62,10 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
     {
         try
         {
-            Method method = sslEngine.getClass().getMethod("setHandshakeApplicationProtocolSelector", BiFunction.class);
-            method.setAccessible(true);
-            method.invoke(sslEngine,new ALPNCallback((ALPNServerConnection)connection));
+            // with java 9+ we must use
+            //sslEngine.setHandshakeApplicationProtocolSelector(new ALPNCallback((ALPNServerConnection)connection));
+            Conscrypt.setApplicationProtocolSelector(sslEngine,
+                                                      toApplicationProtocolSelector(new ALPNCallback((ALPNServerConnection)connection)));
         }
         catch (RuntimeException x)
         {
@@ -74,6 +77,24 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
         }
     }
 
+    private static ApplicationProtocolSelector toApplicationProtocolSelector(BiFunction<SSLEngine, List<String>, String> selector)
+    {
+        return new ApplicationProtocolSelector()
+        {
+            @Override
+            public String selectApplicationProtocol(SSLEngine engine, List<String> protocols)
+            {
+                return selector.apply(engine, protocols);
+            }
+
+            @Override
+            public String selectApplicationProtocol(SSLSocket socket, List<String> protocols)
+            {
+                throw new UnsupportedOperationException();
+            }
+        };
+    }
+
     private final class ALPNCallback implements BiFunction<SSLEngine,List<String>,String>, SslHandshakeListener
     {
         private final ALPNServerConnection alpnConnection;

jetty-alpn/jetty-alpn-conscrypt-server/src/test/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptHTTP2Server.java

@@ -1,72 +0,0 @@
-//
-//  ========================================================================
-//  Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
-//  ------------------------------------------------------------------------
-//  All rights reserved. This program and the accompanying materials
-//  are made available under the terms of the Eclipse Public License v1.0
-//  and Apache License v2.0 which accompanies this distribution.
-//
-//      The Eclipse Public License is available at
-//      http://www.eclipse.org/legal/epl-v10.html
-//
-//      The Apache License v2.0 is available at
-//      http://www.opensource.org/licenses/apache2.0.php
-//
-//  You may elect to redistribute this code under either of these licenses.
-//  ========================================================================
-//
-
-package org.eclipse.jetty.alpn.conscrypt.server;
-
-import java.security.Security;
-
-import org.conscrypt.OpenSSLProvider;
-import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
-import org.eclipse.jetty.http2.HTTP2Cipher;
-import org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory;
-import org.eclipse.jetty.server.HttpConfiguration;
-import org.eclipse.jetty.server.HttpConnectionFactory;
-import org.eclipse.jetty.server.SecureRequestCustomizer;
-import org.eclipse.jetty.server.Server;
-import org.eclipse.jetty.server.ServerConnector;
-import org.eclipse.jetty.server.SslConnectionFactory;
-import org.eclipse.jetty.util.ssl.SslContextFactory;
-
-/**
- * Test server that verifies that the Conscrypt ALPN mechanism works.
- */
-public class ConscryptHTTP2Server
-{
-    public static void main(String[] args) throws Exception
-    {
-        Security.addProvider(new OpenSSLProvider());
-
-        Server server = new Server();
-
-        HttpConfiguration httpsConfig = new HttpConfiguration();
-        httpsConfig.setSecureScheme("https");
-        httpsConfig.setSecurePort(8443);
-        httpsConfig.setSendXPoweredBy(true);
-        httpsConfig.setSendServerVersion(true);
-        httpsConfig.addCustomizer(new SecureRequestCustomizer());
-
-        SslContextFactory sslContextFactory = new SslContextFactory();
-        sslContextFactory.setProvider("Conscrypt");
-        sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
-        sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
-        sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
-        sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
-
-        HttpConnectionFactory http = new HttpConnectionFactory(httpsConfig);
-        HTTP2ServerConnectionFactory h2 = new HTTP2ServerConnectionFactory(httpsConfig);
-        ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory();
-        alpn.setDefaultProtocol(http.getProtocol());
-        SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, alpn.getProtocol());
-
-        ServerConnector http2Connector = new ServerConnector(server, ssl, alpn, h2, http);
-        http2Connector.setPort(8443);
-        server.addConnector(http2Connector);
-
-        server.start();
-    }
-}

jetty-alpn/jetty-alpn-conscrypt-server/src/test/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptHTTP2ServerTest.java

@@ -0,0 +1,155 @@
+//
+//  ========================================================================
+//  Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
+//  ------------------------------------------------------------------------
+//  All rights reserved. This program and the accompanying materials
+//  are made available under the terms of the Eclipse Public License v1.0
+//  and Apache License v2.0 which accompanies this distribution.
+//
+//      The Eclipse Public License is available at
+//      http://www.eclipse.org/legal/epl-v10.html
+//
+//      The Apache License v2.0 is available at
+//      http://www.opensource.org/licenses/apache2.0.php
+//
+//  You may elect to redistribute this code under either of these licenses.
+//  ========================================================================
+//
+
+package org.eclipse.jetty.alpn.conscrypt.server;
+
+import org.conscrypt.OpenSSLProvider;
+import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
+import org.eclipse.jetty.client.HttpClient;
+import org.eclipse.jetty.client.api.ContentResponse;
+import org.eclipse.jetty.http2.client.HTTP2Client;
+import org.eclipse.jetty.http2.client.http.HttpClientTransportOverHTTP2;
+import org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory;
+import org.eclipse.jetty.server.HttpConfiguration;
+import org.eclipse.jetty.server.HttpConnectionFactory;
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.SecureRequestCustomizer;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.SslConnectionFactory;
+import org.eclipse.jetty.server.handler.AbstractHandler;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.Security;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+/**
+ * Test server that verifies that the Conscrypt ALPN mechanism works for both server and client side
+ */
+public class ConscryptHTTP2ServerTest
+{
+
+    Server server = new Server();
+
+    static
+    {
+        Security.addProvider(new OpenSSLProvider());
+    }
+
+    public static void main(String[] args)
+        throws Exception
+    {
+        new ConscryptHTTP2ServerTest().startServer();
+    }
+
+    private SslContextFactory newSslContextFactory()
+    {
+        Path path = Paths.get("src", "test", "resources");
+        File keys = path.resolve("keystore").toFile();
+
+        SslContextFactory sslContextFactory = new SslContextFactory();
+        sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+        sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
+        sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
+        sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+        sslContextFactory.setProvider("Conscrypt");
+        sslContextFactory.setEndpointIdentificationAlgorithm(null);
+        return sslContextFactory;
+    }
+
+    @BeforeEach
+    public void startServer()
+        throws Exception
+    {
+
+        HttpConfiguration httpsConfig = new HttpConfiguration();
+        httpsConfig.setSecureScheme( "https" );
+
+        httpsConfig.setSendXPoweredBy(true);
+        httpsConfig.setSendServerVersion(true);
+        httpsConfig.addCustomizer(new SecureRequestCustomizer());
+
+        HttpConnectionFactory http = new HttpConnectionFactory(httpsConfig);
+        HTTP2ServerConnectionFactory h2 = new HTTP2ServerConnectionFactory(httpsConfig);
+        ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory();
+        alpn.setDefaultProtocol(http.getProtocol());
+        SslConnectionFactory ssl = new SslConnectionFactory(newSslContextFactory(), alpn.getProtocol());
+
+        ServerConnector http2Connector = new ServerConnector(server,ssl,alpn,h2,http);
+        http2Connector.setPort(0);
+        server.addConnector(http2Connector);
+
+        server.setHandler(new AbstractHandler()
+        {
+            @Override
+            public void handle(String target,Request baseRequest,HttpServletRequest request,
+                                HttpServletResponse response)
+                throws IOException, ServletException
+            {
+                response.setStatus(200);
+                baseRequest.setHandled(true);
+            }
+        } );
+
+        server.start();
+
+    }
+
+    @AfterEach
+    public void stopServer()
+        throws Exception
+    {
+        if (server != null)
+        {
+            server.stop();
+        }
+    }
+
+
+    @Test
+    public void test_simple_query()
+        throws Exception
+    {
+
+        HTTP2Client h2Client = new HTTP2Client();
+        HttpClient client = new HttpClient(new HttpClientTransportOverHTTP2(h2Client),newSslContextFactory());
+        client.start();
+        try
+        {
+            int port = ((ServerConnector)server.getConnectors()[0]).getLocalPort();
+            ContentResponse contentResponse = client.GET("https://localhost:" + port);
+            assertEquals(200, contentResponse.getStatus());
+        }
+        finally
+        {
+            client.stop();
+        }
+
+    }
+}

jetty-alpn/jetty-alpn-conscrypt-server/src/test/resources/jetty-logging.properties

@@ -1,3 +1,3 @@
 org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.StdErrLog
-#org.eclipse.jetty.LEVEL=DEBUG
-#org.eclipse.jetty.alpn.LEVEL=DEBUG
+org.eclipse.jetty.LEVEL=DEBUG
+org.eclipse.jetty.alpn.LEVEL=DEBUG

jetty-home/src/main/resources/modules/conscrypt.mod

@@ -29,6 +29,6 @@ Conscrypt is distributed under the Apache Licence 2.0
 https://github.com/google/conscrypt/blob/master/LICENSE
 
 [ini]
-conscrypt.version?=1.1.4
+conscrypt.version?=2.0.0
 jetty.sslContext.provider?=Conscrypt
 

pom.xml

@@ -28,7 +28,7 @@
     <infinispan.version>9.4.8.Final</infinispan.version>
     <!-- default values are unsupported, but required to be defined for reactor sanity reasons -->
     <alpn.version>undefined</alpn.version>
-    <conscrypt.version>1.4.1</conscrypt.version>
+    <conscrypt.version>2.0.0</conscrypt.version>
     <asm.version>7.0</asm.version>
     <jmh.version>1.21</jmh.version>
     <jmhjar.name>benchmarks</jmhjar.name>