From ea116028d423e559c2dbfc9abd34caffb86b3d04 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Tue, 13 Mar 2018 14:50:50 -0500 Subject: [PATCH 1/5] Issue #2135 - TLS on Android 8.1 workaround configuration for Direct ByteBuffer use Signed-off-by: Joakim Erdfelt --- .../jetty/io/ssl/SslClientConnectionFactory.java | 14 +++++++++++++- .../org/eclipse/jetty/io/ssl/SslConnection.java | 12 ++++++++++-- .../eclipse/jetty/server/SslConnectionFactory.java | 14 +++++++++++++- 3 files changed, 36 insertions(+), 4 deletions(-) diff --git a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslClientConnectionFactory.java b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslClientConnectionFactory.java index 8a8c21ca479..aa81909e5e1 100644 --- a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslClientConnectionFactory.java +++ b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslClientConnectionFactory.java @@ -39,6 +39,8 @@ public class SslClientConnectionFactory implements ClientConnectionFactory private final ByteBufferPool byteBufferPool; private final Executor executor; private final ClientConnectionFactory connectionFactory; + private boolean _useDirectBuffersForEncryption = false; + private boolean _useDirectBuffersForDecryption = false; public SslClientConnectionFactory(SslContextFactory sslContextFactory, ByteBufferPool byteBufferPool, Executor executor, ClientConnectionFactory connectionFactory) { @@ -48,6 +50,16 @@ public class SslClientConnectionFactory implements ClientConnectionFactory this.connectionFactory = connectionFactory; } + public void setDirectBuffersForEncryption(boolean useDirectBuffers) + { + this._useDirectBuffersForEncryption = useDirectBuffers; + } + + public void setDirectBuffersForDecryption(boolean useDirectBuffers) + { + this._useDirectBuffersForDecryption = useDirectBuffers; + } + @Override public org.eclipse.jetty.io.Connection newConnection(EndPoint endPoint, Map context) throws IOException { @@ -68,6 +80,6 @@ public class SslClientConnectionFactory implements ClientConnectionFactory protected SslConnection newSslConnection(ByteBufferPool byteBufferPool, Executor executor, EndPoint endPoint, SSLEngine engine) { - return new SslConnection(byteBufferPool, executor, endPoint, engine); + return new SslConnection(byteBufferPool, executor, endPoint, engine, _useDirectBuffersForEncryption, _useDirectBuffersForDecryption); } } diff --git a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java index 8284c92e691..c82d6e37a8c 100644 --- a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java +++ b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java @@ -88,8 +88,8 @@ public class SslConnection extends AbstractConnection private ByteBuffer _decryptedInput; private ByteBuffer _encryptedInput; private ByteBuffer _encryptedOutput; - private final boolean _encryptedDirectBuffers = false; - private final boolean _decryptedDirectBuffers = false; + private final boolean _encryptedDirectBuffers; + private final boolean _decryptedDirectBuffers; private final Runnable _runCompletWrite = new Runnable() { @Override @@ -101,6 +101,12 @@ public class SslConnection extends AbstractConnection private boolean _renegotiationAllowed; public SslConnection(ByteBufferPool byteBufferPool, Executor executor, EndPoint endPoint, SSLEngine sslEngine) + { + this(byteBufferPool, executor, endPoint, sslEngine, false, false); + } + + public SslConnection(ByteBufferPool byteBufferPool, Executor executor, EndPoint endPoint, SSLEngine sslEngine, + boolean useDirectBuffersForEncryption, boolean useDirectBuffersForDecryption) { // This connection does not execute calls to onfillable, so they will be called by the selector thread. // onfillable does not block and will only wakeup another thread to do the actual reading and handling. @@ -108,6 +114,8 @@ public class SslConnection extends AbstractConnection this._bufferPool = byteBufferPool; this._sslEngine = sslEngine; this._decryptedEndPoint = newDecryptedEndPoint(); + this._encryptedDirectBuffers = useDirectBuffersForEncryption; + this._decryptedDirectBuffers = useDirectBuffersForDecryption; } protected DecryptedEndPoint newDecryptedEndPoint() diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/SslConnectionFactory.java b/jetty-server/src/main/java/org/eclipse/jetty/server/SslConnectionFactory.java index 679cb7460cc..5e3b15c56c8 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/SslConnectionFactory.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/SslConnectionFactory.java @@ -34,6 +34,8 @@ public class SslConnectionFactory extends AbstractConnectionFactory { private final SslContextFactory _sslContextFactory; private final String _nextProtocol; + private boolean _useDirectBuffersForEncryption = false; + private boolean _useDirectBuffersForDecryption = false; public SslConnectionFactory() { @@ -58,6 +60,16 @@ public class SslConnectionFactory extends AbstractConnectionFactory return _sslContextFactory; } + public void setDirectBuffersForEncryption(boolean useDirectBuffers) + { + this._useDirectBuffersForEncryption = useDirectBuffers; + } + + public void setDirectBuffersForDecryption(boolean useDirectBuffers) + { + this._useDirectBuffersForDecryption = useDirectBuffers; + } + @Override protected void doStart() throws Exception { @@ -91,7 +103,7 @@ public class SslConnectionFactory extends AbstractConnectionFactory protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { - return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine); + return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, _useDirectBuffersForEncryption, _useDirectBuffersForDecryption); } @Override From 2d5ef67d3f362f073350b551429068ea5fbb5d05 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Wed, 6 Jun 2018 10:55:28 -0500 Subject: [PATCH 2/5] Issue #2135 - TLS on Android 8.1 workaround configuration for Direct ByteBuffer use + Changes from review with @sbordet Signed-off-by: Joakim Erdfelt --- .../io/ssl/SslClientConnectionFactory.java | 20 ++++++++++++++----- .../jetty/server/SslConnectionFactory.java | 20 ++++++++++++++----- 2 files changed, 30 insertions(+), 10 deletions(-) diff --git a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslClientConnectionFactory.java b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslClientConnectionFactory.java index aa81909e5e1..8a97784a6fb 100644 --- a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslClientConnectionFactory.java +++ b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslClientConnectionFactory.java @@ -39,8 +39,8 @@ public class SslClientConnectionFactory implements ClientConnectionFactory private final ByteBufferPool byteBufferPool; private final Executor executor; private final ClientConnectionFactory connectionFactory; - private boolean _useDirectBuffersForEncryption = false; - private boolean _useDirectBuffersForDecryption = false; + private boolean _directBuffersForEncryption = true; + private boolean _directBuffersForDecryption = true; public SslClientConnectionFactory(SslContextFactory sslContextFactory, ByteBufferPool byteBufferPool, Executor executor, ClientConnectionFactory connectionFactory) { @@ -52,12 +52,22 @@ public class SslClientConnectionFactory implements ClientConnectionFactory public void setDirectBuffersForEncryption(boolean useDirectBuffers) { - this._useDirectBuffersForEncryption = useDirectBuffers; + this._directBuffersForEncryption = useDirectBuffers; } public void setDirectBuffersForDecryption(boolean useDirectBuffers) { - this._useDirectBuffersForDecryption = useDirectBuffers; + this._directBuffersForDecryption = useDirectBuffers; + } + + public boolean isDirectBuffersForDecryption() + { + return _directBuffersForDecryption; + } + + public boolean isDirectBuffersForEncryption() + { + return _directBuffersForEncryption; } @Override @@ -80,6 +90,6 @@ public class SslClientConnectionFactory implements ClientConnectionFactory protected SslConnection newSslConnection(ByteBufferPool byteBufferPool, Executor executor, EndPoint endPoint, SSLEngine engine) { - return new SslConnection(byteBufferPool, executor, endPoint, engine, _useDirectBuffersForEncryption, _useDirectBuffersForDecryption); + return new SslConnection(byteBufferPool, executor, endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()); } } diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/SslConnectionFactory.java b/jetty-server/src/main/java/org/eclipse/jetty/server/SslConnectionFactory.java index 5e3b15c56c8..ec3253e7cbd 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/SslConnectionFactory.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/SslConnectionFactory.java @@ -34,8 +34,8 @@ public class SslConnectionFactory extends AbstractConnectionFactory { private final SslContextFactory _sslContextFactory; private final String _nextProtocol; - private boolean _useDirectBuffersForEncryption = false; - private boolean _useDirectBuffersForDecryption = false; + private boolean _directBuffersForEncryption = false; + private boolean _directBuffersForDecryption = false; public SslConnectionFactory() { @@ -62,12 +62,22 @@ public class SslConnectionFactory extends AbstractConnectionFactory public void setDirectBuffersForEncryption(boolean useDirectBuffers) { - this._useDirectBuffersForEncryption = useDirectBuffers; + this._directBuffersForEncryption = useDirectBuffers; } public void setDirectBuffersForDecryption(boolean useDirectBuffers) { - this._useDirectBuffersForDecryption = useDirectBuffers; + this._directBuffersForDecryption = useDirectBuffers; + } + + public boolean isDirectBuffersForDecryption() + { + return _directBuffersForDecryption; + } + + public boolean isDirectBuffersForEncryption() + { + return _directBuffersForEncryption; } @Override @@ -103,7 +113,7 @@ public class SslConnectionFactory extends AbstractConnectionFactory protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { - return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, _useDirectBuffersForEncryption, _useDirectBuffersForDecryption); + return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()); } @Override From c4ea4a2d96d46d7fd2237c5f762810df1e2d76a6 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Wed, 6 Jun 2018 11:00:03 -0500 Subject: [PATCH 3/5] Issue #2135 - TLS on Android 8.1 workaround configuration for Direct ByteBuffer use + Assigning WebSocket Client to use true for direct bytebuffers always. + Changes from review with @sbordet Signed-off-by: Joakim Erdfelt --- .../websocket/client/io/WebSocketClientSelectorManager.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jetty-websocket/websocket-client/src/main/java/org/eclipse/jetty/websocket/client/io/WebSocketClientSelectorManager.java b/jetty-websocket/websocket-client/src/main/java/org/eclipse/jetty/websocket/client/io/WebSocketClientSelectorManager.java index 1c908d074aa..d282f7c90a9 100644 --- a/jetty-websocket/websocket-client/src/main/java/org/eclipse/jetty/websocket/client/io/WebSocketClientSelectorManager.java +++ b/jetty-websocket/websocket-client/src/main/java/org/eclipse/jetty/websocket/client/io/WebSocketClientSelectorManager.java @@ -82,7 +82,7 @@ public class WebSocketClientSelectorManager extends SelectorManager if (sslContextFactory != null) { SSLEngine engine = newSSLEngine(sslContextFactory,channel); - SslConnection sslConnection = new SslConnection(bufferPool,getExecutor(),endPoint,engine); + SslConnection sslConnection = new SslConnection(bufferPool,getExecutor(),endPoint,engine,true,true); sslConnection.setRenegotiationAllowed(sslContextFactory.isRenegotiationAllowed()); EndPoint sslEndPoint = sslConnection.getDecryptedEndPoint(); From df29e292afd49b603d3c5bc9b0d01137378c432c Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Wed, 6 Jun 2018 14:24:53 -0500 Subject: [PATCH 4/5] Issue #2135 - Correct testHelloWorld failure by backporting test from 9.4.x Signed-off-by: Joakim Erdfelt --- .../eclipse/jetty/io/SslConnectionTest.java | 45 +++++++++++-------- 1 file changed, 26 insertions(+), 19 deletions(-) diff --git a/jetty-io/src/test/java/org/eclipse/jetty/io/SslConnectionTest.java b/jetty-io/src/test/java/org/eclipse/jetty/io/SslConnectionTest.java index 2d85210480d..543f7e23792 100644 --- a/jetty-io/src/test/java/org/eclipse/jetty/io/SslConnectionTest.java +++ b/jetty-io/src/test/java/org/eclipse/jetty/io/SslConnectionTest.java @@ -45,6 +45,7 @@ import org.eclipse.jetty.util.thread.QueuedThreadPool; import org.eclipse.jetty.util.thread.Scheduler; import org.eclipse.jetty.util.thread.TimerScheduler; import org.junit.After; +import org.junit.AfterClass; import org.junit.Assert; import org.junit.Before; import org.junit.BeforeClass; @@ -139,6 +140,12 @@ public class SslConnectionTest __sslCtxFactory.start(); } + @AfterClass + public static void stopSsl() throws Exception + { + __sslCtxFactory.stop(); + } + @Before public void startManager() throws Exception { @@ -259,27 +266,27 @@ public class SslConnectionTest @Test public void testHelloWorld() throws Exception { - Socket client = newClient(); - client.setSoTimeout(60000); + try (Socket client = newClient()) + { + client.setSoTimeout(60000); + try (SocketChannel server = _connector.accept()) + { + server.configureBlocking(false); + _manager.accept(server); - SocketChannel server = _connector.accept(); - server.configureBlocking(false); - _manager.accept(server); + client.getOutputStream().write("Hello".getBytes(StandardCharsets.UTF_8)); + byte[] buffer = new byte[1024]; + int len = client.getInputStream().read(buffer); + Assert.assertEquals(5, len); + Assert.assertEquals("Hello", new String(buffer, 0, len, StandardCharsets.UTF_8)); - client.getOutputStream().write("Hello".getBytes(StandardCharsets.UTF_8)); - byte[] buffer = new byte[1024]; - int len=client.getInputStream().read(buffer); - Assert.assertEquals(5, len); - Assert.assertEquals("Hello",new String(buffer,0,len,StandardCharsets.UTF_8)); - - _dispatches.set(0); - client.getOutputStream().write("World".getBytes(StandardCharsets.UTF_8)); - len=5; - while(len>0) - len-=client.getInputStream().read(buffer); - Assert.assertEquals(1, _dispatches.get()); - - client.close(); + _dispatches.set(0); + client.getOutputStream().write("World".getBytes(StandardCharsets.UTF_8)); + len = 5; + while (len > 0) + len -= client.getInputStream().read(buffer); + } + } } From 7845497702d7766ebf9be7a4cb75d4afdb792f70 Mon Sep 17 00:00:00 2001 From: Simone Bordet Date: Wed, 18 Jul 2018 15:47:09 +0200 Subject: [PATCH 5/5] Updated ALPN version for JDK 8u181. Signed-off-by: Simone Bordet --- .../config/modules/protonego-impl/alpn-1.8.0_181.mod | 8 ++++++++ .../modules/protonego-impl/alpn-1.8.0_181.mod | 8 ++++++++ pom.xml | 12 ++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 jetty-alpn/jetty-alpn-server/src/main/config/modules/protonego-impl/alpn-1.8.0_181.mod create mode 100644 jetty-start/src/test/resources/dist-home/modules/protonego-impl/alpn-1.8.0_181.mod diff --git a/jetty-alpn/jetty-alpn-server/src/main/config/modules/protonego-impl/alpn-1.8.0_181.mod b/jetty-alpn/jetty-alpn-server/src/main/config/modules/protonego-impl/alpn-1.8.0_181.mod new file mode 100644 index 00000000000..8b0de785937 --- /dev/null +++ b/jetty-alpn/jetty-alpn-server/src/main/config/modules/protonego-impl/alpn-1.8.0_181.mod @@ -0,0 +1,8 @@ +[name] +protonego-boot + +[files] +http://central.maven.org/maven2/org/mortbay/jetty/alpn/alpn-boot/8.1.12.v20180117/alpn-boot-8.1.12.v20180117.jar|lib/alpn/alpn-boot-8.1.12.v20180117.jar + +[exec] +-Xbootclasspath/p:lib/alpn/alpn-boot-8.1.12.v20180117.jar diff --git a/jetty-start/src/test/resources/dist-home/modules/protonego-impl/alpn-1.8.0_181.mod b/jetty-start/src/test/resources/dist-home/modules/protonego-impl/alpn-1.8.0_181.mod new file mode 100644 index 00000000000..8b0de785937 --- /dev/null +++ b/jetty-start/src/test/resources/dist-home/modules/protonego-impl/alpn-1.8.0_181.mod @@ -0,0 +1,8 @@ +[name] +protonego-boot + +[files] +http://central.maven.org/maven2/org/mortbay/jetty/alpn/alpn-boot/8.1.12.v20180117/alpn-boot-8.1.12.v20180117.jar|lib/alpn/alpn-boot-8.1.12.v20180117.jar + +[exec] +-Xbootclasspath/p:lib/alpn/alpn-boot-8.1.12.v20180117.jar diff --git a/pom.xml b/pom.xml index 0496e8214eb..737124eb7f8 100644 --- a/pom.xml +++ b/pom.xml @@ -1433,5 +1433,17 @@ 8.1.12.v20180117 + + 8u181 + + + java.version + 1.8.0_181 + + + + 8.1.12.v20180117 + +