Added test to replicate the traffic seen in the issue.
The test shows that we do close the server EndPoint.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
For some historical reason, host and port were not mutable after the request
was created. Since many other key parameters are mutable (e.g. the scheme)
it makes sense to make host and port mutable too.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced NetworkTrafficSocketChannelEndPoint to replace
NetworkTrafficSelectChannelEndPoint, now deprecated.
Code and javadocs cleanup.
Moved the tests to jetty-client so that also the client is tested.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Updated the keystores to PKCS12 and added the Basic Constraint CA:true
to the server certificate.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixed visibility of ProxyProtocolConnection.
Must be protected because it's the return type
of protected methods.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced HttpRequest.normalized() to test and set whether
the request has already been normalized.
Added test case and few cleanups.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fixes#4421 - HttpClient support for PROXY protocol.
Implemented support for the PROXY protocol in HttpClient.
Introduced Request.tag(Object) to tag requests that belong
to the same group (e.g. a client address) so that they can
generate a different destination.
The tag object may implement ClientConnectionFactory.Decorator
so that it can decorate the HttpDestination ClientConnectionFactory
and therefore work both with and without forward proxy configuration.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now setting correctly the host and port to the server destination
_after_ the SOCKS tunnel is established, similarly to what is done
for the HTTP CONNECT tunnel.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
In case of multiple parts only the last iterator was closed.
Now, every part's iterator is closed.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now the various content listeners inherit from each other, like
it should have been from the beginning.
This also allowed to remove code duplication due to the default
implementation of the methods in various places.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now correctly handling no demand before the content
in FCGI and HTTP2 transports.
Fixed HttpRequest to correctly forward onBeforeContent()
to wrapped listeners.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #4265 Remove doError
The doError method and the ErrorDispatchHandler class were
hang overs from when we needed to dispatch into a context to get sendError called, which would then generate the error page.
Now sendError doesn't do any generation, rather it changes state that arranges either for a minimal error page to be generated or an ERROR dispatch to a real handler/servlet to generate the error page.
Thus the ErrorDispatchHandler and doError methods can now be removed.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4265 Remove doError
Moved the error page dispatching logic back to the ErrorHandler class to assist with backwards compatibility
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4265 Remove doError
Moved the error page dispatching logic back to the ErrorHandler class to assist with backwards compatibility
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4265 doError
Updates from review.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Releasing the decrypted input buffer so that it can be re-acquired
with an expanded capacity.
Looping around only if the buffer size has changed.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Added workarounds for the Java 11 behavior.
In fill(), call closeInbound() if we filled -1 and the handshake
did not start yet. This avoids to send a ClientHello to the peer
even if we are closing.
In flush(), if the handshake status is NEED_UNWRAP but we are
closing, force a wrap().
Added test cases.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now rethrowing other exceptions as SSLHandshakeException
if they happen during the TLS handshake.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
It is now possible to pass a `SslContextFactory.Client` to HttpProxy
so that it is possible to use a keystore for the proxy communication
and another keystore for the server communication.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixed setting of host/port in AbstractConnectorHttpClientTransport
and HttpProxy so that the creation of SSLEngine can use the proper
host/port pair, and can be subsequently used in TLS components.
Introduced SslContextFactory X509ExtendedKeyManagerWrapper and
X509ExtendedTrustManagerWrapper as utility classes used internally
and in tests.
The test case for this issue required 3 keystores, so other test
classes have been refactored to use the new keystores.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now exceptions thrown by fill() or flush() are stored in a field.
Further fill() operations will rethrow the original exception rather
than returning -1.
Returning -1 to application was causing them to close() with a generic
failure that was triggering the EOFException reported in this issue.
Now applications see the original exception and can close() with the
proper cause.
Re-enabled HostnameVerificationTest that was reproducing this issue
reliably but was @Disabled a while back and never re-enabled.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
1. Now forwarding the fillable event rather than assuming that is due
to garbage bytes or by a server close. This ensures that a HTTP read
consumes the TLS bytes and the `NewSessionTicket` message.
2. Avoid to set the `SslConnection` onto the `EndPoint` in
`SslClientConnectionFactory` - this allows upgrades to work properly,
for example when tunnelling through a secure proxy.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced a Response.DemandedContentListener to explicitly separate
the will to request more content from the notification that the content
has been consumed.
Updated all transports to follow the new semantic: rather than waiting
for the callback to complete before delivering more content, now they
wait for the demand to be positive to deliver more content.
Since now the content may be unconsumed but there can be more demand,
all transport implementation had to be changed to use RetainableByteBuffer
to retain content buffers that were not consumed.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Removing Legacy Method Separators
* Restyling branch `jetty-9.4.x`
* Applying changes highlighted by checkstyle
* Applying XML restyling
* Fixing XML codestyle for IntelliJ
* Fixing XML style mistakes
* Revert "Applying XML restyling"
* Updating checkstyle for XML codestyle
* Reformatting pom.xml files
* Fixed empty string from line wraps
* Update intellij style to not do expression relative formatting. Reformatted code based on that.
* Increasing line split on Eclipse IDE Formatter to 512
* Restoring setting on internal default value.
+ IntelliJ will not export settings on things that set to their
internal default values.
We want to keep those values as a hedge against future default
value changes in future releases of IntelliJ.
* Fixing intellij codestyle
* do not allow single line simple methods
* misc checkstyle fixes
* re-exported with correct name and all values
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Modified the sender logic to allow specific subclasses to decide
when to send the trailers, if any.
This allows HTTP/2 to correctly compute the end_stream flag and avoid
sending empty trailers frames with end_stream=true.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
+ Deprecated B64Code
+ All code that isn't B64CodeTest is now using java.util.Base64
+ B64CodeTest is updated to confirm change to java.util.Base64
is possible without change in behavior. Just have to make
sure you use the appropriate Encoder / Decoder for the task
at hand (default vs mime vs url)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Updating to jetty-test-helper 4.2.1 with new Net.class
+ Assume.assumeTrue(Net.isIpv6InterfaceAvailable());
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Updating to jetty-test-helper 3.1.1 with new Net.class
+ Assume.assumeTrue(Net.isIpv6InterfaceAvailable());
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* exclude ipv6 test as currently failing on kubernetes, using junit tag and ci profile activated via Jenkinsfile
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* upgrade surefire to 3.0.0-M3
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Introduced SslContextFactory subclasses Client and Server.
Replaced all usages of SslContextFactory with either Client or Server
as required.
Refactored configuration checking so that warnings are not emitted
when non necessary.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Reviewed the implementation.
Got rid of the single channel stored in the HttpClientTransport.
Re-enabled tests on the Unix socket transport.
Updated JNR to 0.22.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Updates after review.
Removed special logic to test for same URI redirection,
so it will fall back into the normal case where redirects
are counted against a maximum.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Removed timeout after copying the request in case of redirects
(and authentications), to avoid that the timeout listener is
notified of intermediate exchanges and resets the timeout.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Modified jetty-client content decoding to be fully non-blocking;
this allows for a better backpressure and less usage of the buffer
pool.
Modified GZIPContentDecoder to aggregate decoded ByteBuffers in
a smarter way that avoids too many data copies and pollution of
the buffer pool with intermediate size buffers.
Removed duplicate test GZIPContentDecoderTest.
Improved javadocs and improved AsyncMiddleManServlet
to release buffers used by the GZIPContentDecoder.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* add jdk12 build stage
* test last release of infinispan for jdk12 build
* fix upperBound dependency for jboss logging
* upgrade juniper to 5.4.0 and disable infinispan test if JRE.JAVA_12
* Fixed annotations to exclude any JDK > 11 for 3 tests.
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Added a SslHandshakeListener to SslConnection that performs
the host name verification (only on the client) if the
HostnameVerifier has been configured in SslContextFactory.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Don't call handleContentMessage after content call if the content call
returns true.
This is a slight bending of the parser contract to work around the current
client interpretation that a true return will prevent other events from being
delivered.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Issue #3038 - SSL connection leak.
Fixed SSL spin caused when fill had NEED_WRAP, but a flush/wrap
produced 0 bytes and stayed in NEED_WRAP
Removed check of isInputShutdown prior to filling that allowed EOF to
overtake data already read.
Fix for leak by shutting down output in HttpConnection if
filled -1 and the HttpChannelState was no longer processing
current request.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Fixes Issue #3103 - HttpClient buffer leak found by dump improvements
The leak problem was an additional, unnecessary, call retain() in ResponseNotifier.notifyContent() that was leaking `ByteBuffer`s.
Simone Bordet
Joakim Erdfelt
Greg Wilkins
olivier lamy
Lachlan
Marc-Olivier Fleury
康智冬
Olivier Lamy