It is now possible to pass a `SslContextFactory.Client` to HttpProxy
so that it is possible to use a keystore for the proxy communication
and another keystore for the server communication.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixed setting of host/port in AbstractConnectorHttpClientTransport
and HttpProxy so that the creation of SSLEngine can use the proper
host/port pair, and can be subsequently used in TLS components.
Introduced SslContextFactory X509ExtendedKeyManagerWrapper and
X509ExtendedTrustManagerWrapper as utility classes used internally
and in tests.
The test case for this issue required 3 keystores, so other test
classes have been refactored to use the new keystores.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Made jetty-alpn-client required by jetty-client.
Fixed groupId for test-proxy-webapp.
Added test case for the failing configuration.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now exceptions thrown by fill() or flush() are stored in a field.
Further fill() operations will rethrow the original exception rather
than returning -1.
Returning -1 to application was causing them to close() with a generic
failure that was triggering the EOFException reported in this issue.
Now applications see the original exception and can close() with the
proper cause.
Re-enabled HostnameVerificationTest that was reproducing this issue
reliably but was @Disabled a while back and never re-enabled.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
1. Now forwarding the fillable event rather than assuming that is due
to garbage bytes or by a server close. This ensures that a HTTP read
consumes the TLS bytes and the `NewSessionTicket` message.
2. Avoid to set the `SslConnection` onto the `EndPoint` in
`SslClientConnectionFactory` - this allows upgrades to work properly,
for example when tunnelling through a secure proxy.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced a Response.DemandedContentListener to explicitly separate
the will to request more content from the notification that the content
has been consumed.
Updated all transports to follow the new semantic: rather than waiting
for the callback to complete before delivering more content, now they
wait for the demand to be positive to deliver more content.
Since now the content may be unconsumed but there can be more demand,
all transport implementation had to be changed to use RetainableByteBuffer
to retain content buffers that were not consumed.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixes#250 - Implement HTTP CONNECT for HTTP/2.
Modified HTTP/2 implementation to support the CONNECT method.
Implemented semantic defined by RFC 8441.
Implemented section 8.3 of RFC 7540.
Introduced HTTP2Client.streamIdleTimeout.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Removing Legacy Method Separators
* Restyling branch `jetty-9.4.x`
* Applying changes highlighted by checkstyle
* Applying XML restyling
* Fixing XML codestyle for IntelliJ
* Fixing XML style mistakes
* Revert "Applying XML restyling"
* Updating checkstyle for XML codestyle
* Reformatting pom.xml files
* Fixed empty string from line wraps
* Update intellij style to not do expression relative formatting. Reformatted code based on that.
* Increasing line split on Eclipse IDE Formatter to 512
* Restoring setting on internal default value.
+ IntelliJ will not export settings on things that set to their
internal default values.
We want to keep those values as a hedge against future default
value changes in future releases of IntelliJ.
* Fixing intellij codestyle
* do not allow single line simple methods
* misc checkstyle fixes
* re-exported with correct name and all values
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Modified the sender logic to allow specific subclasses to decide
when to send the trailers, if any.
This allows HTTP/2 to correctly compute the end_stream flag and avoid
sending empty trailers frames with end_stream=true.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
+ Deprecated B64Code
+ All code that isn't B64CodeTest is now using java.util.Base64
+ B64CodeTest is updated to confirm change to java.util.Base64
is possible without change in behavior. Just have to make
sure you use the appropriate Encoder / Decoder for the task
at hand (default vs mime vs url)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Updating to jetty-test-helper 4.2.1 with new Net.class
+ Assume.assumeTrue(Net.isIpv6InterfaceAvailable());
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Updating to jetty-test-helper 3.1.1 with new Net.class
+ Assume.assumeTrue(Net.isIpv6InterfaceAvailable());
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* exclude ipv6 test as currently failing on kubernetes, using junit tag and ci profile activated via Jenkinsfile
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* upgrade surefire to 3.0.0-M3
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Introduced SslContextFactory subclasses Client and Server.
Replaced all usages of SslContextFactory with either Client or Server
as required.
Refactored configuration checking so that warnings are not emitted
when non necessary.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Reviewed the implementation.
Got rid of the single channel stored in the HttpClientTransport.
Re-enabled tests on the Unix socket transport.
Updated JNR to 0.22.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Updates after review.
Removed special logic to test for same URI redirection,
so it will fall back into the normal case where redirects
are counted against a maximum.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Simplified ProxyProtocolClientConnectionFactory
to use Origin.Address rather than InetSocketAddress.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Removed timeout after copying the request in case of redirects
(and authentications), to avoid that the timeout listener is
notified of intermediate exchanges and resets the timeout.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced `HttpClientTransportDynamic` to be able to switch transport dynamically.
Refactored other transports and HttpDestination, removing now unnecessary classes.
Introduced ProxyProtocolClientConnectionFactory and used it for testing.
Updated OSGi tests now that jetty-client depends on jetty-alpn-client.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Modified jetty-client content decoding to be fully non-blocking;
this allows for a better backpressure and less usage of the buffer
pool.
Modified GZIPContentDecoder to aggregate decoded ByteBuffers in
a smarter way that avoids too many data copies and pollution of
the buffer pool with intermediate size buffers.
Removed duplicate test GZIPContentDecoderTest.
Improved javadocs and improved AsyncMiddleManServlet
to release buffers used by the GZIPContentDecoder.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* add jdk12 build stage
* test last release of infinispan for jdk12 build
* fix upperBound dependency for jboss logging
* upgrade juniper to 5.4.0 and disable infinispan test if JRE.JAVA_12
* Fixed annotations to exclude any JDK > 11 for 3 tests.
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Reviewed module-info.java files.
For those that have a "requires static" added a comment about
why the dependency is optional.
Rearranged directives in alphabetical order.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Added a SslHandshakeListener to SslConnection that performs
the host name verification (only on the client) if the
HostnameVerifier has been configured in SslContextFactory.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Reverted refactoring of newConnection() to avoid
to bind the class to a too specific abstract method.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced ClientConnector and refactored HttpClient transports,
removing duplicated code that was connect() to a remote host.
Refactored also HTTP2Client to reference ClientConnector.
Refactored tests accordingly to the changes introduced in the
implementations.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Gave onOpen, onError and onClose callback signatures
Illegal to ask for demand prior to onOpen success
added tests for various onOpen scenarios
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Reverted refactoring of newConnection() to avoid
to bind the class to a too specific abstract method.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced ClientConnector and refactored HttpClient transports,
removing duplicated code that was connect() to a remote host.
Refactored also HTTP2Client to reference ClientConnector.
Refactored tests accordingly to the changes introduced in the
implementations.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Updated module-info.java to reference the "jetty.servlet.api" module.
* Updated POMs to reference the o.e.j.toolchain:jetty-servlet-api artifact.
* Removed references to jetty-schemas.jar.
* Updated attribute "org.eclipse.jetty.server.webapp.ContainerIncludeJarPattern"
to match the new Jetty Servlet API jar.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixes#2978 - Add module-info to relevant Jetty modules.
Added module-info.java for Jetty modules that are not test modules.
Moved jetty-http test utility classes to new module "jetty-http-tools".
Removed generation of test-jar from websocket-core.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Don't call handleContentMessage after content call if the content call
returns true.
This is a slight bending of the parser contract to work around the current
client interpretation that a true return will prevent other events from being
delivered.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Issue #3038 - SSL connection leak.
Fixed SSL spin caused when fill had NEED_WRAP, but a flush/wrap
produced 0 bytes and stayed in NEED_WRAP
Removed check of isInputShutdown prior to filling that allowed EOF to
overtake data already read.
Fix for leak by shutting down output in HttpConnection if
filled -1 and the HttpChannelState was no longer processing
current request.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Fixes Issue #3103 - HttpClient buffer leak found by dump improvements
The leak problem was an additional, unnecessary, call retain() in ResponseNotifier.notifyContent() that was leaking `ByteBuffer`s.
Revert to the not-so-good bean handling for the HttpClient executor
Added TODOs so that the bean handling can be updated in future.
Deprecated Websocket client setters that hide dependency on internal HttpClient instance.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Adding more todos
* More websocket test updates
* Adding more information to exception about mismatched hash
* AcceptHash improved testing
* Prevent duplicate request headers
* Removing ability to use LocalFuzzer entirely (until its fixed)
* JSR356 HandshakeResponse header modifications are now allowed during Configurator
* Correcting MessageSink creation
* Using proper sub-protocol
* Metadata remembers OnMessage.maxMessageSize now
* Minor test updates
* Issue #2172 - Fixing JSR-356 Decoder discovery and OnMessage wiring
* More websocket test updates
* Update for null/empty payload
* Partial String Message Sink fix
* More websocket fixes around InputStream handling
* Moving proposed Abstract FrameHandler hierarchy into core main
* More testing fixes, along with a change to use the new core Abstract*FrameHandler
* Adding WebSocket URI validation
* Updating copy found in other API with improvements made in first API.
* More websocket test updates
* Fixing compilation
* WebSocket test fixes
* Fixing ContinuationTest assertions
* fixed package
* Added some better examples of QuotedCSV
I think this test is trying to use QuotedCSV in the wrong way, as it often is offering values when it should be testing parameters.
I have added some examples to show that QuotedCSV is capable of handling the quotes, spaces and embedded commas of the tests, but only
for parameters and not for values. The question is, is this sufficient for websocket?
* Improve close handling
The handling of a Close Frame may close the endpoint, so parsing should not continue
* moved old AbstractFrameHandler to test
* implement ingoing and outgoing frame sequence checking
* More work on javax.websocket parameterized server
* Bumping up pom plugin versions to jetty-9.4.x standards
* Merging up Jenkinsfile to attempt to fix CI build issues
* JSR356 @PathParam testing
* More WebSocket testing updates
* More WebSocket testing updates
* WebSocket Idle Timeout from FrameHandler specific policy
* WebSocket/JSR Pong support
* WebSocket/JSR Correcting MessageHandler.Whole<PongMessage> handling
* URL Decode UriTemplatePathSpec values
* Fixing test expectations
* Fixing AbstractWholeMessageHandler buffer flip
* More websocket test fixes
* Updated ALPN version for JDK 8u181.
* Removing QuotedUtil from WebSocket-core
+ Moved to QuotedCSV for most usages
+ Introduced HeaderUtil to satisfy remaining use cases
* Review of HttpClient names and Thread names.
+ Javax WebSocket Server = "Javax-WebSocketServer@####"
+ Javax WebSocket Client = "Javax-WebSocketClient@####"
* added OpCodeTest.java
* Minor Frame cleanup
* MessageOS cleanup
* Made the OpCode of WebSocket Frame immutable.
Frames can no longer be set as a continuation and should now be copied using the ContinuationFrame constructor
DataFrames can no longer be created without one of the subclasses as the public constructor was removed in favour of newDataFrame method
* Chat test
* Work on Chat Test
Moved implementation of assertValid to WebSocketFrame
Removed getFinRsvOp
* removed constructors for DataFrame using a basedOn Frame
instead use constructors with opCode, payload and fin bit
* refactor of WebSocket Frames WIP
* WIP: resolved failing tests
* CloseStatus rework, now use CloseStatus.toFrame to create Close Frames
new DelegateFrame class which ReadOnlyFrame extends
trim utf8 byte array in CloseStatus to utf8 character boundaries only
* working on test to test socket io erros in websocket-core
* renaming for clarity
Gave up on maintaining old names, as this is a different package anyway so some adaption will be needed regardless.
* Moved AbstractFrameHandlers to common
Only have a AbstractTestFrameHandler in core
* Close uses CloseStatus
Reduced the parsing and generation of CloseStatus when closing
* merge
* work on WebSocketTest
* cleanup log
* wip
* files missing comment header
jetty-jmh was using 9.4.12-SNAPSHOT now using 10.0.0-SNAPSHOT
* thread names
* remove sequence check from parser
* minor cleanups
* Call frameHandler externally to parser
* OpCode.check now throws ProtocolException instead of returning boolean
changed ProtocolException messages in OpCode.check
* removed Frame.Type and use OpCode instead
separated out FrameValidation for parser into method in WebSocketChannel
* moved remaining frame validation checks into WebSocketChannel
* referenced counted buffer
* cleanups
* wip on demand side
* First attempt at demandable
* demand control
* clean up reference counting
* clean ups
* WebSocketServerTest
* wip
* fixed auto fragmentation
* simple demand test
* test demand and retain
* Added validation back into the Parser
split up validation in WSChannel into methods for incoming and outgoing
fixed various tests in websocket-core
* more tests
* fixed remaining tests failing due to the changes to frame validation
* cleanups
* more autobahn refixes
* adjust mask for auto fragments
* clear mask
* fully close on unrecoverable error and not wait for close response
* Removed the CoreFuzzer and ContinuationTest
These tests are now covered elsewhere.
* remove declared exception onClosed
* Test delay close
* Test handler close
* fixed test dependency
* moved the frame sequence check from OutgoingState from after the ExtensionStack to channel.sendFrame
changed error handling to fail the callback of invalid/outOfSequence frames
added WebSocket Close tests revealing some problems with demand in state ICLOSE
* cleanup
* timing issues with WebSocketCloseTest
* test cleanups
* Cancel demand on close
* removed frame validation from generator
* finished close testing
* Issue #2901 - Moving Http Upgrader to Http Conversation
+ Solves for Authentication and Redirect
* changes from #2902 to jetty-10.0.x
* Validation Extension
introduced a ValidationExtension to do frame validation in the ExtensionStack
added the WebSocketChannel to ExtensionStack.connect to set it on the Extensions
* added parameters for ValidationExtension to choose what to validate
* ValidationExtension Cleanup
ValidationExtension now uses the Validation methods from its WebSocketChannel
simplified the parameter passing to the ValidationExtension
* core cleanup
* Fixed intermittent test failures
* clean up duplicates and imports
* simplified package structure
* many cleanups, simplifications and duplication removal
* cleanup
* added utf8 validation for text frames into ValidationExtension
added tests for utf8 validation
* create ValidationExtensionTest
* cleanup
* merge with jetty-10
update websocket to junit5
* fix to autobahn client report directory
* Fixes and cleanup
Fixed initial buffer too large for websocket buffer
less verbose debug
better debug
* Removed behavior from policy
* cleanup after merge from hell
* bug fixes and cleanups
* refactor packages with JPMS in mind
* unit test for TextMessageHandler
* cleanups
* more cleanups
* provided client/server dependencies
* fixed bad refactor
* use lambdas for TextMessageHandler
* cleanup
* cleanup
* cleanups
* cleanup of websocket-common framehandlers
* reverting to jetty websocket api from 9.4
* better chat
* renamed websocket common to util
* save wip on jetty-websocket-tests
* giving up on jetty-websocket-tests as mostly duplicated tests
* renamed websocket-util back to websocket-common
* moved InvalidWebSocketException to javax common
* reworked TextMessageHandler to MessageHandler
now handles binary messages as well
* implemented getByteBufferPool in remaining DummyChannel classes
* Moved the abstract Frame and Message handlers out of websocket-common
* replaced usages of AbstractWholeMessageHandler with CoreMessageHandler
renamed MessageHandler to CoreMessageHandler
* removed AbstractFrameTypeHandler
* cleanup
* jetty-websocket-common passing tests without websocket-common dependency
* fixed compile errors
* renamed MessageHandler
* Removing reference to websocket-server (no longer exists)
* Removing, Extensions now exist in websocket-core
* Do not append an empty ByteBuffer
* NPE Fix for empty/unused UTF-8 String Builder
* NPE Fix for SendPartialBinaryFrameHandler test
* Punching holes in WebAppContext needed for JSR356 use
* Updating "9.x.x" to "10.x.x"
* Removing Bad URI test case that is ignored
* Fixing test expectation now that we moved to QuotedCSV
* Adding TODO about onOpen failure requiring onError + onClose.
* Throwing JSR356 DeploymentException on addEndpoint() failure
* Test cleanup (for better error messages)
* Adding some comments to explain wrapNonVoidReturnType()
* cleanup methodHandle return type filtering
* test fixes
* Fix change return type to Void
* Fixed test by wiring up MessageHandler
* test cleanups
removed changeReturnType for MethodHandle as filterReturnValue already changes to return type of the filter
* fixed MessageReceivingTest.testPartialBinaryFrameHandler
* Core BatchMode replaced by boolean
* fixed LargeContainerTest.testEcho by allowing the policy to be set on the WSServer as an attribute
* acquire batchBuffer before calculating batchSpace in FrameFlusher
* Deprecated WebSocketPolicy
* Fixing MessageReceivingTest
* Refactoring out websocket-servlet
+ WebSocketPolicy removed from websocket-servlet
+ websocket-common is removed
+ Migrating back up to APIs
* WIP removing core policy
* added missing copyright headers
* customize client session
* customize cleanup
* wip
* wip
* Removing WebSocketPolicy usage within websocket-core
* Allowing DummyCoreSession to have a Behavior
* Removing core WebSocketPolicy.clonePolicy() - no longer used
* Jetty Native WebSocket now compiles / tests
* Remember WebSocketServletFactoryImpl as Context Attribute
* JSR356 codebase now compiles
* updated websocket servlets
* fix handling for no max message size
* Fixed LargeContainerTest.testEcho
Changed WebSocketServletFactoryImpl.defaultAutFragment to true
only check the incoming frame size if autoFragment is false
* Added WebSocketConstants to avoid duplicate default locations
* applications extensions discovered via headers
* fixed ConfiguratorTest.testNoExtensionsConfigurator
* cleaned up extension negotiation
* cleaned up extension negotiation
* cleanups
* Convert exceptions to API versions
* cleanup imports
* convert requestURI to a WebsocketURI in Negotiated
* fixed SessionTrackingTest
* moved session tracking management to be done by the JavaxWebSocketFrameHandler
* Cleanup dump for jdk11 classloaders
* fix to ConfiguratorTest
added the EchoSocket endpoint on the ServerContainer instead of using server.registerWebSocket
* Simplify websocket-servlet
fixed jetty websocket chat example
fixes for javax websocket chat example
fixed Upgrade response header issues
Set default configurations
improved dump
depends on javax server impl
do not expose core classes
fix javadoc
removed FrameHandlerFactory self reference
* Removed -impl from javax client and server
* Fixed common tests for onClosed event
* Improve creation of JavaxWebSocketServerContainer
Better handling of executor and httpClient as managed beans
* Fixed MessageOutputStream using empty buffers and looping forever
no longer enforce maxTextMessageBufferSize on partial messages
* Updates after review
reintroduced WebSocketServletFactory
reverted other API changes
* Ignored TextStreamTest tests incorrectly assuming no frame fragmentation
When message fragmentation is implemented in PartialStringMessageSink
then update these tests to check on the server side for no buffers
larger than the maxTextMessageBufferSize.
* fixed check for previous WebsocketUpgrade filter
Disable the AltFilterTest until problems of the WebSocketUpgradeFilter
attributes on the ServletContext are fixed.
* fixed flaky SessionTrackingTest by waiting for Sessions to open
* remove payload length check for outgoing frames
fix bug sending frames after they have failed validation checks
* reverted maven coords for javax client and server
* updated to latest jetty-10 dump changes
* Fix to WebSocketUpgradeFilter Attributes on the ServletContext
Removed deprecated method
WebSocketUpgradeFilter.configureContext(ServletContext)
Changed return type of
WebSocketUpgradeFilter.configureContext(ServletContext) to void.
WebSocketUpgradeFilter.configureContext was checking the ServletContext
for a WebSocketUpgradeFilter set as an attribute before creating a new
one. The FilterHolder from web.xml is being set as an attribute in init
which is called which happens after configureContext.
So instead of checking the attribute in
WebSocketUpgradeFilter.configureContext, we are now searching through
the filters on the ServletHandler to see if a WebSocketUpgradeFilter
has been registered with the CONTEXT_ATTRIBUTE_KEY.
* cleanup and identifying problems with FrameHandlerMetadata
* properly cache Metadata and copy MessageMetadata
properly cache Metadata in the FrameHandlerFactory using the metadataMap
copy the MessageMetadata from Metadata to prevent mutating the MethodHandle
* added new WebSocketServerContainerExecutorTest
removed DelayedStartClientOnServerTest which doesnt seem to be a valid
test when executors are shared
removed last check for executor==null in JavaxWebSocketServerContainerInitializer
as the threadPool is always created in the server
* reformatted websocket code
* reformat code
* Rervert unnecessary changes from 10.0.x
* Rervert unnecessary changes from 10.0.x
* fix build issues testing Hazelcast sessions
* QuotesDecoderTest sessions not being closed
* Fixed CookiesTest
CookiesTest.testCookiesAreSentToClient was failing due to the
Assertion being caught and logged by the upgrade request
the response is now captured by a FuturePromise and the assertions are
done in the main test
the reason the assertion was failing was due to lowercase "set-cookie"
instead of "Set-Cookie"
* fixed maven coords
* javadoc fixes
* fixed javadoc
* revert maven artifact names
* cleanup after review
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
+ Can get HttpCompliance from HttpConfiguration now
+ Signature change to HttpConnection to avoid duplicate arguments
on constructor.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Cleanup the dump implementation
* improved the clarity of utility methods for dump and updated most dump methods
* fixed upgrade filter dump
* Improved dump after review
* Moved dumpObjects to Dumpable
* implemented dumpBeans with dumpObjects
* less verbose dump
* Dump streams
* fixed dump test
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Reviewed other possible places where max local stream count may
overflow.
Fixed handling of HTTP/2 stream idle timeouts.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #2954 Report badmessage cause
Pass BadMessageException from parser to HttpReceiverOVerHTTP
This change has already mostly been made in 9.4, so essentially this is a back port. However the
primary signature of HttpParser.Handler for badMessage has not been changed and a default method
used to handle the cause. This avoids breaking any usages of the interface.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Running tests only on JDK 11, as apparently other JDKs have problems
with AES encryption/decryption.
Another hypothesis is that Kerby does AES encryption differently from
what earlier JDKs expect.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Avoid hardcoded KDC port in tests.
Updated Krb5LoginModule options with refreshKrb5Config=true,
to make sure the KDC configuration is re-read for every test.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Renamed server-side classes and added javadocs.
Deprecated old server-side classes in favor of the new ones.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
+ Changes needed for new Junit 5
+ Migrating from Vintage junit API to Jupiter junit API
+ Relies on SNAPSHOT jetty-test-helper
- this will be a formal release once this issue has been
resolved satisfactory
+ Have jenkins always pull latest SNAPSHOT for each build
+ Adding jetty.snapshots repository
+ Using surefire 2.22.0 per advice from junit
+ Ensuring <reuseForks>true</reuseForks> to work around issue junit-team/junit5#801
+ Disabling <forkMode>always</forkMode> in maven-surefire-plugin
due to bug https://github.com/junit-team/junit5/issues/801
+ OSGi tests must remain at vintage due to PaxExam
+ Moving from vintage TestingDir to jupiter WorkDir
+ Fixing imports to use jupiter, not vintage
+ Migrating vintage ExpectedException to jupiter assertThrows
+ Migrating vintage TestName to jupiter TestInfo
+ Migrating @RunWith(Parameterized.class)
to @ParameterizedTest with Argument Sources
+ Migrating assertTrue(val.contains(needle))
to assertThat(val, containsString(needle))
+ Aligning junit versions per recommendations from @sormuras
+ Adjusting parameter order change for assertEquals()
+ Test LifeCycle Annotation Migration
junit 4 | junit 5 / jupiter
------------ | -----------
@Before | @BeforeEach
@After | @AfterEach
@BeforeClass | @BeforeAll
@AfterClass | @AfterAll
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
+ Changes needed for new Junit 5
+ Migrating from Vintage junit API to Jupiter junit API
+ Relies on SNAPSHOT jetty-test-helper
- this will be a formal release once this issue has been
resolved satisfactory
+ Have jenkins always pull latest SNAPSHOT for each build
+ Adding jetty.snapshots repository
+ Using surefire 2.22.0 per advice from junit
+ Ensuring <reuseForks>true</reuseForks> to work around issue junit-team/junit5#801
+ Disabling <forkMode>always</forkMode> in maven-surefire-plugin
due to bug https://github.com/junit-team/junit5/issues/801
+ OSGi tests must remain at vintage due to PaxExam
+ Moving from vintage TestingDir to jupiter WorkDir
+ Fixing imports to use jupiter, not vintage
+ Migrating vintage ExpectedException to jupiter assertThrows
+ Migrating vintage TestName to jupiter TestInfo
+ Migrating @RunWith(Parameterized.class)
to @ParameterizedTest with Argument Sources
+ Migrating assertTrue(val.contains(needle))
to assertThat(val, containsString(needle))
+ Aligning junit versions per recommendations from @sormuras
+ Adjusting parameter order change for assertEquals()
+ Test LifeCycle Annotation Migration
junit 4 | junit 5 / jupiter
------------ | -----------
@Before | @BeforeEach
@After | @AfterEach
@BeforeClass | @BeforeAll
@AfterClass | @AfterAll
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Issue #2711 - TLS 1.3 compliance.
Disabled few tests that are TLS 1.2 specific.
Renegotiation in SslConnection is now skipped for TLS 1.3.
Replaced SNI keystore DSA certificate with RSA certificate.
First full build achieved with JDK 11+28.
Small changes after review.
Modified the test case to pass in JDK 8, where the implementation
throws SSLException, while in later JDKs throws SSLHandshakeException.
Minor cleanup
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Increased complexity of regex in order to use only one regex pattern and reworked state machine into simple for loop
Signed-off-by: lachan-roberts <lachlan@webtide.com>
Splitting elements into list using QuotedCSV and processing with state machine instead of using regex to split into multiple challenges.
Signed-off-by: lachan-roberts <lachlan@webtide.com>
Major refactor of SslConnection to address #2233 and to simplify in preparation for java-11 support.
Made the `needFillInterest` and `onIncompleteFlush` methods the primary stateful methods with state for fill and flush side that does not reproduce state already held by the SslEngine itself.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
HttpClient was confused by servers that responded
with two 100 Continue in the same HTTP conversation.
Now, whether the 100 Continue response has been handled
already is stored per-request, not per-conversation.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #2439 - Remove HTTP/2 data copy.
Implemented reference counting for the network buffer, with the
semantic that calling succeeded() on callbacks decrements the
reference count.
Introduced interface Retainable, used by the client when notifying
multiple application content listeners.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Changed the base64 pattern to only accept token68 pattern from rfc7235#appendix-C
Add limit to recusion depth of multiple challange matching to stop any vulnerablilties related to malicious server overflowing client stack
Regex no longer allows trailing whitespace
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
- Multiple challanges in the same header can now be parsed successfully.
- Will now allow a base64 value after the auth-scheme instead of parameters. Which can be used for the Negotiate auth-scheme.
- Added more in depth testing for tricky cases.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Removed the regex to separate out the realm parameter and instead parse it with the other parameters into HeaderInfo.
Changed HeaderInfo to store the parsed parameters as a Map instead of the un-parsed parameters in a string.
The parsing of the parameters is now done in AuthenticationProtocolHandler.newHeaderInfo(String) and then passed into the HeaderInfo instead of Parsing it in DigestAuthentication.
Replaced the usage of splitParams(String) with QuotedCSV used to parse the parameters.
Added test to check the ordering of parameters doesn't matter.
Allow not to have a realm parameter, changed DigestAuthentication.matches() to not match if realm is null, so that Digest Authentication requires realm parameter but any Basic Authentication can be done without it. There is currently no tests for this.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Regex will now look for comma and spaces before realm. Preventing issues accepting params with realm as a suffix like blahrealm.
Stops adding double commas when extracting realm param.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Fixed method, added Javadocs and cleaned up code with a few renamings
to better comply with AtomicLong naming.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced ConnectionPool.Multiplexable for connection pools that support multiplexing.
Reworked RoundRobinConnectionPool to support multiplexing.
Moved tests to test RoundRobinConnectionPool with both HTTP/1.1 and HTTP/2.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now exiting the parse loop when the response is complete; if there
are bytes remaining in the buffer, then it's cleared out.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Changed the signature of HttpParser.Listener.onBadMessage()
to take a BadMessageException and updated dependent code.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced property connectBlocking in HTTP2Client so that it can
be forwarded by HttpClient and then used for HTTP/2 connects.
Also introduced HTTP2Client.bindAddress, again forwarded from HttpClient.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #2293 Pending Multiplexed Connections
Added a AtomicBiInteger to allow both total connections and pending connections to be encoded in the
same atomic int.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Modified uri value in Authorized header as per discussion in #2160.
Signed-off-by: Alex Bleasdale <ableasdale@marklogic.com>
Reviewed-by: Simone Bordet <simone.bordet@gmail.com>
There are still problems with this impl (some client tests ignored) and there is still a work around for the JNR bug 50, however this impl is already much better than the unix socket support that is already in the release. So will merge for now and put more effort in once there is a JNR fix.
* WIP add unix domain sockets support in HttpClient
* move unix socket client part to unix socket module #2014
* some cleanup #2014
* add missing headers #2014
* add TODO
* UnixSocket client refactor
* cleanup test and pom
* minor changes, use LOG.isDebugEnabled() before using debug method
* add UNIX SOCKET http client test with all other tests, push this to see what happen on Jenkins
* fix some unit tests
* fix more tests
* fix load test
* UnixSocket client
* Demonstrate JNR bug
* Worked around JNR bug 50
* close channel on client side as well
* more details in log
* log file path as well
* #2014 disable test per default as doesn't work on some environement
* Revert "#2014 disable test per default as doesn't work on some environement"
* test only on unix
* Allow test of specific transport(s)
* Move unix socket to /tmp
* move test socket to /tmp
* move test socket to /tmp
* ignore failing tests for now
* fix bean name and possible to use sys prop org.eclipse.jetty.http.client.AbstractTest.Transports with mvn cli
* test isBlank as surefire props is not null
* correctly create tmp file with @Before
* do not delete file
* use /tmp as build directory doesn't seem to work within docker...
* do not delete sock file on client as it is own by the server
* file must not exist when binding unix socket
* #2014 fix license header
* network specific tests assumed
* Fixed to handle null selector keys
* add assume for tests that assume a network connector
Signed-off-by: olivier lamy <olamy@webtide.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Fixed destroy of HttpChannel for HTTP/1.1: not at release()
because the connection and therefore the channel will be reused,
but at close(), when we're sure the connection will not be reused.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Scalable scheduler changes for #1918
* Added HttpChannel.destroy to destroy CyclicTimer
* fixed rebase with HttpConnectionOverFCGI
* renamed to acquire
* Destroying the HttpChannel consistently in all transports.
* updated headers
* cleanup after final review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Clean up of actions (now updates) prior to #2046 fix
* prevent exceptions from termincating lifecycle doStop or destroy
* Refactored ManagedSelector stop to always close endpoints
* Fixed NPE if SelectorManager is already stopped
* refactored after review
* further simplifications after review
* Wait only for oshut endpoints
* Cleanup from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Removed the distinction between pushed and non-pushed channels; only
non-pushed channels are released and recycled if they're not failed.
Properly resetting HttpReceiverOverHTTP2.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #2081 No idle timeout exception when dispatch is delayed
* Delegate the readtimeout handling to HttpChannel so that a delayed dispatch can be ended.
* Added unit test for delayed dispatch idle
* Now using HttpInput.onIdleTimeout() to fail the HttpInput, and then dispatching the request in case it has not been dispatched yet. This ensure consistent behavior independently of the value of HttpConfiguration.delayDispatchUntilContent.
* Fixed for both HTTP/1.1 and HTTP/2.
* Added tests for non-blocking reads.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced ContentProvider.isReproducible() to detect whether the
request content can be provided more than once, and modified
ContentProvider implementation accordingly.
Modified AuthenticationProtocolHandler to not send an authenticated
request if the content is not reproducible.
Modified AuthenticationProtocolHandler to tolerate request failures.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Implemented as integer guard + timestamp.
The timestamp is not enough to guard against long times spent sending
(and/or in application callbacks during sends).
Added missing @ManagedObject annotation to AbstractConnectorHttpClientTransport.
Also exported to JMX the "multiplexed" attribute for the FCGI transport
and the "useALPN" attribute for the HTTP/2 transport.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Added HttpClientMBean, and overridden getObjectContextBasis() so that
the HttpClient name is inherited by children components such as the
HttpClientTransport, the ThreadPool, etc.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Ensure -1 fill is not appended to bytesIn counts
Don't include discarded bytes from head responses in counts
refactored gather writes in HttpConnection to be clearer and removed
redundant buffer checks
A temporary fix that uses a hueristic to limit the pool size.
Perhaps such a hueristic should be the default for the queue size of all ByteBufferPools, as infinite queue size is rarely going to be a good thing?
Also, I think all the pools need to have better javadoc, plus an upper/lower bound of the size of buffer that they will pool, as gzip will tend to ask for lots of random sized buffers to put the expanded data into, some could be very
large and unlikely to be reused.
Introduced ConnectionPool.Factory and HttpClientTransport.connectionPoolFactory.
This allows applications to create a ConnectionPool given the HttpDestination.
Introduced ConnectionPool.Factory and HttpClientTransport.connectionPoolFactory.
This allows applications to create a ConnectionPool given the HttpDestination.
Since requests cannot be connection delimited, don't call
sslEngine.closeInbound() on the server.
On the client, added a configuration parameter to allow missing
TLS Close Message, since many servers do that.
Introduced SslConnection.allowMissingCloseMessage so that it
throws in case of truncation attacks.