Introduced SslContextFactory subclasses Client and Server.
Replaced all usages of SslContextFactory with either Client or Server
as required.
Refactored configuration checking so that warnings are not emitted
when non necessary.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Added a bytebufferpool module to be able to configure
the ByteBufferPool used by ServerConnectors.
Added JMX methods to the ByteBufferPool implementations.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Updated the implementation to track the oldest bucket and
release its buffers when the retained memory is exceeded.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Implemented a limit for the total memory retained by the
ByteBufferPool for both direct and heap buffers.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Added a SslHandshakeListener to SslConnection that performs
the host name verification (only on the client) if the
HostnameVerifier has been configured in SslContextFactory.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Updating SslContextFactory configuration for tests, since
the change in the default endPointIdentificationAlgorithm
makes the test failing as the certificates are not valid
for the local host, which is different depending on where
the tests are run (locally, jenkins).
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced PlainOrSslConnectionFactory, to "sniff" the first bytes
on a connection and upgrade to SSL (if the bytes are TLS bytes), or
upgrade to a specific, configured, protocol.
Added also the ability to fail the upgrade in case of a `http`
request to a `https` port and write a minimal response to the client.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Using system property "org.eclipse.jetty.io.forceSelectNow"
to force a selectNow() call; if absent, forcing selectNow()
only in the Windows OS.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Move RetainableByteBuffer to jetty-io=
use RetainableByteBuffer
use RetainableByteBuffer - changes from review.
Reviewed and applied small changes.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced safeInterestOps() and safeReadyOps() to catch exceptions
they may throw and using them in relevant places to fix the issue.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #3038 - SSL connection leak.
Fixed SSL spin caused when fill had NEED_WRAP, but a flush/wrap
produced 0 bytes and stayed in NEED_WRAP
Removed check of isInputShutdown prior to filling that allowed EOF to
overtake data already read.
Fix for leak by shutting down output in HttpConnection if
filled -1 and the HttpChannelState was no longer processing
current request.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Cleanup the dump implementation
* improved the clarity of utility methods for dump and updated most dump methods
* fixed upgrade filter dump
* Improved dump after review
* Moved dumpObjects to Dumpable
* implemented dumpBeans with dumpObjects
* less verbose dump
* Dump streams
* fixed dump test
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #2954 Report badmessage cause
Pass BadMessageException from parser to HttpReceiverOVerHTTP
This change has already mostly been made in 9.4, so essentially this is a back port. However the
primary signature of HttpParser.Handler for badMessage has not been changed and a default method
used to handle the cause. This avoids breaking any usages of the interface.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
+ Changes needed for new Junit 5
+ Migrating from Vintage junit API to Jupiter junit API
+ Relies on SNAPSHOT jetty-test-helper
- this will be a formal release once this issue has been
resolved satisfactory
+ Have jenkins always pull latest SNAPSHOT for each build
+ Adding jetty.snapshots repository
+ Using surefire 2.22.0 per advice from junit
+ Ensuring <reuseForks>true</reuseForks> to work around issue junit-team/junit5#801
+ Disabling <forkMode>always</forkMode> in maven-surefire-plugin
due to bug https://github.com/junit-team/junit5/issues/801
+ OSGi tests must remain at vintage due to PaxExam
+ Moving from vintage TestingDir to jupiter WorkDir
+ Fixing imports to use jupiter, not vintage
+ Migrating vintage ExpectedException to jupiter assertThrows
+ Migrating vintage TestName to jupiter TestInfo
+ Migrating @RunWith(Parameterized.class)
to @ParameterizedTest with Argument Sources
+ Migrating assertTrue(val.contains(needle))
to assertThat(val, containsString(needle))
+ Aligning junit versions per recommendations from @sormuras
+ Adjusting parameter order change for assertEquals()
+ Test LifeCycle Annotation Migration
junit 4 | junit 5 / jupiter
------------ | -----------
@Before | @BeforeEach
@After | @AfterEach
@BeforeClass | @BeforeAll
@AfterClass | @AfterAll
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Issue #2711 - TLS 1.3 compliance.
Disabled few tests that are TLS 1.2 specific.
Renegotiation in SslConnection is now skipped for TLS 1.3.
Replaced SNI keystore DSA certificate with RSA certificate.
First full build achieved with JDK 11+28.
Small changes after review.
Modified the test case to pass in JDK 8, where the implementation
throws SSLException, while in later JDKs throws SSLHandshakeException.
Minor cleanup
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
WIP.
Tentative fix to avoid that onFillable() is called after the exchange
is completed.
Now DecryptedEndPoint.fillInterest.fillable() is called before other
methods that may advance the exchange processing.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now IllegalStateExceptions are thrown with a message.
Methods needsFillInterest() and onIncompleteFlush() are now wrapped in
try/catch to make sure the connection is closed in case of exceptions.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Isolated SSLEngine method calls and wrapped them into try/catch
blocks to ignore the NullPointerException thrown by Conscrypt.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now checking for thread interrupted only when select() reports 0 selected.
This will avoid the check in case of legit I/O wakeups.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Added check for thread interrupted.
If interrupted and ManagedSelector is not running, bail out.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Major refactor of SslConnection to address #2233 and to simplify in preparation for java-11 support.
Made the `needFillInterest` and `onIncompleteFlush` methods the primary stateful methods with state for fill and flush side that does not reproduce state already held by the SslEngine itself.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
After discussion on openjdk/nio-dev, we now wakeup the selector
after closing a socket, so that the SelectionKey can be removed
from the Selector and the TCP stack notified that the socket
has been really closed, so that it can send RST to clients.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #2468 - Remove SoLinger.
For non-blocking sockets, StandardSocketOptions#SO_LINGER javadocs
report that the behavior is undefined. In JDK 11 setting SoLinger
for non-blocking sockets will be ignored.
As such, there is no point in allowing SoLinger to be configured
in Jetty that only uses non-blocking sockets.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
WriteFlusher.write() now requires the callback it is given is not null
the FAILED state of WriteFlusher is now a terminal state
any failure will now result in the callback being failed and a transition to the FAILED state
the WriteFlusher documentation and WriteFlusherTests have also been altered to reflect these changes
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
removed HttpOutput.close(Closeable) method as IO.close(Closeable) should be used instead
added isFailed() method to WriteFlusher and used it to fix WriteFlusherTest.testFailWhileBlocking()
surrounded usage of onError() in HttpOutput.run() with try-finally so that IO.close(this) is executed if onError throws
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
changed write flusher to go from pending state to failed state
reverted previous HttpOutput changes
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Fixes#2366 - Review HTTP/2 interleaving.
Now using a fairer algorithm that performs multiple generation passes
but without generating all frames for the current entries - it stops
after N passes over all the entries when the number of bytes to
write is large enough.
Using HttpConfiguration.outputBufferSize as the writeThreshold on
the server and a default 32 KiB on the client to stop the generation
after a pass over all the entries.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
+ New SocketChannelEndPointTest replacement class
* Is Parameterized for both Normal/Ssl scenarios
* Builds a new set of connections/selector manager etc
for each test
* TestConnection moved to inner static class to not rely
on test class fields/methods
* Adding SafeInteger to help track down bad test behavior.
Blocking Read behavior doesn't do what we think, see Exception on CI.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Renamed old SocketChannelEndPointTest to
SocketChannelEndPointOpenCloseTest
+ Moved SelectChannelEndPointSslTest.checkSslEngineBehavior() to
new SslEngineBehaviorTest as its unrelated to the rest
of the SelectChannelEndPointTest logic
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Renamed SelectChannelEndPointInterestsTest to
SocketChannelEndPointInterestsTest
+ Merged EndPointTest abstract class into SocketChannelEndPointTest
as it's only used by that testcase
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Hoping that this will reveal the specific circumstances (test order)
that lead to the frequent test failures on CI
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Only close if parser closed and output is shutdown
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* a better possible fix
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* after review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Protecton from recursion in SSL flush try again #2233
This would not be needed if we could make flush iterate when necessary.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Joakim Erdfelt
Simone Bordet
Greg Wilkins
Olivier Lamy
Jesse McConnell
Kazuhiro Sera
Lachlan Roberts
olivier lamy