Introduced SslContextFactory subclasses Client and Server.
Replaced all usages of SslContextFactory with either Client or Server
as required.
Refactored configuration checking so that warnings are not emitted
when non necessary.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Added a bytebufferpool module to be able to configure
the ByteBufferPool used by ServerConnectors.
Added JMX methods to the ByteBufferPool implementations.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Updated the implementation to track the oldest bucket and
release its buffers when the retained memory is exceeded.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Implemented a limit for the total memory retained by the
ByteBufferPool for both direct and heap buffers.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Added a SslHandshakeListener to SslConnection that performs
the host name verification (only on the client) if the
HostnameVerifier has been configured in SslContextFactory.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Updating SslContextFactory configuration for tests, since
the change in the default endPointIdentificationAlgorithm
makes the test failing as the certificates are not valid
for the local host, which is different depending on where
the tests are run (locally, jenkins).
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced PlainOrSslConnectionFactory, to "sniff" the first bytes
on a connection and upgrade to SSL (if the bytes are TLS bytes), or
upgrade to a specific, configured, protocol.
Added also the ability to fail the upgrade in case of a `http`
request to a `https` port and write a minimal response to the client.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Using system property "org.eclipse.jetty.io.forceSelectNow"
to force a selectNow() call; if absent, forcing selectNow()
only in the Windows OS.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Move RetainableByteBuffer to jetty-io=
use RetainableByteBuffer
use RetainableByteBuffer - changes from review.
Reviewed and applied small changes.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced safeInterestOps() and safeReadyOps() to catch exceptions
they may throw and using them in relevant places to fix the issue.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #3038 - SSL connection leak.
Fixed SSL spin caused when fill had NEED_WRAP, but a flush/wrap
produced 0 bytes and stayed in NEED_WRAP
Removed check of isInputShutdown prior to filling that allowed EOF to
overtake data already read.
Fix for leak by shutting down output in HttpConnection if
filled -1 and the HttpChannelState was no longer processing
current request.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Cleanup the dump implementation
* improved the clarity of utility methods for dump and updated most dump methods
* fixed upgrade filter dump
* Improved dump after review
* Moved dumpObjects to Dumpable
* implemented dumpBeans with dumpObjects
* less verbose dump
* Dump streams
* fixed dump test
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #2954 Report badmessage cause
Pass BadMessageException from parser to HttpReceiverOVerHTTP
This change has already mostly been made in 9.4, so essentially this is a back port. However the
primary signature of HttpParser.Handler for badMessage has not been changed and a default method
used to handle the cause. This avoids breaking any usages of the interface.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
+ Changes needed for new Junit 5
+ Migrating from Vintage junit API to Jupiter junit API
+ Relies on SNAPSHOT jetty-test-helper
- this will be a formal release once this issue has been
resolved satisfactory
+ Have jenkins always pull latest SNAPSHOT for each build
+ Adding jetty.snapshots repository
+ Using surefire 2.22.0 per advice from junit
+ Ensuring <reuseForks>true</reuseForks> to work around issue junit-team/junit5#801
+ Disabling <forkMode>always</forkMode> in maven-surefire-plugin
due to bug https://github.com/junit-team/junit5/issues/801
+ OSGi tests must remain at vintage due to PaxExam
+ Moving from vintage TestingDir to jupiter WorkDir
+ Fixing imports to use jupiter, not vintage
+ Migrating vintage ExpectedException to jupiter assertThrows
+ Migrating vintage TestName to jupiter TestInfo
+ Migrating @RunWith(Parameterized.class)
to @ParameterizedTest with Argument Sources
+ Migrating assertTrue(val.contains(needle))
to assertThat(val, containsString(needle))
+ Aligning junit versions per recommendations from @sormuras
+ Adjusting parameter order change for assertEquals()
+ Test LifeCycle Annotation Migration
junit 4 | junit 5 / jupiter
------------ | -----------
@Before | @BeforeEach
@After | @AfterEach
@BeforeClass | @BeforeAll
@AfterClass | @AfterAll
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Issue #2711 - TLS 1.3 compliance.
Disabled few tests that are TLS 1.2 specific.
Renegotiation in SslConnection is now skipped for TLS 1.3.
Replaced SNI keystore DSA certificate with RSA certificate.
First full build achieved with JDK 11+28.
Small changes after review.
Modified the test case to pass in JDK 8, where the implementation
throws SSLException, while in later JDKs throws SSLHandshakeException.
Minor cleanup
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
WIP.
Tentative fix to avoid that onFillable() is called after the exchange
is completed.
Now DecryptedEndPoint.fillInterest.fillable() is called before other
methods that may advance the exchange processing.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now IllegalStateExceptions are thrown with a message.
Methods needsFillInterest() and onIncompleteFlush() are now wrapped in
try/catch to make sure the connection is closed in case of exceptions.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Isolated SSLEngine method calls and wrapped them into try/catch
blocks to ignore the NullPointerException thrown by Conscrypt.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Greg Wilkins
Simone Bordet
Joakim Erdfelt
Olivier Lamy
Jesse McConnell
Kazuhiro Sera