Now closing the connection if an unsolicited response is detected,
no matter what response status code, or whether it has a
Connection: close header, or whether it's just random bytes from
the server, and also no matter whether the client read -1.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Implemented as part of #4975.
Added a test case that proves that the connection is closed
when the max usage count is reached.
Improved logging.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Some updates to the new Pool class:
+ fixed a race with pending reservations
+ use a pending counter
+ Reservation API to simplify Entry API
+ removed public methods on Entry API
* Some updates to the new Pool class:
+ fixed a race with pending reservations
+ use a pending counter
+ Reservation API to simplify Entry API
+ removed public methods on Entry API
* Updates from review
* Updates from review
Tests for cache size and acquire with creator
* Method no longer required with Reservation
* update from the feedback on the feedback of the feedback from the review.
Moved enable to Entry, removed Reservation class and clarified usage in javadoc
* Issue #5095 XmlConfiguration locking Use pool instead of static shared instance
fixed javadoc
* Issue #5095 XmlConfiguration locking Use pool instead of static shared instance
fixed javadoc
* Issue #5095 XmlConfiguration locking Use pool instead of static shared instance
fixed javadoc
* Issue #5095 XmlConfiguration locking Use pool instead of static shared instance
updates from review
On the client:
* Origin.Address.host is passed through HostPort.normalizeHost(),
so that if it is IPv6 is bracketed.
Now the ipv6 address passed to an `HttClient` request is bracketed.
* HttpRequest was de-bracketing the host, but now it does not anymore.
On the server:
* Request.getLocalAddr(), getLocalName(), getRemoteAddr(),
getRemoteHost(), getServerName(), when dealing with an IPv6 address,
return it bracketed.
The reason to return bracketed IPv6 also from *Addr() methods is that
if it is used with InetAddress/InetSocketAddress it still works, but
often it is interpreted as a URI host so brackets are necessary.
* DoSFilter was blindly bracketing - now it does not.
Added a number of test cases, and fixed those that expected
non-bracketed IPv6.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Replace uses of Random with SecureRandom.
We do not believe any of these uses of Random represent any security vulnerability, but we are making this
change for an abundance of caution and to avoid warnings from 3rd party scanning tools.
Fixed MaxConcurrentStreamsTest - it was always broken.
The problem was that the call to super.onSettings(...) was done
_after_ sending the request, so the connection pool was still
configured with the default maxMultiplex=1024.
Also fixed AbstractConnectionPool to avoid a second call to
activate() if we are not trying to create a new connection.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixed MultiplexConnectionPool.acquire() to use the new boolean
parameter to decide whether or not create a new connection.
This fixes ConnectionPoolTest instability.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixes#4976 HttpClient async content throws NPE in DEBUG log.
Reworked handling of asynchronous content by immediately exiting
HttpReceiverOverHTTP.process(), so that there is no race with
other threads that have been scheduled to resume the processing.
The call to HttpReceiver.dispose() that could be triggered by
an asynchronous failure is now performed either by the failing
thread (if the HttpReceiver is not processing) or by an I/O
thread (if the HttpReceiver is processing) similarly to what
happens when terminating the response.
The content decoding has been reworked to perform the required
state changes similarly to what non-decoded content is doing,
as this was completely lacking before (it was actually a side
bug that is now fixed).
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
* Fixes#4904 - WebsocketClient creates more connections than needed.
Fixed connection pool's `acquire()` methods to correctly take into account the number of queued requests.
Now the connection creation is conditional, triggered by
explicit send() or failures.
The connection creation is not triggered _after_ a send(),
where we aggressively send more queued requests - or
in release(), where we send queued request after a previous
one was completed.
Now the connection close/removal aggressively sends more
requests triggering the connection creation.
Also fixed a collateral bug in `BufferingResponseListener` - wrong calculation of the max content length.
Restored `ConnectionPoolTest` that was disabled in #2540, cleaned it up, and let it run for hours without failures.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Added test to replicate the traffic seen in the issue.
The test shows that we do close the server EndPoint.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
For some historical reason, host and port were not mutable after the request
was created. Since many other key parameters are mutable (e.g. the scheme)
it makes sense to make host and port mutable too.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced NetworkTrafficSocketChannelEndPoint to replace
NetworkTrafficSelectChannelEndPoint, now deprecated.
Code and javadocs cleanup.
Moved the tests to jetty-client so that also the client is tested.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Updated the keystores to PKCS12 and added the Basic Constraint CA:true
to the server certificate.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixed visibility of ProxyProtocolConnection.
Must be protected because it's the return type
of protected methods.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced HttpRequest.normalized() to test and set whether
the request has already been normalized.
Added test case and few cleanups.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fixes#4421 - HttpClient support for PROXY protocol.
Implemented support for the PROXY protocol in HttpClient.
Introduced Request.tag(Object) to tag requests that belong
to the same group (e.g. a client address) so that they can
generate a different destination.
The tag object may implement ClientConnectionFactory.Decorator
so that it can decorate the HttpDestination ClientConnectionFactory
and therefore work both with and without forward proxy configuration.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now setting correctly the host and port to the server destination
_after_ the SOCKS tunnel is established, similarly to what is done
for the HTTP CONNECT tunnel.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
In case of multiple parts only the last iterator was closed.
Now, every part's iterator is closed.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now the various content listeners inherit from each other, like
it should have been from the beginning.
This also allowed to remove code duplication due to the default
implementation of the methods in various places.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now correctly handling no demand before the content
in FCGI and HTTP2 transports.
Fixed HttpRequest to correctly forward onBeforeContent()
to wrapped listeners.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #4265 Remove doError
The doError method and the ErrorDispatchHandler class were
hang overs from when we needed to dispatch into a context to get sendError called, which would then generate the error page.
Now sendError doesn't do any generation, rather it changes state that arranges either for a minimal error page to be generated or an ERROR dispatch to a real handler/servlet to generate the error page.
Thus the ErrorDispatchHandler and doError methods can now be removed.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4265 Remove doError
Moved the error page dispatching logic back to the ErrorHandler class to assist with backwards compatibility
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4265 Remove doError
Moved the error page dispatching logic back to the ErrorHandler class to assist with backwards compatibility
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4265 doError
Updates from review.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Releasing the decrypted input buffer so that it can be re-acquired
with an expanded capacity.
Looping around only if the buffer size has changed.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Added workarounds for the Java 11 behavior.
In fill(), call closeInbound() if we filled -1 and the handshake
did not start yet. This avoids to send a ClientHello to the peer
even if we are closing.
In flush(), if the handshake status is NEED_UNWRAP but we are
closing, force a wrap().
Added test cases.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now rethrowing other exceptions as SSLHandshakeException
if they happen during the TLS handshake.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
It is now possible to pass a `SslContextFactory.Client` to HttpProxy
so that it is possible to use a keystore for the proxy communication
and another keystore for the server communication.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixed setting of host/port in AbstractConnectorHttpClientTransport
and HttpProxy so that the creation of SSLEngine can use the proper
host/port pair, and can be subsequently used in TLS components.
Introduced SslContextFactory X509ExtendedKeyManagerWrapper and
X509ExtendedTrustManagerWrapper as utility classes used internally
and in tests.
The test case for this issue required 3 keystores, so other test
classes have been refactored to use the new keystores.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Simone Bordet
Oleg Mozzhechkov
Greg Wilkins
Ludovic Orban
Joakim Erdfelt
Lachlan Roberts
olivier lamy