rpms
/
netty
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to upstream version 4.1.13

This commit is contained in:
Michael Simacek 2017-07-11 15:00:26 +02:00
parent db07b93aaf
commit 99ce156e92
7 changed files with 5061 additions and 1174 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +1,2 @@
/netty-4.0.42.Final.tar.gz
/netty-4.1.13.Final.tar.gz

5262
0001-Remove-OpenSSL-parts-depending-on-tcnative.patch
View File

File diff suppressed because it is too large Load Diff

353
0002-Remove-NPN.patch Normal file
View File

@ -0,0 +1,353 @@
From f7b8e27b5f55c4a21cf84fb56a616b8bfd4af8da Mon Sep 17 00:00:00 2001
From: Michael Simacek <msimacek@redhat.com>
Date: Fri, 7 Jul 2017 16:07:23 +0200
Subject: [PATCH 2/3] Remove NPN
---
handler/pom.xml | 5 -
.../ssl/JdkNpnApplicationProtocolNegotiator.java | 120 --------------------
.../java/io/netty/handler/ssl/JdkSslContext.java | 30 -----
.../io/netty/handler/ssl/JettyNpnSslEngine.java | 122 ---------------------
.../io/netty/handler/ssl/JdkSslEngineTest.java | 2 +-
5 files changed, 1 insertion(+), 278 deletions(-)
delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java
diff --git a/handler/pom.xml b/handler/pom.xml
index d0ed1bc..52e63ca 100644
--- a/handler/pom.xml
+++ b/handler/pom.xml
@@ -55,11 +55,6 @@
<optional>true</optional>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.npn</groupId>
- <artifactId>npn-api</artifactId>
- <optional>true</optional>
- </dependency>
- <dependency>
<groupId>org.eclipse.jetty.alpn</groupId>
<artifactId>alpn-api</artifactId>
<optional>true</optional>
diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
deleted file mode 100644
index 06b29b7..0000000
--- a/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Copyright 2014 The Netty Project
- *
- * The Netty Project licenses this file to you under the Apache License,
- * version 2.0 (the "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-package io.netty.handler.ssl;
-
-import javax.net.ssl.SSLEngine;
-
-/**
- * The {@link JdkApplicationProtocolNegotiator} to use if you need NPN and are using {@link SslProvider#JDK}.
- */
-public final class JdkNpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator {
- private static final SslEngineWrapperFactory NPN_WRAPPER = new SslEngineWrapperFactory() {
- {
- if (!JettyNpnSslEngine.isAvailable()) {
- throw new RuntimeException("NPN unsupported. Is your classpath configured correctly?"
- + " See https://wiki.eclipse.org/Jetty/Feature/NPN");
- }
- }
-
- @Override
- public SSLEngine wrapSslEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator,
- boolean isServer) {
- return new JettyNpnSslEngine(engine, applicationNegotiator, isServer);
- }
- };
-
- /**
- * Create a new instance.
- * @param protocols The order of iteration determines the preference of support for protocols.
- */
- public JdkNpnApplicationProtocolNegotiator(Iterable<String> protocols) {
- this(false, protocols);
- }
-
- /**
- * Create a new instance.
- * @param protocols The order of iteration determines the preference of support for protocols.
- */
- public JdkNpnApplicationProtocolNegotiator(String... protocols) {
- this(false, protocols);
- }
-
- /**
- * Create a new instance.
- * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
- * @param protocols The order of iteration determines the preference of support for protocols.
- */
- public JdkNpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, Iterable<String> protocols) {
- this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
- }
-
- /**
- * Create a new instance.
- * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
- * @param protocols The order of iteration determines the preference of support for protocols.
- */
- public JdkNpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, String... protocols) {
- this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
- }
-
- /**
- * Create a new instance.
- * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
- * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
- * @param protocols The order of iteration determines the preference of support for protocols.
- */
- public JdkNpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
- boolean serverFailIfNoCommonProtocols, Iterable<String> protocols) {
- this(clientFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
- serverFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
- protocols);
- }
-
- /**
- * Create a new instance.
- * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
- * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
- * @param protocols The order of iteration determines the preference of support for protocols.
- */
- public JdkNpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
- boolean serverFailIfNoCommonProtocols, String... protocols) {
- this(clientFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
- serverFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
- protocols);
- }
-
- /**
- * Create a new instance.
- * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
- * @param listenerFactory The factory which provides to be notified of which protocol was selected.
- * @param protocols The order of iteration determines the preference of support for protocols.
- */
- public JdkNpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
- ProtocolSelectionListenerFactory listenerFactory, Iterable<String> protocols) {
- super(NPN_WRAPPER, selectorFactory, listenerFactory, protocols);
- }
-
- /**
- * Create a new instance.
- * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
- * @param listenerFactory The factory which provides to be notified of which protocol was selected.
- * @param protocols The order of iteration determines the preference of support for protocols.
- */
- public JdkNpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
- ProtocolSelectionListenerFactory listenerFactory, String... protocols) {
- super(NPN_WRAPPER, selectorFactory, listenerFactory, protocols);
- }
-}
diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
index 0ad6639..d5b86ff 100644
--- a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
+++ b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
@@ -288,47 +288,17 @@ public class JdkSslContext extends SslContext {
case ALPN:
if (isServer) {
switch(config.selectorFailureBehavior()) {
- case FATAL_ALERT:
- return new JdkAlpnApplicationProtocolNegotiator(true, config.supportedProtocols());
- case NO_ADVERTISE:
- return new JdkAlpnApplicationProtocolNegotiator(false, config.supportedProtocols());
default:
throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
.append(config.selectorFailureBehavior()).append(" failure behavior").toString());
}
} else {
switch(config.selectedListenerFailureBehavior()) {
- case ACCEPT:
- return new JdkAlpnApplicationProtocolNegotiator(false, config.supportedProtocols());
- case FATAL_ALERT:
- return new JdkAlpnApplicationProtocolNegotiator(true, config.supportedProtocols());
default:
throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
.append(config.selectedListenerFailureBehavior()).append(" failure behavior").toString());
}
}
- case NPN:
- if (isServer) {
- switch(config.selectedListenerFailureBehavior()) {
- case ACCEPT:
- return new JdkNpnApplicationProtocolNegotiator(false, config.supportedProtocols());
- case FATAL_ALERT:
- return new JdkNpnApplicationProtocolNegotiator(true, config.supportedProtocols());
- default:
- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
- .append(config.selectedListenerFailureBehavior()).append(" failure behavior").toString());
- }
- } else {
- switch(config.selectorFailureBehavior()) {
- case FATAL_ALERT:
- return new JdkNpnApplicationProtocolNegotiator(true, config.supportedProtocols());
- case NO_ADVERTISE:
- return new JdkNpnApplicationProtocolNegotiator(false, config.supportedProtocols());
- default:
- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
- .append(config.selectorFailureBehavior()).append(" failure behavior").toString());
- }
- }
default:
throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
.append(config.protocol()).append(" protocol").toString());
diff --git a/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java
deleted file mode 100644
index 77e7366..0000000
--- a/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * Copyright 2014 The Netty Project
- *
- * The Netty Project licenses this file to you under the Apache License,
- * version 2.0 (the "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-package io.netty.handler.ssl;
-
-import static io.netty.util.internal.ObjectUtil.checkNotNull;
-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener;
-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
-import io.netty.util.internal.PlatformDependent;
-
-import java.util.LinkedHashSet;
-import java.util.List;
-
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLException;
-
-import org.eclipse.jetty.npn.NextProtoNego;
-import org.eclipse.jetty.npn.NextProtoNego.ClientProvider;
-import org.eclipse.jetty.npn.NextProtoNego.ServerProvider;
-
-final class JettyNpnSslEngine extends JdkSslEngine {
- private static boolean available;
-
- static boolean isAvailable() {
- updateAvailability();
- return available;
- }
-
- private static void updateAvailability() {
- if (available) {
- return;
- }
- try {
- // Always use bootstrap class loader.
- Class.forName("sun.security.ssl.NextProtoNegoExtension", true, null);
- available = true;
- } catch (Exception ignore) {
- // npn-boot was not loaded.
- }
- }
-
- JettyNpnSslEngine(SSLEngine engine, final JdkApplicationProtocolNegotiator applicationNegotiator, boolean server) {
- super(engine);
- checkNotNull(applicationNegotiator, "applicationNegotiator");
-
- if (server) {
- final ProtocolSelectionListener protocolListener = checkNotNull(applicationNegotiator
- .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()),
- "protocolListener");
- NextProtoNego.put(engine, new ServerProvider() {
- @Override
- public void unsupported() {
- protocolListener.unsupported();
- }
-
- @Override
- public List<String> protocols() {
- return applicationNegotiator.protocols();
- }
-
- @Override
- public void protocolSelected(String protocol) {
- try {
- protocolListener.selected(protocol);
- } catch (Throwable t) {
- PlatformDependent.throwException(t);
- }
- }
- });
- } else {
- final ProtocolSelector protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory()
- .newSelector(this, new LinkedHashSet<String>(applicationNegotiator.protocols())),
- "protocolSelector");
- NextProtoNego.put(engine, new ClientProvider() {
- @Override
- public boolean supports() {
- return true;
- }
-
- @Override
- public void unsupported() {
- protocolSelector.unsupported();
- }
-
- @Override
- public String selectProtocol(List<String> protocols) {
- try {
- return protocolSelector.select(protocols);
- } catch (Throwable t) {
- PlatformDependent.throwException(t);
- return null;
- }
- }
- });
- }
- }
-
- @Override
- public void closeInbound() throws SSLException {
- NextProtoNego.remove(getWrappedEngine());
- super.closeInbound();
- }
-
- @Override
- public void closeOutbound() {
- NextProtoNego.remove(getWrappedEngine());
- super.closeOutbound();
- }
-}
diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
index d6cd94d..4489b16 100644
--- a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
@@ -46,7 +46,7 @@ public class JdkSslEngineTest extends SSLEngineTest {
NPN_DEFAULT {
@Override
boolean isAvailable() {
- return JettyNpnSslEngine.isAvailable();
+ return false;
}
@Override
--
2.9.4

511
0003-Remove-conscrypt-ALPN.patch Normal file
View File

@ -0,0 +1,511 @@
From 039534e20546221c3466d1ceb663625c59edb0e7 Mon Sep 17 00:00:00 2001
From: Michael Simacek <msimacek@redhat.com>
Date: Tue, 11 Jul 2017 13:37:22 +0200
Subject: [PATCH 3/3] Remove conscrypt ALPN
---
handler/pom.xml | 6 -
.../netty/handler/ssl/ConscryptAlpnSslEngine.java | 176 ---------------------
.../ssl/JdkAlpnApplicationProtocolNegotiator.java | 6 +-
.../main/java/io/netty/handler/ssl/SslHandler.java | 35 ----
.../ssl/ConscryptJdkSslEngineInteropTest.java | 76 ---------
.../io/netty/handler/ssl/Java8SslTestUtils.java | 7 -
.../ssl/JdkConscryptSslEngineInteropTest.java | 86 ----------
.../io/netty/handler/ssl/JdkSslEngineTest.java | 2 +-
8 files changed, 2 insertions(+), 392 deletions(-)
delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java
delete mode 100644 handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java
delete mode 100644 handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java
diff --git a/handler/pom.xml b/handler/pom.xml
index 52e63ca..69af32a 100644
--- a/handler/pom.xml
+++ b/handler/pom.xml
@@ -60,12 +60,6 @@
<optional>true</optional>
</dependency>
<dependency>
- <groupId>${conscrypt.groupId}</groupId>
- <artifactId>${conscrypt.artifactId}</artifactId>
- <classifier>${conscrypt.classifier}</classifier>
- <optional>true</optional>
- </dependency>
- <dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
</dependency>
diff --git a/handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java
deleted file mode 100644
index 8e7a544..0000000
--- a/handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Copyright 2017 The Netty Project
- *
- * The Netty Project licenses this file to you under the Apache License,
- * version 2.0 (the "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-package io.netty.handler.ssl;
-
-import static io.netty.handler.ssl.SslUtils.toSSLHandshakeException;
-import static io.netty.util.internal.ObjectUtil.checkNotNull;
-import static java.lang.Math.min;
-
-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener;
-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
-import java.lang.reflect.Method;
-import java.nio.ByteBuffer;
-import java.util.Collections;
-import java.util.LinkedHashSet;
-import java.util.List;
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLEngineResult;
-import javax.net.ssl.SSLException;
-
-import io.netty.util.internal.PlatformDependent;
-import org.conscrypt.Conscrypt;
-import org.conscrypt.HandshakeListener;
-
-/**
- * A {@link JdkSslEngine} that uses the Conscrypt provider or SSL with ALPN.
- */
-abstract class ConscryptAlpnSslEngine extends JdkSslEngine {
- private static final Class<?> ENGINES_CLASS = getEnginesClass();
-
- /**
- * Indicates whether or not conscrypt is available on the current system.
- */
- static boolean isAvailable() {
- return ENGINES_CLASS != null && PlatformDependent.javaVersion() >= 8;
- }
-
- static boolean isEngineSupported(SSLEngine engine) {
- return isAvailable() && isConscryptEngine(engine, ENGINES_CLASS);
- }
-
- static ConscryptAlpnSslEngine newClientEngine(SSLEngine engine,
- JdkApplicationProtocolNegotiator applicationNegotiator) {
- return new ClientEngine(engine, applicationNegotiator);
- }
-
- static ConscryptAlpnSslEngine newServerEngine(SSLEngine engine,
- JdkApplicationProtocolNegotiator applicationNegotiator) {
- return new ServerEngine(engine, applicationNegotiator);
- }
-
- private ConscryptAlpnSslEngine(SSLEngine engine, List<String> protocols) {
- super(engine);
-
- // Set the list of supported ALPN protocols on the engine.
- Conscrypt.Engines.setAlpnProtocols(engine, protocols.toArray(new String[protocols.size()]));
- }
-
- /**
- * Calculates the maximum size of the encrypted output buffer required to wrap the given plaintext bytes. Assumes
- * as a worst case that there is one TLS record per buffer.
- *
- * @param plaintextBytes the number of plaintext bytes to be wrapped.
- * @param numBuffers the number of buffers that the plaintext bytes are spread across.
- * @return the maximum size of the encrypted output buffer required for the wrap operation.
- */
- final int calculateOutNetBufSize(int plaintextBytes, int numBuffers) {
- // Assuming a max of one frame per component in a composite buffer.
- long maxOverhead = (long) Conscrypt.Engines.maxSealOverhead(getWrappedEngine()) * numBuffers;
- // TODO(nmittler): update this to use MAX_ENCRYPTED_PACKET_LENGTH instead of Integer.MAX_VALUE
- return (int) min(Integer.MAX_VALUE, plaintextBytes + maxOverhead);
- }
-
- final SSLEngineResult unwrap(ByteBuffer[] srcs, ByteBuffer[] dests) throws SSLException {
- return Conscrypt.Engines.unwrap(getWrappedEngine(), srcs, dests);
- }
-
- private static final class ClientEngine extends ConscryptAlpnSslEngine {
- private final ProtocolSelectionListener protocolListener;
-
- ClientEngine(SSLEngine engine,
- JdkApplicationProtocolNegotiator applicationNegotiator) {
- super(engine, applicationNegotiator.protocols());
- // Register for completion of the handshake.
- Conscrypt.Engines.setHandshakeListener(engine, new HandshakeListener() {
- @Override
- public void onHandshakeFinished() throws SSLException {
- selectProtocol();
- }
- });
-
- protocolListener = checkNotNull(applicationNegotiator
- .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()),
- "protocolListener");
- }
-
- private void selectProtocol() throws SSLException {
- String protocol = Conscrypt.Engines.getAlpnSelectedProtocol(getWrappedEngine());
- try {
- protocolListener.selected(protocol);
- } catch (Throwable e) {
- throw toSSLHandshakeException(e);
- }
- }
- }
-
- private static final class ServerEngine extends ConscryptAlpnSslEngine {
- private final ProtocolSelector protocolSelector;
-
- ServerEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator) {
- super(engine, applicationNegotiator.protocols());
-
- // Register for completion of the handshake.
- Conscrypt.Engines.setHandshakeListener(engine, new HandshakeListener() {
- @Override
- public void onHandshakeFinished() throws SSLException {
- selectProtocol();
- }
- });
-
- protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory()
- .newSelector(this,
- new LinkedHashSet<String>(applicationNegotiator.protocols())),
- "protocolSelector");
- }
-
- private void selectProtocol() throws SSLException {
- try {
- String protocol = Conscrypt.Engines.getAlpnSelectedProtocol(getWrappedEngine());
- protocolSelector.select(protocol != null ? Collections.singletonList(protocol)
- : Collections.<String>emptyList());
- } catch (Throwable e) {
- throw toSSLHandshakeException(e);
- }
- }
- }
-
- private static Class<?> getEnginesClass() {
- try {
- // Always use bootstrap class loader.
- Class<?> engineClass = Class.forName("org.conscrypt.Conscrypt$Engines", true,
- ConscryptAlpnSslEngine.class.getClassLoader());
- // Ensure that it also has the isConscrypt method.
- getIsConscryptMethod(engineClass);
- return engineClass;
- } catch (Throwable ignore) {
- // Conscrypt was not loaded.
- return null;
- }
- }
-
- private static boolean isConscryptEngine(SSLEngine engine, Class<?> enginesClass) {
- try {
- Method method = getIsConscryptMethod(enginesClass);
- return (Boolean) method.invoke(null, engine);
- } catch (Throwable ignore) {
- return false;
- }
- }
-
- private static Method getIsConscryptMethod(Class<?> enginesClass) throws NoSuchMethodException {
- return enginesClass.getMethod("isConscrypt", SSLEngine.class);
- }
-}
diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
index f82c7da..9c4ab9e 100644
--- a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
+++ b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
@@ -21,7 +21,7 @@ import javax.net.ssl.SSLEngine;
* The {@link JdkApplicationProtocolNegotiator} to use if you need ALPN and are using {@link SslProvider#JDK}.
*/
public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator {
- private static final boolean AVAILABLE = ConscryptAlpnSslEngine.isAvailable() || JettyAlpnSslEngine.isAvailable();
+ private static final boolean AVAILABLE = JettyAlpnSslEngine.isAvailable();
private static final SslEngineWrapperFactory ALPN_WRAPPER = AVAILABLE ? new AlpnWrapper() : new FailureWrapper();
/**
@@ -121,10 +121,6 @@ public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicati
@Override
public SSLEngine wrapSslEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator,
boolean isServer) {
- if (ConscryptAlpnSslEngine.isEngineSupported(engine)) {
- return isServer ? ConscryptAlpnSslEngine.newServerEngine(engine, applicationNegotiator)
- : ConscryptAlpnSslEngine.newClientEngine(engine, applicationNegotiator);
- }
if (JettyAlpnSslEngine.isAvailable()) {
return isServer ? JettyAlpnSslEngine.newServerEngine(engine, applicationNegotiator)
: JettyAlpnSslEngine.newClientEngine(engine, applicationNegotiator);
diff --git a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
index 05c451a..8693011 100644
--- a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
+++ b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
@@ -187,38 +187,6 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
new ClosedChannelException(), SslHandler.class, "channelInactive(...)");
private enum SslEngineType {
- CONSCRYPT(true, COMPOSITE_CUMULATOR) {
- @Override
- SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int readerIndex, int len, ByteBuf out)
- throws SSLException {
- int nioBufferCount = in.nioBufferCount();
- int writerIndex = out.writerIndex();
- final SSLEngineResult result;
- if (nioBufferCount > 1) {
- /*
- * Use a special unwrap method without additional memory copies.
- */
- try {
- handler.singleBuffer[0] = toByteBuffer(out, writerIndex, out.writableBytes());
- result = ((ConscryptAlpnSslEngine) handler.engine).unwrap(
- in.nioBuffers(readerIndex, len),
- handler.singleBuffer);
- } finally {
- handler.singleBuffer[0] = null;
- }
- } else {
- result = handler.engine.unwrap(toByteBuffer(in, readerIndex, len),
- toByteBuffer(out, writerIndex, out.writableBytes()));
- }
- out.writerIndex(writerIndex + result.bytesProduced());
- return result;
- }
-
- @Override
- int calculateWrapBufferCapacity(SslHandler handler, int pendingBytes, int numComponents) {
- return ((ConscryptAlpnSslEngine) handler.engine).calculateOutNetBufSize(pendingBytes, numComponents);
- }
- },
JDK(false, MERGE_CUMULATOR) {
@Override
SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int readerIndex, int len, ByteBuf out)
@@ -237,9 +205,6 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
};
static SslEngineType forEngine(SSLEngine engine) {
- if (engine instanceof ConscryptAlpnSslEngine) {
- return CONSCRYPT;
- }
return JDK;
}
diff --git a/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java b/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java
deleted file mode 100644
index e217136..0000000
--- a/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright 2016 The Netty Project
- *
- * The Netty Project licenses this file to you under the Apache License,
- * version 2.0 (the "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-package io.netty.handler.ssl;
-
-import java.security.Provider;
-import org.junit.BeforeClass;
-import org.junit.Ignore;
-
-import org.junit.runner.RunWith;
-import org.junit.runners.Parameterized;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-import static org.junit.Assume.assumeTrue;
-
-@RunWith(Parameterized.class)
-public class ConscryptJdkSslEngineInteropTest extends SSLEngineTest {
-
- @Parameterized.Parameters(name = "{index}: bufferType = {0}")
- public static Collection<Object> data() {
- List<Object> params = new ArrayList<Object>();
- for (BufferType type: BufferType.values()) {
- params.add(type);
- }
- return params;
- }
-
- public ConscryptJdkSslEngineInteropTest(BufferType type) {
- super(type);
- }
-
- @BeforeClass
- public static void checkConscrypt() {
- assumeTrue(ConscryptAlpnSslEngine.isAvailable());
- }
-
- @Override
- protected SslProvider sslClientProvider() {
- return SslProvider.JDK;
- }
-
- @Override
- protected SslProvider sslServerProvider() {
- return SslProvider.JDK;
- }
-
- @Override
- protected Provider clientSslContextProvider() {
- return Java8SslTestUtils.conscryptProvider();
- }
-
- @Ignore /* Does the JDK support a "max certificate chain length"? */
- @Override
- public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
- }
-
- @Ignore /* Does the JDK support a "max certificate chain length"? */
- @Override
- public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
- }
-}
diff --git a/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java b/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java
index cc2e6c6..f9cf771 100644
--- a/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java
+++ b/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java
@@ -16,12 +16,9 @@
package io.netty.handler.ssl;
-import org.conscrypt.OpenSSLProvider;
-
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLParameters;
-import java.security.Provider;
import java.util.Collections;
final class Java8SslTestUtils {
@@ -37,8 +34,4 @@ final class Java8SslTestUtils {
};
parameters.setSNIMatchers(Collections.singleton(matcher));
}
-
- static Provider conscryptProvider() {
- return new OpenSSLProvider();
- }
}
diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java
deleted file mode 100644
index 0625f7a..0000000
--- a/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright 2017 The Netty Project
- *
- * The Netty Project licenses this file to you under the Apache License,
- * version 2.0 (the "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-package io.netty.handler.ssl;
-
-import java.security.Provider;
-import org.junit.BeforeClass;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.Parameterized;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-import static org.junit.Assume.assumeTrue;
-
-@RunWith(Parameterized.class)
-public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
-
- @Parameterized.Parameters(name = "{index}: bufferType = {0}")
- public static Collection<Object> data() {
- List<Object> params = new ArrayList<Object>();
- for (BufferType type: BufferType.values()) {
- params.add(type);
- }
- return params;
- }
-
- public JdkConscryptSslEngineInteropTest(BufferType type) {
- super(type);
- }
-
- @BeforeClass
- public static void checkConscrypt() {
- assumeTrue(ConscryptAlpnSslEngine.isAvailable());
- }
-
- @Override
- protected SslProvider sslClientProvider() {
- return SslProvider.JDK;
- }
-
- @Override
- protected SslProvider sslServerProvider() {
- return SslProvider.JDK;
- }
-
- @Override
- protected Provider serverSslContextProvider() {
- return Java8SslTestUtils.conscryptProvider();
- }
-
- @Override
- @Test
- @Ignore("TODO: Make this work with Conscrypt")
- public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
- super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
- }
-
- @Override
- @Test
- @Ignore("TODO: Make this work with Conscrypt")
- public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
- super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
- }
-
- @Override
- protected boolean mySetupMutualAuthServerIsValidClientException(Throwable cause) {
- // TODO(scott): work around for a JDK issue. The exception should be SSLHandshakeException.
- return super.mySetupMutualAuthServerIsValidClientException(cause) || causedBySSLException(cause);
- }
-}
diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
index 4489b16..e32fa0d 100644
--- a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
@@ -81,7 +81,7 @@ public class JdkSslEngineTest extends SSLEngineTest {
@Override
boolean isAvailable() {
- return ConscryptAlpnSslEngine.isAvailable();
+ return false;
}
@Override
--
2.9.4

22
codegen.bash Executable file
View File

@ -0,0 +1,22 @@
#!/bin/bash
for type in byte char short int long; do
case $type in
int) object=Integer ;;
char) object=Character ;;
*) object=${type^} ;;
esac
hash='(int) key'
if [ $type = long ]; then
hash='(int) (key ^ (key >>> 32))'
fi
mkdir -p target/generated-sources/collections/java
for file in `find src/main/templates -name '*.template'`; do
filename=$(basename $file | sed "s/K/${type^}/;s/\.template/.java/")
sed -e "s/@k@/${type}/g" \
-e "s/@K@/${type^}/g" \
-e "s/@O@/${object}/g" \
-e "s/@KEY_NUMBER_METHOD@/${type}Value/g" \
-e "s/@HASH_CODE@/${hash}/g" \
$file > target/generated-sources/collections/java/$filename
done
done

84
netty.spec
View File

@ -6,14 +6,19 @@
%bcond_with jp_minimal
Name: netty
Version: 4.0.42
Release: 7%{?dist}
Version: 4.1.13
Release: 1%{?dist}
Summary: An asynchronous event-driven network application framework and tools for Java
License: ASL 2.0
URL: https://netty.io/
Source0: https://github.com/netty/netty/archive/netty-%{namedversion}.tar.gz
# Upsteam uses a simple template generator script written in groovy and run with gmaven
# We don't have the plugin and want to avoid groovy dependency
# This script is written in bash+sed and performs the same task
Source1: codegen.bash
Patch0: 0001-Remove-OpenSSL-parts-depending-on-tcnative.patch
Patch1: 0002-Remove-NPN-ALPN.patch
Patch1: 0002-Remove-NPN.patch
Patch2: 0003-Remove-conscrypt-ALPN.patch
BuildRequires: maven-local
BuildRequires: mvn(ant-contrib:ant-contrib)
@ -25,14 +30,22 @@ BuildRequires: mvn(org.apache.felix:maven-bundle-plugin)
BuildRequires: mvn(org.apache.logging.log4j:log4j-api)
BuildRequires: mvn(org.apache.maven.plugins:maven-antrun-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-dependency-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-remote-resources-plugin)
BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin)
BuildRequires: mvn(org.codehaus.mojo:exec-maven-plugin)
BuildRequires: mvn(org.eclipse.jetty.alpn:alpn-api)
BuildRequires: mvn(org.fusesource.hawtjni:maven-hawtjni-plugin)
BuildRequires: mvn(org.javassist:javassist)
BuildRequires: mvn(org.jctools:jctools-core)
BuildRequires: mvn(org.slf4j:slf4j-api)
BuildRequires: mvn(org.sonatype.oss:oss-parent:pom:)
%if %{without jp_minimal}
BuildRequires: mvn(com.fasterxml:aalto-xml)
BuildRequires: mvn(com.github.jponge:lzma-java)
BuildRequires: mvn(com.google.protobuf.nano:protobuf-javanano)
BuildRequires: mvn(com.google.protobuf:protobuf-java)
BuildRequires: mvn(com.ning:compress-lzf)
BuildRequires: mvn(net.jpountz.lz4:lz4)
BuildRequires: mvn(org.bouncycastle:bcpkix-jdk15on)
BuildRequires: mvn(org.jboss.marshalling:jboss-marshalling)
%endif
@ -62,6 +75,7 @@ Summary: API documentation for %{name}
%patch0 -p1
%patch1 -p1
%patch2 -p1
# Missing Mavenized rxtx
%pom_disable_module "transport-rxtx"
@ -74,41 +88,76 @@ Summary: API documentation for %{name}
%pom_disable_module "example"
%pom_remove_dep ":netty-example" all
%pom_disable_module "testsuite"
%pom_disable_module "testsuite-autobahn"
%pom_disable_module "testsuite-osgi"
%pom_disable_module "tarball"
%pom_disable_module "microbench"
%pom_remove_plugin :maven-checkstyle-plugin
%pom_remove_plugin :animal-sniffer-maven-plugin
%pom_remove_plugin :maven-enforcer-plugin
%pom_xpath_inject 'pom:plugin[pom:artifactId="maven-remote-resources-plugin"]' '
<dependencies>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-dev-tools</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>'
%pom_remove_plugin :maven-antrun-plugin
# get-jetty-alpn-agent
%pom_remove_plugin :maven-dependency-plugin
%pom_remove_plugin :maven-shade-plugin
%pom_remove_plugin :maven-shade-plugin common
# style checker
%pom_remove_plugin :xml-maven-plugin
%pom_remove_plugin -r :maven-checkstyle-plugin
%pom_remove_plugin -r :animal-sniffer-maven-plugin
%pom_remove_plugin -r :maven-enforcer-plugin
%pom_remove_plugin -r :maven-shade-plugin
%pom_remove_plugin -r :maven-release-plugin
%pom_remove_plugin -r :maven-clean-plugin
%pom_remove_plugin -r :maven-source-plugin
%pom_remove_plugin -r :maven-deploy-plugin
%pom_remove_plugin -r :maven-jxr-plugin
%pom_remove_plugin -r :maven-javadoc-plugin
# Optional things we don't ship
%pom_remove_dep ":\${tcnative.artifactId}"
%pom_remove_dep ":\${tcnative.artifactId}" handler
%pom_remove_dep "org.eclipse.jetty.npn:npn-api"
%pom_remove_dep "org.eclipse.jetty.npn:npn-api" handler
%pom_remove_dep "org.eclipse.jetty.alpn:alpn-api"
%pom_remove_dep "org.eclipse.jetty.alpn:alpn-api" handler
%pom_remove_plugin -r :forbiddenapis
cp %{SOURCE1} common/codegen.bash
%pom_add_plugin org.codehaus.mojo:exec-maven-plugin common '
<executions>
<execution>
<id>generate-collections</id>
<phase>generate-sources</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>common/codegen.bash</executable>
</configuration>
</execution>
</executions>
'
%pom_remove_plugin :groovy-maven-plugin common
%if %{with jp_minimal}
%pom_remove_dep -r "com.google.protobuf:protobuf-java"
%pom_remove_dep -r "com.google.protobuf.nano:protobuf-javanano"
rm codec/src/main/java/io/netty/handler/codec/protobuf/*
sed -i '/import.*protobuf/d' codec/src/main/java/io/netty/handler/codec/DatagramPacket*.java
%pom_remove_dep -r "org.jboss.marshalling:jboss-marshalling"
rm codec/src/main/java/io/netty/handler/codec/marshalling/*
%pom_remove_dep -r org.bouncycastle
rm handler/src/main/java/io/netty/handler/ssl/util/BouncyCastleSelfSignedCertGenerator.java
sed -i '/BouncyCastleSelfSignedCertGenerator/s/.*/throw new UnsupportedOperationException();/' \
handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
%endif
%pom_remove_dep -r com.fasterxml:aalto-xml
%pom_disable_module codec-xml
%pom_remove_dep :netty-codec-xml all
%pom_remove_dep -r com.github.jponge:lzma-java
rm codec/src/*/java/io/netty/handler/codec/compression/Lzma*.java
%pom_remove_dep -r com.ning:compress-lzf
rm codec/src/*/java/io/netty/handler/codec/compression/Lzf*.java
%pom_remove_dep -r net.jpountz.lz4:lz4
rm codec/src/*/java/io/netty/handler/codec/compression/Lz4*.java
%endif # jp_minimal
sed -i 's|taskdef|taskdef classpathref="maven.plugin.classpath"|' all/pom.xml
@ -137,6 +186,9 @@ export CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS"
%doc LICENSE.txt NOTICE.txt
%changelog
* Mon Aug 14 2017 Michael Simacek <msimacek@redhat.com> - 4.1.13-1
- Update to upstream version 4.1.13
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.42-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
1259f8126350883c5770bd26a6896fc0 netty-4.0.42.Final.tar.gz
SHA512 (netty-4.1.13.Final.tar.gz) = f0a269adf5b6552eb2f0f12614c2093e0ccfd5a5bb38521dcf39c3827160c8983adcfe1bbcf93a24e71506e323ae723a837621046657fec0df50c59a07aee54c