From f7b8e27b5f55c4a21cf84fb56a616b8bfd4af8da Mon Sep 17 00:00:00 2001 From: Michael Simacek Date: Fri, 7 Jul 2017 16:07:23 +0200 Subject: [PATCH 2/3] Remove NPN --- handler/pom.xml | 5 - .../ssl/JdkNpnApplicationProtocolNegotiator.java | 120 -------------------- .../java/io/netty/handler/ssl/JdkSslContext.java | 30 ----- .../io/netty/handler/ssl/JettyNpnSslEngine.java | 122 --------------------- .../io/netty/handler/ssl/JdkSslEngineTest.java | 2 +- 5 files changed, 1 insertion(+), 278 deletions(-) delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java diff --git a/handler/pom.xml b/handler/pom.xml index d0ed1bc..52e63ca 100644 --- a/handler/pom.xml +++ b/handler/pom.xml @@ -55,11 +55,6 @@ true - org.eclipse.jetty.npn - npn-api - true - - org.eclipse.jetty.alpn alpn-api true diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java deleted file mode 100644 index 06b29b7..0000000 --- a/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright 2014 The Netty Project - * - * The Netty Project licenses this file to you under the Apache License, - * version 2.0 (the "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. - */ -package io.netty.handler.ssl; - -import javax.net.ssl.SSLEngine; - -/** - * The {@link JdkApplicationProtocolNegotiator} to use if you need NPN and are using {@link SslProvider#JDK}. - */ -public final class JdkNpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator { - private static final SslEngineWrapperFactory NPN_WRAPPER = new SslEngineWrapperFactory() { - { - if (!JettyNpnSslEngine.isAvailable()) { - throw new RuntimeException("NPN unsupported. Is your classpath configured correctly?" - + " See https://wiki.eclipse.org/Jetty/Feature/NPN"); - } - } - - @Override - public SSLEngine wrapSslEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator, - boolean isServer) { - return new JettyNpnSslEngine(engine, applicationNegotiator, isServer); - } - }; - - /** - * Create a new instance. - * @param protocols The order of iteration determines the preference of support for protocols. - */ - public JdkNpnApplicationProtocolNegotiator(Iterable protocols) { - this(false, protocols); - } - - /** - * Create a new instance. - * @param protocols The order of iteration determines the preference of support for protocols. - */ - public JdkNpnApplicationProtocolNegotiator(String... protocols) { - this(false, protocols); - } - - /** - * Create a new instance. - * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected. - * @param protocols The order of iteration determines the preference of support for protocols. - */ - public JdkNpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, Iterable protocols) { - this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols); - } - - /** - * Create a new instance. - * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected. - * @param protocols The order of iteration determines the preference of support for protocols. - */ - public JdkNpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, String... protocols) { - this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols); - } - - /** - * Create a new instance. - * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected. - * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected. - * @param protocols The order of iteration determines the preference of support for protocols. - */ - public JdkNpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols, - boolean serverFailIfNoCommonProtocols, Iterable protocols) { - this(clientFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY, - serverFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY, - protocols); - } - - /** - * Create a new instance. - * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected. - * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected. - * @param protocols The order of iteration determines the preference of support for protocols. - */ - public JdkNpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols, - boolean serverFailIfNoCommonProtocols, String... protocols) { - this(clientFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY, - serverFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY, - protocols); - } - - /** - * Create a new instance. - * @param selectorFactory The factory which provides classes responsible for selecting the protocol. - * @param listenerFactory The factory which provides to be notified of which protocol was selected. - * @param protocols The order of iteration determines the preference of support for protocols. - */ - public JdkNpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory, - ProtocolSelectionListenerFactory listenerFactory, Iterable protocols) { - super(NPN_WRAPPER, selectorFactory, listenerFactory, protocols); - } - - /** - * Create a new instance. - * @param selectorFactory The factory which provides classes responsible for selecting the protocol. - * @param listenerFactory The factory which provides to be notified of which protocol was selected. - * @param protocols The order of iteration determines the preference of support for protocols. - */ - public JdkNpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory, - ProtocolSelectionListenerFactory listenerFactory, String... protocols) { - super(NPN_WRAPPER, selectorFactory, listenerFactory, protocols); - } -} diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java index 0ad6639..d5b86ff 100644 --- a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java +++ b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java @@ -288,47 +288,17 @@ public class JdkSslContext extends SslContext { case ALPN: if (isServer) { switch(config.selectorFailureBehavior()) { - case FATAL_ALERT: - return new JdkAlpnApplicationProtocolNegotiator(true, config.supportedProtocols()); - case NO_ADVERTISE: - return new JdkAlpnApplicationProtocolNegotiator(false, config.supportedProtocols()); default: throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ") .append(config.selectorFailureBehavior()).append(" failure behavior").toString()); } } else { switch(config.selectedListenerFailureBehavior()) { - case ACCEPT: - return new JdkAlpnApplicationProtocolNegotiator(false, config.supportedProtocols()); - case FATAL_ALERT: - return new JdkAlpnApplicationProtocolNegotiator(true, config.supportedProtocols()); default: throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ") .append(config.selectedListenerFailureBehavior()).append(" failure behavior").toString()); } } - case NPN: - if (isServer) { - switch(config.selectedListenerFailureBehavior()) { - case ACCEPT: - return new JdkNpnApplicationProtocolNegotiator(false, config.supportedProtocols()); - case FATAL_ALERT: - return new JdkNpnApplicationProtocolNegotiator(true, config.supportedProtocols()); - default: - throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ") - .append(config.selectedListenerFailureBehavior()).append(" failure behavior").toString()); - } - } else { - switch(config.selectorFailureBehavior()) { - case FATAL_ALERT: - return new JdkNpnApplicationProtocolNegotiator(true, config.supportedProtocols()); - case NO_ADVERTISE: - return new JdkNpnApplicationProtocolNegotiator(false, config.supportedProtocols()); - default: - throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ") - .append(config.selectorFailureBehavior()).append(" failure behavior").toString()); - } - } default: throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ") .append(config.protocol()).append(" protocol").toString()); diff --git a/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java deleted file mode 100644 index 77e7366..0000000 --- a/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright 2014 The Netty Project - * - * The Netty Project licenses this file to you under the Apache License, - * version 2.0 (the "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. - */ - -package io.netty.handler.ssl; - -import static io.netty.util.internal.ObjectUtil.checkNotNull; -import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener; -import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector; -import io.netty.util.internal.PlatformDependent; - -import java.util.LinkedHashSet; -import java.util.List; - -import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLException; - -import org.eclipse.jetty.npn.NextProtoNego; -import org.eclipse.jetty.npn.NextProtoNego.ClientProvider; -import org.eclipse.jetty.npn.NextProtoNego.ServerProvider; - -final class JettyNpnSslEngine extends JdkSslEngine { - private static boolean available; - - static boolean isAvailable() { - updateAvailability(); - return available; - } - - private static void updateAvailability() { - if (available) { - return; - } - try { - // Always use bootstrap class loader. - Class.forName("sun.security.ssl.NextProtoNegoExtension", true, null); - available = true; - } catch (Exception ignore) { - // npn-boot was not loaded. - } - } - - JettyNpnSslEngine(SSLEngine engine, final JdkApplicationProtocolNegotiator applicationNegotiator, boolean server) { - super(engine); - checkNotNull(applicationNegotiator, "applicationNegotiator"); - - if (server) { - final ProtocolSelectionListener protocolListener = checkNotNull(applicationNegotiator - .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()), - "protocolListener"); - NextProtoNego.put(engine, new ServerProvider() { - @Override - public void unsupported() { - protocolListener.unsupported(); - } - - @Override - public List protocols() { - return applicationNegotiator.protocols(); - } - - @Override - public void protocolSelected(String protocol) { - try { - protocolListener.selected(protocol); - } catch (Throwable t) { - PlatformDependent.throwException(t); - } - } - }); - } else { - final ProtocolSelector protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory() - .newSelector(this, new LinkedHashSet(applicationNegotiator.protocols())), - "protocolSelector"); - NextProtoNego.put(engine, new ClientProvider() { - @Override - public boolean supports() { - return true; - } - - @Override - public void unsupported() { - protocolSelector.unsupported(); - } - - @Override - public String selectProtocol(List protocols) { - try { - return protocolSelector.select(protocols); - } catch (Throwable t) { - PlatformDependent.throwException(t); - return null; - } - } - }); - } - } - - @Override - public void closeInbound() throws SSLException { - NextProtoNego.remove(getWrappedEngine()); - super.closeInbound(); - } - - @Override - public void closeOutbound() { - NextProtoNego.remove(getWrappedEngine()); - super.closeOutbound(); - } -} diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java index d6cd94d..4489b16 100644 --- a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java @@ -46,7 +46,7 @@ public class JdkSslEngineTest extends SSLEngineTest { NPN_DEFAULT { @Override boolean isAvailable() { - return JettyNpnSslEngine.isAvailable(); + return false; } @Override -- 2.9.4