Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:Update
netty.28292
0002-Remove-optional-dep-conscrypt.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0002-Remove-optional-dep-conscrypt.patch of Package netty.28292
From 83d9d64a1dddcde06fe234103c9d457f6c829ef0 Mon Sep 17 00:00:00 2001 From: Mat Booth <mat.booth@redhat.com> Date: Mon, 7 Sep 2020 13:24:30 +0100 Subject: [PATCH 2/7] Remove optional dep conscrypt --- handler/pom.xml | 6 - .../java/io/netty/handler/ssl/Conscrypt.java | 75 ------- .../handler/ssl/ConscryptAlpnSslEngine.java | 196 ------------------ .../JdkAlpnApplicationProtocolNegotiator.java | 11 +- .../java/io/netty/handler/ssl/SslHandler.java | 46 +--- pom.xml | 10 - 6 files changed, 2 insertions(+), 342 deletions(-) delete mode 100644 handler/src/main/java/io/netty/handler/ssl/Conscrypt.java delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java diff --git a/handler/pom.xml b/handler/pom.xml index 629458d6c6..635808eabe 100644 --- a/handler/pom.xml +++ b/handler/pom.xml @@ -96,12 +96,6 @@ <artifactId>alpn-api</artifactId> <optional>true</optional> </dependency> - <dependency> - <groupId>${conscrypt.groupId}</groupId> - <artifactId>${conscrypt.artifactId}</artifactId> - <classifier>${conscrypt.classifier}</classifier> - <optional>true</optional> - </dependency> <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId> diff --git a/handler/src/main/java/io/netty/handler/ssl/Conscrypt.java b/handler/src/main/java/io/netty/handler/ssl/Conscrypt.java deleted file mode 100644 index c5af3fd39a..0000000000 --- a/handler/src/main/java/io/netty/handler/ssl/Conscrypt.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright 2017 The Netty Project - * - * The Netty Project licenses this file to you under the Apache License, - * version 2.0 (the "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at: - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. - */ -package io.netty.handler.ssl; - -import io.netty.util.internal.PlatformDependent; - -import javax.net.ssl.SSLEngine; -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; - -/** - * Contains methods that can be used to detect if conscrypt is usable. - */ -final class Conscrypt { - // This class exists to avoid loading other conscrypt related classes using features only available in JDK8+, - // because we need to maintain JDK6+ runtime compatibility. - private static final Method IS_CONSCRYPT_SSLENGINE; - - static { - Method isConscryptSSLEngine = null; - - if ((PlatformDependent.javaVersion() >= 8 && - // Only works on Java14 and earlier for now - // See https://github.com/google/conscrypt/issues/838 - PlatformDependent.javaVersion() < 15) || PlatformDependent.isAndroid()) { - try { - Class<?> providerClass = Class.forName("org.conscrypt.OpenSSLProvider", true, - PlatformDependent.getClassLoader(ConscryptAlpnSslEngine.class)); - providerClass.newInstance(); - - Class<?> conscryptClass = Class.forName("org.conscrypt.Conscrypt", true, - PlatformDependent.getClassLoader(ConscryptAlpnSslEngine.class)); - isConscryptSSLEngine = conscryptClass.getMethod("isConscrypt", SSLEngine.class); - } catch (Throwable ignore) { - // ignore - } - } - IS_CONSCRYPT_SSLENGINE = isConscryptSSLEngine; - } - - /** - * Indicates whether or not conscrypt is available on the current system. - */ - static boolean isAvailable() { - return IS_CONSCRYPT_SSLENGINE != null; - } - - /** - * Returns {@code true} if the passed in {@link SSLEngine} is handled by Conscrypt, {@code false} otherwise. - */ - static boolean isEngineSupported(SSLEngine engine) { - try { - return IS_CONSCRYPT_SSLENGINE != null && (Boolean) IS_CONSCRYPT_SSLENGINE.invoke(null, engine); - } catch (IllegalAccessException ignore) { - return false; - } catch (InvocationTargetException ex) { - throw new RuntimeException(ex); - } - } - - private Conscrypt() { } -} diff --git a/handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java deleted file mode 100644 index 3bc955ca09..0000000000 --- a/handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java +++ /dev/null @@ -1,196 +0,0 @@ -/* - * Copyright 2017 The Netty Project - * - * The Netty Project licenses this file to you under the Apache License, - * version 2.0 (the "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at: - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. - */ -package io.netty.handler.ssl; - -import static io.netty.handler.ssl.SslUtils.toSSLHandshakeException; -import static io.netty.util.internal.ObjectUtil.checkNotNull; -import static java.lang.Math.min; - -import io.netty.buffer.ByteBuf; -import io.netty.buffer.ByteBufAllocator; -import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener; -import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector; -import java.nio.ByteBuffer; -import java.util.Collections; -import java.util.LinkedHashSet; -import java.util.List; -import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLEngineResult; -import javax.net.ssl.SSLException; - -import io.netty.util.internal.SystemPropertyUtil; -import org.conscrypt.AllocatedBuffer; -import org.conscrypt.BufferAllocator; -import org.conscrypt.Conscrypt; -import org.conscrypt.HandshakeListener; - -/** - * A {@link JdkSslEngine} that uses the Conscrypt provider or SSL with ALPN. - */ -abstract class ConscryptAlpnSslEngine extends JdkSslEngine { - private static final boolean USE_BUFFER_ALLOCATOR = SystemPropertyUtil.getBoolean( - "io.netty.handler.ssl.conscrypt.useBufferAllocator", true); - - static ConscryptAlpnSslEngine newClientEngine(SSLEngine engine, ByteBufAllocator alloc, - JdkApplicationProtocolNegotiator applicationNegotiator) { - return new ClientEngine(engine, alloc, applicationNegotiator); - } - - static ConscryptAlpnSslEngine newServerEngine(SSLEngine engine, ByteBufAllocator alloc, - JdkApplicationProtocolNegotiator applicationNegotiator) { - return new ServerEngine(engine, alloc, applicationNegotiator); - } - - private ConscryptAlpnSslEngine(SSLEngine engine, ByteBufAllocator alloc, List<String> protocols) { - super(engine); - - // Configure the Conscrypt engine to use Netty's buffer allocator. This is a trade-off of memory vs - // performance. - // - // If no allocator is provided, the engine will internally allocate a direct buffer of max packet size in - // order to optimize JNI calls (this happens the first time it is provided a non-direct buffer from the - // application). - // - // Alternatively, if an allocator is provided, no internal buffer will be created and direct buffers will be - // retrieved from the allocator on-demand. - if (USE_BUFFER_ALLOCATOR) { - Conscrypt.setBufferAllocator(engine, new BufferAllocatorAdapter(alloc)); - } - - // Set the list of supported ALPN protocols on the engine. - Conscrypt.setApplicationProtocols(engine, protocols.toArray(new String[0])); - } - - /** - * Calculates the maximum size of the encrypted output buffer required to wrap the given plaintext bytes. Assumes - * as a worst case that there is one TLS record per buffer. - * - * @param plaintextBytes the number of plaintext bytes to be wrapped. - * @param numBuffers the number of buffers that the plaintext bytes are spread across. - * @return the maximum size of the encrypted output buffer required for the wrap operation. - */ - final int calculateOutNetBufSize(int plaintextBytes, int numBuffers) { - // Assuming a max of one frame per component in a composite buffer. - long maxOverhead = (long) Conscrypt.maxSealOverhead(getWrappedEngine()) * numBuffers; - // TODO(nmittler): update this to use MAX_ENCRYPTED_PACKET_LENGTH instead of Integer.MAX_VALUE - return (int) min(Integer.MAX_VALUE, plaintextBytes + maxOverhead); - } - - final SSLEngineResult unwrap(ByteBuffer[] srcs, ByteBuffer[] dests) throws SSLException { - return Conscrypt.unwrap(getWrappedEngine(), srcs, dests); - } - - private static final class ClientEngine extends ConscryptAlpnSslEngine { - private final ProtocolSelectionListener protocolListener; - - ClientEngine(SSLEngine engine, ByteBufAllocator alloc, - JdkApplicationProtocolNegotiator applicationNegotiator) { - super(engine, alloc, applicationNegotiator.protocols()); - // Register for completion of the handshake. - Conscrypt.setHandshakeListener(engine, new HandshakeListener() { - @Override - public void onHandshakeFinished() throws SSLException { - selectProtocol(); - } - }); - - protocolListener = checkNotNull(applicationNegotiator - .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()), - "protocolListener"); - } - - private void selectProtocol() throws SSLException { - String protocol = Conscrypt.getApplicationProtocol(getWrappedEngine()); - try { - protocolListener.selected(protocol); - } catch (Throwable e) { - throw toSSLHandshakeException(e); - } - } - } - - private static final class ServerEngine extends ConscryptAlpnSslEngine { - private final ProtocolSelector protocolSelector; - - ServerEngine(SSLEngine engine, ByteBufAllocator alloc, - JdkApplicationProtocolNegotiator applicationNegotiator) { - super(engine, alloc, applicationNegotiator.protocols()); - - // Register for completion of the handshake. - Conscrypt.setHandshakeListener(engine, new HandshakeListener() { - @Override - public void onHandshakeFinished() throws SSLException { - selectProtocol(); - } - }); - - protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory() - .newSelector(this, - new LinkedHashSet<String>(applicationNegotiator.protocols())), - "protocolSelector"); - } - - private void selectProtocol() throws SSLException { - try { - String protocol = Conscrypt.getApplicationProtocol(getWrappedEngine()); - protocolSelector.select(protocol != null ? Collections.singletonList(protocol) - : Collections.<String>emptyList()); - } catch (Throwable e) { - throw toSSLHandshakeException(e); - } - } - } - - private static final class BufferAllocatorAdapter extends BufferAllocator { - private final ByteBufAllocator alloc; - - BufferAllocatorAdapter(ByteBufAllocator alloc) { - this.alloc = alloc; - } - - @Override - public AllocatedBuffer allocateDirectBuffer(int capacity) { - return new BufferAdapter(alloc.directBuffer(capacity)); - } - } - - private static final class BufferAdapter extends AllocatedBuffer { - private final ByteBuf nettyBuffer; - private final ByteBuffer buffer; - - BufferAdapter(ByteBuf nettyBuffer) { - this.nettyBuffer = nettyBuffer; - buffer = nettyBuffer.nioBuffer(0, nettyBuffer.capacity()); - } - - @Override - public ByteBuffer nioBuffer() { - return buffer; - } - - @Override - public AllocatedBuffer retain() { - nettyBuffer.retain(); - return this; - } - - @Override - public AllocatedBuffer release() { - nettyBuffer.release(); - return this; - } - } -} diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java index 9eb8f15d14..b5715e87ff 100644 --- a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java +++ b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java @@ -26,8 +26,7 @@ import javax.net.ssl.SSLEngine; */ @Deprecated public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator { - private static final boolean AVAILABLE = Conscrypt.isAvailable() || - JdkAlpnSslUtils.supportsAlpn() || + private static final boolean AVAILABLE = JdkAlpnSslUtils.supportsAlpn() || JettyAlpnSslEngine.isAvailable() || BouncyCastle.isAvailable(); @@ -120,7 +119,6 @@ public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicati public SSLEngine wrapSslEngine(SSLEngine engine, ByteBufAllocator alloc, JdkApplicationProtocolNegotiator applicationNegotiator, boolean isServer) { throw new RuntimeException("ALPN unsupported. Is your classpath configured correctly?" - + " For Conscrypt, add the appropriate Conscrypt JAR to classpath and set the security provider." + " For Jetty-ALPN, see " + "https://www.eclipse.org/jetty/documentation/current/alpn-chapter.html#alpn-starting"); } @@ -130,13 +128,6 @@ public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicati @Override public SSLEngine wrapSslEngine(SSLEngine engine, ByteBufAllocator alloc, JdkApplicationProtocolNegotiator applicationNegotiator, boolean isServer) { - if (Conscrypt.isEngineSupported(engine)) { - return isServer ? ConscryptAlpnSslEngine.newServerEngine(engine, alloc, applicationNegotiator) - : ConscryptAlpnSslEngine.newClientEngine(engine, alloc, applicationNegotiator); - } - if (BouncyCastle.isInUse(engine)) { - return new BouncyCastleAlpnSslEngine(engine, applicationNegotiator, isServer); - } // ALPN support was recently backported to Java8 as // https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8230977. // Because of this lets not do a Java version runtime check but just depend on if the required methods are diff --git a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java index 83ce18e747..09b0368b58 100644 --- a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java +++ b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java @@ -245,49 +245,6 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH return ((ReferenceCountedOpenSslEngine) engine).jdkCompatibilityMode; } }, - CONSCRYPT(true, COMPOSITE_CUMULATOR) { - @Override - SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int len, ByteBuf out) throws SSLException { - int nioBufferCount = in.nioBufferCount(); - int writerIndex = out.writerIndex(); - final SSLEngineResult result; - if (nioBufferCount > 1) { - /* - * Use a special unwrap method without additional memory copies. - */ - try { - handler.singleBuffer[0] = toByteBuffer(out, writerIndex, out.writableBytes()); - result = ((ConscryptAlpnSslEngine) handler.engine).unwrap( - in.nioBuffers(in.readerIndex(), len), - handler.singleBuffer); - } finally { - handler.singleBuffer[0] = null; - } - } else { - result = handler.engine.unwrap(toByteBuffer(in, in.readerIndex(), len), - toByteBuffer(out, writerIndex, out.writableBytes())); - } - out.writerIndex(writerIndex + result.bytesProduced()); - return result; - } - - @Override - ByteBuf allocateWrapBuffer(SslHandler handler, ByteBufAllocator allocator, - int pendingBytes, int numComponents) { - return allocator.directBuffer( - ((ConscryptAlpnSslEngine) handler.engine).calculateOutNetBufSize(pendingBytes, numComponents)); - } - - @Override - int calculatePendingData(SslHandler handler, int guess) { - return guess; - } - - @Override - boolean jdkCompatibilityMode(SSLEngine engine) { - return true; - } - }, JDK(false, MERGE_CUMULATOR) { @Override SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int len, ByteBuf out) throws SSLException { @@ -339,8 +296,7 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH }; static SslEngineType forEngine(SSLEngine engine) { - return engine instanceof ReferenceCountedOpenSslEngine ? TCNATIVE : - engine instanceof ConscryptAlpnSslEngine ? CONSCRYPT : JDK; + return engine instanceof ReferenceCountedOpenSslEngine ? TCNATIVE : JDK; } SslEngineType(boolean wantsDirectBuffer, Cumulator cumulator) { diff --git a/pom.xml b/pom.xml index 3b30f067b4..ad606747ad 100644 --- a/pom.xml +++ b/pom.xml @@ -771,16 +771,6 @@ <optional>true</optional> </dependency> - <!-- Conscrypt - needed for running tests, used for accelerating SSL with OpenSSL. --> - <dependency> - <groupId>${conscrypt.groupId}</groupId> - <artifactId>${conscrypt.artifactId}</artifactId> - <classifier>${conscrypt.classifier}</classifier> - <version>${conscrypt.version}</version> - <scope>compile</scope> - <optional>true</optional> - </dependency> - <!-- Bouncy Castle - completely optional, only needed when: - you generate a temporary self-signed certificate using SelfSignedCertificate, and -- 2.40.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
