From 9efbae42cf5f37972e5783bc3fa8e230152f8e73 Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Mon, 29 Sep 2025 07:11:02 +0000 Subject: automatic import of netty --- .gitignore | 2 + 0001-Remove-optional-dep-Blockhound.patch | 1177 ++++++++++++++++++++ 0002-Remove-optional-dep-conscrypt.patch | 459 ++++++++ 0003-Remove-optional-deps-jetty-alpn-and-npn.patch | 403 +++++++ 0004-Disable-Brotli-and-ZStd-compression.patch | 513 +++++++++ codegen.bash | 22 + fix-strip.patch | 14 + netty.spec | 295 +++++ no-werror.patch | 56 + reproducible.patch | 13 + sources | 2 + 11 files changed, 2956 insertions(+) create mode 100644 0001-Remove-optional-dep-Blockhound.patch create mode 100644 0002-Remove-optional-dep-conscrypt.patch create mode 100644 0003-Remove-optional-deps-jetty-alpn-and-npn.patch create mode 100644 0004-Disable-Brotli-and-ZStd-compression.patch create mode 100755 codegen.bash create mode 100644 fix-strip.patch create mode 100644 netty.spec create mode 100644 no-werror.patch create mode 100644 reproducible.patch create mode 100644 sources diff --git a/.gitignore b/.gitignore index e69de29..d1961de 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,2 @@ +/netty-4.1.126.Final.tar.gz +/netty-jni-util-0.0.9.Final-sources.jar diff --git a/0001-Remove-optional-dep-Blockhound.patch b/0001-Remove-optional-dep-Blockhound.patch new file mode 100644 index 0000000..d870092 --- /dev/null +++ b/0001-Remove-optional-dep-Blockhound.patch @@ -0,0 +1,1177 @@ +From 36ea49fb9506d63fa4198b30b22bc33adc9c74d7 Mon Sep 17 00:00:00 2001 +From: Mat Booth +Date: Mon, 7 Sep 2020 12:17:31 +0100 +Subject: [PATCH 1/4] Remove optional dep Blockhound + +--- + common/pom.xml | 5 - + .../java/io/netty/util/internal/Hidden.java | 200 ------ + ...ockhound.integration.BlockHoundIntegration | 14 - + pom.xml | 8 - + transport-blockhound-tests/pom.xml | 219 ------- + .../NettyBlockHoundIntegrationTest.java | 568 ------------------ + .../netty/util/internal/localhost_server.key | 28 - + .../netty/util/internal/localhost_server.pem | 17 - + .../io/netty/util/internal/mutual_auth_ca.pem | 19 - + 9 files changed, 1078 deletions(-) + delete mode 100644 common/src/main/java/io/netty/util/internal/Hidden.java + delete mode 100644 common/src/main/resources/META-INF/services/reactor.blockhound.integration.BlockHoundIntegration + delete mode 100644 transport-blockhound-tests/pom.xml + delete mode 100644 transport-blockhound-tests/src/test/java/io/netty/util/internal/NettyBlockHoundIntegrationTest.java + delete mode 100644 transport-blockhound-tests/src/test/resources/io/netty/util/internal/localhost_server.key + delete mode 100644 transport-blockhound-tests/src/test/resources/io/netty/util/internal/localhost_server.pem + delete mode 100644 transport-blockhound-tests/src/test/resources/io/netty/util/internal/mutual_auth_ca.pem + +diff --git a/common/pom.xml b/common/pom.xml +index a70b4f3b18..eb83e339af 100644 +--- a/common/pom.xml ++++ b/common/pom.xml +@@ -82,11 +82,6 @@ + log4j-core + test + +- +- io.projectreactor.tools +- blockhound +- true +- + + org.mockito + mockito-core +diff --git a/common/src/main/java/io/netty/util/internal/Hidden.java b/common/src/main/java/io/netty/util/internal/Hidden.java +deleted file mode 100644 +index e227c90c7e..0000000000 +--- a/common/src/main/java/io/netty/util/internal/Hidden.java ++++ /dev/null +@@ -1,200 +0,0 @@ +-/* +- * Copyright 2019 The Netty Project +- * +- * The Netty Project licenses this file to you under the Apache License, +- * version 2.0 (the "License"); you may not use this file except in compliance +- * with the License. You may obtain a copy of the License at: +- * +- * https://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +- * License for the specific language governing permissions and limitations +- * under the License. +- */ +- +-package io.netty.util.internal; +- +-import io.netty.util.concurrent.FastThreadLocalThread; +-import reactor.blockhound.BlockHound; +-import reactor.blockhound.integration.BlockHoundIntegration; +- +-import java.util.function.Function; +-import java.util.function.Predicate; +- +-/** +- * Contains classes that must have public visibility but are not public API. +- */ +-class Hidden { +- +- /** +- * This class integrates Netty with BlockHound. +- *

+- * It is public but only because of the ServiceLoader's limitations +- * and SHOULD NOT be considered a public API. +- */ +- @UnstableApi +- @SuppressJava6Requirement(reason = "BlockHound is Java 8+, but this class is only loaded by it's SPI") +- public static final class NettyBlockHoundIntegration implements BlockHoundIntegration { +- +- @Override +- public void applyTo(BlockHound.Builder builder) { +- builder.allowBlockingCallsInside( +- "io.netty.channel.nio.NioEventLoop", +- "handleLoopException" +- ); +- +- builder.allowBlockingCallsInside( +- "io.netty.channel.kqueue.KQueueEventLoop", +- "handleLoopException" +- ); +- +- builder.allowBlockingCallsInside( +- "io.netty.channel.epoll.EpollEventLoop", +- "handleLoopException" +- ); +- +- builder.allowBlockingCallsInside( +- "io.netty.util.HashedWheelTimer", +- "start" +- ); +- +- builder.allowBlockingCallsInside( +- "io.netty.util.HashedWheelTimer", +- "stop" +- ); +- +- builder.allowBlockingCallsInside( +- "io.netty.util.HashedWheelTimer$Worker", +- "waitForNextTick" +- ); +- +- builder.allowBlockingCallsInside( +- "io.netty.util.concurrent.SingleThreadEventExecutor", +- "confirmShutdown" +- ); +- +- builder.allowBlockingCallsInside( +- "io.netty.buffer.PoolArena", +- "lock" +- ); +- +- builder.allowBlockingCallsInside( +- "io.netty.buffer.PoolSubpage", +- "lock" +- ); +- +- builder.allowBlockingCallsInside( +- "io.netty.buffer.PoolChunk", +- "allocateRun" +- ); +- +- builder.allowBlockingCallsInside( +- "io.netty.buffer.PoolChunk", +- "free" +- ); +- +- builder.allowBlockingCallsInside( +- "io.netty.buffer.AdaptivePoolingAllocator$1", +- "initialValue" +- ); +- +- builder.allowBlockingCallsInside( +- "io.netty.buffer.AdaptivePoolingAllocator$1", +- "onRemoval" +- ); +- +- builder.allowBlockingCallsInside( +- "io.netty.handler.ssl.SslHandler", +- "handshake" +- ); +- +- builder.allowBlockingCallsInside( +- "io.netty.handler.ssl.SslHandler", +- "runAllDelegatedTasks" +- ); +- builder.allowBlockingCallsInside( +- "io.netty.handler.ssl.SslHandler", +- "runDelegatedTasks" +- ); +- builder.allowBlockingCallsInside( +- "io.netty.util.concurrent.GlobalEventExecutor", +- "takeTask"); +- +- builder.allowBlockingCallsInside( +- "io.netty.util.concurrent.GlobalEventExecutor", +- "addTask"); +- +- builder.allowBlockingCallsInside( +- "io.netty.util.concurrent.SingleThreadEventExecutor", +- "takeTask"); +- +- builder.allowBlockingCallsInside( +- "io.netty.util.concurrent.SingleThreadEventExecutor", +- "addTask"); +- +- builder.allowBlockingCallsInside( +- "io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback", +- "verify"); +- +- builder.allowBlockingCallsInside( +- "io.netty.handler.ssl.JdkSslContext$Defaults", +- "init"); +- +- // Let's whitelist SSLEngineImpl.unwrap(...) for now as it may fail otherwise for TLS 1.3. +- // See https://mail.openjdk.java.net/pipermail/security-dev/2020-August/022271.html +- builder.allowBlockingCallsInside( +- "sun.security.ssl.SSLEngineImpl", +- "unwrap"); +- +- builder.allowBlockingCallsInside( +- "sun.security.ssl.SSLEngineImpl", +- "wrap"); +- +- builder.allowBlockingCallsInside( +- "io.netty.resolver.dns.UnixResolverDnsServerAddressStreamProvider", +- "parse"); +- +- builder.allowBlockingCallsInside( +- "io.netty.resolver.dns.UnixResolverDnsServerAddressStreamProvider", +- "parseEtcResolverSearchDomains"); +- +- builder.allowBlockingCallsInside( +- "io.netty.resolver.dns.UnixResolverDnsServerAddressStreamProvider", +- "parseEtcResolverOptions"); +- +- builder.allowBlockingCallsInside( +- "io.netty.resolver.HostsFileEntriesProvider$ParserImpl", +- "parse"); +- +- builder.allowBlockingCallsInside( +- "io.netty.util.NetUtil$SoMaxConnAction", +- "run"); +- +- builder.allowBlockingCallsInside("io.netty.util.internal.ReferenceCountUpdater", +- "retryRelease0"); +- +- builder.allowBlockingCallsInside("io.netty.util.internal.PlatformDependent", "createTempFile"); +- builder.nonBlockingThreadPredicate(new Function, Predicate>() { +- @Override +- public Predicate apply(final Predicate p) { +- return new Predicate() { +- @Override +- @SuppressJava6Requirement(reason = "Predicate#test") +- public boolean test(Thread thread) { +- return p.test(thread) || +- thread instanceof FastThreadLocalThread && +- !((FastThreadLocalThread) thread).permitBlockingCalls(); +- } +- }; +- } +- }); +- } +- +- @Override +- public int compareTo(BlockHoundIntegration o) { +- return 0; +- } +- } +-} +diff --git a/common/src/main/resources/META-INF/services/reactor.blockhound.integration.BlockHoundIntegration b/common/src/main/resources/META-INF/services/reactor.blockhound.integration.BlockHoundIntegration +deleted file mode 100644 +index e33bea796c..0000000000 +--- a/common/src/main/resources/META-INF/services/reactor.blockhound.integration.BlockHoundIntegration ++++ /dev/null +@@ -1,14 +0,0 @@ +-# Copyright 2019 The Netty Project +-# +-# The Netty Project licenses this file to you under the Apache License, +-# version 2.0 (the "License"); you may not use this file except in compliance +-# with the License. You may obtain a copy of the License at: +-# +-# https://www.apache.org/licenses/LICENSE-2.0 +-# +-# Unless required by applicable law or agreed to in writing, software +-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +-# License for the specific language governing permissions and limitations +-# under the License. +-io.netty.util.internal.Hidden$NettyBlockHoundIntegration +\ No newline at end of file +diff --git a/pom.xml b/pom.xml +index 0626fc25ec..5c5b5f8ef4 100644 +--- a/pom.xml ++++ b/pom.xml +@@ -839,7 +839,6 @@ + testsuite-native-image + testsuite-native-image-client + testsuite-native-image-client-runtime-init +- transport-blockhound-tests + microbench + bom + +@@ -1254,13 +1253,6 @@ + ${log4j2.version} + test + +- +- +- +- io.projectreactor.tools +- blockhound +- 1.0.13.RELEASE +- + + + +diff --git a/transport-blockhound-tests/pom.xml b/transport-blockhound-tests/pom.xml +deleted file mode 100644 +index d63f055214..0000000000 +--- a/transport-blockhound-tests/pom.xml ++++ /dev/null +@@ -1,219 +0,0 @@ +- +- +- +- +- 4.0.0 +- +- io.netty +- netty-parent +- 4.1.126.Final +- +- +- netty-transport-blockhound-tests +- jar +- +- Tests for the BlockHound integration. +- +- +- Netty/Transport/BlockHound/Tests +- +- +- +- java13 +- +- 13 +- +- +- -XX:+AllowRedefinitionToAddDeleteMethods +- +- +- +- java14 +- +- 14 +- +- +- -XX:+AllowRedefinitionToAddDeleteMethods +- +- +- +- java15 +- +- 15 +- +- +- -XX:+AllowRedefinitionToAddDeleteMethods +- +- +- +- java16 +- +- 16 +- +- +- -XX:+AllowRedefinitionToAddDeleteMethods +- +- +- +- java17 +- +- 17 +- +- +- -XX:+AllowRedefinitionToAddDeleteMethods +- +- +- +- java18 +- +- 18 +- +- +- -XX:+AllowRedefinitionToAddDeleteMethods +- +- +- +- java19 +- +- 19 +- +- +- -XX:+AllowRedefinitionToAddDeleteMethods +- +- +- +- java20 +- +- 20 +- +- +- -XX:+AllowRedefinitionToAddDeleteMethods +- +- +- +- java21 +- +- 21 +- +- +- -XX:+AllowRedefinitionToAddDeleteMethods +- +- +- +- java22 +- +- 22 +- +- +- -XX:+AllowRedefinitionToAddDeleteMethods +- +- +- +- java23 +- +- 23 +- +- +- -XX:+AllowRedefinitionToAddDeleteMethods +- +- +- +- java24 +- +- 24 +- +- +- -XX:+AllowRedefinitionToAddDeleteMethods +- +- +- +- java25 +- +- 25 +- +- +- -XX:+AllowRedefinitionToAddDeleteMethods -XX:+EnableDynamicAgentLoading +- +- +- +- +- +- 1.8 +- 1.8 +- +- --add-exports java.base/sun.security.x509=ALL-UNNAMED +- true +- +- true +- io.netty.transport_blockhound_tests +- +- +- +- +- ${project.groupId} +- netty-transport +- ${project.version} +- +- +- ${project.groupId} +- netty-handler +- ${project.version} +- +- +- ${project.groupId} +- netty-resolver-dns +- ${project.version} +- +- +- ${project.groupId} +- ${tcnative.artifactId} +- ${tcnative.classifier} +- true +- +- +- +- org.bouncycastle +- bcpkix-jdk15on +- true +- +- +- io.projectreactor.tools +- blockhound +- test +- +- +- org.junit.jupiter +- junit-jupiter-api +- test +- +- +- org.junit.jupiter +- junit-jupiter-engine +- test +- +- +- org.junit.jupiter +- junit-jupiter-params +- test +- +- +- org.assertj +- assertj-core +- test +- +- +- +diff --git a/transport-blockhound-tests/src/test/java/io/netty/util/internal/NettyBlockHoundIntegrationTest.java b/transport-blockhound-tests/src/test/java/io/netty/util/internal/NettyBlockHoundIntegrationTest.java +deleted file mode 100644 +index 403b97a418..0000000000 +--- a/transport-blockhound-tests/src/test/java/io/netty/util/internal/NettyBlockHoundIntegrationTest.java ++++ /dev/null +@@ -1,568 +0,0 @@ +-/* +- * Copyright 2019 The Netty Project +- +- * The Netty Project licenses this file to you under the Apache License, +- * version 2.0 (the "License"); you may not use this file except in compliance +- * with the License. You may obtain a copy of the License at: +- +- * https://www.apache.org/licenses/LICENSE-2.0 +- +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +- * License for the specific language governing permissions and limitations +- * under the License. +- */ +-package io.netty.util.internal; +- +-import io.netty.bootstrap.Bootstrap; +-import io.netty.bootstrap.ServerBootstrap; +-import io.netty.buffer.ByteBuf; +-import io.netty.buffer.PooledByteBufAllocator; +-import io.netty.buffer.UnpooledByteBufAllocator; +-import io.netty.channel.Channel; +-import io.netty.channel.ChannelFuture; +-import io.netty.channel.ChannelFutureListener; +-import io.netty.channel.ChannelHandlerContext; +-import io.netty.channel.ChannelInboundHandlerAdapter; +-import io.netty.channel.ChannelInitializer; +-import io.netty.channel.EventLoopGroup; +-import io.netty.channel.nio.NioEventLoopGroup; +-import io.netty.channel.socket.nio.NioDatagramChannel; +-import io.netty.channel.socket.nio.NioServerSocketChannel; +-import io.netty.channel.socket.nio.NioSocketChannel; +-import io.netty.handler.ssl.SslContext; +-import io.netty.handler.ssl.SslContextBuilder; +-import io.netty.handler.ssl.SslHandler; +-import io.netty.handler.ssl.SslHandshakeCompletionEvent; +-import io.netty.handler.ssl.SslProvider; +-import io.netty.handler.ssl.util.InsecureTrustManagerFactory; +-import io.netty.handler.ssl.util.SelfSignedCertificate; +-import io.netty.resolver.dns.DnsNameResolverBuilder; +-import io.netty.resolver.dns.DnsServerAddressStreamProviders; +-import io.netty.util.HashedWheelTimer; +-import io.netty.util.ReferenceCountUtil; +-import io.netty.util.concurrent.DefaultThreadFactory; +-import io.netty.util.concurrent.EventExecutor; +-import io.netty.util.concurrent.FastThreadLocalThread; +-import io.netty.util.concurrent.GlobalEventExecutor; +-import io.netty.util.concurrent.ImmediateEventExecutor; +-import io.netty.util.concurrent.ImmediateExecutor; +-import io.netty.util.concurrent.ScheduledFuture; +-import io.netty.util.concurrent.SingleThreadEventExecutor; +-import io.netty.util.internal.Hidden.NettyBlockHoundIntegration; +-import org.junit.jupiter.api.BeforeAll; +-import org.junit.jupiter.api.Test; +-import org.junit.jupiter.api.Timeout; +-import reactor.blockhound.BlockHound; +-import reactor.blockhound.BlockingOperationError; +-import reactor.blockhound.integration.BlockHoundIntegration; +- +-import java.net.InetSocketAddress; +-import java.util.ArrayList; +-import java.util.List; +-import java.util.Queue; +-import java.util.ServiceLoader; +-import java.util.concurrent.Callable; +-import java.util.concurrent.CountDownLatch; +-import java.util.concurrent.ExecutionException; +-import java.util.concurrent.Executor; +-import java.util.concurrent.ExecutorService; +-import java.util.concurrent.Executors; +-import java.util.concurrent.Future; +-import java.util.concurrent.FutureTask; +-import java.util.concurrent.LinkedBlockingQueue; +-import java.util.concurrent.TimeUnit; +-import java.util.concurrent.atomic.AtomicLong; +-import java.util.concurrent.atomic.AtomicReference; +-import java.util.concurrent.locks.ReentrantLock; +- +-import static io.netty.buffer.Unpooled.wrappedBuffer; +-import static org.junit.jupiter.api.Assertions.assertEquals; +-import static org.junit.jupiter.api.Assertions.assertInstanceOf; +-import static org.junit.jupiter.api.Assertions.assertNull; +-import static org.junit.jupiter.api.Assertions.assertTrue; +-import static org.junit.jupiter.api.Assertions.fail; +-import static org.junit.jupiter.api.Assumptions.assumeTrue; +- +-public class NettyBlockHoundIntegrationTest { +- +- @BeforeAll +- public static void setUpClass() { +- BlockHound.install(); +- } +- +- @Test +- public void testServiceLoader() { +- for (BlockHoundIntegration integration : ServiceLoader.load(BlockHoundIntegration.class)) { +- if (integration instanceof NettyBlockHoundIntegration) { +- return; +- } +- } +- +- fail("NettyBlockHoundIntegration cannot be loaded with ServiceLoader"); +- } +- +- @Test +- public void testBlockingCallsInNettyThreads() throws Exception { +- final FutureTask future = new FutureTask<>(() -> { +- Thread.sleep(0); +- return null; +- }); +- GlobalEventExecutor.INSTANCE.execute(future); +- +- try { +- future.get(5, TimeUnit.SECONDS); +- fail("Expected an exception due to a blocking call but none was thrown"); +- } catch (ExecutionException e) { +- assertInstanceOf(BlockingOperationError.class, e.getCause()); +- } +- } +- +- @Test +- @Timeout(value = 5000, unit = TimeUnit.MILLISECONDS) +- public void testGlobalEventExecutorTakeTask() throws InterruptedException { +- testEventExecutorTakeTask(GlobalEventExecutor.INSTANCE); +- } +- +- @Test +- @Timeout(value = 5000, unit = TimeUnit.MILLISECONDS) +- public void testSingleThreadEventExecutorTakeTask() throws InterruptedException { +- SingleThreadEventExecutor executor = +- new SingleThreadEventExecutor(null, new DefaultThreadFactory("test"), true) { +- @Override +- protected void run() { +- while (!confirmShutdown()) { +- Runnable task = takeTask(); +- if (task != null) { +- task.run(); +- } +- } +- } +- }; +- testEventExecutorTakeTask(executor); +- } +- +- private static void testEventExecutorTakeTask(EventExecutor eventExecutor) throws InterruptedException { +- CountDownLatch latch = new CountDownLatch(1); +- ScheduledFuture f = eventExecutor.schedule(latch::countDown, 10, TimeUnit.MILLISECONDS); +- f.sync(); +- latch.await(); +- } +- +- @Test +- @Timeout(value = 5000, unit = TimeUnit.MILLISECONDS) +- public void testSingleThreadEventExecutorAddTask() throws Exception { +- TestLinkedBlockingQueue taskQueue = new TestLinkedBlockingQueue<>(); +- SingleThreadEventExecutor executor = +- new SingleThreadEventExecutor(null, new DefaultThreadFactory("test"), true) { +- @Override +- protected Queue newTaskQueue(int maxPendingTasks) { +- return taskQueue; +- } +- +- @Override +- protected void run() { +- while (!confirmShutdown()) { +- Runnable task = takeTask(); +- if (task != null) { +- task.run(); +- } +- } +- } +- }; +- taskQueue.emulateContention(); +- CountDownLatch latch = new CountDownLatch(1); +- executor.submit(() -> { +- executor.execute(() -> { }); // calls addTask +- latch.countDown(); +- }); +- taskQueue.waitUntilContented(); +- taskQueue.removeContention(); +- latch.await(); +- } +- +- @Test +- void permittingBlockingCallsInFastThreadLocalThreadSubclass() throws Exception { +- final FutureTask future = new FutureTask<>(() -> { +- Thread.sleep(0); +- return null; +- }); +- FastThreadLocalThread thread = new FastThreadLocalThread(future) { +- @Override +- public boolean permitBlockingCalls() { +- return true; // The Thread.sleep(0) call should not be flagged because we allow blocking calls. +- } +- }; +- thread.start(); +- future.get(5, TimeUnit.SECONDS); +- thread.join(); +- } +- +- @Test +- @Timeout(value = 5000, unit = TimeUnit.MILLISECONDS) +- public void testHashedWheelTimerStartStop() throws Exception { +- HashedWheelTimer timer = new HashedWheelTimer(); +- Future futureStart = GlobalEventExecutor.INSTANCE.submit(timer::start); +- futureStart.get(5, TimeUnit.SECONDS); +- Future futureStop = GlobalEventExecutor.INSTANCE.submit(timer::stop); +- futureStop.get(5, TimeUnit.SECONDS); +- } +- +- // Tests copied from io.netty.handler.ssl.SslHandlerTest +- @Test +- public void testHandshakeWithExecutorThatExecuteDirectory() throws Exception { +- testHandshakeWithExecutor(Runnable::run, "TLSv1.2"); +- } +- +- @Test +- public void testHandshakeWithExecutorThatExecuteDirectoryTLSv13() throws Exception { +- assumeTrue(SslProvider.isTlsv13Supported(SslProvider.JDK)); +- testHandshakeWithExecutor(Runnable::run, "TLSv1.3"); +- } +- +- @Test +- public void testHandshakeWithImmediateExecutor() throws Exception { +- testHandshakeWithExecutor(ImmediateExecutor.INSTANCE, "TLSv1.2"); +- } +- +- @Test +- public void testHandshakeWithImmediateExecutorTLSv13() throws Exception { +- assumeTrue(SslProvider.isTlsv13Supported(SslProvider.JDK)); +- testHandshakeWithExecutor(ImmediateExecutor.INSTANCE, "TLSv1.3"); +- } +- +- @Test +- public void testHandshakeWithImmediateEventExecutor() throws Exception { +- testHandshakeWithExecutor(ImmediateEventExecutor.INSTANCE, "TLSv1.2"); +- } +- +- @Test +- public void testHandshakeWithImmediateEventExecutorTLSv13() throws Exception { +- assumeTrue(SslProvider.isTlsv13Supported(SslProvider.JDK)); +- testHandshakeWithExecutor(ImmediateEventExecutor.INSTANCE, "TLSv1.3"); +- } +- +- @Test +- public void testHandshakeWithExecutor() throws Exception { +- ExecutorService executorService = Executors.newCachedThreadPool(); +- try { +- testHandshakeWithExecutor(executorService, "TLSv1.2"); +- } finally { +- executorService.shutdown(); +- } +- } +- +- @Test +- public void testHandshakeWithExecutorTLSv13() throws Exception { +- assumeTrue(SslProvider.isTlsv13Supported(SslProvider.JDK)); +- ExecutorService executorService = Executors.newCachedThreadPool(); +- try { +- testHandshakeWithExecutor(executorService, "TLSv1.3"); +- } finally { +- executorService.shutdown(); +- } +- } +- +- @Test +- public void testTrustManagerVerifyJDK() throws Exception { +- testTrustManagerVerify(SslProvider.JDK, "TLSv1.2"); +- } +- +- @Test +- public void testTrustManagerVerifyTLSv13JDK() throws Exception { +- assumeTrue(SslProvider.isTlsv13Supported(SslProvider.JDK)); +- testTrustManagerVerify(SslProvider.JDK, "TLSv1.3"); +- } +- +- @Test +- public void testTrustManagerVerifyOpenSSL() throws Exception { +- testTrustManagerVerify(SslProvider.OPENSSL, "TLSv1.2"); +- } +- +- @Test +- public void testTrustManagerVerifyTLSv13OpenSSL() throws Exception { +- assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL)); +- testTrustManagerVerify(SslProvider.OPENSSL, "TLSv1.3"); +- } +- +- @Test +- public void testSslHandlerWrapAllowsBlockingCalls() throws Exception { +- final SslContext sslClientCtx = +- SslContextBuilder.forClient() +- .trustManager(InsecureTrustManagerFactory.INSTANCE) +- .sslProvider(SslProvider.JDK) +- .build(); +- final SslHandler sslHandler = sslClientCtx.newHandler(UnpooledByteBufAllocator.DEFAULT); +- final EventLoopGroup group = new NioEventLoopGroup(); +- final CountDownLatch activeLatch = new CountDownLatch(1); +- final AtomicReference error = new AtomicReference<>(); +- +- Channel sc = null; +- Channel cc = null; +- try { +- sc = new ServerBootstrap() +- .group(group) +- .channel(NioServerSocketChannel.class) +- .childHandler(new ChannelInboundHandlerAdapter()) +- .bind(new InetSocketAddress(0)) +- .syncUninterruptibly() +- .channel(); +- +- cc = new Bootstrap() +- .group(group) +- .channel(NioSocketChannel.class) +- .handler(new ChannelInitializer() { +- +- @Override +- protected void initChannel(Channel ch) { +- ch.pipeline().addLast(sslHandler); +- ch.pipeline().addLast(new ChannelInboundHandlerAdapter() { +- +- @Override +- public void channelActive(ChannelHandlerContext ctx) { +- activeLatch.countDown(); +- } +- +- @Override +- public void userEventTriggered(ChannelHandlerContext ctx, Object evt) { +- if (evt instanceof SslHandshakeCompletionEvent && +- ((SslHandshakeCompletionEvent) evt).cause() != null) { +- Throwable cause = ((SslHandshakeCompletionEvent) evt).cause(); +- cause.printStackTrace(); +- error.set(cause); +- } +- ctx.fireUserEventTriggered(evt); +- } +- }); +- } +- }) +- .connect(sc.localAddress()) +- .addListener((ChannelFutureListener) future -> +- future.channel().writeAndFlush(wrappedBuffer(new byte [] { 1, 2, 3, 4 }))) +- .syncUninterruptibly() +- .channel(); +- +- assertTrue(activeLatch.await(5, TimeUnit.SECONDS)); +- assertNull(error.get()); +- } finally { +- if (cc != null) { +- cc.close().syncUninterruptibly(); +- } +- if (sc != null) { +- sc.close().syncUninterruptibly(); +- } +- group.shutdownGracefully(); +- ReferenceCountUtil.release(sslClientCtx); +- } +- } +- +- @Test +- @Timeout(value = 5000, unit = TimeUnit.MILLISECONDS) +- public void pooledBufferAllocation() throws Exception { +- AtomicLong iterationCounter = new AtomicLong(); +- PooledByteBufAllocator allocator = PooledByteBufAllocator.DEFAULT; +- FutureTask task = new FutureTask<>(() -> { +- List buffers = new ArrayList<>(); +- long count; +- do { +- count = iterationCounter.get(); +- } while (count == 0); +- for (int i = 0; i < 13; i++) { +- int size = 8 << i; +- buffers.add(allocator.ioBuffer(size, size)); +- } +- for (ByteBuf buffer : buffers) { +- buffer.release(); +- } +- return null; +- }); +- FastThreadLocalThread thread = new FastThreadLocalThread(task); +- thread.start(); +- do { +- allocator.dumpStats(); // This will take internal pool locks and we'll race with the thread. +- iterationCounter.set(1); +- } while (thread.isAlive()); +- thread.join(); +- task.get(); +- } +- +- @Test +- @Timeout(value = 5000, unit = TimeUnit.MILLISECONDS) +- public void testUnixResolverDnsServerAddressStreamProvider_Parse() throws InterruptedException { +- doTestParseResolverFilesAllowsBlockingCalls(DnsServerAddressStreamProviders::unixDefault); +- } +- +- @Test +- @Timeout(value = 5000, unit = TimeUnit.MILLISECONDS) +- public void testHostsFileParser_Parse() throws InterruptedException { +- doTestParseResolverFilesAllowsBlockingCalls(DnsNameResolverBuilder::new); +- } +- +- @Test +- @Timeout(value = 5000, unit = TimeUnit.MILLISECONDS) +- public void testUnixResolverDnsServerAddressStreamProvider_ParseEtcResolverSearchDomainsAndOptions() +- throws InterruptedException { +- NioEventLoopGroup group = new NioEventLoopGroup(); +- try { +- DnsNameResolverBuilder builder = new DnsNameResolverBuilder(group.next()) +- .datagramChannelFactory(NioDatagramChannel::new); +- doTestParseResolverFilesAllowsBlockingCalls(builder::build); +- } finally { +- group.shutdownGracefully(); +- } +- } +- +- private static void doTestParseResolverFilesAllowsBlockingCalls(Callable callable) +- throws InterruptedException { +- SingleThreadEventExecutor executor = +- new SingleThreadEventExecutor(null, new DefaultThreadFactory("test"), true) { +- @Override +- protected void run() { +- while (!confirmShutdown()) { +- Runnable task = takeTask(); +- if (task != null) { +- task.run(); +- } +- } +- } +- }; +- try { +- CountDownLatch latch = new CountDownLatch(1); +- List result = new ArrayList<>(); +- List error = new ArrayList<>(); +- executor.execute(() -> { +- try { +- result.add(callable.call()); +- } catch (Throwable t) { +- error.add(t); +- } +- latch.countDown(); +- }); +- latch.await(); +- assertEquals(0, error.size()); +- assertEquals(1, result.size()); +- } finally { +- executor.shutdownGracefully(); +- } +- } +- +- private static void testTrustManagerVerify(SslProvider provider, String tlsVersion) throws Exception { +- final SslContext sslClientCtx = +- SslContextBuilder.forClient() +- .sslProvider(provider) +- .protocols(tlsVersion) +- .trustManager(ResourcesUtil.getFile( +- NettyBlockHoundIntegrationTest.class, "mutual_auth_ca.pem")) +- .build(); +- +- final SslContext sslServerCtx = +- SslContextBuilder.forServer(ResourcesUtil.getFile( +- NettyBlockHoundIntegrationTest.class, "localhost_server.pem"), +- ResourcesUtil.getFile( +- NettyBlockHoundIntegrationTest.class, "localhost_server.key"), +- null) +- .sslProvider(provider) +- .protocols(tlsVersion) +- .build(); +- +- final SslHandler clientSslHandler = sslClientCtx.newHandler(UnpooledByteBufAllocator.DEFAULT); +- final SslHandler serverSslHandler = sslServerCtx.newHandler(UnpooledByteBufAllocator.DEFAULT); +- +- testHandshake(sslClientCtx, clientSslHandler, serverSslHandler); +- } +- +- private static void testHandshakeWithExecutor(Executor executor, String tlsVersion) throws Exception { +- final SslContext sslClientCtx = SslContextBuilder.forClient() +- .trustManager(InsecureTrustManagerFactory.INSTANCE) +- .sslProvider(SslProvider.JDK).protocols(tlsVersion).build(); +- +- final SelfSignedCertificate cert = new SelfSignedCertificate(); +- final SslContext sslServerCtx = SslContextBuilder.forServer(cert.key(), cert.cert()) +- .sslProvider(SslProvider.JDK).protocols(tlsVersion).build(); +- +- final SslHandler clientSslHandler = sslClientCtx.newHandler(UnpooledByteBufAllocator.DEFAULT, executor); +- final SslHandler serverSslHandler = sslServerCtx.newHandler(UnpooledByteBufAllocator.DEFAULT, executor); +- +- testHandshake(sslClientCtx, clientSslHandler, serverSslHandler); +- } +- +- private static void testHandshake(SslContext sslClientCtx, SslHandler clientSslHandler, +- SslHandler serverSslHandler) throws Exception { +- EventLoopGroup group = new NioEventLoopGroup(); +- Channel sc = null; +- Channel cc = null; +- try { +- sc = new ServerBootstrap() +- .group(group) +- .channel(NioServerSocketChannel.class) +- .childHandler(serverSslHandler) +- .bind(new InetSocketAddress(0)).syncUninterruptibly().channel(); +- +- ChannelFuture future = new Bootstrap() +- .group(group) +- .channel(NioSocketChannel.class) +- .handler(new ChannelInitializer() { +- @Override +- protected void initChannel(Channel ch) { +- ch.pipeline() +- .addLast(clientSslHandler) +- .addLast(new ChannelInboundHandlerAdapter() { +- +- @Override +- public void userEventTriggered(ChannelHandlerContext ctx, Object evt) { +- if (evt instanceof SslHandshakeCompletionEvent && +- ((SslHandshakeCompletionEvent) evt).cause() != null) { +- ((SslHandshakeCompletionEvent) evt).cause().printStackTrace(); +- } +- ctx.fireUserEventTriggered(evt); +- } +- }); +- } +- }).connect(sc.localAddress()); +- cc = future.syncUninterruptibly().channel(); +- +- clientSslHandler.handshakeFuture().await().sync(); +- serverSslHandler.handshakeFuture().await().sync(); +- } finally { +- if (cc != null) { +- cc.close().syncUninterruptibly(); +- } +- if (sc != null) { +- sc.close().syncUninterruptibly(); +- } +- group.shutdownGracefully(); +- ReferenceCountUtil.release(sslClientCtx); +- } +- } +- +- private static class TestLinkedBlockingQueue extends LinkedBlockingQueue { +- +- private final ReentrantLock lock = new ReentrantLock(); +- +- @Override +- public boolean offer(T t) { +- lock.lock(); +- try { +- return super.offer(t); +- } finally { +- lock.unlock(); +- } +- } +- +- void emulateContention() { +- lock.lock(); +- } +- +- void waitUntilContented() throws InterruptedException { +- // wait until the lock gets contended +- while (lock.getQueueLength() == 0) { +- Thread.sleep(10L); +- } +- } +- +- void removeContention() { +- lock.unlock(); +- } +- } +-} +diff --git a/transport-blockhound-tests/src/test/resources/io/netty/util/internal/localhost_server.key b/transport-blockhound-tests/src/test/resources/io/netty/util/internal/localhost_server.key +deleted file mode 100644 +index 9aa6611400..0000000000 +--- a/transport-blockhound-tests/src/test/resources/io/netty/util/internal/localhost_server.key ++++ /dev/null +@@ -1,28 +0,0 @@ +------BEGIN PRIVATE KEY----- +-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDYrLtMlZzoe2BP +-iCURF3So5XNLfsOLcAVERXXjnxqX6Mex55WdJiy6uWTFKbRHWJdbWELdZxVl5+GX +-pMv3OdkKZt+19ZdSfByv6bB5RNdZOEGnKOHSY2XdnzYnF5JBaWEx0fvtvIPZOUlW +-DWgsQzJk1UQhu+XnBc7P1hHYNvwsVNOR+HD9LGebDy+UcfiL34XwAyBdHUsbcIr8 +-hltABcj6vNbqOLndpU86DxU9z9b1PDmkFVfisElhpDEhpxmTCwI22Us1GC8D81LM +-ZzMlbWSzTfNPEuqNzJYGiFt/XPwPkPPyVvti0XWPBQpwzJFFUX5xKsOGERolELRT +-0yNQYznFAgMBAAECggEAOFR/xSNITbB1k3ejm1PrwlUUqlXkZIXU+LDOO0UL1t5v +-vDKm1Not2sWECzYSZlID132UtJauG3YzUgdH95gUcv3XvyiAFLOriZhJht181vcn +-KlwYiWfJ/dn8bCFWpqbM2/TpeB8AcCLSjAqkQI2ftlMziUmeNXdvEt1mej2hRay1 +-ULfoxlC0mftNRQptD5gBFzrc47O4mVpVEQt4yS3Qyzp2/9ds9UkhaCIFpXPVCalZ +-ds7R+bDDP+wiYTkUcd8fvelaMkD3Wcy8DedGRShhILZvBYTDdWcpJ7+e5EkNlEq4 +-+Ys4Y/u6aFDJD53g3zCaJhatmdAZcct2MMmWH1vewQKBgQD3Y2S245cad1D9AqYD +-ChZGp95EfRo3EzXk4VkE50bjZXjHq9fD8T0CWEZGWQZrXJCR+vBpEURy0mrPD8se +-QQ0Q5+I27RadtfPnMd6ry9nDGMPxyd/10vzU6LazzLNE+uf9ljF1RHZu1iDAvInR +-r1cQGbn/wKBF6BurPPIXABZEuQKBgQDgN6JHbIfDzHKhwEoUTvRrYJsTXqplD+h0 +-Whg+kSQyhtKdlpINFOoEj8FUNJvTjG8les1aoajyWIqikVdvHto/mrxrSIeRkEmt +-X+KG+5ld2n466tzv1DmVcIGXSrBrH3lA0i6R8Ly26FLSqw0Z12fx5GUUa1qaVRqo +-rwcrIZovbQKBgHa2mojs9AC+Sv3uvG1u9LuZKJ7jDaZqMI2R2d7xgOH0Op5Ohy6+ +-39D1PVvasqroc3Op4J36rEcRVDHi2Uy+WJ/JNpO2+AhcXRuPodP88ZWel8C6aB+V +-zL/6oFntnAU5BgR5g2hLny2W0YbLsrMNmhDe15O0AvUo6cYla+K/pu/5AoGACr/g +-EdiMMcDthf+4DX0zjqpVBPq25J18oYdoPierOpjoJBIB8oqcJZfWxvi2t8+1zHA0 +-xDGX7fZ8vwqEzJkIEaCTg/k4NqxaO+uq6pnJYoyFHMIB0aW1FQsNy3kTOC+MGqV5 +-Ahoukf5VajA1MpX3L8upZO84qsmFu6yYhWLZB4kCgYBlgSD5G4q6rX4ELa3XG61h +-fDtu75IYEsjWm4vgJzHjeYT2xPIm9OFFYXjPghto0f1oH37ODD3DoXmsnmddgpmn +-tH7aRWWHsSpB5zVgftV4urNCIsm87LWw8mvUGgCwYV1CtCX8warKokfeoA2ltz4u +-oeuUzo98hN+aKRU5RO6Bmg== +------END PRIVATE KEY----- +diff --git a/transport-blockhound-tests/src/test/resources/io/netty/util/internal/localhost_server.pem b/transport-blockhound-tests/src/test/resources/io/netty/util/internal/localhost_server.pem +deleted file mode 100644 +index 70759b29e5..0000000000 +--- a/transport-blockhound-tests/src/test/resources/io/netty/util/internal/localhost_server.pem ++++ /dev/null +@@ -1,17 +0,0 @@ +------BEGIN CERTIFICATE----- +-MIICozCCAYsCAnS/MA0GCSqGSIb3DQEBDQUAMBgxFjAUBgNVBAMTDU5ldHR5VGVz +-dFJvb3QwIBcNMTcwMjE3MDMzMzQ0WhgPMjExNzAxMjQwMzMzNDRaMBQxEjAQBgNV +-BAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANis +-u0yVnOh7YE+IJREXdKjlc0t+w4twBURFdeOfGpfox7HnlZ0mLLq5ZMUptEdYl1tY +-Qt1nFWXn4Zeky/c52Qpm37X1l1J8HK/psHlE11k4Qaco4dJjZd2fNicXkkFpYTHR +-++28g9k5SVYNaCxDMmTVRCG75ecFzs/WEdg2/CxU05H4cP0sZ5sPL5Rx+IvfhfAD +-IF0dSxtwivyGW0AFyPq81uo4ud2lTzoPFT3P1vU8OaQVV+KwSWGkMSGnGZMLAjbZ +-SzUYLwPzUsxnMyVtZLNN808S6o3MlgaIW39c/A+Q8/JW+2LRdY8FCnDMkUVRfnEq +-w4YRGiUQtFPTI1BjOcUCAwEAATANBgkqhkiG9w0BAQ0FAAOCAQEAQNXnwE2MJFy5 +-ti07xyi8h/mY0Kl1dwZUqx4F9D9eoxLCq2/p3h/Z18AlOmjdW06pvC2sGtQtyEqL +-YjuQFbMjXRo9c+6+d+xwdDKTu7+XOTHvznJ8xJpKnFOlohGq/n3efBIJSsaeasTU +-slFzmdKYABDZzbsQ4X6YCIOF4XVdEQqmXpS+uEbn5C2sVtG+LXI8srmkVGpCcRew +-SuTGanwxLparhBBeN1ARjKzNxXUWuK2UKZ9p8c7n7TXGhd12ZNTcLhk4rCnOFq1J +-ySFvP5YL2q29fpEt+Tq0zm3V7An2qtaNDp26cEdevtKPjRyOLkCJx8OlZxc9DZvJ +-HjalFDoRUw== +------END CERTIFICATE----- +diff --git a/transport-blockhound-tests/src/test/resources/io/netty/util/internal/mutual_auth_ca.pem b/transport-blockhound-tests/src/test/resources/io/netty/util/internal/mutual_auth_ca.pem +deleted file mode 100644 +index 9c9241bc65..0000000000 +--- a/transport-blockhound-tests/src/test/resources/io/netty/util/internal/mutual_auth_ca.pem ++++ /dev/null +@@ -1,19 +0,0 @@ +------BEGIN CERTIFICATE----- +-MIIDLDCCAhSgAwIBAgIJAO1m5pioZhLLMA0GCSqGSIb3DQEBDQUAMBgxFjAUBgNV +-BAMTDU5ldHR5VGVzdFJvb3QwHhcNMTcwMjE3MDMzMzQ0WhcNMTcwMzE5MDMzMzQ0 +-WjAYMRYwFAYDVQQDEw1OZXR0eVRlc3RSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC +-AQ8AMIIBCgKCAQEAnC7Y/p/TSWI1KxBKETfFKaRWCPEkoYn5G973WbCF0VDT90PX +-xK6yHvhqNdDQZPmddgfDAQfjekHeeIFkjCKlvQu0js0G4Bubz4NffNumd/Mgsix8 +-SWJ13lPk+Ly4PDv0bK1zB6BxP1qQm1qxVwsPy9zNP8ylJrM0Div4TXHmnWOfc0JD +-4/XPpfeUHH1tt/GMtsS2Gx6EpTVPD2w7LDKUza1/rQ7d9sqmFpgsNcI9Db/sAtFP +-lK2iJku5WIXQkmHimn4bqZ9wkiXJ85pm5ggGQqGMPSbe+2Lh24AvZMIBiwPbkjEU +-EDFXEJfKOC3Dl71JgWOthtHZ9vcCRDQ3Sky6AQIDAQABo3kwdzAdBgNVHQ4EFgQU +-qT+cH8qrebiVPpKCBQDB6At2iOAwSAYDVR0jBEEwP4AUqT+cH8qrebiVPpKCBQDB +-6At2iOChHKQaMBgxFjAUBgNVBAMTDU5ldHR5VGVzdFJvb3SCCQDtZuaYqGYSyzAM +-BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQCEemXTIew4pR2cHEFpVsW2 +-bLHXLAnC23wBMT46D3tqyxscukMYjFuWosCdEsgRW8d50BXy9o4dHWeg94+aDo3A +-DX4OTRN/veQGIG7dgM6poDzFuVJlSN0ubKKg6gpDD60IhopZpMviFAOsmzr7OXwS +-9hjbTqUWujMIEHQ95sPlQFdSaavYSFfqhSltWmVCPSbArxrw0lZ2QcnUqGN47EFp +-whc5wFB+rSw/ojU1jBLMvgvgzf/8V8zr1IBTDSiHNlknGqGpOOaookzUh95YRiAT +-hH82y9bBeflqroOeztqMpONpWoZjlz0sWbJNvXztXINL7LaNmVYOcoUrCcxPS54T +------END CERTIFICATE----- +-- +2.51.0 + diff --git a/0002-Remove-optional-dep-conscrypt.patch b/0002-Remove-optional-dep-conscrypt.patch new file mode 100644 index 0000000..7571807 --- /dev/null +++ b/0002-Remove-optional-dep-conscrypt.patch @@ -0,0 +1,459 @@ +From cfbe0ed5d7f2d0571b70213f07f3a414aff674e0 Mon Sep 17 00:00:00 2001 +From: Mat Booth +Date: Mon, 7 Sep 2020 13:24:30 +0100 +Subject: [PATCH 2/4] Remove optional dep conscrypt + +--- + handler/pom.xml | 6 - + .../java/io/netty/handler/ssl/Conscrypt.java | 75 ------- + .../handler/ssl/ConscryptAlpnSslEngine.java | 212 ------------------ + .../JdkAlpnApplicationProtocolNegotiator.java | 8 +- + .../java/io/netty/handler/ssl/SslHandler.java | 52 +---- + pom.xml | 10 - + 6 files changed, 2 insertions(+), 361 deletions(-) + delete mode 100644 handler/src/main/java/io/netty/handler/ssl/Conscrypt.java + delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java + +diff --git a/handler/pom.xml b/handler/pom.xml +index 3d6bf34da7..4f1f05513d 100644 +--- a/handler/pom.xml ++++ b/handler/pom.xml +@@ -96,12 +96,6 @@ + alpn-api + true + +- +- ${conscrypt.groupId} +- ${conscrypt.artifactId} +- ${conscrypt.classifier} +- true +- + + org.mockito + mockito-core +diff --git a/handler/src/main/java/io/netty/handler/ssl/Conscrypt.java b/handler/src/main/java/io/netty/handler/ssl/Conscrypt.java +deleted file mode 100644 +index c5af3fd39a..0000000000 +--- a/handler/src/main/java/io/netty/handler/ssl/Conscrypt.java ++++ /dev/null +@@ -1,75 +0,0 @@ +-/* +- * Copyright 2017 The Netty Project +- * +- * The Netty Project licenses this file to you under the Apache License, +- * version 2.0 (the "License"); you may not use this file except in compliance +- * with the License. You may obtain a copy of the License at: +- * +- * https://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +- * License for the specific language governing permissions and limitations +- * under the License. +- */ +-package io.netty.handler.ssl; +- +-import io.netty.util.internal.PlatformDependent; +- +-import javax.net.ssl.SSLEngine; +-import java.lang.reflect.InvocationTargetException; +-import java.lang.reflect.Method; +- +-/** +- * Contains methods that can be used to detect if conscrypt is usable. +- */ +-final class Conscrypt { +- // This class exists to avoid loading other conscrypt related classes using features only available in JDK8+, +- // because we need to maintain JDK6+ runtime compatibility. +- private static final Method IS_CONSCRYPT_SSLENGINE; +- +- static { +- Method isConscryptSSLEngine = null; +- +- if ((PlatformDependent.javaVersion() >= 8 && +- // Only works on Java14 and earlier for now +- // See https://github.com/google/conscrypt/issues/838 +- PlatformDependent.javaVersion() < 15) || PlatformDependent.isAndroid()) { +- try { +- Class providerClass = Class.forName("org.conscrypt.OpenSSLProvider", true, +- PlatformDependent.getClassLoader(ConscryptAlpnSslEngine.class)); +- providerClass.newInstance(); +- +- Class conscryptClass = Class.forName("org.conscrypt.Conscrypt", true, +- PlatformDependent.getClassLoader(ConscryptAlpnSslEngine.class)); +- isConscryptSSLEngine = conscryptClass.getMethod("isConscrypt", SSLEngine.class); +- } catch (Throwable ignore) { +- // ignore +- } +- } +- IS_CONSCRYPT_SSLENGINE = isConscryptSSLEngine; +- } +- +- /** +- * Indicates whether or not conscrypt is available on the current system. +- */ +- static boolean isAvailable() { +- return IS_CONSCRYPT_SSLENGINE != null; +- } +- +- /** +- * Returns {@code true} if the passed in {@link SSLEngine} is handled by Conscrypt, {@code false} otherwise. +- */ +- static boolean isEngineSupported(SSLEngine engine) { +- try { +- return IS_CONSCRYPT_SSLENGINE != null && (Boolean) IS_CONSCRYPT_SSLENGINE.invoke(null, engine); +- } catch (IllegalAccessException ignore) { +- return false; +- } catch (InvocationTargetException ex) { +- throw new RuntimeException(ex); +- } +- } +- +- private Conscrypt() { } +-} +diff --git a/handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java +deleted file mode 100644 +index 917ebaea79..0000000000 +--- a/handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java ++++ /dev/null +@@ -1,212 +0,0 @@ +-/* +- * Copyright 2017 The Netty Project +- * +- * The Netty Project licenses this file to you under the Apache License, +- * version 2.0 (the "License"); you may not use this file except in compliance +- * with the License. You may obtain a copy of the License at: +- * +- * https://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +- * License for the specific language governing permissions and limitations +- * under the License. +- */ +-package io.netty.handler.ssl; +- +-import static io.netty.handler.ssl.SslUtils.toSSLHandshakeException; +-import static io.netty.util.internal.ObjectUtil.checkNotNull; +-import static java.lang.Math.min; +- +-import io.netty.buffer.ByteBuf; +-import io.netty.buffer.ByteBufAllocator; +-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener; +-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector; +-import java.nio.ByteBuffer; +-import java.util.Collections; +-import java.util.LinkedHashSet; +-import java.util.List; +-import javax.net.ssl.SSLEngine; +-import javax.net.ssl.SSLEngineResult; +-import javax.net.ssl.SSLException; +- +-import io.netty.util.internal.EmptyArrays; +-import io.netty.util.internal.SystemPropertyUtil; +-import org.conscrypt.AllocatedBuffer; +-import org.conscrypt.BufferAllocator; +-import org.conscrypt.Conscrypt; +-import org.conscrypt.HandshakeListener; +- +-/** +- * A {@link JdkSslEngine} that uses the Conscrypt provider or SSL with ALPN. +- */ +-abstract class ConscryptAlpnSslEngine extends JdkSslEngine { +- private static final boolean USE_BUFFER_ALLOCATOR = SystemPropertyUtil.getBoolean( +- "io.netty.handler.ssl.conscrypt.useBufferAllocator", true); +- +- static ConscryptAlpnSslEngine newClientEngine(SSLEngine engine, ByteBufAllocator alloc, +- JdkApplicationProtocolNegotiator applicationNegotiator) { +- return new ClientEngine(engine, alloc, applicationNegotiator); +- } +- +- static ConscryptAlpnSslEngine newServerEngine(SSLEngine engine, ByteBufAllocator alloc, +- JdkApplicationProtocolNegotiator applicationNegotiator) { +- return new ServerEngine(engine, alloc, applicationNegotiator); +- } +- +- private ConscryptAlpnSslEngine(SSLEngine engine, ByteBufAllocator alloc, List protocols) { +- super(engine); +- +- // Configure the Conscrypt engine to use Netty's buffer allocator. This is a trade-off of memory vs +- // performance. +- // +- // If no allocator is provided, the engine will internally allocate a direct buffer of max packet size in +- // order to optimize JNI calls (this happens the first time it is provided a non-direct buffer from the +- // application). +- // +- // Alternatively, if an allocator is provided, no internal buffer will be created and direct buffers will be +- // retrieved from the allocator on-demand. +- if (USE_BUFFER_ALLOCATOR) { +- Conscrypt.setBufferAllocator(engine, new BufferAllocatorAdapter(alloc)); +- } +- +- // Set the list of supported ALPN protocols on the engine. +- Conscrypt.setApplicationProtocols(engine, protocols.toArray(EmptyArrays.EMPTY_STRINGS)); +- } +- +- /** +- * Calculates the maximum size of the encrypted output buffer required to wrap the given plaintext bytes. Assumes +- * as a worst case that there is one TLS record per buffer. +- * +- * @param plaintextBytes the number of plaintext bytes to be wrapped. +- * @param numBuffers the number of buffers that the plaintext bytes are spread across. +- * @return the maximum size of the encrypted output buffer required for the wrap operation. +- */ +- final int calculateOutNetBufSize(int plaintextBytes, int numBuffers) { +- // Assuming a max of one frame per component in a composite buffer. +- return calculateSpace(plaintextBytes, numBuffers, Integer.MAX_VALUE); +- } +- +- /** +- * Calculate the space necessary in an out buffer to hold the max size that the given +- * plaintextBytes and numBuffers can produce when encrypted. Assumes as a worst case +- * that there is one TLS record per buffer. +- * @param plaintextBytes the number of plaintext bytes to be wrapped. +- * @param numBuffers the number of buffers that the plaintext bytes are spread across. +- * @return the maximum size of the encrypted output buffer required for the wrap operation. +- */ +- final int calculateRequiredOutBufSpace(int plaintextBytes, int numBuffers) { +- return calculateSpace(plaintextBytes, numBuffers, Conscrypt.maxEncryptedPacketLength()); +- } +- +- private int calculateSpace(int plaintextBytes, int numBuffers, long maxPacketLength) { +- long maxOverhead = (long) Conscrypt.maxSealOverhead(getWrappedEngine()) * numBuffers; +- return (int) min(maxPacketLength, plaintextBytes + maxOverhead); +- } +- +- final SSLEngineResult unwrap(ByteBuffer[] srcs, ByteBuffer[] dests) throws SSLException { +- return Conscrypt.unwrap(getWrappedEngine(), srcs, dests); +- } +- +- private static final class ClientEngine extends ConscryptAlpnSslEngine { +- private final ProtocolSelectionListener protocolListener; +- +- ClientEngine(SSLEngine engine, ByteBufAllocator alloc, +- JdkApplicationProtocolNegotiator applicationNegotiator) { +- super(engine, alloc, applicationNegotiator.protocols()); +- // Register for completion of the handshake. +- Conscrypt.setHandshakeListener(engine, new HandshakeListener() { +- @Override +- public void onHandshakeFinished() throws SSLException { +- selectProtocol(); +- } +- }); +- +- protocolListener = checkNotNull(applicationNegotiator +- .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()), +- "protocolListener"); +- } +- +- private void selectProtocol() throws SSLException { +- String protocol = Conscrypt.getApplicationProtocol(getWrappedEngine()); +- try { +- protocolListener.selected(protocol); +- } catch (Throwable e) { +- throw toSSLHandshakeException(e); +- } +- } +- } +- +- private static final class ServerEngine extends ConscryptAlpnSslEngine { +- private final ProtocolSelector protocolSelector; +- +- ServerEngine(SSLEngine engine, ByteBufAllocator alloc, +- JdkApplicationProtocolNegotiator applicationNegotiator) { +- super(engine, alloc, applicationNegotiator.protocols()); +- +- // Register for completion of the handshake. +- Conscrypt.setHandshakeListener(engine, new HandshakeListener() { +- @Override +- public void onHandshakeFinished() throws SSLException { +- selectProtocol(); +- } +- }); +- +- protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory() +- .newSelector(this, +- new LinkedHashSet(applicationNegotiator.protocols())), +- "protocolSelector"); +- } +- +- private void selectProtocol() throws SSLException { +- try { +- String protocol = Conscrypt.getApplicationProtocol(getWrappedEngine()); +- protocolSelector.select(protocol != null ? Collections.singletonList(protocol) +- : Collections.emptyList()); +- } catch (Throwable e) { +- throw toSSLHandshakeException(e); +- } +- } +- } +- +- private static final class BufferAllocatorAdapter extends BufferAllocator { +- private final ByteBufAllocator alloc; +- +- BufferAllocatorAdapter(ByteBufAllocator alloc) { +- this.alloc = alloc; +- } +- +- @Override +- public AllocatedBuffer allocateDirectBuffer(int capacity) { +- return new BufferAdapter(alloc.directBuffer(capacity)); +- } +- } +- +- private static final class BufferAdapter extends AllocatedBuffer { +- private final ByteBuf nettyBuffer; +- private final ByteBuffer buffer; +- +- BufferAdapter(ByteBuf nettyBuffer) { +- this.nettyBuffer = nettyBuffer; +- buffer = nettyBuffer.nioBuffer(0, nettyBuffer.capacity()); +- } +- +- @Override +- public ByteBuffer nioBuffer() { +- return buffer; +- } +- +- @Override +- public AllocatedBuffer retain() { +- nettyBuffer.retain(); +- return this; +- } +- +- @Override +- public AllocatedBuffer release() { +- nettyBuffer.release(); +- return this; +- } +- } +-} +diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java +index dc3533e95d..92b0bc8b56 100644 +--- a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java ++++ b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java +@@ -27,8 +27,7 @@ import javax.net.ssl.SSLEngine; + */ + @Deprecated + public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator { +- private static final boolean AVAILABLE = Conscrypt.isAvailable() || +- JdkAlpnSslUtils.supportsAlpn() || ++ private static final boolean AVAILABLE = JdkAlpnSslUtils.supportsAlpn() || + JettyAlpnSslEngine.isAvailable() || + BouncyCastleUtil.isBcTlsAvailable(); + +@@ -121,7 +120,6 @@ public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicati + public SSLEngine wrapSslEngine(SSLEngine engine, ByteBufAllocator alloc, + JdkApplicationProtocolNegotiator applicationNegotiator, boolean isServer) { + throw new RuntimeException("ALPN unsupported. Is your classpath configured correctly?" +- + " For Conscrypt, add the appropriate Conscrypt JAR to classpath and set the security provider." + + " For Jetty-ALPN, see " + + "https://www.eclipse.org/jetty/documentation/current/alpn-chapter.html#alpn-starting"); + } +@@ -131,10 +129,6 @@ public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicati + @Override + public SSLEngine wrapSslEngine(SSLEngine engine, ByteBufAllocator alloc, + JdkApplicationProtocolNegotiator applicationNegotiator, boolean isServer) { +- if (Conscrypt.isEngineSupported(engine)) { +- return isServer ? ConscryptAlpnSslEngine.newServerEngine(engine, alloc, applicationNegotiator) +- : ConscryptAlpnSslEngine.newClientEngine(engine, alloc, applicationNegotiator); +- } + if (BouncyCastleUtil.isBcJsseInUse(engine)) { + return new BouncyCastleAlpnSslEngine(engine, applicationNegotiator, isServer); + } +diff --git a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java +index f80b3004a8..6159b87ca2 100644 +--- a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java ++++ b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java +@@ -250,55 +250,6 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH + return ((ReferenceCountedOpenSslEngine) engine).jdkCompatibilityMode; + } + }, +- CONSCRYPT(true, COMPOSITE_CUMULATOR) { +- @Override +- SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int len, ByteBuf out) throws SSLException { +- int nioBufferCount = in.nioBufferCount(); +- int writerIndex = out.writerIndex(); +- final SSLEngineResult result; +- if (nioBufferCount > 1) { +- /* +- * Use a special unwrap method without additional memory copies. +- */ +- try { +- handler.singleBuffer[0] = toByteBuffer(out, writerIndex, out.writableBytes()); +- result = ((ConscryptAlpnSslEngine) handler.engine).unwrap( +- in.nioBuffers(in.readerIndex(), len), +- handler.singleBuffer); +- } finally { +- handler.singleBuffer[0] = null; +- } +- } else { +- result = handler.engine.unwrap(toByteBuffer(in, in.readerIndex(), len), +- toByteBuffer(out, writerIndex, out.writableBytes())); +- } +- out.writerIndex(writerIndex + result.bytesProduced()); +- return result; +- } +- +- @Override +- ByteBuf allocateWrapBuffer(SslHandler handler, ByteBufAllocator allocator, +- int pendingBytes, int numComponents) { +- return allocator.directBuffer( +- ((ConscryptAlpnSslEngine) handler.engine).calculateOutNetBufSize(pendingBytes, numComponents)); +- } +- +- @Override +- int calculateRequiredOutBufSpace(SslHandler handler, int pendingBytes, int numComponents) { +- return ((ConscryptAlpnSslEngine) handler.engine) +- .calculateRequiredOutBufSpace(pendingBytes, numComponents); +- } +- +- @Override +- int calculatePendingData(SslHandler handler, int guess) { +- return guess; +- } +- +- @Override +- boolean jdkCompatibilityMode(SSLEngine engine) { +- return true; +- } +- }, + JDK(false, MERGE_CUMULATOR) { + @Override + SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int len, ByteBuf out) throws SSLException { +@@ -357,8 +308,7 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH + }; + + static SslEngineType forEngine(SSLEngine engine) { +- return engine instanceof ReferenceCountedOpenSslEngine ? TCNATIVE : +- engine instanceof ConscryptAlpnSslEngine ? CONSCRYPT : JDK; ++ return engine instanceof ReferenceCountedOpenSslEngine ? TCNATIVE : JDK; + } + + SslEngineType(boolean wantsDirectBuffer, Cumulator cumulator) { +diff --git a/pom.xml b/pom.xml +index 5c5b5f8ef4..170736db51 100644 +--- a/pom.xml ++++ b/pom.xml +@@ -918,16 +918,6 @@ + true + + +- +- +- ${conscrypt.groupId} +- ${conscrypt.artifactId} +- ${conscrypt.classifier} +- ${conscrypt.version} +- compile +- true +- +- + + + software.amazon.cryptools +-- +2.51.0 + diff --git a/0003-Remove-optional-deps-jetty-alpn-and-npn.patch b/0003-Remove-optional-deps-jetty-alpn-and-npn.patch new file mode 100644 index 0000000..5b04e7a --- /dev/null +++ b/0003-Remove-optional-deps-jetty-alpn-and-npn.patch @@ -0,0 +1,403 @@ +From 6be7812aeb2313bbf0fba49f353d9941de26b897 Mon Sep 17 00:00:00 2001 +From: Mat Booth +Date: Mon, 7 Sep 2020 13:26:20 +0100 +Subject: [PATCH 3/4] Remove optional deps jetty alpn and npn + +--- + handler/pom.xml | 10 -- + .../JdkAlpnApplicationProtocolNegotiator.java | 5 - + .../JdkNpnApplicationProtocolNegotiator.java | 10 +- + .../netty/handler/ssl/JettyAlpnSslEngine.java | 157 ------------------ + .../netty/handler/ssl/JettyNpnSslEngine.java | 122 -------------- + pom.xml | 14 -- + 6 files changed, 2 insertions(+), 316 deletions(-) + delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JettyAlpnSslEngine.java + delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java + +diff --git a/handler/pom.xml b/handler/pom.xml +index 4f1f05513d..2a1556277c 100644 +--- a/handler/pom.xml ++++ b/handler/pom.xml +@@ -86,16 +86,6 @@ + bctls-jdk15on + true + +- +- org.eclipse.jetty.npn +- npn-api +- true +- +- +- org.eclipse.jetty.alpn +- alpn-api +- true +- + + org.mockito + mockito-core +diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java +index 92b0bc8b56..f0db866388 100644 +--- a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java ++++ b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java +@@ -28,7 +28,6 @@ import javax.net.ssl.SSLEngine; + @Deprecated + public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator { + private static final boolean AVAILABLE = JdkAlpnSslUtils.supportsAlpn() || +- JettyAlpnSslEngine.isAvailable() || + BouncyCastleUtil.isBcTlsAvailable(); + + private static final SslEngineWrapperFactory ALPN_WRAPPER = AVAILABLE ? new AlpnWrapper() : new FailureWrapper(); +@@ -139,10 +138,6 @@ public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicati + if (JdkAlpnSslUtils.supportsAlpn()) { + return new JdkAlpnSslEngine(engine, applicationNegotiator, isServer); + } +- if (JettyAlpnSslEngine.isAvailable()) { +- return isServer ? JettyAlpnSslEngine.newServerEngine(engine, applicationNegotiator) +- : JettyAlpnSslEngine.newClientEngine(engine, applicationNegotiator); +- } + throw new UnsupportedOperationException("ALPN not supported. Unable to wrap SSLEngine of type '" + + engine.getClass().getName() + "')"); + } +diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java +index cbaeb0c462..569c3011c1 100644 +--- a/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java ++++ b/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java +@@ -25,17 +25,11 @@ import javax.net.ssl.SSLEngine; + @Deprecated + public final class JdkNpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator { + private static final SslEngineWrapperFactory NPN_WRAPPER = new SslEngineWrapperFactory() { +- { +- if (!JettyNpnSslEngine.isAvailable()) { +- throw new RuntimeException("NPN unsupported. Is your classpath configured correctly?" +- + " See https://wiki.eclipse.org/Jetty/Feature/NPN"); +- } +- } +- + @Override + public SSLEngine wrapSslEngine(SSLEngine engine, + JdkApplicationProtocolNegotiator applicationNegotiator, boolean isServer) { +- return new JettyNpnSslEngine(engine, applicationNegotiator, isServer); ++ throw new UnsupportedOperationException("NPN not supported. Unable to wrap SSLEngine of type '" ++ + engine.getClass().getName() + "')"); + } + }; + +diff --git a/handler/src/main/java/io/netty/handler/ssl/JettyAlpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/JettyAlpnSslEngine.java +deleted file mode 100644 +index c8f03f9963..0000000000 +--- a/handler/src/main/java/io/netty/handler/ssl/JettyAlpnSslEngine.java ++++ /dev/null +@@ -1,157 +0,0 @@ +-/* +- * Copyright 2014 The Netty Project +- * +- * The Netty Project licenses this file to you under the Apache License, +- * version 2.0 (the "License"); you may not use this file except in compliance +- * with the License. You may obtain a copy of the License at: +- * +- * https://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +- * License for the specific language governing permissions and limitations +- * under the License. +- */ +-package io.netty.handler.ssl; +- +-import static io.netty.handler.ssl.SslUtils.toSSLHandshakeException; +-import static io.netty.util.internal.ObjectUtil.checkNotNull; +- +-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener; +-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector; +- +-import java.util.LinkedHashSet; +-import java.util.List; +- +-import javax.net.ssl.SSLEngine; +-import javax.net.ssl.SSLException; +- +-import io.netty.util.internal.PlatformDependent; +-import org.eclipse.jetty.alpn.ALPN; +- +-abstract class JettyAlpnSslEngine extends JdkSslEngine { +- private static final boolean available = initAvailable(); +- +- static boolean isAvailable() { +- return available; +- } +- +- private static boolean initAvailable() { +- if (PlatformDependent.javaVersion() <= 8) { +- try { +- // Always use bootstrap class loader. +- Class.forName("sun.security.ssl.ALPNExtension", true, null); +- return true; +- } catch (Throwable ignore) { +- // alpn-boot was not loaded. +- } +- } +- return false; +- } +- +- static JettyAlpnSslEngine newClientEngine(SSLEngine engine, +- JdkApplicationProtocolNegotiator applicationNegotiator) { +- return new ClientEngine(engine, applicationNegotiator); +- } +- +- static JettyAlpnSslEngine newServerEngine(SSLEngine engine, +- JdkApplicationProtocolNegotiator applicationNegotiator) { +- return new ServerEngine(engine, applicationNegotiator); +- } +- +- private JettyAlpnSslEngine(SSLEngine engine) { +- super(engine); +- } +- +- private static final class ClientEngine extends JettyAlpnSslEngine { +- ClientEngine(SSLEngine engine, final JdkApplicationProtocolNegotiator applicationNegotiator) { +- super(engine); +- checkNotNull(applicationNegotiator, "applicationNegotiator"); +- final ProtocolSelectionListener protocolListener = checkNotNull(applicationNegotiator +- .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()), +- "protocolListener"); +- ALPN.put(engine, new ALPN.ClientProvider() { +- @Override +- public List protocols() { +- return applicationNegotiator.protocols(); +- } +- +- @Override +- public void selected(String protocol) throws SSLException { +- try { +- protocolListener.selected(protocol); +- } catch (Throwable t) { +- throw toSSLHandshakeException(t); +- } +- } +- +- @Override +- public void unsupported() { +- protocolListener.unsupported(); +- } +- }); +- } +- +- @Override +- public void closeInbound() throws SSLException { +- try { +- ALPN.remove(getWrappedEngine()); +- } finally { +- super.closeInbound(); +- } +- } +- +- @Override +- public void closeOutbound() { +- try { +- ALPN.remove(getWrappedEngine()); +- } finally { +- super.closeOutbound(); +- } +- } +- } +- +- private static final class ServerEngine extends JettyAlpnSslEngine { +- ServerEngine(SSLEngine engine, final JdkApplicationProtocolNegotiator applicationNegotiator) { +- super(engine); +- checkNotNull(applicationNegotiator, "applicationNegotiator"); +- final ProtocolSelector protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory() +- .newSelector(this, new LinkedHashSet(applicationNegotiator.protocols())), +- "protocolSelector"); +- ALPN.put(engine, new ALPN.ServerProvider() { +- @Override +- public String select(List protocols) throws SSLException { +- try { +- return protocolSelector.select(protocols); +- } catch (Throwable t) { +- throw toSSLHandshakeException(t); +- } +- } +- +- @Override +- public void unsupported() { +- protocolSelector.unsupported(); +- } +- }); +- } +- +- @Override +- public void closeInbound() throws SSLException { +- try { +- ALPN.remove(getWrappedEngine()); +- } finally { +- super.closeInbound(); +- } +- } +- +- @Override +- public void closeOutbound() { +- try { +- ALPN.remove(getWrappedEngine()); +- } finally { +- super.closeOutbound(); +- } +- } +- } +-} +diff --git a/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java +deleted file mode 100644 +index aad00b5f6d..0000000000 +--- a/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java ++++ /dev/null +@@ -1,122 +0,0 @@ +-/* +- * Copyright 2014 The Netty Project +- * +- * The Netty Project licenses this file to you under the Apache License, +- * version 2.0 (the "License"); you may not use this file except in compliance +- * with the License. You may obtain a copy of the License at: +- * +- * https://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +- * License for the specific language governing permissions and limitations +- * under the License. +- */ +- +-package io.netty.handler.ssl; +- +-import static io.netty.util.internal.ObjectUtil.checkNotNull; +-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener; +-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector; +-import io.netty.util.internal.PlatformDependent; +- +-import java.util.LinkedHashSet; +-import java.util.List; +- +-import javax.net.ssl.SSLEngine; +-import javax.net.ssl.SSLException; +- +-import org.eclipse.jetty.npn.NextProtoNego; +-import org.eclipse.jetty.npn.NextProtoNego.ClientProvider; +-import org.eclipse.jetty.npn.NextProtoNego.ServerProvider; +- +-final class JettyNpnSslEngine extends JdkSslEngine { +- private static boolean available; +- +- static boolean isAvailable() { +- updateAvailability(); +- return available; +- } +- +- private static void updateAvailability() { +- if (available) { +- return; +- } +- try { +- // Always use bootstrap class loader. +- Class.forName("sun.security.ssl.NextProtoNegoExtension", true, null); +- available = true; +- } catch (Exception ignore) { +- // npn-boot was not loaded. +- } +- } +- +- JettyNpnSslEngine(SSLEngine engine, final JdkApplicationProtocolNegotiator applicationNegotiator, boolean server) { +- super(engine); +- checkNotNull(applicationNegotiator, "applicationNegotiator"); +- +- if (server) { +- final ProtocolSelectionListener protocolListener = checkNotNull(applicationNegotiator +- .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()), +- "protocolListener"); +- NextProtoNego.put(engine, new ServerProvider() { +- @Override +- public void unsupported() { +- protocolListener.unsupported(); +- } +- +- @Override +- public List protocols() { +- return applicationNegotiator.protocols(); +- } +- +- @Override +- public void protocolSelected(String protocol) { +- try { +- protocolListener.selected(protocol); +- } catch (Throwable t) { +- PlatformDependent.throwException(t); +- } +- } +- }); +- } else { +- final ProtocolSelector protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory() +- .newSelector(this, new LinkedHashSet(applicationNegotiator.protocols())), +- "protocolSelector"); +- NextProtoNego.put(engine, new ClientProvider() { +- @Override +- public boolean supports() { +- return true; +- } +- +- @Override +- public void unsupported() { +- protocolSelector.unsupported(); +- } +- +- @Override +- public String selectProtocol(List protocols) { +- try { +- return protocolSelector.select(protocols); +- } catch (Throwable t) { +- PlatformDependent.throwException(t); +- return null; +- } +- } +- }); +- } +- } +- +- @Override +- public void closeInbound() throws SSLException { +- NextProtoNego.remove(getWrappedEngine()); +- super.closeInbound(); +- } +- +- @Override +- public void closeOutbound() { +- NextProtoNego.remove(getWrappedEngine()); +- super.closeOutbound(); +- } +-} +diff --git a/pom.xml b/pom.xml +index 170736db51..9add346f6b 100644 +--- a/pom.xml ++++ b/pom.xml +@@ -875,20 +875,6 @@ + true + + +- +- +- org.eclipse.jetty.npn +- npn-api +- 1.1.1.v20141010 +- provided +- +- +- org.eclipse.jetty.alpn +- alpn-api +- 1.1.2.v20150522 +- provided +- +- + + + com.google.protobuf +-- +2.51.0 + diff --git a/0004-Disable-Brotli-and-ZStd-compression.patch b/0004-Disable-Brotli-and-ZStd-compression.patch new file mode 100644 index 0000000..54148d8 --- /dev/null +++ b/0004-Disable-Brotli-and-ZStd-compression.patch @@ -0,0 +1,513 @@ +From 8445a1513bc95a49a5ab9e89084cd3bf3ca0dd40 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fridrich=20=C5=A0trba?= +Date: Thu, 30 Mar 2023 13:19:04 +0200 +Subject: [PATCH 4/4] Disable Brotli and ZStd compression + +--- + .../codec/http/HttpContentCompressor.java | 107 +----------------- + .../codec/http/HttpContentDecompressor.java | 22 ---- + .../CompressorHttp2ConnectionEncoder.java | 42 +------ + .../DelegatingDecompressorFrameListener.java | 20 ---- + .../StandardCompressionOptions.java | 70 +----------- + 5 files changed, 5 insertions(+), 256 deletions(-) + +diff --git a/codec-http/src/main/java/io/netty/handler/codec/http/HttpContentCompressor.java b/codec-http/src/main/java/io/netty/handler/codec/http/HttpContentCompressor.java +index 17f55d3ed5..27da52dd9a 100644 +--- a/codec-http/src/main/java/io/netty/handler/codec/http/HttpContentCompressor.java ++++ b/codec-http/src/main/java/io/netty/handler/codec/http/HttpContentCompressor.java +@@ -24,9 +24,6 @@ import io.netty.buffer.ByteBuf; + import io.netty.channel.ChannelHandlerContext; + import io.netty.channel.embedded.EmbeddedChannel; + import io.netty.handler.codec.MessageToByteEncoder; +-import io.netty.handler.codec.compression.Brotli; +-import io.netty.handler.codec.compression.BrotliEncoder; +-import io.netty.handler.codec.compression.BrotliOptions; + import io.netty.handler.codec.compression.CompressionOptions; + import io.netty.handler.codec.compression.DeflateOptions; + import io.netty.handler.codec.compression.GzipOptions; +@@ -34,11 +31,6 @@ import io.netty.handler.codec.compression.StandardCompressionOptions; + import io.netty.handler.codec.compression.ZlibCodecFactory; + import io.netty.handler.codec.compression.ZlibEncoder; + import io.netty.handler.codec.compression.ZlibWrapper; +-import io.netty.handler.codec.compression.Zstd; +-import io.netty.handler.codec.compression.ZstdEncoder; +-import io.netty.handler.codec.compression.ZstdOptions; +-import io.netty.handler.codec.compression.SnappyFrameEncoder; +-import io.netty.handler.codec.compression.SnappyOptions; + import io.netty.util.internal.ObjectUtil; + + import static io.netty.util.internal.ObjectUtil.checkInRange; +@@ -52,11 +44,8 @@ import static io.netty.util.internal.ObjectUtil.checkInRange; + */ + public class HttpContentCompressor extends HttpContentEncoder { + +- private final BrotliOptions brotliOptions; + private final GzipOptions gzipOptions; + private final DeflateOptions deflateOptions; +- private final ZstdOptions zstdOptions; +- private final SnappyOptions snappyOptions; + + private final int contentSizeThreshold; + private ChannelHandlerContext ctx; +@@ -174,11 +163,8 @@ public class HttpContentCompressor extends HttpContentEncoder { + */ + public HttpContentCompressor(int contentSizeThreshold, CompressionOptions... compressionOptions) { + this.contentSizeThreshold = ObjectUtil.checkPositiveOrZero(contentSizeThreshold, "contentSizeThreshold"); +- BrotliOptions brotliOptions = null; + GzipOptions gzipOptions = null; + DeflateOptions deflateOptions = null; +- ZstdOptions zstdOptions = null; +- SnappyOptions snappyOptions = null; + if (compressionOptions == null || compressionOptions.length == 0) { + compressionOptions = defaultCompressionOptions( + StandardCompressionOptions.gzip(), StandardCompressionOptions.deflate()); +@@ -192,16 +178,10 @@ public class HttpContentCompressor extends HttpContentEncoder { + // This results in the static analysis of native-image identifying the instanceof BrotliOptions check + // and thus BrotliOptions itself as unreachable, enabling native-image to link all classes + // at build time and not complain about the missing Brotli classes. +- if (Brotli.isAvailable() && compressionOption instanceof BrotliOptions) { +- brotliOptions = (BrotliOptions) compressionOption; +- } else if (compressionOption instanceof GzipOptions) { ++ if (compressionOption instanceof GzipOptions) { + gzipOptions = (GzipOptions) compressionOption; + } else if (compressionOption instanceof DeflateOptions) { + deflateOptions = (DeflateOptions) compressionOption; +- } else if (Zstd.isAvailable() && compressionOption instanceof ZstdOptions) { +- zstdOptions = (ZstdOptions) compressionOption; +- } else if (compressionOption instanceof SnappyOptions) { +- snappyOptions = (SnappyOptions) compressionOption; + } else { + throw new IllegalArgumentException("Unsupported " + CompressionOptions.class.getSimpleName() + + ": " + compressionOption); +@@ -210,9 +190,6 @@ public class HttpContentCompressor extends HttpContentEncoder { + + this.gzipOptions = gzipOptions; + this.deflateOptions = deflateOptions; +- this.brotliOptions = brotliOptions; +- this.zstdOptions = zstdOptions; +- this.snappyOptions = snappyOptions; + + this.factories = new HashMap(); + +@@ -222,15 +199,6 @@ public class HttpContentCompressor extends HttpContentEncoder { + if (this.deflateOptions != null) { + this.factories.put("deflate", new DeflateEncoderFactory()); + } +- if (Brotli.isAvailable() && this.brotliOptions != null) { +- this.factories.put("br", new BrEncoderFactory()); +- } +- if (this.zstdOptions != null) { +- this.factories.put("zstd", new ZstdEncoderFactory()); +- } +- if (this.snappyOptions != null) { +- this.factories.put("snappy", new SnappyEncoderFactory()); +- } + } + + private static CompressionOptions[] defaultCompressionOptions( +@@ -238,14 +206,6 @@ public class HttpContentCompressor extends HttpContentEncoder { + List options = new ArrayList(5); + options.add(gzipOptions); + options.add(deflateOptions); +- options.add(StandardCompressionOptions.snappy()); +- +- if (Brotli.isAvailable()) { +- options.add(StandardCompressionOptions.brotli()); +- } +- if (Zstd.isAvailable()) { +- options.add(StandardCompressionOptions.zstd()); +- } + return options.toArray(new CompressionOptions[0]); + } + +@@ -289,9 +249,6 @@ public class HttpContentCompressor extends HttpContentEncoder { + @SuppressWarnings("FloatingPointEquality") + protected String determineEncoding(String acceptEncoding) { + float starQ = -1.0f; +- float brQ = -1.0f; +- float zstdQ = -1.0f; +- float snappyQ = -1.0f; + float gzipQ = -1.0f; + float deflateQ = -1.0f; + for (String encoding : acceptEncoding.split(",")) { +@@ -307,41 +264,20 @@ public class HttpContentCompressor extends HttpContentEncoder { + } + if (encoding.contains("*")) { + starQ = q; +- } else if (encoding.contains("br") && q > brQ) { +- brQ = q; +- } else if (encoding.contains("zstd") && q > zstdQ) { +- zstdQ = q; +- } else if (encoding.contains("snappy") && q > snappyQ) { +- snappyQ = q; + } else if (encoding.contains("gzip") && q > gzipQ) { + gzipQ = q; + } else if (encoding.contains("deflate") && q > deflateQ) { + deflateQ = q; + } + } +- if (brQ > 0.0f || zstdQ > 0.0f || snappyQ > 0.0f || gzipQ > 0.0f || deflateQ > 0.0f) { +- if (brQ != -1.0f && brQ >= zstdQ && this.brotliOptions != null) { +- return "br"; +- } else if (zstdQ != -1.0f && zstdQ >= snappyQ && this.zstdOptions != null) { +- return "zstd"; +- } else if (snappyQ != -1.0f && snappyQ >= gzipQ && this.snappyOptions != null) { +- return "snappy"; +- } else if (gzipQ != -1.0f && gzipQ >= deflateQ && this.gzipOptions != null) { ++ if (gzipQ > 0.0f || deflateQ > 0.0f) { ++ if (gzipQ != -1.0f && gzipQ >= deflateQ && this.gzipOptions != null) { + return "gzip"; + } else if (deflateQ != -1.0f && this.deflateOptions != null) { + return "deflate"; + } + } + if (starQ > 0.0f) { +- if (brQ == -1.0f && this.brotliOptions != null) { +- return "br"; +- } +- if (zstdQ == -1.0f && this.zstdOptions != null) { +- return "zstd"; +- } +- if (snappyQ == -1.0f && this.snappyOptions != null) { +- return "snappy"; +- } + if (gzipQ == -1.0f && this.gzipOptions != null) { + return "gzip"; + } +@@ -422,41 +358,4 @@ public class HttpContentCompressor extends HttpContentEncoder { + deflateOptions.windowBits(), deflateOptions.memLevel()); + } + } +- +- /** +- * Compression Encoder Factory that creates {@link BrotliEncoder}s +- * used to compress http content for br content encoding +- */ +- private final class BrEncoderFactory implements CompressionEncoderFactory { +- +- @Override +- public MessageToByteEncoder createEncoder() { +- return new BrotliEncoder(brotliOptions.parameters()); +- } +- } +- +- /** +- * Compression Encoder Factory for create {@link ZstdEncoder} +- * used to compress http content for zstd content encoding +- */ +- private final class ZstdEncoderFactory implements CompressionEncoderFactory { +- +- @Override +- public MessageToByteEncoder createEncoder() { +- return new ZstdEncoder(zstdOptions.compressionLevel(), +- zstdOptions.blockSize(), zstdOptions.maxEncodeSize()); +- } +- } +- +- /** +- * Compression Encoder Factory for create {@link SnappyFrameEncoder} +- * used to compress http content for snappy content encoding +- */ +- private static final class SnappyEncoderFactory implements CompressionEncoderFactory { +- +- @Override +- public MessageToByteEncoder createEncoder() { +- return new SnappyFrameEncoder(); +- } +- } + } +diff --git a/codec-http/src/main/java/io/netty/handler/codec/http/HttpContentDecompressor.java b/codec-http/src/main/java/io/netty/handler/codec/http/HttpContentDecompressor.java +index 44e6195332..ea461844af 100644 +--- a/codec-http/src/main/java/io/netty/handler/codec/http/HttpContentDecompressor.java ++++ b/codec-http/src/main/java/io/netty/handler/codec/http/HttpContentDecompressor.java +@@ -15,23 +15,15 @@ + */ + package io.netty.handler.codec.http; + +-import static io.netty.handler.codec.http.HttpHeaderValues.BR; + import static io.netty.handler.codec.http.HttpHeaderValues.DEFLATE; + import static io.netty.handler.codec.http.HttpHeaderValues.GZIP; + import static io.netty.handler.codec.http.HttpHeaderValues.X_DEFLATE; + import static io.netty.handler.codec.http.HttpHeaderValues.X_GZIP; +-import static io.netty.handler.codec.http.HttpHeaderValues.SNAPPY; +-import static io.netty.handler.codec.http.HttpHeaderValues.ZSTD; + import static io.netty.util.internal.ObjectUtil.checkPositiveOrZero; + + import io.netty.channel.embedded.EmbeddedChannel; +-import io.netty.handler.codec.compression.Brotli; +-import io.netty.handler.codec.compression.BrotliDecoder; +-import io.netty.handler.codec.compression.SnappyFrameDecoder; + import io.netty.handler.codec.compression.ZlibCodecFactory; + import io.netty.handler.codec.compression.ZlibWrapper; +-import io.netty.handler.codec.compression.Zstd; +-import io.netty.handler.codec.compression.ZstdDecoder; + + /** + * Decompresses an {@link HttpMessage} and an {@link HttpContent} compressed in +@@ -102,20 +94,6 @@ public class HttpContentDecompressor extends HttpContentDecoder { + return new EmbeddedChannel(ctx.channel().id(), ctx.channel().metadata().hasDisconnect(), + ctx.channel().config(), ZlibCodecFactory.newZlibDecoder(wrapper, maxAllocation)); + } +- if (Brotli.isAvailable() && BR.contentEqualsIgnoreCase(contentEncoding)) { +- return new EmbeddedChannel(ctx.channel().id(), ctx.channel().metadata().hasDisconnect(), +- ctx.channel().config(), new BrotliDecoder()); +- } +- +- if (SNAPPY.contentEqualsIgnoreCase(contentEncoding)) { +- return new EmbeddedChannel(ctx.channel().id(), ctx.channel().metadata().hasDisconnect(), +- ctx.channel().config(), new SnappyFrameDecoder()); +- } +- +- if (Zstd.isAvailable() && ZSTD.contentEqualsIgnoreCase(contentEncoding)) { +- return new EmbeddedChannel(ctx.channel().id(), ctx.channel().metadata().hasDisconnect(), +- ctx.channel().config(), new ZstdDecoder()); +- } + + // 'identity' or unsupported + return null; +diff --git a/codec-http2/src/main/java/io/netty/handler/codec/http2/CompressorHttp2ConnectionEncoder.java b/codec-http2/src/main/java/io/netty/handler/codec/http2/CompressorHttp2ConnectionEncoder.java +index b12213dff6..fdeadaebbe 100644 +--- a/codec-http2/src/main/java/io/netty/handler/codec/http2/CompressorHttp2ConnectionEncoder.java ++++ b/codec-http2/src/main/java/io/netty/handler/codec/http2/CompressorHttp2ConnectionEncoder.java +@@ -21,20 +21,12 @@ import io.netty.channel.ChannelHandlerContext; + import io.netty.channel.ChannelPromise; + import io.netty.channel.embedded.EmbeddedChannel; + import io.netty.handler.codec.ByteToMessageDecoder; +-import io.netty.handler.codec.compression.BrotliEncoder; + import io.netty.handler.codec.compression.ZlibCodecFactory; + import io.netty.handler.codec.compression.ZlibWrapper; +-import io.netty.handler.codec.compression.Brotli; +-import io.netty.handler.codec.compression.BrotliOptions; + import io.netty.handler.codec.compression.CompressionOptions; + import io.netty.handler.codec.compression.DeflateOptions; + import io.netty.handler.codec.compression.GzipOptions; + import io.netty.handler.codec.compression.StandardCompressionOptions; +-import io.netty.handler.codec.compression.Zstd; +-import io.netty.handler.codec.compression.ZstdEncoder; +-import io.netty.handler.codec.compression.ZstdOptions; +-import io.netty.handler.codec.compression.SnappyFrameEncoder; +-import io.netty.handler.codec.compression.SnappyOptions; + import io.netty.util.concurrent.PromiseCombiner; + import io.netty.util.internal.ObjectUtil; + +@@ -43,14 +35,11 @@ import java.util.List; + + import static io.netty.handler.codec.http.HttpHeaderNames.CONTENT_ENCODING; + import static io.netty.handler.codec.http.HttpHeaderNames.CONTENT_LENGTH; +-import static io.netty.handler.codec.http.HttpHeaderValues.BR; + import static io.netty.handler.codec.http.HttpHeaderValues.DEFLATE; + import static io.netty.handler.codec.http.HttpHeaderValues.GZIP; + import static io.netty.handler.codec.http.HttpHeaderValues.IDENTITY; + import static io.netty.handler.codec.http.HttpHeaderValues.X_DEFLATE; + import static io.netty.handler.codec.http.HttpHeaderValues.X_GZIP; +-import static io.netty.handler.codec.http.HttpHeaderValues.ZSTD; +-import static io.netty.handler.codec.http.HttpHeaderValues.SNAPPY; + + /** + * A decorating HTTP2 encoder that will compress data frames according to the {@code content-encoding} header for each +@@ -69,11 +58,8 @@ public class CompressorHttp2ConnectionEncoder extends DecoratingHttp2ConnectionE + + private final boolean supportsCompressionOptions; + +- private BrotliOptions brotliOptions; + private GzipOptions gzipCompressionOptions; + private DeflateOptions deflateOptions; +- private ZstdOptions zstdOptions; +- private SnappyOptions snappyOptions; + + /** + * Create a new {@link CompressorHttp2ConnectionEncoder} instance +@@ -87,13 +73,6 @@ public class CompressorHttp2ConnectionEncoder extends DecoratingHttp2ConnectionE + List compressionOptions = new ArrayList(); + compressionOptions.add(StandardCompressionOptions.gzip()); + compressionOptions.add(StandardCompressionOptions.deflate()); +- compressionOptions.add(StandardCompressionOptions.snappy()); +- if (Brotli.isAvailable()) { +- compressionOptions.add(StandardCompressionOptions.brotli()); +- } +- if (Zstd.isAvailable()) { +- compressionOptions.add(StandardCompressionOptions.zstd()); +- } + return compressionOptions.toArray(new CompressionOptions[0]); + } + +@@ -139,16 +118,10 @@ public class CompressorHttp2ConnectionEncoder extends DecoratingHttp2ConnectionE + // This results in the static analysis of native-image identifying the instanceof BrotliOptions check + // and thus BrotliOptions itself as unreachable, enabling native-image to link all classes at build time + // and not complain about the missing Brotli classes. +- if (Brotli.isAvailable() && compressionOptions instanceof BrotliOptions) { +- brotliOptions = (BrotliOptions) compressionOptions; +- } else if (compressionOptions instanceof GzipOptions) { ++ if (compressionOptions instanceof GzipOptions) { + gzipCompressionOptions = (GzipOptions) compressionOptions; + } else if (compressionOptions instanceof DeflateOptions) { + deflateOptions = (DeflateOptions) compressionOptions; +- } else if (compressionOptions instanceof ZstdOptions) { +- zstdOptions = (ZstdOptions) compressionOptions; +- } else if (compressionOptions instanceof SnappyOptions) { +- snappyOptions = (SnappyOptions) compressionOptions; + } else { + throw new IllegalArgumentException("Unsupported " + CompressionOptions.class.getSimpleName() + + ": " + compressionOptions); +@@ -286,19 +259,6 @@ public class CompressorHttp2ConnectionEncoder extends DecoratingHttp2ConnectionE + if (DEFLATE.contentEqualsIgnoreCase(contentEncoding) || X_DEFLATE.contentEqualsIgnoreCase(contentEncoding)) { + return newCompressionChannel(ctx, ZlibWrapper.ZLIB); + } +- if (Brotli.isAvailable() && brotliOptions != null && BR.contentEqualsIgnoreCase(contentEncoding)) { +- return new EmbeddedChannel(ctx.channel().id(), ctx.channel().metadata().hasDisconnect(), +- ctx.channel().config(), new BrotliEncoder(brotliOptions.parameters())); +- } +- if (zstdOptions != null && ZSTD.contentEqualsIgnoreCase(contentEncoding)) { +- return new EmbeddedChannel(ctx.channel().id(), ctx.channel().metadata().hasDisconnect(), +- ctx.channel().config(), new ZstdEncoder(zstdOptions.compressionLevel(), +- zstdOptions.blockSize(), zstdOptions.maxEncodeSize())); +- } +- if (snappyOptions != null && SNAPPY.contentEqualsIgnoreCase(contentEncoding)) { +- return new EmbeddedChannel(ctx.channel().id(), ctx.channel().metadata().hasDisconnect(), +- ctx.channel().config(), new SnappyFrameEncoder()); +- } + // 'identity' or unsupported + return null; + } +diff --git a/codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java b/codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java +index 73e497ccb8..56a2a93677 100644 +--- a/codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java ++++ b/codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java +@@ -20,24 +20,16 @@ import io.netty.channel.ChannelHandlerContext; + import io.netty.channel.ChannelInboundHandlerAdapter; + import io.netty.channel.embedded.EmbeddedChannel; + import io.netty.handler.codec.ByteToMessageDecoder; +-import io.netty.handler.codec.compression.Brotli; +-import io.netty.handler.codec.compression.BrotliDecoder; +-import io.netty.handler.codec.compression.Zstd; +-import io.netty.handler.codec.compression.ZstdDecoder; + import io.netty.handler.codec.compression.ZlibCodecFactory; + import io.netty.handler.codec.compression.ZlibWrapper; +-import io.netty.handler.codec.compression.SnappyFrameDecoder; + + import static io.netty.handler.codec.http.HttpHeaderNames.CONTENT_ENCODING; + import static io.netty.handler.codec.http.HttpHeaderNames.CONTENT_LENGTH; +-import static io.netty.handler.codec.http.HttpHeaderValues.BR; + import static io.netty.handler.codec.http.HttpHeaderValues.DEFLATE; + import static io.netty.handler.codec.http.HttpHeaderValues.GZIP; + import static io.netty.handler.codec.http.HttpHeaderValues.IDENTITY; + import static io.netty.handler.codec.http.HttpHeaderValues.X_DEFLATE; + import static io.netty.handler.codec.http.HttpHeaderValues.X_GZIP; +-import static io.netty.handler.codec.http.HttpHeaderValues.SNAPPY; +-import static io.netty.handler.codec.http.HttpHeaderValues.ZSTD; + import static io.netty.handler.codec.http2.Http2Error.INTERNAL_ERROR; + import static io.netty.handler.codec.http2.Http2Exception.streamError; + import static io.netty.util.internal.ObjectUtil.checkNotNull; +@@ -175,18 +167,6 @@ public class DelegatingDecompressorFrameListener extends Http2FrameListenerDecor + return new EmbeddedChannel(ctx.channel().id(), ctx.channel().metadata().hasDisconnect(), + ctx.channel().config(), ZlibCodecFactory.newZlibDecoder(wrapper, maxAllocation)); + } +- if (Brotli.isAvailable() && BR.contentEqualsIgnoreCase(contentEncoding)) { +- return new EmbeddedChannel(ctx.channel().id(), ctx.channel().metadata().hasDisconnect(), +- ctx.channel().config(), new BrotliDecoder()); +- } +- if (SNAPPY.contentEqualsIgnoreCase(contentEncoding)) { +- return new EmbeddedChannel(ctx.channel().id(), ctx.channel().metadata().hasDisconnect(), +- ctx.channel().config(), new SnappyFrameDecoder()); +- } +- if (Zstd.isAvailable() && ZSTD.contentEqualsIgnoreCase(contentEncoding)) { +- return new EmbeddedChannel(ctx.channel().id(), ctx.channel().metadata().hasDisconnect(), +- ctx.channel().config(), new ZstdDecoder()); +- } + // 'identity' or unsupported + return null; + } +diff --git a/codec/src/main/java/io/netty/handler/codec/compression/StandardCompressionOptions.java b/codec/src/main/java/io/netty/handler/codec/compression/StandardCompressionOptions.java +index 38793a97e6..c1f1c8c17c 100644 +--- a/codec/src/main/java/io/netty/handler/codec/compression/StandardCompressionOptions.java ++++ b/codec/src/main/java/io/netty/handler/codec/compression/StandardCompressionOptions.java +@@ -15,11 +15,10 @@ + */ + package io.netty.handler.codec.compression; + +-import com.aayushatharva.brotli4j.encoder.Encoder; + import io.netty.util.internal.ObjectUtil; + + /** +- * Standard Compression Options for {@link BrotliOptions}, ++ * Standard Compression Options for + * {@link GzipOptions} and {@link DeflateOptions} + */ + public final class StandardCompressionOptions { +@@ -28,73 +27,6 @@ public final class StandardCompressionOptions { + // Prevent outside initialization + } + +- /** +- * Default implementation of {@link BrotliOptions} with {@link Encoder.Parameters#setQuality(int)} set to 4 +- * and {@link Encoder.Parameters#setMode(Encoder.Mode)} set to {@link Encoder.Mode#TEXT} +- */ +- public static BrotliOptions brotli() { +- return BrotliOptions.DEFAULT; +- } +- +- /** +- * Create a new {@link BrotliOptions} +- * +- * @param parameters {@link Encoder.Parameters} Instance +- * @throws NullPointerException If {@link Encoder.Parameters} is {@code null} +- * @deprecated Use {@link #brotli(int, int, BrotliMode)} +- */ +- @Deprecated +- public static BrotliOptions brotli(Encoder.Parameters parameters) { +- return new BrotliOptions(parameters); +- } +- +- /** +- * Create a new {@link BrotliOptions} +- * +- * @param quality Specifies the compression level. +- * @param window Specifies the size of the sliding window when compressing. +- * @param mode optimizes the compression algorithm based on the type of input data. +- * @throws NullPointerException If {@link BrotliMode} is {@code null} +- */ +- public static BrotliOptions brotli(int quality, int window, BrotliMode mode) { +- ObjectUtil.checkInRange(quality, 0, 11, "quality"); +- ObjectUtil.checkInRange(window, 10, 24, "window"); +- ObjectUtil.checkNotNull(mode, "mode"); +- +- Encoder.Parameters parameters = new Encoder.Parameters() +- .setQuality(quality) +- .setWindow(window) +- .setMode(mode.adapt()); +- return new BrotliOptions(parameters); +- } +- +- /** +- * Default implementation of {@link ZstdOptions} with{compressionLevel(int)} set to +- * {@link ZstdConstants#DEFAULT_COMPRESSION_LEVEL},{@link ZstdConstants#DEFAULT_BLOCK_SIZE}, +- * {@link ZstdConstants#MAX_BLOCK_SIZE} +- */ +- public static ZstdOptions zstd() { +- return ZstdOptions.DEFAULT; +- } +- +- /** +- * Create a new {@link ZstdOptions} +- * +- * @param blockSize is used to calculate the compressionLevel +- * @param maxEncodeSize specifies the size of the largest compressed object +- * @param compressionLevel specifies the level of the compression +- */ +- public static ZstdOptions zstd(int compressionLevel, int blockSize, int maxEncodeSize) { +- return new ZstdOptions(compressionLevel, blockSize, maxEncodeSize); +- } +- +- /** +- * Create a new {@link SnappyOptions} +- */ +- public static SnappyOptions snappy() { +- return new SnappyOptions(); +- } +- + /** + * Default implementation of {@link GzipOptions} with + * {@code compressionLevel()} set to 6, {@code windowBits()} set to 15 and {@code memLevel()} set to 8. +-- +2.51.0 + diff --git a/codegen.bash b/codegen.bash new file mode 100755 index 0000000..f9837e4 --- /dev/null +++ b/codegen.bash @@ -0,0 +1,22 @@ +#!/bin/bash +for type in byte char short int long; do + case $type in + int) object=Integer ;; + char) object=Character ;; + *) object=${type^} ;; + esac + hash='(int) key' + if [ $type = long ]; then + hash='(int) (key ^ (key >>> 32))' + fi + mkdir -p target/generated-sources/collections/java + for file in `find src/main/templates -name '*.template'`; do + filename=$(basename $file | sed "s/K/${type^}/;s/\.template/.java/") + sed -e "s/@k@/${type}/g" \ + -e "s/@K@/${type^}/g" \ + -e "s/@O@/${object}/g" \ + -e "s/@KEY_NUMBER_METHOD@/${type}Value/g" \ + -e "s/@HASH_CODE@/${hash}/g" \ + $file > target/generated-sources/collections/java/$filename + done +done diff --git a/fix-strip.patch b/fix-strip.patch new file mode 100644 index 0000000..9423607 --- /dev/null +++ b/fix-strip.patch @@ -0,0 +1,14 @@ +diff -Nur a/transport-native-epoll/pom.xml b/transport-native-epoll/pom.xml +--- a/transport-native-epoll/pom.xml 2025-09-08 15:37:39.281041787 +0800 ++++ b/transport-native-epoll/pom.xml 2025-09-08 15:39:41.699041787 +0800 +@@ -36,8 +36,8 @@ + ${project.build.directory}/unix-common-lib + ${unix.common.lib.dir}/META-INF/native/lib + ${unix.common.lib.dir}/META-INF/native/include +- CFLAGS=-O2 -pipe -Werror -fno-omit-frame-pointer -Wunused-variable -fvisibility=hidden -D_FORTIFY_SOURCE=2 -ffunction-sections -fdata-sections -I${unix.common.include.unpacked.dir} +- LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -Wl,--gc-sections -L${unix.common.lib.unpacked.dir} ++ CFLAGS=-O2 -pipe -Werror -fno-omit-frame-pointer -Wunused-variable -fvisibility=hidden -D_FORTIFY_SOURCE=2 -ffunction-sections -fdata-sections -Wl,-s -I${unix.common.include.unpacked.dir} ++ LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -Wl,--gc-sections -Wl,-s -L${unix.common.lib.unpacked.dir} + LIBS=-Wl,--whole-archive -l${unix.common.lib.name} -Wl,--no-whole-archive -ldl -lrt + ${project.basedir}/src/main/c + true diff --git a/netty.spec b/netty.spec new file mode 100644 index 0000000..8f01c11 --- /dev/null +++ b/netty.spec @@ -0,0 +1,295 @@ +%global debug_package %{nil} + +Name: netty +Version: 4.1.126 +Release: 2 +Summary: An asynchronous event-driven network application framework and tools for Java +License: Apache-2.0 +URL: https://netty.io/ +Source0: https://github.com/netty/netty/archive/netty-%{version}.Final.tar.gz +Source1: codegen.bash +Source2: https://repo1.maven.org/maven2/io/netty/netty-jni-util/0.0.9.Final/netty-jni-util-0.0.9.Final-sources.jar +Patch0000: 0001-Remove-optional-dep-Blockhound.patch +Patch0001: 0002-Remove-optional-dep-conscrypt.patch +Patch0002: 0003-Remove-optional-deps-jetty-alpn-and-npn.patch +Patch0003: 0004-Disable-Brotli-and-ZStd-compression.patch +Patch0004: no-werror.patch +Patch0005: reproducible.patch +Patch0006: fix-strip.patch + +BuildRequires: autoconf automake libtool gcc +BuildRequires: maven-local +BuildRequires: mvn(com.fasterxml:aalto-xml) +BuildRequires: mvn(com.jcraft:jzlib) +BuildRequires: mvn(commons-logging:commons-logging) +BuildRequires: mvn(io.netty:netty-tcnative) >= 2.0.60 +BuildRequires: mvn(io.netty:netty-tcnative-classes) >= 2.0.60 +BuildRequires: mvn(kr.motd.maven:os-maven-plugin) +BuildRequires: mvn(org.apache.felix:maven-bundle-plugin) +BuildRequires: mvn(org.apache.logging.log4j:log4j-1.2-api) +BuildRequires: mvn(org.apache.logging.log4j:log4j-api) +BuildRequires: mvn(org.apache.maven.plugins:maven-antrun-plugin) +BuildRequires: mvn(org.apache.maven.plugins:maven-dependency-plugin) +BuildRequires: mvn(org.apache.maven.plugins:maven-remote-resources-plugin) +BuildRequires: mvn(org.bouncycastle:bcpkix-jdk15on) +BuildRequires: mvn(org.bouncycastle:bctls-jdk15on) +BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin) +BuildRequires: mvn(org.codehaus.mojo:exec-maven-plugin) +BuildRequires: mvn(org.fusesource.hawtjni:hawtjni-maven-plugin) +BuildRequires: mvn(org.jctools:jctools-core) +BuildRequires: mvn(org.slf4j:slf4j-api) +BuildRequires: jurand fdupes + +%description +Netty is an asynchronous event-driven network application framework +for rapid development of maintainable high performance protocol servers & clients. + +%package bom +Summary: POM-only artifacts for %{name} +Obsoletes: %{name}-poms +BuildArch: noarch + +%description bom +%{summary}. + +%package parent +Summary: POM-only artifacts for %{name} +Obsoletes: %{name}-poms +BuildArch: noarch + +%description parent +%{summary}. + +%package help +Summary: Documents for %{name} +Buildarch: noarch +Requires: man info +Provides: %{name}-javadoc = %{version}-%{release} +Obsoletes: %{name}-javadoc < %{version}-%{release} +%description help +Man pages and other related documents for %{name}. + +%prep +%autosetup -p1 -n netty-netty-%{version}.Final + +# remove annotations for which we have no dependencies +# Graal annotations +%{java_remove_annotations} common -p "com.oracle.svm.core.annotate" +# Jetbrains annotation +%{java_remove_annotations} common -p "org.jetbrains.annotations" + +%pom_remove_parent . bom + +%pom_disable_module "example" +%pom_disable_module "microbench" + +%pom_remove_plugin :maven-antrun-plugin +%pom_remove_plugin :maven-dependency-plugin +%pom_remove_plugin :xml-maven-plugin +%pom_remove_plugin :japicmp-maven-plugin +%pom_remove_plugin -r :maven-checkstyle-plugin +%pom_remove_plugin -r :animal-sniffer-maven-plugin +%pom_remove_plugin -r :maven-enforcer-plugin +%pom_remove_plugin -r :maven-shade-plugin +%pom_remove_plugin -r :maven-release-plugin +%pom_remove_plugin -r :maven-clean-plugin +%pom_remove_plugin -r :maven-source-plugin +%pom_remove_plugin -r :maven-deploy-plugin +%pom_remove_plugin -r :maven-jxr-plugin +%pom_remove_plugin -r :maven-javadoc-plugin +%pom_remove_plugin -r :forbiddenapis +%pom_remove_plugin -r :revapi-maven-plugin +%pom_remove_plugin -r :bom-helper-maven-plugin +%pom_remove_plugin -r :central-publishing-maven-plugin +%pom_remove_plugin -r :nexus-staging-maven-plugin +%pom_remove_plugin -r :flatten-maven-plugin +%pom_remove_plugin :duplicate-finder-maven-plugin all + +cp %{SOURCE1} common/codegen.bash +chmod +x common/codegen.bash +%pom_add_plugin org.codehaus.mojo:exec-maven-plugin common ' + + + generate-collections + generate-sources + + exec + + + common/codegen.bash + + + +' +%pom_remove_plugin :groovy-maven-plugin common + +%pom_remove_dep "org.graalvm.nativeimage:" common +rm common/src/main/java/io/netty/util/internal/svm/* + +%pom_remove_dep -r "com.google.protobuf:protobuf-java" +%pom_remove_dep -r "com.google.protobuf.nano:protobuf-javanano" +rm codec/src/main/java/io/netty/handler/codec/protobuf/* +sed -i '/import.*protobuf/d' codec/src/main/java/io/netty/handler/codec/DatagramPacket*.java + +%pom_remove_dep -r "org.jboss.marshalling:jboss-marshalling" +rm codec/src/main/java/io/netty/handler/codec/marshalling/* + +%pom_remove_dep -r com.github.jponge:lzma-java +rm codec/src/*/java/io/netty/handler/codec/compression/Lzma*.java +%pom_remove_dep -r com.ning:compress-lzf +rm codec/src/*/java/io/netty/handler/codec/compression/Lzf*.java +%pom_remove_dep -r org.lz4:lz4-java +rm codec/src/*/java/io/netty/handler/codec/compression/Lz4*.java +%pom_remove_dep -r com.aayushatharva.brotli4j: +rm codec/src/*/java/io/netty/handler/codec/compression/Brotli*.java +%pom_remove_dep -r com.github.luben:zstd-jni +rm codec/src/*/java/io/netty/handler/codec/compression/Zstd*.java + +%pom_disable_module transport-rxtx +%pom_remove_dep -r :netty-transport-rxtx +%pom_disable_module transport-udt +%pom_remove_dep -r :netty-transport-udt + +%pom_remove_dep -r :netty-build-common +%pom_remove_dep :netty-dev-tools + +%pom_disable_module resolver-dns-native-macos +%pom_remove_dep -r :netty-resolver-dns-native-macos + +%pom_disable_module testsuite +%pom_disable_module testsuite-autobahn +%pom_disable_module testsuite-http2 +%pom_disable_module testsuite-native +%pom_disable_module testsuite-native-image +%pom_disable_module testsuite-native-image-client +%pom_disable_module testsuite-native-image-client-runtime-init +%pom_disable_module testsuite-osgi +%pom_disable_module testsuite-shading +%pom_disable_module transport-native-unix-common-tests + +%pom_remove_dep io.netty:netty-jni-util transport-native-unix-common +%pom_remove_plugin :maven-dependency-plugin transport-native-unix-common +mkdir -p transport-native-unix-common/target/netty-jni-util +unzip %{SOURCE2} -d transport-native-unix-common/target/netty-jni-util + +%pom_xpath_remove "pom:build/pom:plugins/pom:plugin[pom:artifactId = 'maven-bundle-plugin']/pom:executions/pom:execution[pom:id = 'generate-manifest']/pom:configuration/pom:instructions/pom:Import-Package" common/pom.xml + +%pom_xpath_inject "pom:project" ' +io.netty.dev.tools +' dev-tools + +%pom_remove_dep -r :annotations-java5 + +%pom_xpath_remove "pom:profiles/pom:profile[pom:id = 'staging']" all + +# Tell xmvn to install attached artifact, which it does not +# do by default. In this case install all attached artifacts with +# the linux classifier. +%mvn_package ":::linux*:" + +%mvn_package ":netty-parent" parent +%mvn_package ":netty-bom" bom + +%mvn_package ':*-tests' __noinstall + +%build +export CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS" +%mvn_build -f + +%install +%mvn_install +%fdupes -s %{buildroot}%{_javadocdir} + +%files -f .mfiles +%doc LICENSE.txt NOTICE.txt + +%files parent -f .mfiles-parent +%license LICENSE.txt NOTICE.txt + +%files bom -f .mfiles-bom + +%files help -f .mfiles-javadoc + +%changelog +* Tue Sep 23 2025 chengsongyuxuan - 4.1.126-2 +- Fix AR parameter order issue + +* Thu Sep 18 2025 yaoxin <1024769339@qq.com> - 4.1.126-1 +- Update to 4.1.126 for fix CVE-2025-58056 and CVE-2025-58057 + +* Thu Aug 14 2025 Yu Peng - 4.1.114-3 +- Fix CVE-2025-55163 + +* Tue Feb 11 2025 wangkai <13474090681@163.com> - 4.1.114-2 +- Fix CVE-2025-24970 + +* Thu Nov 14 2024 yaoxin - 4.1.114-1 +- Update to 4.1.114 + * Validate HTTP Method (#14280) + * Release AdaptiveByteBuf when ownership could not be transfered. (#14285) + * Make arenas reuse their last chunk more aggressively (#14291) + * Only add Magazine to Set if we can ensure its removed again (#14292) + * Ensure Chunk will not leak if init of AdaptiveByteBuf fails for whatever reason (#14295) + * Correctly release one-off allocated chunks (#14302) + * Ensure pooled memory is released when AdaptivePoolingAllocator is GC'ed (#14304) + * Slices / duplicates of AdaptiveByteBuf must not escape the rootParent (#14310) + * Fix sizeBucket bug in AdaptivePoolingAllocator (#14311) + * AdaptiveByteBufAllocator: More strict reference counting for chunks (#14322) + * Ensure we not store the DnsQueryContext for later removal when we couldnt obtain a query id (#14326) + * Reduce memory fragmentation (#14333) + * Properly free magazine chunks and avoid orphaned magazines (#14334) + * Magazines must be freed under the expand lock (#14336) + * Release message before failing promise when multiple requests are written while upgrade is in progress. (#14342) + * Allow to reuse more then one session per host / port mapping (#14356) + * Ensure writes will not fail when triggered after receiving UpgradeEvent.UPGRADE_SUCCESSFUL (#14362) + * Refactor DnsNameResolver to be able to use different strategies when it comes to creating Channels for queries. (#14374) + * DnsNameResolver: allow users to skip bind() during bootstrap (#14375) + * DnsResolverBuilder methods should make it clear that these are for DatagramChannel (#14379) + +* Tue Nov 12 2024 yaoxin - 4.1.13-22 +- Fix CVE-2024-29025 + +* Wed Dec 13 2023 yaoxin - 4.1.13-21 +- Fix CVE-2022-41881 + +* Sun Mar 05 2023 wulei - 4.1.13-20 +- Add strip + +* Wed Nov 9 2022 liyanan - 4.1.13-19 +- Change source + +* Mon Mar 07 2022 wangkai - 4.1.13-18 +- Remove lz4-java dependency + +* Fri Dec 24 2021 wangkai - 4.1.13-17 +- This package depends on log4j.After the log4j vulnerability CVE-2021-45105 is fixed,the version needs to be rebuild. + +* Fri Dec 17 2021 yaoxin - 4.1.13-16 +- Fix CVE-2021-43797 + +* Wed Oct 27 2021 wangkai - 4.1.13-15 +- fix CVE-2021-37136 CVE-2021-37137 + +* Mon Aug 16 2021 wangyue - 4.1.13-14 +- fix build error + +* Sat Aug 14 2021 wangyue - 4.1.13-13 +- fix build error + +* Tue Apr 06 2021 wangxiao - 4.1.13-12 +- Fix CVE-2021-21295 CVE-2021-21409 + +* Tue Mar 09 2021 wangyue - 4.1.13-11 +- fix CVE-2021-21290 + +* Thu Jan 28 2021 maminjie - 4.1.13-10 +- remove the BuildRequires lzma-java that is deprecated + +* Fri Dec 04 2020 caodongxia - 4.1.13-9 +- fix CVE-2019-16869 CVE-2019-20444 CVE-2019-20445 CVE-2020-11612 + +* Wed Aug 26 2020 yaokai - 4.1.13-8 + - Disable support for protobuf in the codecs module + +* Mon Dec 23 2019 Shuaishuai Song - 4.1.13-7 +- package init diff --git a/no-werror.patch b/no-werror.patch new file mode 100644 index 0000000..7e7a13f --- /dev/null +++ b/no-werror.patch @@ -0,0 +1,56 @@ +--- netty-netty-4.1.72.Final/transport-native-unix-common/pom.xml 2021-12-13 17:10:20.606957494 +0100 ++++ netty-netty-4.1.72.Final/transport-native-unix-common/pom.xml 2021-12-13 17:11:21.279319445 +0100 +@@ -153,7 +153,7 @@ + + + +- ++ + + +