From f7b8e27b5f55c4a21cf84fb56a616b8bfd4af8da Mon Sep 17 00:00:00 2001
From: Michael Simacek <msimacek@redhat.com>
Date: Fri, 7 Jul 2017 16:07:23 +0200
Subject: [PATCH 2/3] Remove NPN
---
handler/pom.xml | 5 -
.../ssl/JdkNpnApplicationProtocolNegotiator.java | 120 --------------------
.../java/io/netty/handler/ssl/JdkSslContext.java | 30 -----
.../io/netty/handler/ssl/JettyNpnSslEngine.java | 122 ---------------------
.../io/netty/handler/ssl/JdkSslEngineTest.java | 2 +-
5 files changed, 1 insertion(+), 278 deletions(-)
delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java
diff --git a/handler/pom.xml b/handler/pom.xml
index d0ed1bc..52e63ca 100644
--- a/handler/pom.xml
+++ b/handler/pom.xml
@@ -55,11 +55,6 @@
<optional>true</optional>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.npn</groupId>
- <artifactId>npn-api</artifactId>
- <optional>true</optional>
- </dependency>
- <dependency>
<groupId>org.eclipse.jetty.alpn</groupId>
<artifactId>alpn-api</artifactId>
<optional>true</optional>
diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
deleted file mode 100644
index 06b29b7..0000000
--- a/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Copyright 2014 The Netty Project
- *
- * The Netty Project licenses this file to you under the Apache License,
- * version 2.0 (the "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-package io.netty.handler.ssl;
-
-import javax.net.ssl.SSLEngine;
-
-/**
- * The {@link JdkApplicationProtocolNegotiator} to use if you need NPN and are using {@link SslProvider#JDK}.
- */
-public final class JdkNpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator {
- private static final SslEngineWrapperFactory NPN_WRAPPER = new SslEngineWrapperFactory() {
- {
- if (!JettyNpnSslEngine.isAvailable()) {
- throw new RuntimeException("NPN unsupported. Is your classpath configured correctly?"
- + " See https://wiki.eclipse.org/Jetty/Feature/NPN");
- }
- }
-
- @Override
- public SSLEngine wrapSslEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator,
- boolean isServer) {
- return new JettyNpnSslEngine(engine, applicationNegotiator, isServer);
- }
- };
-
- /**
- * Create a new instance.
- * @param protocols The order of iteration determines the preference of support for protocols.
- */
- public JdkNpnApplicationProtocolNegotiator(Iterable<String> protocols) {
- this(false, protocols);
- }
-
- /**
- * Create a new instance.
- * @param protocols The order of iteration determines the preference of support for protocols.
- */
- public JdkNpnApplicationProtocolNegotiator(String... protocols) {
- this(false, protocols);
- }
-
- /**
- * Create a new instance.
- * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
- * @param protocols The order of iteration determines the preference of support for protocols.
- */
- public JdkNpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, Iterable<String> protocols) {
- this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
- }
-
- /**
- * Create a new instance.
- * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
- * @param protocols The order of iteration determines the preference of support for protocols.
- */
- public JdkNpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, String... protocols) {
- this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
- }
-
- /**
- * Create a new instance.
- * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
- * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
- * @param protocols The order of iteration determines the preference of support for protocols.
- */
- public JdkNpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
- boolean serverFailIfNoCommonProtocols, Iterable<String> protocols) {
- this(clientFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
- serverFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
- protocols);
- }
-
- /**
- * Create a new instance.
- * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
- * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
- * @param protocols The order of iteration determines the preference of support for protocols.
- */
- public JdkNpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
- boolean serverFailIfNoCommonProtocols, String... protocols) {
- this(clientFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
- serverFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
- protocols);
- }
-
- /**
- * Create a new instance.
- * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
- * @param listenerFactory The factory which provides to be notified of which protocol was selected.
- * @param protocols The order of iteration determines the preference of support for protocols.
- */
- public JdkNpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
- ProtocolSelectionListenerFactory listenerFactory, Iterable<String> protocols) {
- super(NPN_WRAPPER, selectorFactory, listenerFactory, protocols);
- }
-
- /**
- * Create a new instance.
- * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
- * @param listenerFactory The factory which provides to be notified of which protocol was selected.
- * @param protocols The order of iteration determines the preference of support for protocols.
- */
- public JdkNpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
- ProtocolSelectionListenerFactory listenerFactory, String... protocols) {
- super(NPN_WRAPPER, selectorFactory, listenerFactory, protocols);
- }
-}
diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
index 0ad6639..d5b86ff 100644
--- a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
+++ b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
@@ -288,47 +288,17 @@ public class JdkSslContext extends SslContext {
case ALPN:
if (isServer) {
switch(config.selectorFailureBehavior()) {
- case FATAL_ALERT:
- return new JdkAlpnApplicationProtocolNegotiator(true, config.supportedProtocols());
- case NO_ADVERTISE:
- return new JdkAlpnApplicationProtocolNegotiator(false, config.supportedProtocols());
default:
throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
.append(config.selectorFailureBehavior()).append(" failure behavior").toString());
}
} else {
switch(config.selectedListenerFailureBehavior()) {
- case ACCEPT:
- return new JdkAlpnApplicationProtocolNegotiator(false, config.supportedProtocols());
- case FATAL_ALERT:
- return new JdkAlpnApplicationProtocolNegotiator(true, config.supportedProtocols());
default:
throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
.append(config.selectedListenerFailureBehavior()).append(" failure behavior").toString());
}
}
- case NPN:
- if (isServer) {
- switch(config.selectedListenerFailureBehavior()) {
- case ACCEPT:
- return new JdkNpnApplicationProtocolNegotiator(false, config.supportedProtocols());
- case FATAL_ALERT:
- return new JdkNpnApplicationProtocolNegotiator(true, config.supportedProtocols());
- default:
- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
- .append(config.selectedListenerFailureBehavior()).append(" failure behavior").toString());
- }
- } else {
- switch(config.selectorFailureBehavior()) {
- case FATAL_ALERT:
- return new JdkNpnApplicationProtocolNegotiator(true, config.supportedProtocols());
- case NO_ADVERTISE:
- return new JdkNpnApplicationProtocolNegotiator(false, config.supportedProtocols());
- default:
- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
- .append(config.selectorFailureBehavior()).append(" failure behavior").toString());
- }
- }
default:
throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
.append(config.protocol()).append(" protocol").toString());
diff --git a/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java
deleted file mode 100644
index 77e7366..0000000
--- a/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * Copyright 2014 The Netty Project
- *
- * The Netty Project licenses this file to you under the Apache License,
- * version 2.0 (the "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-package io.netty.handler.ssl;
-
-import static io.netty.util.internal.ObjectUtil.checkNotNull;
-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener;
-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
-import io.netty.util.internal.PlatformDependent;
-
-import java.util.LinkedHashSet;
-import java.util.List;
-
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLException;
-
-import org.eclipse.jetty.npn.NextProtoNego;
-import org.eclipse.jetty.npn.NextProtoNego.ClientProvider;
-import org.eclipse.jetty.npn.NextProtoNego.ServerProvider;
-
-final class JettyNpnSslEngine extends JdkSslEngine {
- private static boolean available;
-
- static boolean isAvailable() {
- updateAvailability();
- return available;
- }
-
- private static void updateAvailability() {
- if (available) {
- return;
- }
- try {
- // Always use bootstrap class loader.
- Class.forName("sun.security.ssl.NextProtoNegoExtension", true, null);
- available = true;
- } catch (Exception ignore) {
- // npn-boot was not loaded.
- }
- }
-
- JettyNpnSslEngine(SSLEngine engine, final JdkApplicationProtocolNegotiator applicationNegotiator, boolean server) {
- super(engine);
- checkNotNull(applicationNegotiator, "applicationNegotiator");
-
- if (server) {
- final ProtocolSelectionListener protocolListener = checkNotNull(applicationNegotiator
- .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()),
- "protocolListener");
- NextProtoNego.put(engine, new ServerProvider() {
- @Override
- public void unsupported() {
- protocolListener.unsupported();
- }
-
- @Override
- public List<String> protocols() {
- return applicationNegotiator.protocols();
- }
-
- @Override
- public void protocolSelected(String protocol) {
- try {
- protocolListener.selected(protocol);
- } catch (Throwable t) {
- PlatformDependent.throwException(t);
- }
- }
- });
- } else {
- final ProtocolSelector protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory()
- .newSelector(this, new LinkedHashSet<String>(applicationNegotiator.protocols())),
- "protocolSelector");
- NextProtoNego.put(engine, new ClientProvider() {
- @Override
- public boolean supports() {
- return true;
- }
-
- @Override
- public void unsupported() {
- protocolSelector.unsupported();
- }
-
- @Override
- public String selectProtocol(List<String> protocols) {
- try {
- return protocolSelector.select(protocols);
- } catch (Throwable t) {
- PlatformDependent.throwException(t);
- return null;
- }
- }
- });
- }
- }
-
- @Override
- public void closeInbound() throws SSLException {
- NextProtoNego.remove(getWrappedEngine());
- super.closeInbound();
- }
-
- @Override
- public void closeOutbound() {
- NextProtoNego.remove(getWrappedEngine());
- super.closeOutbound();
- }
-}
diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
index d6cd94d..4489b16 100644
--- a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
@@ -46,7 +46,7 @@ public class JdkSslEngineTest extends SSLEngineTest {
NPN_DEFAULT {
@Override
boolean isAvailable() {
- return JettyNpnSslEngine.isAvailable();
+ return false;
}
@Override
--
2.9.4