Ensure Netty is usable on Java7

Motivation:

When adding SNIMatcher support we missed to use static delegating methods and so may try to load classes that not exists in Java7. Which will lead to errors.

Modifications:

- Correctly only try to load classes when running on java8+
- Ensure Java8+ related tests only run when using java8+

Result:

Fixes [#6700]

handler/src/main/java/io/netty/handler/ssl/Java8SslUtils.java

@@ -16,15 +16,18 @@
 package io.netty.handler.ssl;
 
 import javax.net.ssl.SNIHostName;
+import javax.net.ssl.SNIMatcher;
 import javax.net.ssl.SNIServerName;
 import javax.net.ssl.SSLParameters;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Collections;
+import java.util.Iterator;
 import java.util.List;
 
-final class Java8SslParametersUtils {
+final class Java8SslUtils {
 
-    private Java8SslParametersUtils() { }
+    private Java8SslUtils() { }
 
     static List<String> getSniHostNames(SSLParameters sslParameters) {
         List<SNIServerName> names = sslParameters.getServerNames();
@@ -59,4 +62,26 @@ final class Java8SslParametersUtils {
     static void setUseCipherSuitesOrder(SSLParameters sslParameters, boolean useOrder) {
         sslParameters.setUseCipherSuitesOrder(useOrder);
     }
+
+    @SuppressWarnings("unchecked")
+    static void setSNIMatchers(SSLParameters sslParameters, Collection<?> matchers) {
+        sslParameters.setSNIMatchers((Collection<SNIMatcher>) matchers);
+    }
+
+    @SuppressWarnings("unchecked")
+    static boolean checkSniHostnameMatch(Collection<?> matchers, String hostname) {
+        if (matchers != null && !matchers.isEmpty()) {
+            SNIHostName name = new SNIHostName(hostname);
+            Iterator<SNIMatcher> matcherIt = (Iterator<SNIMatcher>) matchers.iterator();
+            while (matcherIt.hasNext()) {
+                SNIMatcher matcher = matcherIt.next();
+                // type 0 is for hostname
+                if (matcher.getType() == 0 && matcher.matches(name)) {
+                    return true;
+                }
+            }
+            return false;
+        }
+        return true;
+    }
 }

handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java

@@ -43,8 +43,6 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicIntegerFieldUpdater;
-import javax.net.ssl.SNIHostName;
-import javax.net.ssl.SNIMatcher;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLEngineResult;
 import javax.net.ssl.SSLException;
@@ -181,8 +179,9 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
     private Object algorithmConstraints;
     private List<String> sniHostNames;
 
-    // Mark as volatile as accessed by checkSniHostnameMatch(...)
-    private volatile Collection<SNIMatcher> matchers;
+    // Mark as volatile as accessed by checkSniHostnameMatch(...) and also not specify the SNIMatcher type to allow us
+    // using it with java7.
+    private volatile Collection<?> matchers;
 
     // SSL Engine status variables
     private boolean isInboundDone;
@@ -1573,14 +1572,14 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
             Java7SslParametersUtils.setAlgorithmConstraints(sslParameters, algorithmConstraints);
             if (version >= 8) {
                 if (sniHostNames != null) {
-                    Java8SslParametersUtils.setSniHostNames(sslParameters, sniHostNames);
+                    Java8SslUtils.setSniHostNames(sslParameters, sniHostNames);
                 }
                 if (!isDestroyed()) {
-                    Java8SslParametersUtils.setUseCipherSuitesOrder(
+                    Java8SslUtils.setUseCipherSuitesOrder(
                             sslParameters, (SSL.getOptions(ssl) & SSL.SSL_OP_CIPHER_SERVER_PREFERENCE) != 0);
                 }
 
-                sslParameters.setSNIMatchers(matchers);
+                Java8SslUtils.setSNIMatchers(sslParameters, matchers);
             }
         }
         return sslParameters;
@@ -1597,13 +1596,13 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
             if (version >= 8) {
                 if (!isDestroyed()) {
                     if (clientMode) {
-                        final List<String> sniHostNames = Java8SslParametersUtils.getSniHostNames(sslParameters);
+                        final List<String> sniHostNames = Java8SslUtils.getSniHostNames(sslParameters);
                         for (String name: sniHostNames) {
                             SSL.setTlsExtHostName(ssl, name);
                         }
                         this.sniHostNames = sniHostNames;
                     }
-                    if (Java8SslParametersUtils.getUseCipherSuitesOrder(sslParameters)) {
+                    if (Java8SslUtils.getUseCipherSuitesOrder(sslParameters)) {
                         SSL.setOptions(ssl, SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
                     } else {
                         SSL.clearOptions(ssl, SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
@@ -1639,18 +1638,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
     }
 
     final boolean checkSniHostnameMatch(String hostname) {
-        Collection<SNIMatcher> matchers = this.matchers;
-        if (matchers != null && !matchers.isEmpty()) {
-            SNIHostName name = new SNIHostName(hostname);
-            for (SNIMatcher matcher: matchers) {
-                // type 0 is for hostname
-                if (matcher.getType() == 0 && matcher.matches(name)) {
-                    return true;
-                }
-            }
-            return false;
-        }
-        return true;
+        return Java8SslUtils.checkSniHostnameMatch(matchers, hostname);
     }
 
     private final class OpenSslSession implements SSLSession, ApplicationProtocolAccessor {

handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java

@@ -61,7 +61,7 @@ public class ConscryptJdkSslEngineInteropTest extends SSLEngineTest {
 
     @Override
     protected Provider clientSslContextProvider() {
-        return Java8SslUtils.conscryptProvider();
+        return Java8SslTestUtils.conscryptProvider();
     }
 
     @Ignore /* Does the JDK support a "max certificate chain length"? */

handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java

@@ -24,9 +24,9 @@ import javax.net.ssl.SSLParameters;
 import java.security.Provider;
 import java.util.Collections;
 
-final class Java8SslUtils {
+final class Java8SslTestUtils {
 
-    private Java8SslUtils() { }
+    private Java8SslTestUtils() { }
 
     static void setSNIMatcher(SSLParameters parameters) {
         SNIMatcher matcher = new SNIMatcher(0) {

handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java

@@ -61,7 +61,7 @@ public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
 
     @Override
     protected Provider serverSslContextProvider() {
-        return Java8SslUtils.conscryptProvider();
+        return Java8SslTestUtils.conscryptProvider();
     }
 
     @Override

handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java

@@ -598,7 +598,7 @@ public class OpenSslEngineTest extends SSLEngineTest {
         SSLEngine engine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
         try {
             SSLParameters parameters = new SSLParameters();
-            Java8SslUtils.setSNIMatcher(parameters);
+            Java8SslTestUtils.setSNIMatcher(parameters);
             engine.setSSLParameters(parameters);
         } finally {
             cleanupServerSslEngine(engine);

pom.xml

@@ -786,7 +786,7 @@
           </includes>
           <excludes>
             <exclude>**/Abstract*</exclude>
-            <exclude>**/TestUtil*</exclude>
+            <exclude>**/*TestUtil*</exclude>
           </excludes>
           <runOrder>random</runOrder>
           <systemPropertyVariables>