From aab89b058e2e31fb50f5df98325dc40db61fbced Mon Sep 17 00:00:00 2001 From: Norman Maurer Date: Thu, 4 May 2017 07:57:10 -0700 Subject: [PATCH] Ensure Netty is usable on Java7 Motivation: When adding SNIMatcher support we missed to use static delegating methods and so may try to load classes that not exists in Java7. Which will lead to errors. Modifications: - Correctly only try to load classes when running on java8+ - Ensure Java8+ related tests only run when using java8+ Result: Fixes [#6700] --- ...arametersUtils.java => Java8SslUtils.java} | 29 ++++++++++++++++-- .../ssl/ReferenceCountedOpenSslEngine.java | 30 ++++++------------- .../ssl/ConscryptJdkSslEngineInteropTest.java | 2 +- ...a8SslUtils.java => Java8SslTestUtils.java} | 4 +-- .../ssl/JdkConscryptSslEngineInteropTest.java | 2 +- .../netty/handler/ssl/OpenSslEngineTest.java | 2 +- pom.xml | 2 +- 7 files changed, 42 insertions(+), 29 deletions(-) rename handler/src/main/java/io/netty/handler/ssl/{Java8SslParametersUtils.java => Java8SslUtils.java} (68%) rename handler/src/test/java/io/netty/handler/ssl/{Java8SslUtils.java => Java8SslTestUtils.java} (94%) diff --git a/handler/src/main/java/io/netty/handler/ssl/Java8SslParametersUtils.java b/handler/src/main/java/io/netty/handler/ssl/Java8SslUtils.java similarity index 68% rename from handler/src/main/java/io/netty/handler/ssl/Java8SslParametersUtils.java rename to handler/src/main/java/io/netty/handler/ssl/Java8SslUtils.java index 45152689a3..583d4cf498 100644 --- a/handler/src/main/java/io/netty/handler/ssl/Java8SslParametersUtils.java +++ b/handler/src/main/java/io/netty/handler/ssl/Java8SslUtils.java @@ -16,15 +16,18 @@ package io.netty.handler.ssl; import javax.net.ssl.SNIHostName; +import javax.net.ssl.SNIMatcher; import javax.net.ssl.SNIServerName; import javax.net.ssl.SSLParameters; import java.util.ArrayList; +import java.util.Collection; import java.util.Collections; +import java.util.Iterator; import java.util.List; -final class Java8SslParametersUtils { +final class Java8SslUtils { - private Java8SslParametersUtils() { } + private Java8SslUtils() { } static List getSniHostNames(SSLParameters sslParameters) { List names = sslParameters.getServerNames(); @@ -59,4 +62,26 @@ final class Java8SslParametersUtils { static void setUseCipherSuitesOrder(SSLParameters sslParameters, boolean useOrder) { sslParameters.setUseCipherSuitesOrder(useOrder); } + + @SuppressWarnings("unchecked") + static void setSNIMatchers(SSLParameters sslParameters, Collection matchers) { + sslParameters.setSNIMatchers((Collection) matchers); + } + + @SuppressWarnings("unchecked") + static boolean checkSniHostnameMatch(Collection matchers, String hostname) { + if (matchers != null && !matchers.isEmpty()) { + SNIHostName name = new SNIHostName(hostname); + Iterator matcherIt = (Iterator) matchers.iterator(); + while (matcherIt.hasNext()) { + SNIMatcher matcher = matcherIt.next(); + // type 0 is for hostname + if (matcher.getType() == 0 && matcher.matches(name)) { + return true; + } + } + return false; + } + return true; + } } diff --git a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java index b361f2c40a..d806a8534e 100644 --- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java +++ b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java @@ -43,8 +43,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.concurrent.atomic.AtomicIntegerFieldUpdater; -import javax.net.ssl.SNIHostName; -import javax.net.ssl.SNIMatcher; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; @@ -190,8 +188,9 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc private Object algorithmConstraints; private List sniHostNames; - // Mark as volatile as accessed by checkSniHostnameMatch(...) - private volatile Collection matchers; + // Mark as volatile as accessed by checkSniHostnameMatch(...) and also not specify the SNIMatcher type to allow us + // using it with java7. + private volatile Collection matchers; // SSL Engine status variables private boolean isInboundDone; @@ -1594,14 +1593,14 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc Java7SslParametersUtils.setAlgorithmConstraints(sslParameters, algorithmConstraints); if (version >= 8) { if (sniHostNames != null) { - Java8SslParametersUtils.setSniHostNames(sslParameters, sniHostNames); + Java8SslUtils.setSniHostNames(sslParameters, sniHostNames); } if (!isDestroyed()) { - Java8SslParametersUtils.setUseCipherSuitesOrder( + Java8SslUtils.setUseCipherSuitesOrder( sslParameters, (SSL.getOptions(ssl) & SSL.SSL_OP_CIPHER_SERVER_PREFERENCE) != 0); } - sslParameters.setSNIMatchers(matchers); + Java8SslUtils.setSNIMatchers(sslParameters, matchers); } } return sslParameters; @@ -1618,13 +1617,13 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc if (version >= 8) { if (!isDestroyed()) { if (clientMode) { - final List sniHostNames = Java8SslParametersUtils.getSniHostNames(sslParameters); + final List sniHostNames = Java8SslUtils.getSniHostNames(sslParameters); for (String name: sniHostNames) { SSL.setTlsExtHostName(ssl, name); } this.sniHostNames = sniHostNames; } - if (Java8SslParametersUtils.getUseCipherSuitesOrder(sslParameters)) { + if (Java8SslUtils.getUseCipherSuitesOrder(sslParameters)) { SSL.setOptions(ssl, SSL.SSL_OP_CIPHER_SERVER_PREFERENCE); } else { SSL.clearOptions(ssl, SSL.SSL_OP_CIPHER_SERVER_PREFERENCE); @@ -1660,18 +1659,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc } final boolean checkSniHostnameMatch(String hostname) { - Collection matchers = this.matchers; - if (matchers != null && !matchers.isEmpty()) { - SNIHostName name = new SNIHostName(hostname); - for (SNIMatcher matcher: matchers) { - // type 0 is for hostname - if (matcher.getType() == 0 && matcher.matches(name)) { - return true; - } - } - return false; - } - return true; + return Java8SslUtils.checkSniHostnameMatch(matchers, hostname); } private final class OpenSslSession implements SSLSession, ApplicationProtocolAccessor { diff --git a/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java b/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java index 88b1cf0643..e2171365f9 100644 --- a/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java @@ -61,7 +61,7 @@ public class ConscryptJdkSslEngineInteropTest extends SSLEngineTest { @Override protected Provider clientSslContextProvider() { - return Java8SslUtils.conscryptProvider(); + return Java8SslTestUtils.conscryptProvider(); } @Ignore /* Does the JDK support a "max certificate chain length"? */ diff --git a/handler/src/test/java/io/netty/handler/ssl/Java8SslUtils.java b/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java similarity index 94% rename from handler/src/test/java/io/netty/handler/ssl/Java8SslUtils.java rename to handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java index c00cd37c53..cc2e6c6ed3 100644 --- a/handler/src/test/java/io/netty/handler/ssl/Java8SslUtils.java +++ b/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java @@ -24,9 +24,9 @@ import javax.net.ssl.SSLParameters; import java.security.Provider; import java.util.Collections; -final class Java8SslUtils { +final class Java8SslTestUtils { - private Java8SslUtils() { } + private Java8SslTestUtils() { } static void setSNIMatcher(SSLParameters parameters) { SNIMatcher matcher = new SNIMatcher(0) { diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java index 49a5dc590f..0625f7aed5 100644 --- a/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java @@ -61,7 +61,7 @@ public class JdkConscryptSslEngineInteropTest extends SSLEngineTest { @Override protected Provider serverSslContextProvider() { - return Java8SslUtils.conscryptProvider(); + return Java8SslTestUtils.conscryptProvider(); } @Override diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java index 24de48f5a6..5939b66e35 100644 --- a/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java @@ -598,7 +598,7 @@ public class OpenSslEngineTest extends SSLEngineTest { SSLEngine engine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); try { SSLParameters parameters = new SSLParameters(); - Java8SslUtils.setSNIMatcher(parameters); + Java8SslTestUtils.setSNIMatcher(parameters); engine.setSSLParameters(parameters); } finally { cleanupServerSslEngine(engine); diff --git a/pom.xml b/pom.xml index 415b41809a..b6100ea7c9 100644 --- a/pom.xml +++ b/pom.xml @@ -869,7 +869,7 @@ **/Abstract* - **/TestUtil* + **/*TestUtil* random